Re: [LARTC] Proxy-ARP

From: "Martin A. Brown" <mabrown-lartc@securepipe.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Proxy-ARP
Date: Mon, 18 Nov 2002 05:49:22 +0000	[thread overview]
Message-ID: <marc-lartc-103759865015741@msgid-missing> (raw)
In-Reply-To: <marc-lartc-103759486813907@msgid-missing>

Mohan,

Let me note a few things.  First, you need only send a mail to the list, 
not the individual subscribers.  

Second,

  - you are either building a bridge

      OR

  - you are building a routing device which will divide the network in 
    two with proxy ARP

If you want to use a bridge, then see the archives for how to do 
traffic control with a bridge, and post specific questions.  I'd also
recommend reading up on bridging:

  http://www.tldp.org/HOWTO/BRIDGE-STP-HOWTO/index.html
  http://bridge.sourceforge.net/

If that's not what you want to do, try the proxy ARP mini-HOWTO, which 
will show you how to set up routes to each side of the network, and 
configure proxy ARP.

  http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet/index.html

I've got a bit on it, as well, but you will probably find more complete 
instructions elsewhere.

  http://plorf.net/linux-ip/html/adv-proxy-arp.htm

Since what you have already started is a proxy ARP solution, I'll point 
some problems out.

 : #ip addr sh
 : 3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
 :     link/ether 00:00:21:f3:0a:4f brd ff:ff:ff:ff:ff:ff
 :     inet 10.0.1.4/24 brd 10.0.1.255 scope global eth0
 : 4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
 :     link/ether 00:00:21:f4:50:e7 brd ff:ff:ff:ff:ff:ff
 :     inet 10.0.1.4/24 brd 10.0.1.255 scope global eth1

This means that you are assigning the same IP to two different ethernet 
interfaces on the same media segment.  That's not strictly forbidden, but 
unless you take some other steps, the machines on the ethernet will get 
one MAC address for 10.0.1.4 one some ARP requests, and the other MAC 
address for other requests.  That's not quite deterministic, so your 
networking will break.

Look into Julian's work on hidden ethernet interfaces if you really want 
to do this (I don't think you do).

  http://www.linuxvirtualserver.org/~julian/#hidden

 : #ip ro sh
 : 10.0.1.0/24 dev eth0  proto kernel  scope link  src 10.0.1.4 
 : 10.0.1.0/24 dev eth1  proto kernel  scope link  src 10.0.1.4 
 : default via 10.0.1.1 dev eth0

If you are intending to break the network into two pieces, you have not 
done so here.  You should make routes for the IPs which are reachable on 
each ethernet.  For example:

# ip route del 10.0.1.0/24 dev eth1
# ip route add 10.0.1.1 dev eth0
# ip route add default via 10.0.1.1

 : #ip ro del 10.0.1.0/24 via 10.0.1.4 dev eth0
 : RTNETLINK answers: No such process

That's because there is no such route....hence the answer is "RTNETLINK 
answers: No such process"  I'd suggest re-reading the iproute2 command 
reference to understand the use of the keyword "via".  You are not using 
the right keyword, or not understanding what you are asking of the kernel, 
here.

 : #ip ro add 10.0.1.1/24 via 10.0.1.4 dev eth0

Good luck,

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/