LARTC - Mar 2002 - Src IP for outgoing packet with multiple defaults routes

Hi:

Abstract: Linux connected to two different ISP. Outgoing packets seems to peek
randomly it''s source IP address, without regards to the router choosen.

Test bed:
1. Linux Red Hat 7.2 (fw1) with kernel 2.4.7-10, no patches, all netfilter and
adv. routing options on.
2. One "internet" ethernet card that connect to a switch. The switch
connect the two routers also.
3. Linux have two IP: 200.72.44.226 and 200.27.214.226.
4. ip route list show:
   200.72.44.224/27 dev eth0 scope link
   200.27.214.224/29 dev eth0 proto kernel scope link src 200.27.214.226
   default equalize 
           nexthop via 200.27.214.225 dev eth0 weight 1
           nexthop via 200.72.44.225  dev eth0 weight 3
6. No MASQ, no SNAT, no DNAT for packets locally generated.
6. Ethercap running in eth0.
5. Another Linux (ws1) also running ethercap over the wire between router
200.27.214.225 and the switch (via a hub). This machine have address
200.27.214.227.

What I see, after running ethercap at the same time (and for the same period) on
both machines:
1. Ethercap on fw1 capture ~4.500 packets, on sw1 capture ~1.900 packets.
2. On sw1 ethercap show me only packets routed thru router 200.27.214.225. I
check the destination mac address, and it definitly router 200.27.214.225.
3. But on sw1, I see outgoing packets having both source IP 200.27.214.226 and
200.72.44.226.

This is wrong. Packets with source IP 200.72.44.226 must not reach router
200.27.214.226. AFIK, an outgoing packet must have a source address in the same
subnet that the router being used.

Ideas?

Andrés Griñó Brandt
Santiago, Chile
http://galeria.porsiempre.cl [Fotos de viajes, familia, club, etc.]
http://club.porsiempre.cl [Sitio del Club Buceo Aventura]
http://buceo.porsiempre.cl [Página Personal]

------------------------------
http://jawmail.sourceforge.net

Hello,

On Thu, 7 Mar 2002, =?ISO-8859-2?Q?Andr=E9s Gri=F1=F3 Brandt?= wrote:
> Hi:
>
> Abstract: Linux connected to two different ISP. Outgoing packets seems to
peek randomly it''s source IP address, without regards to the router
choosen.
	Not possible with plain kernel, check this URL:

http://www.linuxvirtualserver.org/~julian/#routes

	after patching nexthops with same outdevs are supported
>            nexthop via 200.27.214.225 dev eth0 weight 1
>            nexthop via 200.72.44.225  dev eth0 weight 3
> This is wrong. Packets with source IP 200.72.44.226 must not reach router
200.27.214.226. AFIK, an outgoing packet must have a source address in the same
subnet that the router being used.
	To be honest, NAT in current kernels does not work correctly
with multipath routes, even if you are using different outdevs in all
nexthops. Read the docs mentioned above.
> Ideas?
>
> Andrés Griñó Brandt
> Santiago, Chile
Regards

--
Julian Anastasov <ja@ssi.bg>

On Thu, Mar 07, 2002 at 12:37:04PM +0500, Andr?s Gri?? Brandt
wrote:
> Hi:
> 
> Abstract: Linux connected to two different ISP. Outgoing packets seems to
peek randomly it''s source IP address, without regards to the router
choosen.
> 
> Test bed:
> 1. Linux Red Hat 7.2 (fw1) with kernel 2.4.7-10, no patches, all netfilter
and adv. routing options on.
> 2. One "internet" ethernet card that connect to a switch. The
switch connect the two routers also.
> 3. Linux have two IP: 200.72.44.226 and 200.27.214.226.
> 4. ip route list show:
>    200.72.44.224/27 dev eth0 scope link
>    200.27.214.224/29 dev eth0 proto kernel scope link src 200.27.214.226
>    default equalize 
>            nexthop via 200.27.214.225 dev eth0 weight 1
>            nexthop via 200.72.44.225  dev eth0 weight 3
> 6. No MASQ, no SNAT, no DNAT for packets locally generated.
> 6. Ethercap running in eth0.
> 5. Another Linux (ws1) also running ethercap over the wire between router
200.27.214.225 and the switch (via a hub). This machine have address
200.27.214.227.
> 
> What I see, after running ethercap at the same time (and for the same
period) on both machines:
> 1. Ethercap on fw1 capture ~4.500 packets, on sw1 capture ~1.900 packets.
> 2. On sw1 ethercap show me only packets routed thru router 200.27.214.225.
I check the destination mac address, and it definitly router 200.27.214.225.
> 3. But on sw1, I see outgoing packets having both source IP 200.27.214.226
and 200.72.44.226.
> 
> This is wrong. Packets with source IP 200.72.44.226 must not reach router
> 200.27.214.226. AFIK, an outgoing packet must have a source address in the
> same subnet that the router being used.
Only if you force it to be that way. You told Linux ''I have 2 default
nexthops, and I want 25% of connections to go to 200.27.214.225, 75% to
200.72.44.225'' and that is what happened, more or less.

If you want to be more specific, create policy rules enforcing your subnet
preferences.

Regards,

bert

-- 
http://www.PowerDNS.com          Versatile DNS Software & Services
http://www.tk                              the dot in .tk
http://lartc.org           Linux Advanced Routing & Traffic Control HOWTO