Re: Multipath Static Route

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

jose nuno neto writes:


jose nuno neto writes:


Im using RedHat 2.6.18-164.2.1.el5 without any patch

The way Im using to test failed gateway is with iptables blocking the
traffic, probably not the best simulation.
What I want to test is a switch/router fail that wont forward my
connection properly.


In that case iptables is a proper simulation IMHO, but I'm not sure the
kernel can switch routes the way you expect.


It seems I have an error in my routing, it seems the packtes go out on the
right path but with the wrong src address, and after they come back from
the other path.
Are you using source nat? If you're using ping to reach your target host, the connection tracking will give it a new source address only when you start the command anew. (All packets except for the first are ESTABLISHED and their source address won't change even if routing changes). 


What would be the way to force the src to change on each path? I dont find
a option for that with nexthop
I *think* the kernel should get the right source address from the route to the network those routers are in. 


These are my settings right now

172.26.240.4
        nexthop via 172.26.247.248  dev bond1 weight 1
        nexthop via 172.26.31.248  dev bond0 weight 1

172.26.240.0/21 dev bond1  proto kernel  scope link  src 172.26.244.216
172.26.16.0/20 dev bond0  proto kernel  scope link  src 172.26.18.33
default via 172.26.31.248 dev bond0  src 172.26.18.33


What routes does the kernel think it has for your routers?
ip ro get 172.26.247.248
ip ro get 172.26.31.248
Personally I get the right source address, but I also use routing realms together with iptables source nat, so our situations might not be comparable.
default proto static nexthop via 1.2.3.4 realm 2 dev eth2 weight 1 
       nexthop via 5.6.7.8  realm 1 dev eth1 weight 1
iptables -t nat -I POSTROUTING -o eth2 -m realm --realm 2 ! -s 1.2.3.1 -j SNAT --to-source 1.2.3.1 iptables -t nat -I POSTROUTING -o eth1 -m realm --realm 1 ! -s 5.6.7.1 -j SNAT --to-source 5.6.7.1 

Regards,

roel

--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux