LARTC - Dec 2002 - 2 NICs in same network & ip aliasing

hi all,

  i have one little problem,and i can''t find answer.

				PC1
		
		     eth1	           eth2
		  10.0.0.1/8		10.0.0.2/8
			|		10.0.0.3/8 secondary
			|		    |
			|		    |
			|		    |
					    |
			switch	-------------
			   |
			   |
			   |	
		   	   eth1
			10.0.0.10/8
			   PC2
			(default route 10.0.0.2)

i have set arp_filter=1,
and 2 ip tables , A and B

table A:
10.0.0.0/8 dev eth1 scope link
table B:
10.0.0.0/8 dev eth2 scope link

and ip rule:
... from 10.0.0.1 lookup A
... from 10.0.0.2 lookup B
.
.


ping PC2 -> 10.0.0.1  ...ok answer come from eth1
ping PC2 -> 10.0.0.2  ...ok answer come from eth2

but
ping PC2 -> 10.0.0.3(secondary) ... wrong answer come from eth1 !
PC1 answer on arp question "who has 10.0.0.3", "10.0.0.3 is at
eth1"

If I set arp_filter=0,
and set hidden = 1 :
ping PC2 -> 10.0.0.3(secondary) ... no answer


what i make wrong?

thanks for answers
bye


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

On Tue, Dec 03, 2002 at 06:34:00PM +0100, virdzek, roman
wrote:
>  hi all,
> 
>  i have one little problem,and i can''t find answer.
> 
> 				PC1
> 		
> 		     eth1	           eth2
> 		  10.0.0.1/8		10.0.0.2/8
> 			|		10.0.0.3/8 secondary
> 			|		    |
> 			|		    |
> 			|		    |
> 					    |
> 			switch	-------------
> 			   |
> 			   |
> 			   |	
> 		   	   eth1
> 			10.0.0.10/8
> 			   PC2
> 			(default route 10.0.0.2)
> 
> i have set arp_filter=1,
> and 2 ip tables , A and B
> 
> table A:
> 10.0.0.0/8 dev eth1 scope link
> table B:
> 10.0.0.0/8 dev eth2 scope link
> 
> and ip rule:
> ... from 10.0.0.1 lookup A
> ... from 10.0.0.2 lookup B
> .
> .
> 
> 
> ping PC2 -> 10.0.0.1  ...ok answer come from eth1
> ping PC2 -> 10.0.0.2  ...ok answer come from eth2
> 
> but
> ping PC2 -> 10.0.0.3(secondary) ... wrong answer come from eth1 !
> PC1 answer on arp question "who has 10.0.0.3", "10.0.0.3 is
at eth1"
> 
> If I set arp_filter=0,
> and set hidden = 1 :
> ping PC2 -> 10.0.0.3(secondary) ... no answer
> 
> 
> what i make wrong?
Well, some people say this behaviour is correct wrt the rfc. I wont go into
that discussion.

After searching for a long time, I found this way to solve the problem:

1) make sure there are no wrong ARP replies:

echo 1 > /proc/sys/net/ipv4/conf/$DEVICE/arp_filter

2) make sure the packets are sent from the correct interface:

Turn advanced routing on in the kernel.
CONFIG_IP_ADVANCED_ROUTER=y

For every REAL interface (not alias), try:
(the variables should be clear, add entries to /etc/iproute2/rt_tables for
every device, to make configuration easier to read)

ip route add ${NET} dev ${DEVICE}  scope link  table ${DEVICE}
ip route add default via ${GATEWAY} dev ${DEVICE} table ${DEVICE}

ip rule add from ${ADDR} table ${DEVICE}



For every ALIAS do

ip rule add from ${IP} table ${TABLE}


This setup means that every packet is routed based on the source address.
I''ve used it for some time now, and it works just fine.

I hope this helps.


Greetings,

Ivo De Decker

P.S. Maybe this could be documented in the LARTC.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/