New dynamic IP pools module

Pawel Foremski pjf at asn.pl
Sat Jan 27 15:19:45 CET 2007 

On Saturday 27 January 2007 13:53, Peter Nixon wrote:
> (snip)
> - Does some periodic synchronization steps to keep tables up to date

Well, that's needed for "real world". If we could assume 100% protocol 
reliability (ie. that we don't miss a single packet from NAS), these wouldn't 
be needed, I guess.

> The basic claim to fame that I can see is that it supports multiple,
> prioritized pools for a single host group (whatever that is).

I will try to provide an example showing almost all of it's features.

Imagine you have two OSPF areas consisting of some network access servers. In 
each area you have machines belonging to two different IP subnets, say:

1) area 1: 10.1.1.0/24, 10.1.2.0/24
2) area 2: 10.2.1.0/24, 10.2.2.0/24

Now then, you'd like to share a public IPv4 address space 2.0.0.0/16 between 
dialup clients connecting to NASes in these two areas. Because it'd be a good 
idea to take advantage of OSPF route summarization (to avoid distributing /32 
routes), you split the big /16 class into smaller /17, assigning the lower 
half to area 1 and the higher one to area 2. However, it's possible that /17 
class would not suffice for single network area under some special 
circumstances, so you would like to allow e.g. area 2 borrow some addresses 
from area 1.

How to do this with netvim pools?
1) create host group "hg1", representing OSPF area 1
 - add 10.1.1.0/24 to hg1
 - add 10.1.2.0/24 to hg1
2) create host group "hg2", representing OSPF area 2
 - add 10.2.1.0/24 to hg2
 - add 10.2.2.0/24 to hg2
3) create pool name "public-ip"
4) create pool instances, each having name "public-ip"
 - to hg1, assign 2.0.0.0/17 with prio 0
 - to hg1, assign 2.0.128.0/17 with prio 1
 - to hg2, assign 2.0.128.0/17 with prio 0
 - to hg2, assign 2.0.0.0/17 with prio 1

In multihomed networks one may want to add new public IP address space (say 
3.0.0.0/16) in the same manner, but this time assigning some weights. This 
way it should be possible to balance network traffic between two upstream 
ISPs in a natural way. The last step would be:

4)
 - to hg1, assign 2.0.0.0/17 with prio 0 weight 3
 - to hg1, assign 3.0.0.0/17 with prio 0 weight 1
 - to hg1, assign 2.0.128.0/17 with prio 1 weight 3
 - to hg1, assign 3.0.128.0/17 with prio 1 weight 1

 - to hg2, assign 2.0.128.0/17 with prio 0 weight 3
 - to hg2, assign 3.0.128.0/17 with prio 0 weight 1
 - to hg2, assign 2.0.0.0/17 with prio 1 weight 3
 - to hg2, assign 3.0.0.0/17 with prio 1 weight 1

That should spread about 75% through ISP serving 2/16 and about 25% through 
ISP serving 3/16. Obviously it'll vary in case traffic is balanced also by 
other means (BGP, for instance).

Well, and finally, you would like to provide a backup catch-all IP pool:
1) create host group "all"
 - assign 0.0.0.0/0 to it
 - connect other host groups as "children"
2) create pool instance, each having name "public-ip"
 - to "all", assign say 190.180.128.0/17 prio 10

One may argue that such "selection of host group" of an incoming packet may 
already be done in text file configuration, but it's not possible with NASes 
configured in an SQL database.

Cheers,

-- 
Pawel Foremski
pjf at asn.pl

More information about the Freeradius-Devel mailing list