From: bert hubert <ahu@ds9a.nl>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Src IP for outgoing packet with multiple defaults routes
Date: Thu, 07 Mar 2002 19:42:46 +0000 [thread overview]
Message-ID: <marc-lartc-101553022305431@msgid-missing> (raw)
In-Reply-To: <marc-lartc-101551599620984@msgid-missing>
On Thu, Mar 07, 2002 at 12:37:04PM +0500, Andr?s Gri?? Brandt wrote:
> Hi:
>
> Abstract: Linux connected to two different ISP. Outgoing packets seems to peek randomly it's source IP address, without regards to the router choosen.
>
> Test bed:
> 1. Linux Red Hat 7.2 (fw1) with kernel 2.4.7-10, no patches, all netfilter and adv. routing options on.
> 2. One "internet" ethernet card that connect to a switch. The switch connect the two routers also.
> 3. Linux have two IP: 200.72.44.226 and 200.27.214.226.
> 4. ip route list show:
> 200.72.44.224/27 dev eth0 scope link
> 200.27.214.224/29 dev eth0 proto kernel scope link src 200.27.214.226
> default equalize
> nexthop via 200.27.214.225 dev eth0 weight 1
> nexthop via 200.72.44.225 dev eth0 weight 3
> 6. No MASQ, no SNAT, no DNAT for packets locally generated.
> 6. Ethercap running in eth0.
> 5. Another Linux (ws1) also running ethercap over the wire between router 200.27.214.225 and the switch (via a hub). This machine have address 200.27.214.227.
>
> What I see, after running ethercap at the same time (and for the same period) on both machines:
> 1. Ethercap on fw1 capture ~4.500 packets, on sw1 capture ~1.900 packets.
> 2. On sw1 ethercap show me only packets routed thru router 200.27.214.225. I check the destination mac address, and it definitly router 200.27.214.225.
> 3. But on sw1, I see outgoing packets having both source IP 200.27.214.226 and 200.72.44.226.
>
> This is wrong. Packets with source IP 200.72.44.226 must not reach router
> 200.27.214.226. AFIK, an outgoing packet must have a source address in the
> same subnet that the router being used.
Only if you force it to be that way. You told Linux 'I have 2 default
nexthops, and I want 25% of connections to go to 200.27.214.225, 75% to
200.72.44.225' and that is what happened, more or less.
If you want to be more specific, create policy rules enforcing your subnet
preferences.
Regards,
bert
--
http://www.PowerDNS.com Versatile DNS Software & Services
http://www.tk the dot in .tk
http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2002-03-07 19:42 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-03-07 7:37 [LARTC] Src IP for outgoing packet with multiple defaults routes Andrés Grińó Brandt
2002-03-07 16:27 ` Julian Anastasov
2002-03-07 19:42 ` bert hubert [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-101553022305431@msgid-missing \
--to=ahu@ds9a.nl \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.