[LARTC] Src IP for outgoing packet with multiple defaults routes

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Mar 07, 2002 at 12:37:04PM +0500, Andr?s Gri?? Brandt wrote:
> Hi:
> 
> Abstract: Linux connected to two different ISP. Outgoing packets seems to peek randomly it's source IP address, without regards to the router choosen.
> 
> Test bed:
> 1. Linux Red Hat 7.2 (fw1) with kernel 2.4.7-10, no patches, all netfilter and adv. routing options on.
> 2. One "internet" ethernet card that connect to a switch. The switch connect the two routers also.
> 3. Linux have two IP: 200.72.44.226 and 200.27.214.226.
> 4. ip route list show:
>    200.72.44.224/27 dev eth0 scope link
>    200.27.214.224/29 dev eth0 proto kernel scope link src 200.27.214.226
>    default equalize 
>            nexthop via 200.27.214.225 dev eth0 weight 1
>            nexthop via 200.72.44.225  dev eth0 weight 3
> 6. No MASQ, no SNAT, no DNAT for packets locally generated.
> 6. Ethercap running in eth0.
> 5. Another Linux (ws1) also running ethercap over the wire between router 200.27.214.225 and the switch (via a hub). This machine have address 200.27.214.227.
> 
> What I see, after running ethercap at the same time (and for the same period) on both machines:
> 1. Ethercap on fw1 capture ~4.500 packets, on sw1 capture ~1.900 packets.
> 2. On sw1 ethercap show me only packets routed thru router 200.27.214.225. I check the destination mac address, and it definitly router 200.27.214.225.
> 3. But on sw1, I see outgoing packets having both source IP 200.27.214.226 and 200.72.44.226.
> 

> This is wrong. Packets with source IP 200.72.44.226 must not reach router
> 200.27.214.226. AFIK, an outgoing packet must have a source address in the
> same subnet that the router being used.

Only if you force it to be that way. You told Linux 'I have 2 default
nexthops, and I want 25% of connections to go to 200.27.214.225, 75% to
200.72.44.225' and that is what happened, more or less.

If you want to be more specific, create policy rules enforcing your subnet
preferences.

Regards,

bert

-- 
http://www.PowerDNS.com          Versatile DNS Software & Services
http://www.tk                              the dot in .tk
http://lartc.org           Linux Advanced Routing & Traffic Control HOWTO
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux