Jim Klimov writes: > To make it shorter than my usual popsts, I'll comment on one point: > > >> Moreover, these L3 IP addresses should be configured on the > >> (L1/L2 = physical/MAC) interfaces which are connected to the > >> same ethernet collision domain (VLAN in our case). > > > You can have as many L3 subnets configured on a single Ethernet > > subnetwork as you want ... but I'm not sure if that's what you're > > talking about. > > I'm talking about the wrongdoing seen currently - that the L2 interface > configured with one L3 subnet is used to send IP packets for
The "for" part is the problem. You're staring at the source address. It isn't the source address that makes a packet come out of any one particular interface. It's the destination address, and its match against the forwarding table. > another > interface's configured addresses - which is the root of my problems, > at the very least. And this scenario is different from just an L3 router > transmitting packets for IP addresses not configured on any of its > interfaces. I don't think I agree with that part. L3 routers face exactly the same issue when following exactly the same algorithm. That the packets to be transmitted might arrive from other interfaces rather than from local processes is of only minor consequence. (There are some special issues involved in forwarding, such as the generation of redirects when output == input, but they're really just the edge cases and not the main concern.) In any event, I think we're way off the path. It's recognized as a bug (so no more argument is really needed) and it's something that we know we want to work on. If you're an S10 user, then your best bet is to get Sun's support group involved, to raise the priority of work on this problem. You'll probably want to mention CRs 4173841 and 4777670. If you're an OpenSolaris user, then other than just waiting, you could examine the code, devise a fix, and contribute it. Or if you can't wait for a fix, you can use one of the known work-arounds, such as hackery with IP Filter. I doubt that extended discussion about the problem, though, will cause the fix to appear. -- James Carlson 42.703N 71.076W <[email protected]> _______________________________________________ networking-discuss mailing list [email protected]
