Multiple VLANs in the same subnet on different Routing Domains

Thu, 22 Jul 2010 11:20:02 -0700 

I've had no luck Googling this issue so thought I'd ask the experts.

Ok we have 4 firewalls providing internet connectivity whose internal 
interfaces 
are on a single shared subnet, although the IPs are different. Outbound traffic 
from the various hosts on this subnet are distributed across the firewalls by 
setting the firewall internal IP's as the various different GW addresses. i.e. 
Hosts A/B/C/D use FW1 as their GW, hosts E/F/G/H use FW2 as their gateway etc.

Ok so my problem is this. We have a single monitoring host that needs to send 
outbound traffic (ICMP) via the 4 different Firewalls to the _SAME_ remote 
address. e.g. Send ICMP to www.apple.com via FW1 then send ICMP via FW2 to 
www.apple.com, FW3 etc.

The idea is to check the Firewalls and their upstream connectivity not the end 
host per se.

To achieve this I've tried the following:

Create 4 VLAN interfaces all on the same VLAN as the shared subnet using 
alternate IP's but on different routing domains.

i.e. Vlan no. 10 :

hostname.vlan101 - inet 10.11.12.1 255.255.255.0 NONE vlan 10 vlandev bge0 
rdomain 1
hostname.vlan102 - inet 10.11.12.2 255.255.255.0 NONE vlan 10 vlandev bge0 
rdomain 2
hostname.vlan103 - inet 10.11.12.3 255.255.255.0 NONE vlan 10 vlandev bge0 
rdomain 3
hostname.vlan104 - inet 10.11.12.4 255.255.255.0 NONE vlan 10 vlandev bge0 
rdomain 4

I then add default gateways to each routing domain i.e.

route -T 1 default 10.11.12.50
route -T 2 default 10.11.12.51
route -T 3 default 10.11.12.52
route -T 4 default 10.11.12.53

To achieve the monitor we then do the following and capture the output:

ping -V 1 www.apple.com
ping -V 2 www.apple.com
ping -V 3 www.apple.com
ping -V 4 www.apple.com

If I create the 1st VLAN/rdomain everything works perfectly however as soon as 
I 
add the 2nd vlan interface traffic on both vlans stops. Destroying the 2nd vlan 
instance restores traffic.

The host is running OpenBSD i386 Generic 4.7 (release). Sorry no DMESG as yet 
but I can get this and anything else if need be tomorrow.

Is what I'm trying to do possible? Any help is much appreciated.
______________________________________

Reply via email to