-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 mtu= and source= options were not applied over default route (which is most important place for these options). - -- Tuomo Soini <tis@foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <http://foobar.fi/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFH4ig4TlrZKzwul1ERAvQzAJ9+pgzdpMs7OAl6INo8WRQQ+Owx4ACfdqgr lWbG9U5a/6Ecbqx0QQhLzK4=QOF2 -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tuomo Soini wrote:> mtu= and source= options were not applied over default route (which is > most important place for these options). >Hmmh. This needs more fixing still. src and mtu need to be set for balance default routes too... - -- Tuomo Soini <tis@foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <http://foobar.fi/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFH4nbHTlrZKzwul1ERAuhfAJ9YCEJczM2A5wSJRgjOeAVWokH8rACfbMNy 6rD5dMGvFKWqJBh+mwiJmpk=dfcL -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Tuomo Soini wrote:> Tuomo Soini wrote: >> mtu= and source= options were not applied over default route (which is >> most important place for these options). > > > > Hmmh. This needs more fixing still. src and mtu need to be set for > balance default routes too...Have you determined what the proper syntax is for that case? I recall trying to do that and I couldn''t make ''ip'' happy with anything that I tried. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Thu, Mar 20, 2008 at 07:49:05AM -0700, Tom Eastep wrote:> Tuomo Soini wrote: >> Tuomo Soini wrote: >>> mtu= and source= options were not applied over default route (which is >>> most important place for these options). >> >> >> >> Hmmh. This needs more fixing still. src and mtu need to be set for >> balance default routes too... > > Have you determined what the proper syntax is for that case? I recall > trying to do that and I couldn''t make ''ip'' happy with anything that I > tried.It should be: ip route add default table 50 mtu 1500 src 1.2.3.4 nexthop via 2.3.4.5 dev eth0 nexthop via 3.4.5.6 dev eth1 Doesn''t that work? I don''t have a test system on hand, but that''s what the parser should accept. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Andrew Suffield wrote:> On Thu, Mar 20, 2008 at 07:49:05AM -0700, Tom Eastep wrote: >> Tuomo Soini wrote: >>> Tuomo Soini wrote: >>>> mtu= and source= options were not applied over default route (which is >>>> most important place for these options). >>> >>> >>> Hmmh. This needs more fixing still. src and mtu need to be set for >>> balance default routes too... >> Have you determined what the proper syntax is for that case? I recall >> trying to do that and I couldn''t make ''ip'' happy with anything that I >> tried. > > It should be: > > ip route add default table 50 mtu 1500 src 1.2.3.4 nexthop via 2.3.4.5 dev eth0 nexthop via 3.4.5.6 dev eth1 > > Doesn''t that work? I don''t have a test system on hand, but that''s what > the parser should accept. >Except that you need a different src for each nexthop. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Thu, Mar 20, 2008 at 11:50:11AM -0700, Tom Eastep wrote:>> It should be: >> >> ip route add default table 50 mtu 1500 src 1.2.3.4 nexthop via 2.3.4.5 dev eth0 nexthop via 3.4.5.6 dev eth1 >> >> Doesn''t that work? I don''t have a test system on hand, but that''s what >> the parser should accept. >> > > Except that you need a different src for each nexthop.Ah, I see the problem. iproute can''t currently do that, AFAICT (the parser structure doesn''t accept anything other than via, dev, weight, onlink, and realms as parameters of a nexthop structure). This is probably a bug - maybe all the way to the kernel, I haven''t checked that part. I think you need to consult the authors. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Andrew Suffield wrote:> On Thu, Mar 20, 2008 at 11:50:11AM -0700, Tom Eastep wrote: >>> It should be: >>> >>> ip route add default table 50 mtu 1500 src 1.2.3.4 nexthop via 2.3.4.5 dev eth0 nexthop via 3.4.5.6 dev eth1 >>> >>> Doesn''t that work? I don''t have a test system on hand, but that''s what >>> the parser should accept. >>> >> Except that you need a different src for each nexthop. > > Ah, I see the problem. iproute can''t currently do that, AFAICT (the > parser structure doesn''t accept anything other than via, dev, weight, > onlink, and realms as parameters of a nexthop structure). This is > probably a bug - maybe all the way to the kernel, I haven''t checked > that part. I think you need to consult the authors. >It''s already been acknowledged on one of the mailing lists that ''src'' is basically useless in many policy routing setups. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/