Changing the NAT IP on demand?

[Fred Souza]

> Depends on how much money you have, but had you considered getting your 
> own address range and BGP peering with your ISPs? I'd consider talking 
> to them about it. It'll take some time to setup, but it means your 
> "switching" is done at the router, not at the NAT box, which is the 
> wrong place to do it anyway.

  I think I have an inelegant solution to this, but one that could be
  implemented with even a simple script.

  If I understood what Leo asked correctly, what's needed is to change
  the default route on the FreeBSD gateway whenever an event tells it
  to (in this case, the increase/decrease in performance for the ISPs).
  The concern here is to keep currently-stablished connections alive, so
  the process is carried out seamlessly.

  Unless my tests were wrong, there's a way around it with the very base
  system tools. The idea is simple: Say the box has two valid IP
  addresses A.A.A.A and B.B.B.B, and that at a given moment A.A.A.A is
  being used as the default route. Whenever the event telling the system
  to switch the routes to B.B.B.B happens, you could parse the current
  routing table and the current list of open connections, and add a
  temporary, static route for each of these entries pointing A.A.A.A
  (the current default gateway) as their gateway (route add X.X.X.X
  A.A.A.A (or A.A.A.A's remote peer) - where X.X.X.X is the address of
  one of the open connections). Once you do that for all the current
  active connections, they'll be guaranteed to stay up when the next
  step takes place.

  Now you'd remove the default gateway entry in your routing table and
  add B.B.B.B (or its remote peer) as the default gateway. From this
  point on, all connections will use this route as the default, and
  noone should see the change.

  The downpoint of this approach is that the system will have to monitor
  the active connections periodically and remove the static routes after
  their previously active connections finish; This is because if you
  don't do so, all connections to a given address will be routed out
  through the default route at the time the first switch was made and
  there was a connection to that address. Another concern would be the
  decrease in perfomance on the FreeBSD gateway if its routing table
  gets too large (over tens of thousands of static routes).

  What makes this to work is that static routes have priority over
  default ones. One could work this up from this point.
  
  
  Fred


-- 
"Real programmers argue with the systems analyst as a matter of principle."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20031005/28496813/attachment.bin