RE: SNMP mangling anybody?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Rob,

bond0.1 IP=10.36.22.77/24, bond0.2 IP=192.168.168.84/24.  See diagram and ip configs below.

I am prone to advanced errors, yes :) And I am puzzled by the rp_filter RFC3704 behavior.

I want all locally-generated traffic *except locally-generated SNMP* to route via the default route in table "main", egress bond0.1; I want *locally-generated SNMP* to route via the default route in table 7, egress bond0.2.

Perhaps I have ignorantly misconfigured something to bias rp_filter?  It seems that rp_filter does not treat the two different default routes in two different tables as equals.

The below renders best in a fixed font BTW.


----------8<-------------------

hostA-C and nat1 are all contained within a single chassis; RTR is not within the chassis.

   +-------------- INTERNAL network, VLAN 2, 192.168.0.0/24, bond0.2 on all hosts.  This VLAN is internal to the chassis and is not routable outside the chassis.
   |
   |
   |             +----- EXTERNAL network, VLAN 1, 10.0.0.0/8 network, bond0.1 on all hosts.  This VLAN has external 
   |             |
   |             |
   |             |
   V             V

   ~             ~
   |  +-------+  |
   |  |       |  |
   +--| hostA |--+
   |  |       |  |
   |  +-------+  |
   |             |
   |  +-------+  |
   |  |       |  |
   +--| hostB |--+   Notes: 
   |  |       |  |      
   |  +-------+  |      hostA-C are not forwarding/routing.
   |             |      other network interfaces omitted for clarity (SAN, DR, etc.).
   |  +-------+  |      
   |  |       |  |
   +--| hostC |--+
   |  |       |  |
   |  +-------+  |
   |             |             ~
   |      .      |   +------+  |  (((((((((((((()))))))))))))) 
   |      .      |   |      |  |  (                          )
   |      .      +---| RTR  |--+--( the rest of the network  )
   |             |   |      |  |  (                          )
   |  +-------+  |   +------+  |  (((((((((((((())))))))))))))
   |  |       |  |             ~
   +--| nat1  |--+
   |  |       |  |
   |  +-------+  |
   ~             ~



$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:1b:21:6a:fd:fd brd ff:ff:ff:ff:ff:ff
3: eth5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:1b:21:6a:fd:fc brd ff:ff:ff:ff:ff:ff
4: eth6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:1b:21:6a:fd:ff brd ff:ff:ff:ff:ff:ff
5: eth7: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:1b:21:6a:fd:fe brd ff:ff:ff:ff:ff:ff
6: eth8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:1b:21:d7:2c:51 brd ff:ff:ff:ff:ff:ff
    inet 192.168.93.24/23 brd 192.168.93.255 scope global eth8
    inet6 fe80::21b:21ff:fed7:2c51/64 scope link
       valid_lft forever preferred_lft forever
7: eth9: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:1b:21:d7:2c:50 brd ff:ff:ff:ff:ff:ff
8: eth10: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:1b:21:d7:2c:53 brd ff:ff:ff:ff:ff:ff
9: eth11: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:1b:21:d7:2c:52 brd ff:ff:ff:ff:ff:ff
10: eth0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP qlen 1000
    link/ether 00:1b:21:d8:7b:fc brd ff:ff:ff:ff:ff:ff
11: eth1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP qlen 1000
    link/ether 00:1b:21:d8:7b:fc brd ff:ff:ff:ff:ff:ff
12: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:21:28:de:49:f2 brd ff:ff:ff:ff:ff:ff
13: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:21:28:de:49:f3 brd ff:ff:ff:ff:ff:ff
14: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether 00:1b:21:d8:7b:fc brd ff:ff:ff:ff:ff:ff
    inet6 fe80::21b:21ff:fed8:7bfc/64 scope link
       valid_lft forever preferred_lft forever
15: bond0.1@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether 00:1b:21:d8:7b:fc brd ff:ff:ff:ff:ff:ff
    inet 10.36.22.77/24 brd 10.36.22.255 scope global bond0.1
    inet6 fe80::21b:21ff:fed8:7bfc/64 scope link
       valid_lft forever preferred_lft forever
16: bond0.2@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether 00:1b:21:d8:7b:fc brd ff:ff:ff:ff:ff:ff
    inet 192.168.168.84/24 brd 192.168.168.255 scope global bond0.2
    inet6 fe80::21b:21ff:fed8:7bfc/64 scope link
       valid_lft forever preferred_lft forever
$ ip route show
192.168.168.0/24 dev bond0.2  proto kernel  scope link  src 192.168.168.84
10.36.22.0/24 dev bond0.1  proto kernel  scope link  src 10.36.22.77
192.168.92.0/23 dev eth8  proto kernel  scope link  src 192.168.93.24
169.254.0.0/16 dev eth8  scope link  metric 1006
169.254.0.0/16 dev bond0  scope link  metric 1014
169.254.0.0/16 dev bond0.1  scope link  metric 1015
169.254.0.0/16 dev bond0.2  scope link  metric 1016
default via 10.36.22.1 dev bond0.1
$ ip route show table 7
default via 192.168.168.93 dev bond0.2  src 192.168.168.84
$

��.n��������+%������w��{.n����z��׫�)��jg��������ݢj����G�������j:+v���w�m������w�������h�����٥
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux