Re: understand the source address selection in case when reply is sent out via another interface

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Martin,

>I have a server with two networks interfaces: eth0(IPv4 address
>10.10.10.73) and eth1(IPv4 address 192.168.1.16). In addition, there
>is a following static route in this server "main" table:
>
># ip route show 172.16.0.0/24
>172.16.0.0/24 via 192.168.1.252 dev eth1   src 192.168.1.16
>#
>
>Now when I send an ICMP "echo request" message from 172.16.0.0/24
>network to IP address 10.10.10.73, then it is sent out via eth1
>interface because of this static route. According to "ip route get
>172.16.0.0" the source IP should be 192.168.1.16. However, when I
>tcpdump ICMP traffic on eth1 interface, then I can see that source IP
>is actually 10.10.10.73. Why is that so? When I read the
>http://linux-ip.net/html/routing-saddr-selection.html, then it says
>that "kernel will use the src hint from the chosen route path" which
>in this case is 192.168.1.16. Or is the first rule that if it is a
>reply package, then source IP is always the one which initial package
>was addressed to?

Let's assume no NAT nor packet filtering for a moment.

You have node A (in 172.16.0.0/24) from which you send echo request.
  A.eth0 = 172.16.0.15  # -- I made up this IP

You have node B (dual-homed server).
  B.eth0 = 10.10.10.73
  B.eth1 = 192.168.1.16

(
There's implicitly, node C, a router which has:
  C.intZ = 192.168.1.252
  C.intY = 172.16.0.x
but, it is not really important to answer your question.
)

Your question is actually very simple.

  Why does node B respond with IP 10.10.10.73 when I send a ping to 
  that address from 172.16.0.15?

Answer:

  Because you tried to ping 10.10.10.73, not 192.168.1.16.


The source address selection process is used when there is no 
already-chosen IP for the local end of the socket.  In the case of 
the ping packet you described, the local end of the socket is 
already defined and has an IP address.

What happens if you tcpdump on your dual-homed server on eth1 and 
you try to ping out to the node from which you sent the original 
echo request packet?

  tcpdump -nn -i eth1 icmp

  ping -nc 1 172.165.0.15

Do you see packets, sourced from 192.168.1.252?

-Martin

-- 
Martin A. Brown
http://linux-ip.net/
--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux