Domain name based multihome routing?

Paul Kosinski bind at iment.com
Wed Jun 27 19:41:09 UTC 2018 

We do something somewhat similar with our LAN. We have a new cable
connection and an old DSL connection. The cable is 60x faster, but has
a dynamic IP and blocks various ports (esp. 25), so we keep the DSL so
we can send email directly etc.

Obviously, we don't want to stream video or even do much Web browsing
over the DSL. So we have set up a Linux computer to serve as a gateway
and firewall: it runs IPtables, Privoxy, HAVP (virus filter for HTTP),
ClamAV and even Bind (a 3rd DNS server for our small domains).

This works fairly straightforwardly because decision as to whether to
use cable or DSL is made according to the *source* IP address, rather
than the destination IP address (or domain name, or port). Since
many browsers (we use Firefox) and other Internet software have the
ability to specify a proxy for Internet access, we usually connect them
to a proxy server on the gateway which in turn binds to an alias IP on
either the NIC connected to the DSL modem or the cable modem.

Then we have 2 routing tables, the default one for the (original) DSL
and a second one for cable. Each routing table gas its own default
route, and each is 'via' the corresponding modem.  To decide which way
packets go, we make use of a 'rule' table (iproute2) which says which
routing table to use. It has entries generated by iproute2 functions
such as:

  /sbin/ip rule add from <alias IP>                lookup cable
  /sbin/ip rule add to   <cable modem control IP>  lookup cable
  /sbin/ip rule add iif  br2                       lookup cable

This last rule says the *everything* from (sub) LAN 2 goes via cable.
This allows whole sets of devices (such as our computer dedicated to TV)
to be connected strictly to cable.

Note that even though you bind to an alias IP on the NIC physically
connected to a specific modem, if that modem isn't the overall default
route, you still need a 'rule' to make the kernel do the right thing.

In summary, this scheme does not give you totally automatic control of
what kind of traffic goes by what physical link, but it does allow
different browser instances on a single computer to use different
physical links via proxying, plus it easily allows different devices on
the LAN to be handled differently (since they each have their own IP
address).

----------------------------------

On Wed, 27 Jun 2018 13:17:41 -0500
Dale Mahalko <dmahalko at gmail.com> wrote:

> On Wed, Jun 27, 2018 at 12:27 PM, Darcy Kevin (FCA) <
> kevin.darcy at fcagroup.com> wrote:
> 
> > I’m not convinced DNS has any valuable role to play here. Seems
> > like this is a traffic-shaping challenge; maybe one of the open
> > source traffic shaping tools would fit the bill.
> >
> 
> A Google search for multihome traffic shaping yields nothing obvious.
> 
> Do you have specific details you can share about exactly how that
> would be done?
> 
> Also how is traffic shaping going to tell the difference between a
> background Apple iOS update or Windows update that need to use the
> DSL, and the high priority data streams that are more important to
> me, that need to use the cellular modem?
> 
> 
> Shaping is not routing, it just prioritizes some data streams over
> others. I don't see how shaping is going to know whether to use the
> DSL or the Cellular ... without inspecting the domain name before a
> connection is established.... which is what I'm already discussing
> here...

More information about the bind-users mailing list