Topic
  • 3 replies
  • Latest Post - ‏2012-10-05T13:03:58Z by EBoucher
EBoucher
EBoucher
3 Posts

Pinned topic AIX 7.1 - How to activate source based routing, or policy based routing

‏2012-07-25T17:08:26Z |
Hello all,

I don't know if this the right forum, anyway, here is my question:

I am setting up many servers in secured environments, and I need to activate "source based routing" on my AIX 7.1 hosts. I call it "source based routing" because I do it on Linux and HP/UX, and it is the designation used in SLES environments (In HP/UX it is sometimes called "multi-homed routing").

Here is an example of my setup:

AIX HostA Interface1 IP1 (10.10.10.10) (used by application A) -> default gateway 10.10.10.1
Interface1 IP2 (10.10.10.11) (used by application B) -> default gateway 10.10.10.1
Interface2 IP3 (10.20.20.20) (used for infrastructure like Nagios, NIM)
Interface3 IP4 (10.30.30.30) (not routed outside the secured zone, used between hosts inside the secured zone for cluster and inter-host communications)

The secured zone is firewalled. If, from outside the zone, I open a connection to IP2, the response from my AIX host goes out through Interface1-IP1 (which has the default gateway), and the firewall drops the packet. The same happens if I open a connection to IP1 or IP2, since sometimes, the response comes from the other interface, and it gets dropped.

I need to setup "source based routing" so that if a connection is opened on IP1, the response comes from IP1, and if a connection is opened on IP2, the response comes from IP2, and so on.

I searched in AIX 7.1 documentation (e.g. "AIX Version 7.1 Networks and communication management"), on google, etc, and found no straightforward way of doing this.

Thanks for your help.
Updated on 2012-10-05T13:03:58Z at 2012-10-05T13:03:58Z by EBoucher
  • EBoucher
    EBoucher
    3 Posts

    Re: AIX 7.1 - How to activate source based routing, or policy based routing

    ‏2012-08-22T13:03:49Z  
    I asked the question to IBM Support. They answered that AIX does not support source based routing. I was invited to open a Design Change Request to AIX so this feature could be considered in future AIX releases.

    The work around for now will be to use static network routes, but it will be a burden to manage on many servers that are in a complex, evolving environment.
    Eric Boucher
    Hydro Quebec
    Montreal, Canada
  • SystemAdmin
    SystemAdmin
    6902 Posts

    Re: AIX 7.1 - How to activate source based routing, or policy based routing

    ‏2012-08-22T18:58:20Z  
    • EBoucher
    • ‏2012-08-22T13:03:49Z
    I asked the question to IBM Support. They answered that AIX does not support source based routing. I was invited to open a Design Change Request to AIX so this feature could be considered in future AIX releases.

    The work around for now will be to use static network routes, but it will be a burden to manage on many servers that are in a complex, evolving environment.
    Eric Boucher
    Hydro Quebec
    Montreal, Canada
    if your server process bind()s its socket to a specific IP address (instead of '0' like many poorly written applications do), your source IP on outgoing packets will be fine.
  • EBoucher
    EBoucher
    3 Posts

    Re: AIX 7.1 - How to activate source based routing, or policy based routing

    ‏2012-10-05T13:03:58Z  
    if your server process bind()s its socket to a specific IP address (instead of '0' like many poorly written applications do), your source IP on outgoing packets will be fine.
    Delgado, you are right, if I "hard code" a specific IP address in a bind call in my app, and clients use that same IP to connect, everything will be OK.

    But if we use generic applications that do not allow us to configure specific apps to bind to specific IP addresses, it will be impossible to host many apps / IPs on the same AIX server in firewalled environments.