Sockets bound to a specific network device (say tun9) and sourcing packets from a PEERING address (say 184.164.224.1) will get routed by table 151 due to the source-routing rule from 184.164.224.0/24 lookup 151. This rule is added for each prefix announced through the client.
One problem is that if the client is connected to multiple muxes, BIRD may have multiple choices for a given destination prefix and will install its preferred route to table 151. If the user tries to ping -I tap9 8.8.8.8, Linux will look for the gateway on table 151. If the route BIRD prefers is not through the mux connected to tap9, then the gateway will not be locally reachable on tap9, Linux has no valid route, and will resort to ARP'ing for the destination over the OpenVPN tunnel (which had me confused until I figured this out).
To avoid this issue, we should maintain mux-specific tables that need to be populated by BIRD. We then need to source-route packets from sockets bound to a specific interface using that table by creating rules with oif tapX lookup 100+X prio 100+X. Note that the priority needs to be higher (lower number) than 151 so the oif rule gets applied first for sockets bound to specific interfaces.
Sockets bound to a specific network device (say
tun9) and sourcing packets from a PEERING address (say184.164.224.1) will get routed by table 151 due to the source-routing rulefrom 184.164.224.0/24 lookup 151. This rule is added for each prefix announced through the client.One problem is that if the client is connected to multiple muxes, BIRD may have multiple choices for a given destination prefix and will install its preferred route to table 151. If the user tries to
ping -I tap9 8.8.8.8, Linux will look for the gateway on table 151. If the route BIRD prefers is not through the mux connected totap9, then the gateway will not be locally reachable ontap9, Linux has no valid route, and will resort to ARP'ing for the destination over the OpenVPN tunnel (which had me confused until I figured this out).To avoid this issue, we should maintain mux-specific tables that need to be populated by BIRD. We then need to source-route packets from sockets bound to a specific interface using that table by creating rules with
oif tapX lookup 100+X prio 100+X. Note that the priority needs to be higher (lower number) than 151 so theoifrule gets applied first for sockets bound to specific interfaces.