Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
3 replies Latest Post - ‏2012-10-05T13:03:58Z by EBoucher
EBoucher
EBoucher
3 Posts
ACCEPTED ANSWER

Pinned topic AIX 7.1 - How to activate source based routing, or policy based routing

‏2012-07-25T17:08:26Z |
Hello all,

I don't know if this the right forum, anyway, here is my question:

I am setting up many servers in secured environments, and I need to activate "source based routing" on my AIX 7.1 hosts. I call it "source based routing" because I do it on Linux and HP/UX, and it is the designation used in SLES environments (In HP/UX it is sometimes called "multi-homed routing").

Here is an example of my setup:

AIX HostA Interface1 IP1 (10.10.10.10) (used by application A) -> default gateway 10.10.10.1
Interface1 IP2 (10.10.10.11) (used by application B) -> default gateway 10.10.10.1
Interface2 IP3 (10.20.20.20) (used for infrastructure like Nagios, NIM)
Interface3 IP4 (10.30.30.30) (not routed outside the secured zone, used between hosts inside the secured zone for cluster and inter-host communications)

The secured zone is firewalled. If, from outside the zone, I open a connection to IP2, the response from my AIX host goes out through Interface1-IP1 (which has the default gateway), and the firewall drops the packet. The same happens if I open a connection to IP1 or IP2, since sometimes, the response comes from the other interface, and it gets dropped.

I need to setup "source based routing" so that if a connection is opened on IP1, the response comes from IP1, and if a connection is opened on IP2, the response comes from IP2, and so on.

I searched in AIX 7.1 documentation (e.g. "AIX Version 7.1 Networks and communication management"), on google, etc, and found no straightforward way of doing this.

Thanks for your help.
Updated on 2012-10-05T13:03:58Z at 2012-10-05T13:03:58Z by EBoucher
  • EBoucher
    EBoucher
    3 Posts
    ACCEPTED ANSWER

    Re: AIX 7.1 - How to activate source based routing, or policy based routing

    ‏2012-08-22T13:03:49Z  in response to EBoucher
    I asked the question to IBM Support. They answered that AIX does not support source based routing. I was invited to open a Design Change Request to AIX so this feature could be considered in future AIX releases.

    The work around for now will be to use static network routes, but it will be a burden to manage on many servers that are in a complex, evolving environment.
    Eric Boucher
    Hydro Quebec
    Montreal, Canada
    • SystemAdmin
      SystemAdmin
      6902 Posts
      ACCEPTED ANSWER

      Re: AIX 7.1 - How to activate source based routing, or policy based routing

      ‏2012-08-22T18:58:20Z  in response to EBoucher
      if your server process bind()s its socket to a specific IP address (instead of '0' like many poorly written applications do), your source IP on outgoing packets will be fine.
      • EBoucher
        EBoucher
        3 Posts
        ACCEPTED ANSWER

        Re: AIX 7.1 - How to activate source based routing, or policy based routing

        ‏2012-10-05T13:03:58Z  in response to SystemAdmin
        Delgado, you are right, if I "hard code" a specific IP address in a bind call in my app, and clients use that same IP to connect, everything will be OK.

        But if we use generic applications that do not allow us to configure specific apps to bind to specific IP addresses, it will be impossible to host many apps / IPs on the same AIX server in firewalled environments.