On Sat, 6 Dec 2003, Darryl Miles wrote: > petrch@xxxxxxxxx wrote: > > >I have this: > > > >publicIP(server)-netA--internet(netC)--netB--172.26.3.0/24 > > > >I have tunnel between netA and netB. The tunnel is > >for manage some network devices what are using > >private IP from network 172.26.3.0/24. > >Now if I ping from publicIP (it could be server > >with nagios). Echo request > >packet is routed through tunnel and reaches 172.26.3.1(device) > >but echo reply is routed via default route on netB gateway > >and NATed out to internet. > > > >Question: Could I somehow discover that echo request traveled > >by tunnel so reply should take same way? > > > > > > What tunneling technology are you using (IPIP, GRE, VPN > (ESP/AH/PPTP/...) ) ? It's GRE. > Normally you'd configure the tunnel endpoint routers at both sites to > > have recipriocal routing entries for each others subnet. Also configure Yes, I've this done for nonpublic networks (more exactly for 172.26.0.0/16 which one we are using for network management). But netA is small ISP with about 1000 subscribers and we are not AS right now. You're probably right, that I could simply add one route for each our assigned C network, but than I have to reconfigure each tunnel after each change. I could simply use OSPF and set it on netB gw (we are using OSPF on netA), but than all traffic to netA will go throught tunnel, what is not exactly what I need. One more difficulty is, that in netB are couple of clients on 172.26.3.0/24 (clients has addresses from .2 up and devices goes from 254 down). As I'm writing now, I'm starting to understand your advice like this: "You screwed up you address plan. If you are doing things right way, you could not have this problem at all." So one way is to simply move devices on netB to their own network 172.26.x.0/24 and all traffic from this network route to tunnel. Is there any other way, how to "autoconfigure" routing through tunnel? > on the endpoint hosts a black hole routing entry with a higher metric > than the tunnel, so that "Network Unreachables" are correctly returned Ok. thanks. I forgot to do this. > So I ask: Does your network topology really need to be able to discover I'm not sure. Probably I can at least redesign netB and reconfigure devices there. netB is 80km from here and maybe I'm only afraid that I will have to leave my neat office and drive there. > > > Darryl > Petr Chloupek petrch@xxxxxxxxx _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
