Hey folks,

I'm trying to get dynamic routing working on a small network I have. The structure at the moment looks like this


Machine 1:
199.234.1.10(connected to a network switch) 199.234.2.10(connected to machine 2)

Machine 2:
199.234.2.11(connected to machine 1)
199.234.3.10(connected to a network switch)


I'm using quagga w/ zebra/RIP

I have IP forwarding enabled on both machines.

From machine 1, I can ping 199.234.2.11 but I can't reach 3.10, and I'm kid of at a loss for why, is there anymore information I can provide, or any tips you folks could give me on this?

Thanks.

Routing is a complex issue, but I find it fascinating. What you need to understand is that routing is like street addresses, and without a GPS/map you won't find the home you are looking for.

I assume you know what subnets are, so I won't patronize.

If you have one NIC in your PC, and you have given it a manual IP of 199.234.2.10/255.255.255.0, this NIC will be able to connect to all other PC's who are on 199.234.2.XXX/255.255.255.0.

If you want to access an IP address in another range, you need to have a "route" to the next host, else you will get "network unreachable". Your PC will rely on what is called the "default route" to obtain instructions as to how to get to the next point.

Currently, you have the following: Machine 1(199.234.2.10) can find Machine 2(199.234.2.11) because they are on the same subnet (255.255.255.0). However, Machine 1(199.234.1.10) cannot find Machine 2(199.234.3.10) because they are not on the same subnet, and does not know where to look. (Same applies for Machine 1 on 199.234.2.10).

There are a number of options to resolve your question. You can add manual routes on all your devices, effectively telling your PC where to go to find the next point, or use NAT(Network Address Translation). You have to remember that your PC can ONLY find a IP address if it is on the SAME subnet and range(ie This is why 199.234.2.10 can find 199.234.2.11)

Therefore, you can tell Machine 1: "If you are looking for IP 199.234.3.10/255.255.255.0, you should ask 199.234.2.11/255.255.255.0". This is because 199.234.2.10 knows where to find the next point(199.234.2.11). What you have to understand, is that your network traffic will flow along the following route:

Machine 1: 199.234.2.10/255.255.255.0 => 199.234.2.11 => 199.234.3.10

So, you will thus have to add a route on Machine 1: route add 199.234.3.10/24 gw 199.234.2.11

Note: The "/24" is what is called CIDR notation. Google it if you need more info, basically /24 is the same as subnet 255.255.255.0

Now, you have directed Machine 1 (provided a map) of how to get to Machine 2 on it's secondary IP. However, your packets will now timeout, and you won't get any response from Machine 2.

The next VERY important thing you need to understand, is that each IP "packet" contains a sender and a recipient IP address. Now, 3.10 receives a packet, but it too has the same problem as Machine 1 had initially. It does not know where Machine 1 is! You therefore need to setup another route on Machine 2, so it can find Machine 1. Without explaining the whole process again, you need to add the route to Machine 2: route add 199.234.1.10/24 gw 199.234.2.10

What does the command mean? OK, it states (like a map) that: In order to get to "199.234.1.10/24", you have to travel via 199.234.2.10. Now Machine 2 understands 199.234.2.10 because it is one of it's own addresses(within a subnet range), and therefore knows exactly where to go.

You can then continue with the above on all your machines, adding a route for the sender and recipient so that they may find find each other. This will truly make you understand routing! It's hard work... However, there is another way to fix your problem. It is called NAT (Network Address Translation) and is a way to resolve routing problems. Now, with this technology, Machine 1 will replace the "sender" address (199.234.1.10) with a address familiar to Machine 2 (ie 199.234.2.10), and therefore Mahine 2 will not need another route added because it knows how to find Machine 1 on 199.234.2.x network!

You will need to use iptables, and this is well documented on the internet. Just google for source NAT.

There is a third option, and it is the easiest. It will basically do what is described above without you having to think that much ;-)
This would be closer to "dynamic" routing. With this option, Machine 1 will "masquerade" as 199.234.2.10 when it interfaces with Machine 2.

You will have to use iptables (linux firewall) for this task too. MASQUERADING is well documented, and you should not have to google much to find it. In short, you will need to add a new rule based on your device name (ie eth0), and turn on the iptables service.

Routing can get very complex. You need to read about "default gateway", which is the default route and packet will take if no explicit route (ie route add 199.234.3.10/24 gw 199.234.2.10) is defined. You will need to tell your network switches how to find the different subnets (199.234.2.x) too, and if you don't have a managed switch this will be problematic.

What you are doing above, is creating what is called "gateways". A gateway has access to two IP ranges, and can therefore transcend the IP subnet barriers. Machine 1 has 2 IPs (1.10 and 2.10) and can therefore transfer data from the subnet 199.234.2.10/24 to 199.234.1.10/24. You need a gateway to transfer data across two subnets, and you need to tell your devices where this gateway is!

We'd need to see subnets masks IP addresses without them are meaningless, and it would be easiest if you would post the configs for zebra and RIP (although I'm at a loss to understand why anyone is still using RIP! Please tell me its at least RIPv2!!!)

Thanks for your help folks, I figured out what the issue was.

net.ipv4.igmp_max_memberships

is default at 1 in Debian Squeeze, increasing the number fixed the issue. More of a networking issue than a routing issue.