By default, a system with multiple interfaces (also called a multihomed host) routes its network traffic based on the longest matching route to the traffic's destination in the routing table. When multiple routes of equal length to the destination exist, Oracle Solaris applies Equal-Cost Multi-Path (ECMP) algorithms to spread the traffic across those routes.
Spreading the traffic in this manner is not always ideal. For example, an IP packet might be sent through an interface on a multihomed host that is not on the same subnet as the IP source address in the packet. Further, if the outgoing packet is in response to a certain incoming request, such as an ICMP echo request, the request and the response might not traverse the same interface. This type of traffic routing configuration is called asymmetric routing. If your Internet service provider (ISP) is implementing ingress filtering, as described in RFC 3704, an asymmetric routing configuration might cause an outgoing packet to be dropped by the ISP.
RFC 3704 intends to limit denial-of-service (DoS) attacks across the Internet. To comply with this intent, your network must be configured for symmetric routing. The IP hostmodel property enables you to meet this requirement. This property controls the behavior of IP packets that are received or transmitted through a multihomed host.
The hostmodel property can have one of three possible values:
Corresponds to the strong end system (ES) model as defined in RFC 1122. This value implements symmetric routing.
Corresponds to the weak ES model as defined in RFC 1122. With this value, a multihomed host uses asymmetric routing.
Configures packet routing by using preferred routes. If multiple destination routes exist in the routing table, then the preferred routes are those that use interfaces on which the IP source address of an outgoing packet is configured. If no such routes exist, then the outgoing packet will use the longest matching route to the packet's IP destination.
For example, you would implement symmetric routing of IP packets on a multihomed host as follows:
# ipadm set-prop -p hostmodel=strong ipv4 # ipadm set-prop -p hostmodel=strong ipv6 # ipadm show-prop -p hostmodel ip PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE ipv6 hostmodel rw strong -- weak strong, src-priority, weak ipv4 hostmodel rw strong -- weak strong, src-priority, weak