hi everyone I'm having a bit of a puzzle on one centos system, I have four interfaces: nm-team1 10.5.6.100 em1 192.168.2.17 em2 192.168.2.18 p3p3 172.25.12.222 I do: ping 10.5.6.17 -I em1 PING 10.5.6.17 (10.5.6.17) from 192.168.2.17 em1: 56(84) bytes of data. 64 bytes from 10.5.6.17: icmp_seq=1 ttl=64 time=0.367 ms the same for -I em2, for -I em1 and naturally for -I nm-team1 - all good. but: $ ping 10.5.6.17 -I p3p3 PING 10.5.6.17 (10.5.6.17) from 172.25.12.202 p3p3: 56(84) bytes of data. and nothing, ping waits and no reply, Ctrl+C with such a simple setup rules based routing should not be involved, kernel should figure it out, right? many thanks. L.
On 8/16/2016 3:53 AM, lejeczek wrote:> > $ ping 10.5.6.17 -I p3p3 > PING 10.5.6.17 (10.5.6.17) from 172.25.12.202 p3p3: 56(84) bytes of data. > > and nothing, ping waits and no reply, Ctrl+C > > with such a simple setup rules based routing should not be involved, > kernel should figure it out, right?you specifically said to send that packet to an interface on the wrong network, of course, its not going to get through, unless there's an external route from that network to the destination. I'm presuming there's a router somewhere else between your 192.168.2.0/24 network and 10.5.6.17, that would enable those ping -I em1/2 commands to work. note that the recipient of the ping needs to have a route to get back to the source, too. -- john r pierce, recycling bits in santa cruz
I forgot to mentioned, just to be clear, these IFs are all one node, the same one hos, its routing table: 10.5.6.0 0.0.0.0 255.255.255.0 U 350 0 0 nm-team1 172.25.12.0 0.0.0.0 255.255.255.0 U 100 0 0 p3p3 192.168.2.0 0.0.0.0 255.255.255.0 U 110 0 0 em2 192.168.2.0 0.0.0.0 255.255.255.0 U 111 0 0 em1 no default gateways, so you can see these are directly connected networks $ traceroute -n 10.5.6.17 -i em1 traceroute to 10.5.6.17 (10.5.6.17), 30 hops max, 60 byte packets 1 10.5.6.17 0.426 ms !X 0.393 ms !X 0.311 ms !X $ traceroute -n 10.5.6.17 -i em2 traceroute to 10.5.6.17 (10.5.6.17), 30 hops max, 60 byte packets 1 10.5.6.17 0.382 ms !X 0.326 ms !X 0.274 ms !X $ traceroute -n 10.5.6.17 -i nm-team1 traceroute to 10.5.6.17 (10.5.6.17), 30 hops max, 60 byte packets 1 10.5.6.17 0.407 ms !X 0.342 ms !X 0.294 ms !X $ traceroute -n 10.5.6.17 -i p3p3 traceroute to 10.5.6.17 (10.5.6.17), 30 hops max, 60 byte packets 1 * * * 2 * * * 3 * * * 4 * * * I was expecting kernel's network would know best, what to do, especially that: (enp6s0f0 is 10.5.6.17) root at 10.5.6.17 ]$ ping 172.25.12.222 -I enp6s0f0 PING 172.25.12.202 (172.25.12.222) from 10.5.6.17 enp6s0f0: 56(84) bytes of data. 64 bytes from 172.25.12.222: icmp_seq=1 ttl=64 time=0.396 ms there are two switches and vlans, switches routes auto configured, no default gateways on the switches neither, to try to simplify & troubleshoot. regards L. On 16/08/16 11:59, John R Pierce wrote:> On 8/16/2016 3:53 AM, lejeczek wrote: >> >> $ ping 10.5.6.17 -I p3p3 >> PING 10.5.6.17 (10.5.6.17) from 172.25.12.202 p3p3: >> 56(84) bytes of data. >> >> and nothing, ping waits and no reply, Ctrl+C >> >> with such a simple setup rules based routing should not >> be involved, kernel should figure it out, right? > > you specifically said to send that packet to an interface > on the wrong network, of course, its not going to get > through, unless there's an external route from that > network to the destination. I'm presuming there's a router > somewhere else between your 192.168.2.0/24 network and > 10.5.6.17, that would enable those ping -I em1/2 commands > to work. note that the recipient of the ping needs to > have a route to get back to the source, too. > > > >
I would not be even bothered that much if at all about that source IF being different net and not pinging, but the real problem is that: that host in question is meant to be routing between 172.25.x.x <=> 10.5.x.x and it sort of does but only ICMP seems to get through. Anything else, any other port seem to be blocked-filtered and I cannot wrap my head around as to why? I'm beginning to think that maybe switch's trunking/tagging is misconfigured somehow, but it should be simple, gee.. On 16/08/16 11:59, John R Pierce wrote:> On 8/16/2016 3:53 AM, lejeczek wrote: >> >> $ ping 10.5.6.17 -I p3p3 >> PING 10.5.6.17 (10.5.6.17) from 172.25.12.202 p3p3: >> 56(84) bytes of data. >> >> and nothing, ping waits and no reply, Ctrl+C >> >> with such a simple setup rules based routing should not >> be involved, kernel should figure it out, right? > > you specifically said to send that packet to an interface > on the wrong network, of course, its not going to get > through, unless there's an external route from that > network to the destination. I'm presuming there's a router > somewhere else between your 192.168.2.0/24 network and > 10.5.6.17, that would enable those ping -I em1/2 commands > to work. note that the recipient of the ping needs to > have a route to get back to the source, too. > > > >