[buug] gateway

Patrick Soltani psoltani at ultradns.com
Thu Oct 23 14:23:53 PDT 2003 

Ok,
you have linux box and linux DOES allow multiple interfaces each with a default gateway which is not System V and is really Linux centric.  BSD and Solaris do not allow this for a good reason.  The only other machine I have seen this is on, very logn long time ago, is irix.

Now if you have a single nic in the Linux box, then the behavior is "undefined" or at least short of looking at the source code is not clear.  My take is that it will "round robin" the default gateway.

Traceroute will cast some more light on this and will expose more issues ;-).

Regards,
Patrick Soltani.

P.S.  
"Logically Ended" meant to be "Logically ANDed", somehow my spell checker thinks it's smart than I :-(.


>-----Original Message-----
>From: johnd [mailto:john at jjdev.com]
>Sent: Thursday, October 23, 2003 1:30 PM
>To: Patrick Soltani
>Cc: buug at weak.org
>Subject: Re: [buug] gateway
>
>
>
>On Thu, Oct 23, 2003 at 01:20:28PM -0700, Patrick Soltani wrote:
>> Hi,
>> 
>> Please post the "netstat -rn" if you think you have 2 
>default gateway on a single host on a single network with 
>single subnet mask.
>> Very likely you have a static route, again "netstat -rn" 
>will tell you exactly how the machine is working ;-).
>
>root at ldev:/home/john# netstat -rn
>Kernel IP routing table
>Destination     Gateway         Genmask         Flags   MSS 
>Window  irtt Iface
>192.168.164.0   0.0.0.0         255.255.254.0   U         0 0  
>        0 eth0
>127.0.0.0       0.0.0.0         255.0.0.0       U         0 0  
>        0 lo
>0.0.0.0         192.168.164.63  0.0.0.0         UG        0 0  
>        0 eth0
>0.0.0.0         192.168.164.251 0.0.0.0         UG        0 0  
>        0 eth0
>0.0.0.0         192.168.164.251 0.0.0.0         UG        0 0  
>        0 eth0
>root at ldev:/home/john# 
>
>> 
>> TCP/IP 101 and the way gateway sees it:
>> the packet's destination address is "logically Ended" with 
>the subnetmak to determine if the packet belongs to the local 
>net so it won't touch it, or it doesn't belong to the local 
>net and forwards it to its next hop/router that it thinks will 
>have a route.
>> 
>> Making the machine "forwarder" means that it now will pass 
>the packet received on one interface to the other interface 
>which in effect makes it a simplified form of router. 
>> 
>> Again to clarify what "works" for you and what is not 
>possible by TCP/IP specs, just post the netstat -rn output and 
>a "traceroute" to a machine outside of your network.  We can 
>tell you exactly how the machine is routing or not and what 
>would be the problems with the setup if any ;-).
>> 
>> Regards,
>> Patrick Soltani.
>> 
>> >-----Original Message-----
>> >From: johnd [mailto:john at jjdev.com]
>> >Sent: Wednesday, October 22, 2003 4:20 PM
>> >To: buug at weak.org
>> >Subject: Re: [buug] gateway
>> >
>> >
>> >the purpose is:
>> >
>> >there is a box in the far back end behind two firewalls...
>> >
>> >it has a default gate way for access to places it needs to go 
>> >to right now.
>> >
>> >I have a box in the DMZ that will act as a gate way for the 
>> >back end box to go
>> >to a few outside places...
>> >
>> >I just have the middle DMZ box with ip_forwarding on and to the back
>> >end box I added a second default gate way so it can go to the 
>> >outside web
>> >through the middle box.
>> >
>> >Seems like it makes sense works good...just wanted some input 
>> >to see how
>> >people 'normally' do this kind of thing.
>> >
>> >
>> >
>> >
>> >On Wed, Oct 22, 2003 at 03:59:32PM -0700, Tony Godshall wrote:
>> >> According to johnd,
>> >> > Is it ok to define two default gateways?
>> >> > 
>> >> > to me be name 'default gateway' implies one, but I have 
>a box that
>> >> > has a route to a other lan and needs a route to the internet
>> >> > 
>> >> > so I just added another default gateway and everything 
>works great
>> >> > 
>> >> > just want to make sure this is not a problem
>> >> 
>> >> If you have two interfaces out of your box, you might 
>> >> want to set up a sharing (higher bandwidth) or failover 
>> >> setup.
>> >> 
>> >> For linux, check Documentation/networking/bonding.txt and
>> >> the ifenslave config tool.  According to packages.debian.org, 
>> >> ifenslave is a tool to ...
>> >> 
>> >> : Attach and detach slave interfaces to a bonding device.
>> >> : 
>> >> : This is a tool to attach and detach slave network interfaces
>> >> : to a bonding device. A bonding device will act like a normal
>> >> : Ethernet network device to the kernel, but will send out the
>> >> : packets via the slave devices using a simple round-robin
>> >> : scheduler. This allows for simple load-balancing, identical
>> >> : to "channel bonding" or "trunking" techniques used in
>> >> : switches. 
>> >
>> >-- 
>> >Those who do not understand Unix are condemned to reinvent 
>it, poorly.
>> >--Henry Spencer (Usenet signature, November 1987)
>> >
>> >_______________________________________________
>> >Buug mailing list
>> >Buug at weak.org
>> >http://www.weak.org/mailman/listinfo/buug
>> >
>
>-- 
>Those who do not understand Unix are condemned to reinvent it, poorly.
>--Henry Spencer (Usenet signature, November 1987)
>
>

More information about the buug mailing list