IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: tcpip-forward requests and bind addresses
On Fri, 2005-02-18 at 03:38, Niels M?ller wrote:
> This is too
> obscure to me. Why would anybody setup addresses and routing so that
> packets are forwarded do an address on the loopback interface? Is the
> point to treat some remote processes as if they were local?
No. This is a high-availability hack generally used for cisco router
management addresses and also for multi-homed high value servers trusted
to participate in an IGP (OSPF/RIP/...), to avoid single points of failure
and to allow them to be moved around in the site topology without being
renumbered. The hosts inject one or more /32 routes into the local routing
system, and the routers find the best path to the hosts.
The additional address is put on a virtual interface -- often lo0 on unixes --
so that failure/removal of one of the physical interfaces doesn't cause it to
disappear. solaris 10 contains a virtual "vni" interface driver
specifically so you don't have to put these addresses on lo0 where they
might be mistaken for a trusted loopback-only address.
> Then it might make sense to have ssh treat them as local too.
no, these are real externally visible addresses.
- Bill
Home |
Main Index |
Thread Index |
Old Index