On Sun, Jan 31, 2010 at 12:05 PM, <fedora@xxxxxxxx> wrote: > Hi every > > I am changing the ISP from aaa.bbb.243.160/27 to ccc.ddd.206.128/27. > In order to provide seamless service to our customers I made the hosts > concerned multihomed, i.e. I added them a logical interface on the new > subnet. I did not introduce a additional NIC into the hosts. > Then, I changed the default route on the hosts to the new network. > > e.g in one host concerned you will see > > myhost:~ # ifconfig > eth0 Link encap:Ethernet HWaddr 00:80:AD:B8:39:C3 > inet addr:ccc.ddd.206.132 Bcast:aaa.bbb.243.191 > Mask:255.255.255.224 > inet6 addr: fe80::80:adb8:39c3/10 Scope:Link > inet6 addr: fe80::280:adff:feb8:39c3/10 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:2733080 errors:0 dropped:0 overruns:0 frame:0 > TX packets:2494806 errors:0 dropped:0 overruns:0 carrier:0 > collisions:119322 txqueuelen:100 > RX bytes:791914000 (755.2 Mb) TX bytes:579375282 (552.5 Mb) > Interrupt:9 Base address:0xf000 > > eth0:1 Link encap:Ethernet HWaddr 00:80:AD:B8:39:C3 > inet addr:192.168.97.164 Bcast:192.168.97.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:9 Base address:0xf000 > > eth0:2 Link encap:Ethernet HWaddr 00:80:AD:B8:39:C3 > inet addr:aaa.bbb.243.164 Bcast:ccc.ddd.206.159 > Mask:255.255.255.224 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:9 Base address:0xf000 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:372918 errors:0 dropped:0 overruns:0 frame:0 > TX packets:372918 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:92340116 (88.0 Mb) TX bytes:92340116 (88.0 Mb) > > myhost:~ # > > and > > myhost:~ # route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > aaa.bbb.243.160 0.0.0.0 255.255.255.224 U 0 0 0 eth0 > ccc.ddd.206.128 0.0.0.0 255.255.255.224 U 0 0 0 eth0 > 192.168.97.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 0.0.0.0 ccc.ddd.206.129 0.0.0.0 UG 0 0 0 eth0 > myhost:~ # > > NOTE: this multihoming has nothing to do with additional security or > performance. > > I did not install something with iproute2 or other routing enhancements. > > PROBLEM: the multihoming works only partially. > > if I invoke e.g. ping on http://iptools.com/ the ping reply does not come > back to its origin. The echo request reaches my server, my server sends an > echo reply, which never reaches the originator. > > > myhost:~ # tcpdump -n ip proto \\icmp > Kernel filter, protocol ALL, datagram packet socket > tcpdump: listening on eth0 > 10:58:35.508765 74.52.9.36 > aaa.bbb.243.164: icmp: echo request (DF) > 10:58:35.508765 aaa.bbb.243.164 > 74.52.9.36: icmp: echo reply (DF) > 10:58:36.508765 74.52.9.36 > aaa.bbb.243.164: icmp: echo request (DF) > 10:58:36.508765 aaa.bbb.243.164 > 74.52.9.36: icmp: echo reply (DF) > 10:58:37.508765 74.52.9.36 > aaa.bbb.243.164: icmp: echo request (DF) > 10:58:37.508765 aaa.bbb.243.164 > 74.52.9.36: icmp: echo reply (DF) > 10:58:38.508765 74.52.9.36 > aaa.bbb.243.164: icmp: echo request (DF) > 10:58:38.508765 aaa.bbb.243.164 > 74.52.9.36: icmp: echo reply (DF) > 10:58:39.508765 74.52.9.36 > aaa.bbb.243.164: icmp: echo request (DF) > 10:58:39.508765 aaa.bbb.243.164 > 74.52.9.36: icmp: echo reply (DF) > ... > > on http://iptools.com/ : > PING aaa.bbb.243.164 (aaa.bbb.243.164) 56(84) bytes of data. > > --- aaa.bbb.243.164 ping statistics --- > 5 packets transmitted, 0 received, 100% packet loss, time 3999ms > > > > If, however, I ping the Host on the other (the new) network address from > http://iptools.com/, the ping gets through: > > > myhost:~ # tcpdump -n ip proto \\icmp > Kernel filter, protocol ALL, datagram packet socket > tcpdump: listening on eth0 > 11:23:04.117248 74.52.9.36 > ccc.ddd.206.132: icmp: echo request (DF) > 11:23:04.117248 ccc.ddd.206.132 > 74.52.9.36: icmp: echo reply (DF) > 11:23:05.117248 74.52.9.36 > ccc.ddd.206.132: icmp: echo request (DF) > 11:23:05.117248 ccc.ddd.206.132 > 74.52.9.36: icmp: echo reply (DF) > 11:23:06.117248 74.52.9.36 > ccc.ddd.206.132: icmp: echo request (DF) > 11:23:06.117248 ccc.ddd.206.132 > 74.52.9.36: icmp: echo reply (DF) > 11:23:07.117248 74.52.9.36 > ccc.ddd.206.132: icmp: echo request (DF) > 11:23:07.117248 ccc.ddd.206.132 > 74.52.9.36: icmp: echo reply (DF) > 11:23:08.117248 74.52.9.36 > ccc.ddd.206.132: icmp: echo request (DF) > 11:23:08.117248 ccc.ddd.206.132 > 74.52.9.36: icmp: echo reply (DF) > > on http://iptools.com/ > > PING ccc.ddd.206.132 (ccc.ddd.206.132) 56(84) bytes of data. > 64 bytes from ccc.ddd.206.132: icmp_seq=1 ttl=245 time=132 ms > 64 bytes from ccc.ddd.206.132: icmp_seq=2 ttl=245 time=132 ms > 64 bytes from ccc.ddd.206.132: icmp_seq=3 ttl=245 time=133 ms > 64 bytes from ccc.ddd.206.132: icmp_seq=4 ttl=245 time=132 ms > 64 bytes from ccc.ddd.206.132: icmp_seq=5 ttl=245 time=132 ms > > --- ccc.ddd.206.132 ping statistics --- > 5 packets transmitted, 5 received, 0% packet loss, time 4000ms > rtt min/avg/max/mdev = 132.915/132.980/133.114/0.405 m > > If I ping the iptools.com host from my host: > > myhost:~ # ping 74.52.9.36 > PING 74.52.9.36 (74.52.9.36): 56 data bytes > 64 bytes from 74.52.9.36: icmp_seq=0 ttl=54 time=134.925 ms > 64 bytes from 74.52.9.36: icmp_seq=1 ttl=54 time=133.172 ms > 64 bytes from 74.52.9.36: icmp_seq=2 ttl=54 time=133.426 ms > 64 bytes from 74.52.9.36: icmp_seq=3 ttl=54 time=133.735 ms > 64 bytes from 74.52.9.36: icmp_seq=4 ttl=54 time=133.503 ms > --- 74.52.9.36 ping statistics --- > 5 packets transmitted, 5 packets received, 0% packet loss > round-trip min/avg/max = 133.172/133.752/134.925 ms > myhost:~ # > > Summary: If, on my host, a service is called for on the old > (aaa.bbb.243.160/27) network, it is not properly answered on the new > network (ccc.ddd.206.128/27). > > I also tried to enable IP forwarding on this host > > myhost:~ # !493 > echo "1" > /proc/sys/net/ipv4/ip_forward > myhost:~ # cat /proc/sys/net/ipv4/ip_forward > 1 > myhost:~ # > > but this did not change anything either. > Furthermore, I was informed on my googling around, that IP forwarding must > not be enabled on a multihomed host. > > What did I miss? > You need to correct the routing, see http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html //HW > Thanks for any hints. > > suomi > > > > > -- > users mailing list > users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines > -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines