Simon, many thanks for your extended reply! FWIW, the Link is 10GbE
while the Lan is 1GbE.
I had got as far as option 1, (which creates a host route to the other
side), and another host route to the other ip of the other side.
So in netplan-speak:
enp5s0f0: // PTP link
addresses:
- 192.168.32.5/24 // ip4 of p-t-p I/F of this host
- '2a02:8110:6182:4100:ae8b:de7:321:beb/48'
routes:
- on-link: true
to: 192.168.32.14 // "normal" ip4 of other end of p-t-p
via: 192.168.32.5
- on-link: true
to: '2a02:8110:6182:4100:ae8b:de7:321:cec'
via: '2a02:8110:6182:4100:ae8b:de7:321:ced'
bond0: // -net link
addresses:
- 192.168.32.7/24
- '2a02:8110:6182:4100:ae8b:de7:321:bea/48'
But then I have to delete these routes before things work properly:
sudo ip route del 2a02:8110:6182::/48 dev enp5s0f0
sudo ip route del 192.168.32.0/24 dev enp5s0f0
Having done that, all is well and the link works fine. These /24 routes
are added as soon as the interface is brought up -- I think it's the
kernel doing this (I _know_ it's not netplan), possibly because I have
been using the netmask of /24 for those IPs? I believe this is what you
described under option 1c.
I'm wondering whether I should be adding the addresses to the interface as:
- 192.168.32.5/32
- '2a02:8110:6182:4100:ae8b:de7:321:beb/128'
although my intuition tells me that is also wrong, because then I'm
telling the kernel that 192.168.32 is a /24 on one I/F and a /32 on another.
I have no experience at all of vrrp. It does sound interesting, but
perhaps another time if you're saying its complex? :-)
Just to make life interesting, the other end of the p-t-p link is a
Windows 10 box, so of course everything is managed differently :(
Many thanks,
Ruth
On 20/09/2021 17:49, Simon wrote:
I don’t think you need to delete anything.
Lets assume your network is 192.168.1.0/24, and 192.168.2.0/24 is unused - just
adjust the numbers to suit your network. I’m assuming the two hosts are
currently at 192.168.1.[1|2]/24 on eth0, and your ptp link is eth1.
There are a number of ways of doing things - this is all from memory so you may
need to do some experimentation.
Option 1
Add 192.168.2.1/24 to the interface on one and of the link , and 192.168.2.2/24
to the interface on the other.
1a)
Just address traffic to 192.168.2.[1|2]
But you’ll need to ensure that your services at each end use the correct source
route - otherwise you’ll route the outbound packet via the ptp link, and the
return packet will come via the LAN. E.g. outbound is src=192.168.1.1,
dst=192.168.2.2; return is src=192.168.2.2, dst=192.168.1.1.
1b)
Add routes (one to each host) :
ip route add 192.168.1.1/32 via 192.168.2.1 dev eth1
ip route add 192.168.1.2/32 via 192.168.2.2 dev eth1
This can be done via post-up & pre-down commands when using
/etc/network/interfaces (that’s all I ever use, I never let some “manager” package
bork stuff for me) :
iface eth1
addr 192.168.2.1/24
post-up ip route add 192.168.1.2/32 via 192.168.2.2 dev eth1
pre-down ip route delete 192.168.1.2/32 via 192.168.2.2 dev eth1
And reciprocal settings for the other host.
1c)
Use a redundancy protocol (vrrp on Linux IIRC). You can then have vrrp monitor
the ptp link and add/remove routes as appropriate.
Without vrrp, when you bring up eth1 (option 1b above), it’ll set the route
regardless of whether the link is actually active (cables connected, switch
powered on if there is one, interface on other end up). By using vrrp, you can
leave the routing via the LAN until the link is up and the other host is
responding (at which point, vrrp daemon adds the appropriate route) - and if
something goes wrong with the link then routing can be returned to be via the
LAN.
Option 2
Run the link un-numbered and add routes :
ip route add 192.168.1.1/32 dev eth1
ip route add 192.168.1.2/32 dev eth1
I’m not too sure about this - basically it says to squirt traffic for a
particular address out the interface without addressing the packet to any
particular destination. I’ve done it with Cisco routers, never with Linux - TBH
I decided that un-numbered links are generally a PITA, numbered links allow you
to (e.g., and long time ago when security wasn’t an issue) telnet to a specific
interface (e.g. force a connection via a backup ISDN line) on the remote router
which is a life saver when diagnosing issues. So long before I was playing with
Linux routing I’d ditched un-numbered interfaces.
My first choice would be 1b. It allows you to keep services bound to just the
LAN addresses, while routing inter-host traffic via the dedicated link. Nothing
else need see that there is the other channel involved.
Hope that helps, Simon
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
Tel: 01223 414180
Blog: http://www.ivimey.org/blog
LinkedIn: http://uk.linkedin.com/in/ruthivimeycook/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
