Okay, so I''m trying to setup my multiple ISP setup that I described
earlier.
I have:
# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP
qlen 1000
link/ether 00:b0:d0:df:e3:1d brd ff:ff:ff:ff:ff:ff
inet 10.10.0.1/16 brd 10.10.255.255 scope global em1
inet6 fe80::2b0:d0ff:fedf:e31d/64 scope link
valid_lft forever preferred_lft forever
3: em2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP
qlen 1000
link/ether 00:b0:d0:df:e3:1e brd ff:ff:ff:ff:ff:ff
inet 192.168.201.1/29 brd 192.168.201.7 scope global em2
inet 4.28.99.161/27 brd 4.28.99.191 scope global em2
inet6 fe80::2b0:d0ff:fedf:e31e/64 scope link
valid_lft forever preferred_lft forever
4: p2p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb state UP
qlen 1000
link/ether 00:02:b3:a1:9b:03 brd ff:ff:ff:ff:ff:ff
inet 65.44.101.162/27 brd 65.44.101.191 scope global p2p1
inet 4.28.99.185/32 scope global p2p1
inet 65.44.101.183/27 brd 65.44.101.191 scope global secondary p2p1
inet 65.44.101.185/27 brd 65.44.101.191 scope global secondary p2p1
inet 65.44.101.187/27 brd 65.44.101.191 scope global secondary p2p1
inet 65.44.101.188/27 brd 65.44.101.191 scope global secondary p2p1
inet6 fe80::202:b3ff:fea1:9b03/64 scope link
valid_lft forever preferred_lft forever
5: p2p2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc htb
state UP
qlen 1000
link/ether 00:02:b3:a1:9b:04 brd ff:ff:ff:ff:ff:ff
inet 4.28.99.98/30 brd 4.28.99.99 scope global p2p2
inet6 fe80::202:b3ff:fea1:9b04/64 scope link
valid_lft forever preferred_lft forever
7: ifb0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc htb state UNKNOWN
qlen 32
link/ether aa:16:8a:04:ae:4f brd ff:ff:ff:ff:ff:ff
inet6 fe80::a816:8aff:fe04:ae4f/64 scope link
valid_lft forever preferred_lft forever
8: ifb1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc htb state UNKNOWN
qlen 32
link/ether 2a:d4:11:cc:22:b8 brd ff:ff:ff:ff:ff:ff
inet6 fe80::28d4:11ff:fecc:22b8/64 scope link
valid_lft forever preferred_lft forever
p2p2 is the new ISP interface. tshark -i p2p2 shows:
862.332476 00:18:74:cf:f4:00 -> ff:ff:ff:ff:ff:ff ARP Who has 4.28.99.98?
Tell 4.28.99.97
867.898209 00:18:74:cf:f4:00 -> ff:ff:ff:ff:ff:ff ARP Who has 4.28.99.98?
Tell 4.28.99.97
872.452248 00:18:74:cf:f4:00 -> ff:ff:ff:ff:ff:ff ARP Who has 4.28.99.98?
Tell 4.28.99.97
877.454218 00:18:74:cf:f4:00 -> ff:ff:ff:ff:ff:ff ARP Who has 4.28.99.98?
Tell 4.28.99.97
...
and so on. So, why the heck isn''t the interface responding to the arp
request?
/etc/shorewall/interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
# I think we need routeback for loc-natted addresses
loc em1 detect routeback
# Need routeback for dmz-dmz across ISP addresses
dmz em2 detect routeback
net p2p1 detect routefilter
net p2p2 detect routefilter
ppp ppp0 detect
nwvpn tun0
road tun1
Thanks!
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane orion@cora.nwra.com
Boulder, CO 80301 http://www.cora.nwra.com
------------------------------------------------------------------------------
Doing More with Less: The Next Generation Virtual Desktop
What are the key obstacles that have prevented many mid-market businesses
from deploying virtual desktops? How do next-generation virtual desktops
provide companies an easier-to-deploy, easier-to-manage and more affordable
virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/
I''m also running proxyarp on p2p1: #ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT 65.44.101.179 em2 p2p1 no 65.44.101.180 em2 p2p1 no 65.44.101.182 em2 p2p1 no 65.44.101.184 em2 p2p1 no 65.44.101.187 em2 p2p1 no 65.44.101.190 em2 p2p1 no not sure if that matters. Perhaps there is an issue on the other side as well. If I try to ping 4.28.99.97 I see: 146.730653 00:02:b3:a1:9b:04 -> ff:ff:ff:ff:ff:ff ARP Who has 4.28.99.97? Tell 4.28.99.98 147.272219 00:18:74:cf:f4:00 -> ff:ff:ff:ff:ff:ff ARP Who has 4.28.99.98? Tell 4.28.99.97 both sides trying to get an arp response without success unless I''m somehow filtering arp replies. -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA/CoRA Division FAX: 303-415-9702 3380 Mitchell Lane orion@cora.nwra.com Boulder, CO 80301 http://www.cora.nwra.com ------------------------------------------------------------------------------ Doing More with Less: The Next Generation Virtual Desktop What are the key obstacles that have prevented many mid-market businesses from deploying virtual desktops? How do next-generation virtual desktops provide companies an easier-to-deploy, easier-to-manage and more affordable virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/
On 09/12/2011 09:34 AM, Orion Poplawski wrote:> p2p2 is the new ISP interface. tshark -i p2p2 shows: > > 862.332476 00:18:74:cf:f4:00 -> ff:ff:ff:ff:ff:ff ARP Who has 4.28.99.98? > Tell 4.28.99.97 > 867.898209 00:18:74:cf:f4:00 -> ff:ff:ff:ff:ff:ff ARP Who has 4.28.99.98? > Tell 4.28.99.97 > 872.452248 00:18:74:cf:f4:00 -> ff:ff:ff:ff:ff:ff ARP Who has 4.28.99.98? > Tell 4.28.99.97 > 877.454218 00:18:74:cf:f4:00 -> ff:ff:ff:ff:ff:ff ARP Who has 4.28.99.98? > Tell 4.28.99.97Apparently they put me on a vlan: Frame 3: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) Arrival Time: Sep 12, 2011 10:49:51.863277000 MDT Epoch Time: 1315846191.863277000 seconds [Time delta from previous captured frame: 5.006002000 seconds] [Time delta from previous displayed frame: 5.006002000 seconds] [Time since reference or first frame: 5.006088000 seconds] Frame Number: 3 Frame Length: 64 bytes (512 bits) Capture Length: 64 bytes (512 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:vlan:arp] Ethernet II, Src: 00:18:74:cf:f4:00 (00:18:74:cf:f4:00), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff) Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff) Address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) Source: 00:18:74:cf:f4:00 (00:18:74:cf:f4:00) Address: 00:18:74:cf:f4:00 (00:18:74:cf:f4:00) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: 802.1Q Virtual LAN (0x8100) 802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 2500 000. .... .... .... = Priority: Best Effort (default) (0) ...0 .... .... .... = CFI: Canonical (0) .... 1001 1100 0100 = ID: 2500 Type: ARP (0x0806) Trailer: 000000000000000000000000000000000000 Address Resolution Protocol (request) Hardware type: Ethernet (0x0001) Protocol type: IP (0x0800) Hardware size: 6 Protocol size: 4 Opcode: request (0x0001) [Is gratuitous: False] Sender MAC address: 00:18:74:cf:f4:00 (00:18:74:cf:f4:00) Sender IP address: 4.28.99.97 (4.28.99.97) Target MAC address: 00:00:00:00:00:00 (00:00:00:00:00:00) Target IP address: 4.28.99.98 (4.28.99.98) Now I have to figure out how to get the vlan working. -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA/CoRA Division FAX: 303-415-9702 3380 Mitchell Lane orion@cora.nwra.com Boulder, CO 80301 http://www.cora.nwra.com ------------------------------------------------------------------------------ Doing More with Less: The Next Generation Virtual Desktop What are the key obstacles that have prevented many mid-market businesses from deploying virtual desktops? How do next-generation virtual desktops provide companies an easier-to-deploy, easier-to-manage and more affordable virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/