RE: [CentOS] Re: Network routes
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Silva Sent: Wednesday, January 30, 2008 12:30 To: centos@centos.org Subject: [CentOS] Re: Network routes on 1/29/2008 5:24 PM Jason Pyeron spake the following: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Les Mikesell Sent: Tuesday, January 29, 2008 18:25 To: CentOS mailing list Subject: Re: [CentOS] Network routes You probably want to remove the default route through NE.TW.KB.1 and add routes for the specific networks that you can reach though it. Normally routing is done toward a destination network/address without regard to the route of a packet you might be replying to. As for an 'outage', how do you define/detect the outage? Normally if you want routes to be determined dynamically you would set up a routing protocol with the next-hop routers - or for simple failover the alternative gateway routers might be configured via hsrp or vrrp to have a floating IP address that the rest of the LAN uses as the default gateway address. Droping the failover requirements, pings still do not respond off the local subnet. [EMAIL PROTECTED] ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface NET.WOR.KA.00.0.0.0 255.255.255.0 U 0 00 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 NE.TW.RKB.0 0.0.0.0 255.255.255.0 U 0 00 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 00 eth1 0.0.0.0 NET.WOR.KA.10.0.0.0 UG0 00 eth1 But none of the destinations have a gateway address. So all of the traffic is trying to go from every interface to the default gateway. Do both interfaces go out the same router? As an example in my system, I have a local interface and a wan interface. Only the wan interface needs to use the default route, as it is the only interface that talks to the outside world. But my internal interface has routes to other private networks through IPSec tunnels on other routers. So the internal interface has multiple routes and each has a gateway address of the router that handles that route. Are your network-a and network-b addresses actually public addresses or rfc-1918 private addresses? Public. BTW thank you all for the help so far. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Sr. Consultant10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Network routes
Sorry for the top post. The default route is the route applied when no other route matches the destination IP. From that how would you figure out which default route to pick, only if the routes were weighted could you pick between two. If you had two routes with equal weight and the traffic went round robin between them then the originating host will discard half the returning traffic because it's not coming from the same ip it sent it to. No your best bet is probably to do reverse NAT'ing as it is simple to setup and you don't have to worry about default routes and weight. Traffic initiates on 1 gateway and sticks with it for the duration of the session. You can use BGP on the gateways outside interface to load balance or fail-over the default gateway or use round-robin DNS, MX records for mail, etc. -Ross - Original Message - From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: centos@centos.org centos@centos.org Sent: Tue Jan 29 18:03:13 2008 Subject: [CentOS] Re: Network routes on 1/29/2008 2:53 PM Jason Pyeron spake the following: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ross S. W. Walker Sent: Tuesday, January 29, 2008 17:38 To: CentOS mailing list Subject: RE: [CentOS] Network routes Jason Pyeron wrote: I am unable to ping NE.TW.RKB.IP1 from an outside network. Other machines which do not have access or routes for NET.WOR.KA.0 respond just fine. How do I get it to respond on both NET.WOR.KA.0 and NE.TW.RKB.0 given all default traffic should go through NET.WOR.KA.1 unless it is in reply to traffic from NE.TW.RKB.1 or there is an outage. [EMAIL PROTECTED] ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface NET.WOR.KA.00.0.0.0 255.255.255.0 U 0 00 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 NE.TW.RKB.0 0.0.0.0 255.255.255.0 U 0 00 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 00 eth1 0.0.0.0 NET.WOR.KA.10.0.0.0 UG0 00 eth1 0.0.0.0 NE.TW.RKB.1 0.0.0.0 UG20 00 eth0 [EMAIL PROTECTED] ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:NE.TW.RKB.IP1 Bcast:NE.TW.RKB.255 Mask:255.255.255.0 eth0:pn Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0 eth1 Link encap:Ethernet HWaddr 00:01:03:E9:42:D0 inet addr:NET.WOR.KA.IP2 Bcast:NET.WOR.KA.255 Mask:255.255.255.0 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 You can have only 1 default route. You can use RIP or some other routing protocol to advertise defualt routes to the host from the gateways based upon route availability or weight, or you can deploy reverse NAT'ing on the gateways so external IPs will be masqueraded as the internal IP of the gateway and thus be routed to the appropriate gateway based on which IP they arrived on. -Ross But I have 2 physical network cards, on 2 different networks. Should they not both have default routes? You would think so, but it will confuse the system so bad that traffic won't know where to go. The default route is the route that packets need to take to leave your network to enter the outside world. Every thing under your control should have static routes of some kind, or a routing daemon. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: Network routes
_ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ross S. W. Walker Sent: Tuesday, January 29, 2008 18:22 To: centos@centos.org Subject: Re: [CentOS] Re: Network routes Sorry for the top post. The default route is the route applied when no other route matches the destination IP. From that how would you figure out which default route to pick, only if the routes were weighted could you pick between two. If you had two routes with equal weight and the traffic went round robin between them then the originating host will discard half the returning traffic because it's not coming from the same ip it sent it to. No your best bet is probably to do reverse NAT'ing as it is simple to setup and you don't have to worry about default routes and weight. Traffic initiates on 1 gateway and sticks with it for the duration of the session. You can use BGP on the gateways outside interface to load balance or fail-over the default gateway or use round-robin DNS, MX records for mail, etc. -Ross Okay, they were weighted primay at 0 and it worked. Secondary at 20, it would never be chosen as a default. But how does a reply get out to the net on the same route it came in on? - Original Message - From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: centos@centos.org centos@centos.org Sent: Tue Jan 29 18:03:13 2008 Subject: [CentOS] Re: Network routes on 1/29/2008 2:53 PM Jason Pyeron spake the following: -Original Message- From: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] On Behalf Of Ross S. W. Walker Sent: Tuesday, January 29, 2008 17:38 To: CentOS mailing list Subject: RE: [CentOS] Network routes Jason Pyeron wrote: I am unable to ping NE.TW.RKB.IP1 from an outside network. Other machines which do not have access or routes for NET.WOR.KA.0 respond just fine. How do I get it to respond on both NET.WOR.KA.0 and NE.TW.RKB.0 given all default traffic should go through NET.WOR.KA.1 unless it is in reply to traffic from NE.TW.RKB.1 or there is an outage. [EMAIL PROTECTED] ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface NET.WOR.KA.00.0.0.0 255.255.255.0 U 0 00 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 NE.TW.RKB.0 0.0.0.0 255.255.255.0 U 0 00 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 00 eth1 0.0.0.0 NET.WOR.KA.10.0.0.0 UG0 00 eth1 0.0.0.0 NE.TW.RKB.1 0.0.0.0 UG20 00 eth0 [EMAIL PROTECTED] ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:NE.TW.RKB.IP1 Bcast:NE.TW.RKB.255 Mask:255.255.255.0 eth0:pn Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0 eth1 Link encap:Ethernet HWaddr 00:01:03:E9:42:D0 inet addr:NET.WOR.KA.IP2 Bcast:NET.WOR.KA.255 Mask:255.255.255.0 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 You can have only 1 default route. You can use RIP or some other routing protocol to advertise defualt routes to the host from the gateways based upon route availability or weight, or you can deploy reverse NAT'ing on the gateways so external IPs will be masqueraded as the internal IP of the gateway and thus be routed to the appropriate gateway based on which IP they arrived on. -Ross But I have 2 physical network cards, on 2 different networks. Should they not both have default routes? You would think so, but it will confuse the system so bad that traffic won't know where to go. The default route is the route that packets need to take to leave your network to enter the outside world. Every thing under your control should have static routes of some kind, or a routing daemon. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us/ http://www.pdinc.us - - Sr. Consultant10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: Network routes
Jason Pyeron wrote: Ross S. W. Walker wrote: Sorry for the top post. The default route is the route applied when no other route matches the destination IP. From that how would you figure out which default route to pick, only if the routes were weighted could you pick between two. If you had two routes with equal weight and the traffic went round robin between them then the originating host will discard half the returning traffic because it's not coming from the same ip it sent it to. No your best bet is probably to do reverse NAT'ing as it is simple to setup and you don't have to worry about default routes and weight. Traffic initiates on 1 gateway and sticks with it for the duration of the session. You can use BGP on the gateways outside interface to load balance or fail-over the default gateway or use round-robin DNS, MX records for mail, etc. -Ross Okay, they were weighted primay at 0 and it worked. Secondary at 20, it would never be chosen as a default. But how does a reply get out to the net on the same route it came in on? snip Ah, but it doesn't if you don't masquerade the IP as coming from the originating gateway or you make sure you have only 1 gateway functioning at a time with some routing protocol telling your internal hosts which route is active. For multiple gateways active at once you will need to masquerade so the traffic can use the internal network routing tables to assure traffic goes back out the way it came in. -Ross __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
