Re: OT: Incoming/Outgoing route of IP subnet

[Alexander Steinert <stony8@gmx.de>]

> > OK, let's assume we have
> > an IP subnet N,
> > a host H in N,
> > a host G in N and
> > a host A outside of N.
> > Packets from H to A go via G, since H is configured as gateway on H. 
> > How save is it to assume that all packets from A to H (the other way
> > round) go via G?
> 
> Hmm...  Not really safe at all since the specs say that the routes do
> not need to be symmetrical.  Since they are not required to be you can
> almost certainly assume that at times they will not be symmetrical.
> Therefore an assumption like that will certainly break something at
> some time in the future.
> 
> Could you give us a hint?  What are you planning?  Usually I find that
> specific questions like this are often the result of other more
> general questions and the latter are the more interesting ones.

I'm implementing an TCP/IP/ETH stack on a small device and wondered if I
can simplify the ARP part and spare RAM by the assumption sketched
above. One could remember the MAC src address of an incoming frame and
use it as the MAC dest address for answering frames. No ARP requests
would be necessary, only ARP answers.

I was sure that the assumption isn't generally valid and looking for
some real examples to see if I can live with it.

> Larger corporate environments come to mind.  If you have a large
> geographically separated network with multiple external POP routers
> then it is possible that packets will leave the network by one route
> but be returned by a different route.  Not typical in a SOHO but I
> could certainly construct one that way.
> 
> > Only load-balancing or dedicated firewalls come to my mind. Is such
> > an environment found often? Are the other examples?
> 
> What other types of firewalls are there if not dedicated?

I meant seperate firewalls for incoming and outgoing traffic.

Thanx

Stony