Re: [LARTC] 2 NICs in same network & ip aliasing

Tue, 03 Dec 2002 12:27:11 -0800 

On Tue, Dec 03, 2002 at 06:34:00PM +0100, virdzek, roman wrote:
>  hi all,
> 
>  i have one little problem,and i can't find answer.
> 
>                               PC1
>               
>                    eth1                  eth2
>                 10.0.0.1/8            10.0.0.2/8
>                       |               10.0.0.3/8 secondary
>                       |                   |
>                       |                   |
>                       |                   |
>                                           |
>                       switch  -------------
>                          |
>                          |
>                          |    
>                          eth1
>                       10.0.0.10/8
>                          PC2
>                       (default route 10.0.0.2)
> 
> i have set arp_filter=1,
> and 2 ip tables , A and B
> 
> table A:
> 10.0.0.0/8 dev eth1 scope link
> table B:
> 10.0.0.0/8 dev eth2 scope link
> 
> and ip rule:
> ... from 10.0.0.1 lookup A
> ... from 10.0.0.2 lookup B
> .
> .
> 
> 
> ping PC2 -> 10.0.0.1  ...ok answer come from eth1
> ping PC2 -> 10.0.0.2  ...ok answer come from eth2
> 
> but
> ping PC2 -> 10.0.0.3(secondary) ... wrong answer come from eth1 !
> PC1 answer on arp question "who has 10.0.0.3", "10.0.0.3 is at eth1"
> 
> If I set arp_filter=0,
> and set hidden = 1 :
> ping PC2 -> 10.0.0.3(secondary) ... no answer
> 
> 
> what i make wrong?

Well, some people say this behaviour is correct wrt the rfc. I wont go into
that discussion.

After searching for a long time, I found this way to solve the problem:

1) make sure there are no wrong ARP replies:

echo 1 > /proc/sys/net/ipv4/conf/$DEVICE/arp_filter

2) make sure the packets are sent from the correct interface:

Turn advanced routing on in the kernel.
CONFIG_IP_ADVANCED_ROUTER=y

For every REAL interface (not alias), try:
(the variables should be clear, add entries to /etc/iproute2/rt_tables for
every device, to make configuration easier to read)

ip route add ${NET} dev ${DEVICE}  scope link  table ${DEVICE}
ip route add default via ${GATEWAY} dev ${DEVICE} table ${DEVICE}

ip rule add from ${ADDR} table ${DEVICE}



For every ALIAS do

ip rule add from ${IP} table ${TABLE}


This setup means that every packet is routed based on the source address.
I've used it for some time now, and it works just fine.

I hope this helps.


Greetings,

Ivo De Decker

P.S. Maybe this could be documented in the LARTC.

_______________________________________________
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Reply via email to