Re: forwarding pings out ingress interface

["Nicolas de Pesloüan" <nicolas.2p.debian@gmail.com>]

Le 02/06/2011 21:10, Jeff Haran a écrit :
> Running Redhat Enterprize 6.0, seeing the following behavior.
>
> Two Ethernet network segments: 172.30/16 and 169.254.160/24.
>
> Three "devices":
>
> [linux] is the blade running RHEL6.0. It has multiple network interfaces
> and has IP forwarding enabled.
> [host] is an IP host of some sort.
> [lb] is an L3 load balancer.
>
> They are connected like so:
>
> [host] 172.30.0.254<->  172.30.0.2 [lb] 169.254.160.20<->  169.254.160.1
> [linux]
>
> I have not shown the other network interfaces that [linux] is attached
> to for brevity in the diagram.
>
> One of the peculiarities of [lb] is if [host] pings it at 172.30.0.2, it
> will not respond to the ping itself but instead forward the ping to
> [linux]. I realize this is broken, but I have to deal with it (its
> cooked into [lb]'s silicon). [lb]'s vendor assures me that if [linux]
> would only forward the ping back to [lb] out the same interface it came
> in on, then [lb] will generate a ping response back to [host].
>
> My problem is [linux] won't forward the ping back to [lb]. [linux] has a
> route to 172.30/16 out the interface that connects it to [lb] and I can
> see from tcpdump that [linux] is getting the ICMP Echo requests with
> source address 172.30.0.254 and destination address 172.30.0.2, but
> nothing gets transmitted out that interface in response.

As per RFC3927, section 2.6.2 "[a] host MUST NOT send a packet with an IPv4 Link-Local destination 
address to any router for forwarding." Your linux host use 169.254.160/24, which is in the IPv4 
Link-Local range. So it is normal for your linux host not to reply to a ping request coming from 
outside of the local subnet.

Why do you use an IP in the link local range? For as far as I remember (but I failed to find the 
exact section), this RFC also forbid static configuration of an IP in this range.

	Nicolas.