vrf support in FreeBSD

[Oliver Fromme]

Julian Elischer <julian at elischer.org> wrote:
 > Pramod Srinivasan wrote:
 > > I am curious to know if there is any plans to support multiple routing
 > > tables in FreeBSD's official release? 
 > 
 > I am doing some small bits of work on this..
 > 
 > how do you want to select which table should be used?
 > (This is more of a 'survey' as I am trying to work out what I should 
 > support)

It would be extremely useful if the routing table could be
a per-process variable which is inherited by child processes.
That way it would be possible, for example, to start Apache
with its own routing table (which would be inherited by CGIs
and other programs exec'ed by Apache).

Another approach would be to assign a routing table to a jail.
However, for me personally, jails are currently not very
useful because they can only have one IP.  That limitation
would have to be lifted first.

I would also like to have better control over the source IP
of outgoing connections.  I often have a lot of IP addresses
configured on an interface which are assigned to different
services (possibly belonging to different customers, i.e.
they need to be accounted separately).  Currently, the only
generic way to force programs to use a certain source IP is
to put them into a jail, but again, I often need multiple
IPs for a service so it doesn't work with jails.  Same
problem as above.

Just my 2 cents (since you asked for it).  :-)

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"The last good thing written in C was
Franz Schubert's Symphony number 9."
        -- Erwin Dieterich