I don't know if this the right forum, anyway, here is my question:
I am setting up many servers in secured environments, and I need to activate "source based routing" on my AIX 7.1 hosts. I call it "source based routing" because I do it on Linux and HP/UX, and it is the designation used in SLES environments (In HP/UX it is sometimes called "multi-homed routing").
Here is an example of my setup:
AIX HostA Interface1 IP1 (10.10.10.10) (used by application A) -> default gateway 10.10.10.1
Interface1 IP2 (10.10.10.11) (used by application B) -> default gateway 10.10.10.1
Interface2 IP3 (10.20.20.20) (used for infrastructure like Nagios, NIM)
Interface3 IP4 (10.30.30.30) (not routed outside the secured zone, used between hosts inside the secured zone for cluster and inter-host communications)
The secured zone is firewalled. If, from outside the zone, I open a connection to IP2, the response from my AIX host goes out through Interface1-IP1 (which has the default gateway), and the firewall drops the packet. The same happens if I open a connection to IP1 or IP2, since sometimes, the response comes from the other interface, and it gets dropped.
I need to setup "source based routing" so that if a connection is opened on IP1, the response comes from IP1, and if a connection is opened on IP2, the response comes from IP2, and so on.
I searched in AIX 7.1 documentation (e.g. "AIX Version 7.1 Networks and communication management"), on google, etc, and found no straightforward way of doing this.
Thanks for your help.
This topic has been locked.
3 replies Latest Post - 2012-10-05T13:03:58Z by EBoucher
Pinned topic AIX 7.1 - How to activate source based routing, or policy based routing
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2012-10-05T13:03:58Z at 2012-10-05T13:03:58Z by EBoucher
Re: AIX 7.1 - How to activate source based routing, or policy based routing2012-08-22T13:03:49Z in response to EBoucherI asked the question to IBM Support. They answered that AIX does not support source based routing. I was invited to open a Design Change Request to AIX so this feature could be considered in future AIX releases.
The work around for now will be to use static network routes, but it will be a burden to manage on many servers that are in a complex, evolving environment.
SystemAdmin 110000D4XK6907 PostsACCEPTED ANSWER
Re: AIX 7.1 - How to activate source based routing, or policy based routing2012-08-22T18:58:20Z in response to EBoucherif your server process bind()s its socket to a specific IP address (instead of '0' like many poorly written applications do), your source IP on outgoing packets will be fine.
Re: AIX 7.1 - How to activate source based routing, or policy based routing2012-10-05T13:03:58Z in response to SystemAdminDelgado, you are right, if I "hard code" a specific IP address in a bind call in my app, and clients use that same IP to connect, everything will be OK.
But if we use generic applications that do not allow us to configure specific apps to bind to specific IP addresses, it will be impossible to host many apps / IPs on the same AIX server in firewalled environments.