Re: tcpip-forward requests and bind addresses

[Bill Sommerfeld <sommerfeld%sun.com@localhost>]

On Fri, 2005-02-18 at 03:38, Niels M?ller wrote:
> This is too
> obscure to me. Why would anybody setup addresses and routing so that
> packets are forwarded do an address on the loopback interface? Is the
> point to treat some remote processes as if they were local? 

No.  This is a high-availability hack generally used for cisco router 
management addresses and also for multi-homed high value servers trusted
to participate in an IGP (OSPF/RIP/...), to avoid single points of failure 
and to allow them to be moved around in the site topology without being 
renumbered.  The hosts inject one or more /32 routes into the local routing 
system, and the routers find the best path to the hosts.

The additional address is put on a virtual interface -- often lo0 on unixes --
so that failure/removal of one of the physical interfaces doesn't cause it to 
disappear.  solaris 10 contains a virtual "vni" interface driver 
specifically so you don't have to put these addresses on lo0 where they
might be mistaken for a trusted loopback-only address.

> Then it might make sense to have ssh treat them as local too.

no, these are real externally visible addresses.

						- Bill