I have been struggling with the lack of source based routing when working with multiple interfaces and routes to a remote destination and have had some issues with multiple WAN interfaces. I have been able to solve my egress issue by connection marking ingress traffic according to the interface it enters the router and using a route mark to ensure it egresses on the same interface.

However I have a query relating to IPIP tunnels. I want to establish two tunnels between two RB each. One RB has two WAN connections and the other has one (much faster). I solved this rather inelegantly by adding a second address to the single WAN RB and using destination routes in the other RB and it worked fine even if it wasted IPs on the other RB.

I then wondered if I could use IPIP and was unable to determine the purpose of the local and remote IP address in IPIP setup. I have used these on Linux and the local IP always defined the source interface and using source based egress routing it would leave the box on the correct interface. My initial tests with RB have not been able to replicate ths on RB.

I would be grateful if someone could tell me what effect the local IP address has on an IPIP tunnel. Does this define which interface the packet will leave by or does it merely select the source IP address for the packet which will then egress according to the routing table ie. use the default gateway unless a destination route is in place? Is there anyway to set the affinity of the tunnel so it will leave by the gateway appropriate for the source IP address?

As a slight aside is there anyway to control the source IP address for packets leaving the local RB or is this selected at the final stage of egress after the gateway has been selected?

Thanks in advance for any pointers ....

TJ

the source address in an ipip tunnel is what the packet leaving is tagged as the source and should be the same as the destination on the other end of the tunnel this will follow the general routing rules to leave the easiest way to control the traffic is by adding basically a loopback bridge interface to set up on each end for the ends of the tunnel and you can control the traffic by setting a static route for the address of the remote end to go out the interface of your choice. hope that helps

It does indeed help and that is largely what I had done. I have routed egress packets according to the destination address. This works well when the routers on each end have the same number of separate Internet connections as gateway. However when one end has only a single connection e.g. a hosted router then I need to allocate additional alias addresses to allow me to destination route on the remote router. This works very well but is wasteful on addresses at the hosted router.

I would really have loved to be able to control the egress interface for packets leaving a router based upon the source address in the ipip tunnel but this appears not to be possible. I have battled with this for quite some time.

When you suggested the loopback bridge how would you envisage this being used to route egress traffic?