Ruth Ivimey-Cook <r...@ivimey.org> wrote: > > Simon, many thanks for your extended reply! FWIW, the Link is 10GbE while the > Lan is 1GbE. > > I had got as far as option 1, (which creates a host route to the other side), > and another host route to the other ip of the other side.
Actually, if you look there are important differences. > So in netplan-speak: > > enp5s0f0: // PTP link > addresses: > - 192.168.32.5/24 // ip4 of p-t-p I/F of this host > - '2a02:8110:6182:4100:ae8b:de7:321:beb/48' > routes: > - on-link: true > to: 192.168.32.14 // "normal" ip4 of other end of p-t-p > via: 192.168.32.5 > - on-link: true > to: '2a02:8110:6182:4100:ae8b:de7:321:cec' > via: '2a02:8110:6182:4100:ae8b:de7:321:ced' > > bond0: // -net link > addresses: > - 192.168.32.7/24 > - '2a02:8110:6182:4100:ae8b:de7:321:bea/48' You have put the same subnet & prefix on both networks - that is bound to cause confusion. And it’s why : > But then I have to delete these routes before things work properly: > > sudo ip route del 2a02:8110:6182::/48 dev enp5s0f0 > sudo ip route del 192.168.32.0/24 dev enp5s0f0 > > Having done that, all is well and the link works fine. These /24 routes are > added as soon as the interface is brought up -- I think it's the kernel doing > this (I _know_ it's not netplan), possibly because I have been using the > netmask of /24 for those IPs? I believe this is what you described under > option 1c. Yes, these are the network routes - automatically added whenever you put an address on an interface. So once you put the same subnet/prefix on two interfaces, you’ll have two routes that the system will consider equal - they could actually be two interfaces connected to the same network. I suspect that some network stacks might then order the two identical routes by interface speed - thus preferring the 10G one over the 1G one. > I'm wondering whether I should be adding the addresses to the interface as: > > - 192.168.32.5/32 > - '2a02:8110:6182:4100:ae8b:de7:321:beb/128' > > although my intuition tells me that is also wrong, because then I'm telling > the kernel that 192.168.32 is a /24 on one I/F and a /32 on another. That’s getting into “special cases” areas and to be perfectly honest I’m not too sure exactly how it would work. I suspect that it would work just fine, but it’s not necessary. You’ll notice that I used DIFFERENT subnets on the two networks - you’d want to use different prefixes for the IPv6 stuff as well. In my example, 192.168.1.0/24 is the main LAN, and 192.168.2.0/24 is the ptp link/ > I have no experience at all of vrrp. It does sound interesting, but perhaps > another time if you're saying its complex? :-) Not really complex, just something else to learn. I recall the configs weren’t complicated, but it’s too long since I set it up to remember enough to give examples. And it might not be available on one end because : > Just to make life interesting, the other end of the p-t-p link is a Windows > 10 box, so of course everything is managed differently :( You have my sympathies :D Regards, Simon _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
