I'm attempting to configure source-specific routing so that my servers can exist on multiple subnets from multiple upstream providers. A rough diagram of the network layout: ISP1 router (blackbox, routes subnet A, address on subnet A) \ -----------eth0(firewall)eth1---((servers)) / ISP2 router (blackbox, routes subnet B, address on subnet B) The aim is to allow the servers to use both subnet A and subnet B. To allow this, any machine on both subnets must have source-specific routing configured, else packets originating from one ISP's AS will be directed at the other's router, and neither ISP cares for that. At the moment, I'm focusing on getting the second ISP properly added to the firewall box. The firewall box is using CentOS 6.4, and normally passes traffic back and forth via proxy_arp. None of my interfaces are NM_CONTROLLED, and NetworkManager is not installed, much less started. I've created a route-eth0:1 file that looks roughly like this: 10.0.0.1 dev eth0:1 \ src 10.0.0.2 \ from 10.0.0.0/29 default via 10.0.0.1 dev eth0:1 \ src 10.0.0.2 \ from 10.0.0.0/29 (Treat indented lines as continuations of the previous line) (No, the ISPs aren't giving me RFC1918 addresses; these are redacted.) If I run "ifup eth0:1", "ip route show" includes the lines: 10.0.0.1 dev eth0 scope link src 10.0.0.2 10.0.0.0/29 dev eth0 proto kernel scope link src 10.0.0.2 default via 10.0.0.1 dev eth0 Note that the "from 10.0.0.0/29" clause is missing. With the addition of a second default route on my firewall/gateway without any restriction on which traffic should go that way, my whole network, of course, tanks. I'm surprised it's been such a pain; I would have expected it to be a relatively common configuration. What's the proper way of doing source-specific routing on CentOS?
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
