iproute2 does not select 1st default route in table?

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am having the damnedest time with a dual-IP CentOS5-based appliance
which seems to defy its iproute2 configuration, and I'm here hoping
someone smarter than me (admittedly not a high bar) might be so kind as
to tell me what I'm missing:
        # ip route show table main
        10.1.1.1 dev tun0  proto kernel  scope link  src 10.1.1.7 
        10.250.32.1 via 10.1.1.1 dev tun0 
        10.250.10.0/24 via 10.1.1.1 dev tun0 
        192.168.25.0/24 dev eth0  proto kernel  scope link  src 192.168.25.124 
        192.168.25.0/24 dev eth1  proto kernel  scope link  src 192.168.25.100 
        default via 192.168.25.1 dev eth1 
        default via 192.168.25.1 dev eth0 
        # ip route get 8.8.8.8 
        8.8.8.8 via 192.168.25.1 dev eth0  src 192.168.25.124 
            cache  mtu 1500 advmss 1460 hoplimit 64

I have been playing with this box for several days, and no matter what I
do (including reboots) it wants to route almost everything out eth0
instead of eth1, despite the ordering of default routes shown above
which should see eth1 taking precedence. No iptables
PREROUTING/nat/mangle/raw stuff, this is all straight iproute2.

I determined that the 'main' table was the one at issue by inserting and
removing an overriding rule at various priorities to see when 'ip get'
would change behavior:
        # ip rule show | tail
        32758:	from all to 192.168.72.0/24 lookup defroutes 
        32759:	from 192.168.72.0/24 lookup defroutes 
        32760:	from 192.168.72.0/24 lookup mgtroutes 
        32766:	from all lookup main 
        32767:	from all lookup default 
        # ip route add table custom to 8.8.8.0/24 via 192.168.72.1 dev eth1 src 192.168.72.100
        # for i in $(seq 32767 -1 32764); do ip rule add prio $i to 8.8.8.0/24 lookup custom; ip route flush cache; sleep 2; echo -en "$i:\t"; ip route get 8.8.8.8| head -1; ip rule del prio $i to 8.8.8.0/24 lookup custom; ip route flush cache; sleep 2; done 
        32767:	8.8.8.8 via 192.168.72.1 dev eth0  src 192.168.72.124 
        32766:	8.8.8.8 via 192.168.72.1 dev eth0  src 192.168.72.124 
        32765:	8.8.8.8 via 192.168.72.1 dev eth1  src 192.168.72.100 
        32764:	8.8.8.8 via 192.168.72.1 dev eth1  src 192.168.72.100 
        
Both interfaces are up, and are *able* to reach 8.8.8.8 via the upstream
gw:
        # ping -c 1 -I eth0 8.8.8.8 
        PING 8.8.8.8 (8.8.8.8) from 192.168.72.124 eth0: 56(84) bytes of data.
        64 bytes from 8.8.8.8: icmp_seq=1 ttl=47 time=14.9 ms
        
        --- 8.8.8.8 ping statistics ---
        1 packets transmitted, 1 received, 0% packet loss, time 0ms
        rtt min/avg/max/mdev = 14.990/14.990/14.990/0.000 ms
        # ping -c 1 -I eth1 8.8.8.8 
        PING 8.8.8.8 (8.8.8.8) from 192.168.72.100 eth1: 56(84) bytes of data.
        64 bytes from 8.8.8.8: icmp_seq=1 ttl=47 time=14.9 ms
        
        --- 8.8.8.8 ping statistics ---
        1 packets transmitted, 1 received, 0% packet loss, time 0ms
        rtt min/avg/max/mdev = 14.999/14.999/14.999/0.000 ms
        
Can anyone help my figure out why this box (alone out of many, many
appliances with similar configurations at various customer sites) is
determined to reach out through eth0?

The full RPDB ruleset:
        # ip rule show 
        0:	from all lookup 255 
        10:	from all lookup bootstrap 
        32736:	from all to 128.119.40.1 lookup mgtroutes 
        32737:	from all to 192.168.126.228 lookup mgtroutes 
        32738:	from all to 192.168.76.232 lookup mgtroutes 
        32739:	from all to 192.168.90.112 lookup mgtroutes 
        32740:	from all to 192.168.61.112 lookup mgtroutes 
        32741:	from all to 192.168.76.232 lookup mgtroutes 
        32742:	from all to 192.168.61.112 lookup mgtroutes 
        32743:	from all to 192.168.34.35 lookup mgtroutes 
        32744:	from all to 192.168.61.112 lookup defroutes 
        32745:	from all to 192.168.134.47 lookup mgtroutes 
        32746:	from all to 192.168.127.68 lookup mgtroutes 
        32747:	from all to 192.168.66.6 lookup mgtroutes 
        32748:	from all to 192.168.126.228 lookup mgtroutes 
        32749:	from all to 192.168.127.68 lookup mgtroutes 
        32750:	from all to 192.168.134.41 lookup mgtroutes 
        32751:	from all to 192.168.134.41 lookup mgtroutes 
        32752:	from all to 192.168.76.232 lookup mgtroutes 
        32753:	from all to 107.23.15.175 lookup mgtroutes 
        32754:	from all to 216.87.69.94 lookup mgtroutes 
        32755:	from 192.168.72.124 lookup mgtroutes 
        32756:	from 192.168.72.100 lookup defroutes 
        32757:	from 192.168.72.0/24 to 192.168.72.0/24 lookup mgtroutes 
        32758:	from all to 192.168.72.0/24 lookup defroutes 
        32759:	from 192.168.72.0/24 lookup defroutes 
        32760:	from 192.168.72.0/24 lookup mgtroutes 
        32766:	from all lookup main 
        32767:	from all lookup default 
        


	Thank you for any clue you can spare,
		Ole
-- 
Ole Craig <olc@xxxxxxxxxxxxxxxxxxx>

--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux