I have a theory on the cause of a problem but it is still only a theory.
I wonder if anyone here can confirm.
I have a multi-isp configuration with a multi-path default route to each
ISP, equally weighted.
I am seeing, periodically, traffic dropped due to martian detection and
errors logged on inbound traffic, but at other times, that same exact
traffic will be allowed, no errors.
My supposition is this: If I use "ip route get <source_addr>"
for the
source address that rp_filter is dropping traffic from I can see that
it''s reporting that traffic to that address would use the alternate ISP
interface from the one it''s being received on (and logged as a martian
and dropped). If I continue to use ip get route on that address
eventually it will report the interface that the traffic is being
received on -- that would be the balancing feature of the multiple
paths.
I believe that during these times when ip route get is reporting the
alternate interface, the kernel would also log inbound packets from that
address as martians. Is this the case?
To further confirm my supposition, while my gateway is dropping packets
and logging them as martians, I can install a route specifically for
that source pointing to the interface that they are being received on
and the dropping/martian logging stops and the traffic is received.
So to summarize it seems that when doing the rp_filter tests, the kernel
only uses the "current default" route and not all available default
routes when determining the reverse path. Is this true?
Thanx,
b.
--
My other computer is your Microsoft Windows server.
Brian J. Murrell
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
