Hello everyone,
Please excuse these basic questions but I am new to Linux and I
am getting desperate for answers.
We are running redhat linux and after many hours of investigation I am
unable to get a certain ip rule and ip route command combination to work.
These are the software versions installed.
[root@c1b04a01 linux-2.4.21-15.EL]# uname -a
Linux c1b04a01 2.4.21-15.ELsmp #1 SMP Thu Apr 22 00:18:24 EDT 2004 i686 i686
i386 GNU/Linux
[root@c1b04a01 linux-2.4.21-15.EL]# ip -Ver
ip utility, iproute2-ss010824
[root@c1b04a01 linux-2.4.21-15.EL]#
We have an ibm bladecenter with dual gige adapters on each blade.
We hope to be able to route external internet web client packets coming
into an
interface to go back out on the same interface. The packets must go out the
same interface
they came in on as we have two nortel layer 2-7 switches (eth1 on each blade
is connected to
one of these switches, the eth0 interface is connected to the other switch).
There are virtual
load balancing ips (vips) in each switch which nat to the blade interface.
We are trying to
implement an active - active switch setup using vrrp for failover.
The interfaces are set up as: (eth0 is address 10.10.10.104, eth1 is address
10.10.11.104).
At first we thought we could use the same subnet for each interface but
after initial testing
we decided to simplify the situation by using different subnets.
[root@c1b04a01 root]# ip addr
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
4: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 00:0d:60:4e:33:d2 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.104/24 brd 10.10.10.255 scope global eth0
5: eth1: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 00:0d:60:4e:33:d3 brd ff:ff:ff:ff:ff:ff
inet 10.10.11.104/24 brd 10.10.11.255 scope global eth1
[root@c1b04a01 root]#
When we try these commands:
ip rule add iif eth0 prio 100 table 100
ip route add default via 10.10.10.1 dev eth0 table 100
ip rule add iif eth1 prio 200 table 200
ip route add default via 10.10.11.2 dev eth1 table 200
no packets are sent out of the interfaces.
When we try the commands:
ip rule add default prio 100 table 20
ip route add default via 10.10.11.2 dev eth1 table 20
we see incoming packets on eth0 and eth1 being answered on eth1 so we at
least
know that the ip rule and ip route commands are working.
When we try the commands:
ip rule add from 10.10.12.3 prio 100 table 20
ip route add default via 10.10.11.2 dev eth1 table 20
we do not see traffic from 10.10.12.3 being answered on eth1, we also tried
10.10.12.0/24
and still no pings from 10.10.12.3 were answered. Any ideas why this rule
fails?
We tried with ip_forward set to zero and one (no difference), and we are
familiar with the
use of the "ip route flush cache" command when removing and adding routes.
Are we interpreting the documentation correctly for the ip rule regarding
the iif option?
Can all source packets be routed out the same interface with these
commands?
Is there an easy solution for this using ip rule and ip route?
If not, can we achieve this functionality using the firewall commands which
mark a packet?
Any advice would be much appreciated.
Also once we get this working we will document a solution as I believe
there will be other
sites trying to do the same thing. We may be one of the first sites with
dual internal
switches in a bladecenter.
Thank you.
Tony Hempinstall.
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
