Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I recently set up some tagged VLANs on a managed switch. I configured a server that has two NICs to have a unique address and gateway on each, thus connected to two VLANs simultaneously (see http://www.linuxquestions.org/questi...es-4175510522/ for more details). It appears to be working correctly, as the server can ping both of its gateways and I can SSH to both of the server's addresses from my workstation (which is on a different VLAN entirely: 192.168.10.0/24). However, now I've noticed that if I set up another server on the same VLAN as the dual-NIC server (192.168.101.0/24), neither one can reach the other via that network. They can reach each other via the alternate VLAN (192.168.102.0/24). As long as they're sending traffic via different networks, the packets go out through the gateway and arrive at their destination but when sending traffic on the same network, the packets mysteriously disappear.
Actually, they don't quite disappear. I monitored the first NIC with tcpdump while I tried to SSH to it from the other server on the same network and I do see the packets arriving. However, the SSH connection is never established and it times out. Here is some sample tcpdump output from the dual-NIC server:
What's up with that ARP request in the middle of the connection attempt? It looks like the servers are confused about the routing. Also, note that iptables and SELinux have both been temporarily disabled while I troubleshoot this problem, so it's not a firewall issue. I don't see anything related to the SSH attempt in the logs either. Do you think the switch or gateway is configured incorrectly? That was my first impression but, if that were the case, why would tcpdump see the packets?
After capturing some packets with a Cisco tech, I've observed some strange behavior with these servers. For example, if 192.168.101.3 tries to ping 192.168.101.4, the ICMP echo request is sent through the switch directly to 192.168.101.4 because it is on the same subnet. However, the ICMP echo reply is sent through the switch's uplink port to the Cisco firewall, which then drops the packet because it's a reply to a request that it never saw in the first place. So for some reason, the replies from 192.168.101.4 are being sent to the default gateway instead of directly to 192.168.101.3.
If I try to do the opposite and ping 192.168.101.3 from 192.168.101.4 it works as expected. The routing table on each server looks correct:
Code:
[root@virthost1 ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.101.0 * 255.255.255.0 U 0 0 0 eth0
192.168.102.0 * 255.255.255.0 U 0 0 0 eth1
192.168.122.0 * 255.255.255.0 U 0 0 0 virbr0
link-local * 255.255.0.0 U 1002 0 0 eth0
link-local * 255.255.0.0 U 1003 0 0 eth1
default 192.168.101.1 0.0.0.0 UG 0 0 0 eth0
Code:
[root@cloudstack ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.101.0 * 255.255.255.0 U 0 0 0 p4p1
link-local * 255.255.0.0 U 1002 0 0 p4p1
default 192.168.101.1 0.0.0.0 UG 0 0 0 p4p1
Why does 192.168.101.4 send traffic directly to 192.168.101.3 when it initiates it but send traffic to the default gateway when replying to a request?
[root@virthost1 ~]# ip route
192.168.101.0/24 dev eth0 proto kernel scope link src 192.168.101.4
192.168.102.0/24 dev eth1 proto kernel scope link src 192.168.102.4
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
169.254.0.0/16 dev eth0 scope link metric 1002
169.254.0.0/16 dev eth1 scope link metric 1003
default via 192.168.101.1 dev eth0
Code:
[root@virthost1 ~]# ip rule
0: from all lookup local
32762: from all to 192.168.102.4 lookup eth1table
32763: from 192.168.102.4 lookup eth1table
32764: from all to 192.168.101.4 lookup eth0table
32765: from 192.168.101.4 lookup eth0table
32766: from all lookup main
32767: from all lookup default
Code:
[root@virthost1 ~]# cat /etc/iproute2/rt_tables
#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep
11 eth1table
10 eth0table
I realized later that for this particular application, I did not need multiple gateways. In fact, multiple gateways are probably not a good idea in the majority of cases.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
