> jose nuno neto writes:
>
>>> jose nuno neto writes:
>>>
>>>> Im using RedHat 2.6.18-164.2.1.el5 without any patch
>>>>
>>>> The way Im using to test failed gateway is with iptables blocking the
>>>> traffic, probably not the best simulation.
>>>> What I want to test is a switch/router fail that wont forward my
>>>> connection properly.
>>>
>>> In that case iptables is a proper simulation IMHO, but I'm not sure the
>>> kernel can switch routes the way you expect.
>>
>> It seems I have an error in my routing, it seems the packtes go out on
>> the
>> right path but with the wrong src address, and after they come back from
>> the other path.
>
> Are you using source nat? If you're using ping to reach your target host,
> the connection tracking will give it a new source address only when you
> start the command anew. (All packets except for the first are ESTABLISHED
> and their source address won't change even if routing changes).
>
>> What would be the way to force the src to change on each path? I dont
>> find
>> a option for that with nexthop
>
> I *think* the kernel should get the right source address from the route to
> the network those routers are in.
>
>> These are my settings right now
>>
>> 172.26.240.4
>> nexthop via 172.26.247.248 dev bond1 weight 1
>> nexthop via 172.26.31.248 dev bond0 weight 1
>>
>> 172.26.240.0/21 dev bond1 proto kernel scope link src 172.26.244.216
>> 172.26.16.0/20 dev bond0 proto kernel scope link src 172.26.18.33
>> default via 172.26.31.248 dev bond0 src 172.26.18.33
>
> What routes does the kernel think it has for your routers?
> ip ro get 172.26.247.248
> ip ro get 172.26.31.248
I did some testing and the src gets correct, the issue that in one of the
paths ( bond1 ) the packect go out from the bond0 interface. saw that on
tcpdump
If I use the bond0 as prefered path packets go out ok
ip route change 172.26.240.4 nexthop via 172.26.31.248 dev bond0 weight 5
nexthop via 172.26.247.248 dev bond1 weight 1
But this one, I get packet going out from bond0 and coming in on bond1
ip route change 172.26.240.4 nexthop via 172.26.31.248 dev bond0 weight 5
nexthop via 172.26.247.248 dev bond1 weight 10
ip ro get 172.26.240.4
172.26.240.4 via 172.26.247.248 dev bond1 src 172.26.244.216
cache mtu 1500 advmss 1460 hoplimit 64
ip ro get 172.26.247.248
172.26.247.248 dev bond1 src 172.26.244.216
cache mtu 1500 advmss 1460 hoplimit 64
ip ro get 172.26.31.248
172.26.31.248 dev bond0 src 172.26.18.33
cache mtu 1500 advmss 1460 hoplimit 64
any other nice hints?
>
> Personally I get the right source address, but I also use routing realms
> together with iptables source nat, so our situations might not be
> comparable.
>
> default proto static
> nexthop via 1.2.3.4 realm 2 dev eth2 weight 1
> nexthop via 5.6.7.8 realm 1 dev eth1 weight 1
>
> iptables -t nat -I POSTROUTING -o eth2 -m realm --realm 2 ! -s 1.2.3.1
> -j SNAT --to-source 1.2.3.1
> iptables -t nat -I POSTROUTING -o eth1 -m realm --realm 1 ! -s 5.6.7.1
> -j SNAT --to-source 5.6.7.1
>
> Regards,
>
> roel
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
