'Weird Linux kernel routing problem (OT: LONG)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       inet-access
Subject:    Weird Linux kernel routing problem (OT: LONG)
From:       John Gonzalez/netMDC admin <ekool () ns1 ! netmdc ! com>
Date:       2001-03-30 19:10:30
[Download RAW message or body]

I asked the debian-isp list this a while back and never got an answer. Its
annoyed me enough that im going to ask this list and see what you guys can
come up with.. the basic problem is this:

I have some pm3's routing properly, a few linux boxes routing properly, a
router routing properly, etc.

The pm3's are setup in different subnets and the router has many secondary
interfaces.

The linux boxes have many virtual interfaces as well and all work. 

However, some pm3's cant reach certain virtual hosts, even though they
work fine from any requests originating outside my network.

I'm pretty sure its an arp problem. Like, linux is not seeing the ARP
return from the router since its sending it to an interface on the linux
box that isnt the primary interface, and the virtual interface is in a
diff subnet then the primary.

For example, if i traceroute to the IP on the pm3 that it cant reach (a
customers IP) using the virtual interface to trace from, it doesnt work.

However, if i ping it first from the interface, then trace it, it
works. See following:

skank:/space/ekool# traceroute -s 63.162.108.12 207.138.78.73
traceroute to 207.138.78.73 (207.138.78.73) from 63.162.108.12, 30 hops
max, 40 byte packets
 1  gamingeeks.com (63.162.108.12)  2990.77 ms !H  2996.3 ms !H  2999.91
ms !H

skank:/space/ekool# ping -I 63.162.108.12 207.138.78.73
PING 207.138.78.73 (207.138.78.73): 56 data bytes
64 bytes from 207.138.78.73: icmp_seq=0 ttl=127 time=139.2 ms
64 bytes from 207.138.78.73: icmp_seq=1 ttl=127 time=113.6 ms

--- 207.138.78.73 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 113.6/126.4/139.2 ms

skank:/space/ekool# traceroute -s 63.162.108.12 207.138.78.73
traceroute to 207.138.78.73 (207.138.78.73) from 63.162.108.12, 30 hops
max, 40 byte packets
 1  pm3-5.netmdc.com (207.138.78.45)  2.487 ms  3.804 ms  1.914 ms
 2  73-pm3-5.ala.netmdc.com (207.138.78.73)  101.428 ms  96.644 ms  95.581
ms

Now, here is the weird part. I have linux boxen using the 2.0.XX kernel
that work in this fashion, with identical setups just peachy. This is a
2.2.X based box, and it behaves differently in the following way (and
below is a cut and paste of what i posted to debian-isp)

Back in the 2.0.XX days of the kernel, i used to add virtual hosts in the
following fashion, and it worked beautiful. I could even add hosts out of
a diff subnet then the primary interface.

It would take and send traffic out on the same virtual interface it came
in on. Somehow, between 2.0.XX and 2.2.XX -- this behaviour changed. I'm
trying to figure out the proper way to do it now, as it seems im not doing
it right.

Here is some output:

On an old 2.0.XX box:
#alias domain for blah.com
ifconfig eth0:3 206.XX.XXX.XX broadcast 206.XX.XXX.XX netmask
255.255.255.0
route add -host 206.XX.XXX.XX dev eth0:3

which works beautifully... here is a netstat -nr output, which shows the
computer is using the virtual interface to send/receive packets:

206.XX.XXX.XX   0.0.0.0         255.255.255.255 UH     1500 0          0
eth0:0
206.XX.XXX.XX   0.0.0.0         255.255.255.255 UH     1500 0          0
eth0:1
206.XX.XXX.XX   0.0.0.0         255.255.255.255 UH     1500 0          0
eth0:3
206.XX.XXX.XX   0.0.0.0         255.255.255.255 UH     1500 0          0
eth0:4

Now, here is the exact same setup on a 2.2.XX based box, and as you can
see, it is not working properly. ARP requests are not going through, so
devices on diff subnets cannot reach the host properly, etc.

63.XX.XXX.XX    0.0.0.0         255.255.255.255 UH        0 0          0
eth0
63.XX.XXX.XX    0.0.0.0         255.255.255.255 UH        0 0          0
eth0
207.XX.XXX.XX   0.0.0.0         255.255.255.255 UH        0 0          0
eth0

Which, the setup is identical. However, this shows it answering everything
on eth0 instead of the proper eth0:X device??? any ideas?


-- 
John Gonzalez / johng@netmdc.com / johng@tularosa.net
Tularosa Communications, Inc. (505) 439-0200 voice / (505) 443-1228 fax
http://www.tularosa.net / ASN 11711 / JG6416
[----------------------------------------------[ sys info ]-----------]
 11:50am  up 204 days, 18:19,  3 users,  load average: 0.02, 0.22, 0.28



-
List archives can be found at: <http://www.moongroup.com/inet.php>
Send 'unsubscribe' in the body to 'list-request@inet-access.net' to leave.
Eat sushi frequently.   inet@inet-access.net is the human contact address.

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic