I don't know if this the right forum, anyway, here is my question:
I am setting up many servers in secured environments, and I need to activate "source based routing" on my AIX 7.1 hosts. I call it "source based routing" because I do it on Linux and HP/UX, and it is the designation used in SLES environments (In HP/UX it is sometimes called "multi-homed routing").
Here is an example of my setup:
AIX HostA Interface1 IP1 (10.10.10.10) (used by application A) -> default gateway 10.10.10.1
Interface1 IP2 (10.10.10.11) (used by application B) -> default gateway 10.10.10.1
Interface2 IP3 (10.20.20.20) (used for infrastructure like Nagios, NIM)
Interface3 IP4 (10.30.30.30) (not routed outside the secured zone, used between hosts inside the secured zone for cluster and inter-host communications)
The secured zone is firewalled. If, from outside the zone, I open a connection to IP2, the response from my AIX host goes out through Interface1-IP1 (which has the default gateway), and the firewall drops the packet. The same happens if I open a connection to IP1 or IP2, since sometimes, the response comes from the other interface, and it gets dropped.
I need to setup "source based routing" so that if a connection is opened on IP1, the response comes from IP1, and if a connection is opened on IP2, the response comes from IP2, and so on.
I searched in AIX 7.1 documentation (e.g. "AIX Version 7.1 Networks and communication management"), on google, etc, and found no straightforward way of doing this.
Thanks for your help.
Pinned topic AIX 7.1 - How to activate source based routing, or policy based routing
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2012-10-05T13:03:58Z at 2012-10-05T13:03:58Z by EBoucher
Re: AIX 7.1 - How to activate source based routing, or policy based routing2012-08-22T13:03:49ZThis is the accepted answer. This is the accepted answer.I asked the question to IBM Support. They answered that AIX does not support source based routing. I was invited to open a Design Change Request to AIX so this feature could be considered in future AIX releases.
The work around for now will be to use static network routes, but it will be a burden to manage on many servers that are in a complex, evolving environment.
SystemAdmin 110000D4XK6902 Posts
Re: AIX 7.1 - How to activate source based routing, or policy based routing2012-08-22T18:58:20ZThis is the accepted answer. This is the accepted answer.
- EBoucher 270005GCCD
Re: AIX 7.1 - How to activate source based routing, or policy based routing2012-10-05T13:03:58ZThis is the accepted answer. This is the accepted answer.
- SystemAdmin 110000D4XK
But if we use generic applications that do not allow us to configure specific apps to bind to specific IP addresses, it will be impossible to host many apps / IPs on the same AIX server in firewalled environments.