Re: Source IPv4 address selection vs BGP IX connection

From: Mike Karels <mike_at_karels.net>
Date: Fri, 26 Apr 2024 15:58:53 UTC
On 25 Apr 2024, at 15:56, Gregory Shapiro wrote:

>> of course, gethostid(3) is now deprecated in favour of sysctl(3), and the
>> hostid(8) command is gone, and there's now more than one flavour of
>> Internet-capable UNIX in the world, and there's more than one Internet
>> address family now. so what i did in 1990 is a guide only inasmuch as some
>> way should exist to change the default local address of a socket so that it
>> isn't the address of the interface used for the destination. if that happens
>> i hope we coordinate with Linux and with the other BSD's.
>
> Linux already has a model to give a hint for source address selection via
> route table "hints".  When adding routes (either manually via `ip route'
> or via things like bird2 BGP daemon), Linux supports setting a source IP
> for when that route is used.
>
> Interestingly, JunOS (which I believe is based on FreeBSD) also supports
> a way to specify a default IPv4 source address, preferring the primary address
> on lo0 that is not 127.0.0.1.  It is a common practice for BGP systems to
> attach their announced IPs to the loopback interface.
>
> https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/default-address-selection-edit-system.html
>
> For the Linux and bird (BGP) documentation:
>
> Linux
> -----
> http://linux-ip.net/html/tools-ip-route.html#ex-tools-ip-route-add-src
>
> "The src option provides a hint to the kernel for source address selection. When you are working with multiple routing tables and different classes of traffic, you can ease your administrative burden, by hosting several different IPs on your linux machine and setting the source address differently, depending on the type of traffic.
>
> In the example below, let's assume that our masquerading host also runs a DNS resolver for the internal network and we have selected all of the outbound DNS packets to be routed according to table 7 [53]. Now, any packet which originates on this box (or is masqueraded through this table) will have its source IP set to 205.254.211.198.
>
> Example D.19. Using src in a routing command with route add
>
> [root@masq-gw]# ip route add default via 205.254.211.254 src 205.254.211.198 table 7
> "
>
> man ip-route
>
> "src ADDRESS
>       the source address to prefer when sending to the
>       destinations covered by the route prefix."

When you first asked this question, my first thought was that this should
be in the routing table.  It seems to me that choosing the source address
is more a function of the destination than of the process (vnet, jail,
etc).  In fact, this problem seemed familiar, so I went looking.  It turns
out that this feature has been available since 4.4BSD.

route(8) has a keyword to do just this, -ifa (interface address).  It only
seems to work when the alias is on the same interface.  It also seems to
be broken in -current and 14.0, but I got it to work with 13.3 and 12.4.
While experimenting, I tried to use -ifp as well, but it seems to be ignored;
route add -ifp foobar ... does not fail.  (12.4 got the interface wrong
when the alias was on the loopback.)

Anyone know why -ifa is ineffective in 14.0 and -current?  It could
be fallout from netlink.

The documentation is weak at best; route(8) says only "the -ifp or -ifa
modifiers may be used to determine the interface or interface address".
"route get" does not display the ifa; I think it did at one time.

I'll also note that binding the desired source address manually works;
ping -S uses this.

		Mike

>
> Bird (BGP Daemon)
> ----
> "The Kernel protocol defines several attributes. These attributes are translated to appropriate system (and OS-specific) route attributes. We support these attributes:
> ..
> ip krt_prefsrc
> (Linux) The preferred source address. Used in source address selection for outgoing packets. Has to be one of the IP addresses of the router."