I have a theory on the cause of a problem but it is still only a theory. I wonder if anyone here can confirm. I have a multi-isp configuration with a multi-path default route to each ISP, equally weighted. I am seeing, periodically, traffic dropped due to martian detection and errors logged on inbound traffic, but at other times, that same exact traffic will be allowed, no errors. My supposition is this: If I use "ip route get <source_addr>" for the source address that rp_filter is dropping traffic from I can see that it's reporting that traffic to that address would use the alternate ISP interface from the one it's being received on (and logged as a martian and dropped). If I continue to use ip get route on that address eventually it will report the interface that the traffic is being received on -- that would be the balancing feature of the multiple paths. I believe that during these times when ip route get is reporting the alternate interface, the kernel would also log inbound packets from that address as martians. Is this the case? To further confirm my supposition, while my gateway is dropping packets and logging them as martians, I can install a route specifically for that source pointing to the interface that they are being received on and the dropping/martian logging stops and the traffic is received. So to summarize it seems that when doing the rp_filter tests, the kernel only uses the "current default" route and not all available default routes when determining the reverse path. Is this true? Thanx, b. -- My other computer is your Microsoft Windows server. Brian J. Murrell
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
