Defining the interfaces to be used for routing
in [Linux Networking]
|
Prev: Need help in understanding the mapping of user-space send, sendto, sendmsg to kernel-space sendmsg
Next: Maximum bandwidth usage
From: Barak Hermesh on 15 Jun 2010 07:53 All, I am involved in the development of a home router which has three network interfaces (net-devices): lan0 - Ethernet facing the LAN side wan0 - WAN data connection wan1 - WAN management connection: this is used only for accessing the device itself (web pages etc..) wan0 and wan1 should be looked at as two different physical interfaces. Both get their IP addresses from DHCP clients and both get different default gateways. NAT is established between lan0 and wan0. The problem is that the Linux router sometimes routes traffic from lan0 using the wan1 default gateway's rule. Is there a way to restrict the router to perform forwarding only for a subset of the interfaces and use others only for device access? Thanks, Barak.
From: Pascal Hambourg on 15 Jun 2010 09:28 Hello, Barak Hermesh a �crit : > > I am involved in the development of a home router which has three > network interfaces (net-devices): > lan0 - Ethernet facing the LAN side > wan0 - WAN data connection > wan1 - WAN management connection: this is used only for accessing the > device itself (web pages etc..) > > wan0 and wan1 should be looked at as two different physical > interfaces. Why "should be looked at as" ? Aren't they ? > Both get their IP addresses from DHCP clients and both get different > default gateways. This is asking for trouble. A node should have only one default route at most. > NAT is established between lan0 and wan0. > The problem is that the Linux router sometimes routes traffic from > lan0 using the wan1 default gateway's rule. As stated above, expect trouble (i.e. unpredictable behaviour) when there are multiple routes to the same destination. > Is there a way to restrict the router to perform forwarding only for a > subset of the interfaces and use others only for device access? It's not a forwarding issue, it's a routing issue with conflicting routes and which one takes over.
From: Barak Hermesh on 15 Jun 2010 10:11 On Jun 15, 4:28 pm, Pascal Hambourg <boite-a-s...(a)plouf.fr.eu.org> wrote: > Hello, > > Barak Hermesh a écrit : > > > > > I am involved in the development of a home router which has three > > network interfaces (net-devices): > > lan0 - Ethernet facing the LAN side > > wan0 - WAN data connection > > wan1 - WAN management connection: this is used only for accessing the > > device itself (web pages etc..) > > > wan0 and wan1 should be looked at as two different physical > > interfaces. > > Why "should be looked at as" ? Aren't they ? They are logical links sharing the same physical medium but for all practical purposes they can be looked at as two different interfaces. > > > Both get their IP addresses from DHCP clients and both get different > > default gateways. > > This is asking for trouble. A node should have only one default route at > most. We have no option. This is per product specification. > > > NAT is established between lan0 and wan0. > > The problem is that the Linux router sometimes routes traffic from > > lan0 using the wan1 default gateway's rule. > > As stated above, expect trouble (i.e. unpredictable behaviour) when > there are multiple routes to the same destination. This is why I am asking for help. There are no multiple routes for the same destination in the sense that I can define a logic of which route to use based on the source network device. Unfortunately I do not know ho to do this with Linux. If Linux would have supported multiple logical routing tables, each serving a subset of the interfaces, the problem would be solved. > > > Is there a way to restrict the router to perform forwarding only for a > > subset of the interfaces and use others only for device access? > > It's not a forwarding issue, it's a routing issue with conflicting > routes and which one takes over.
From: Pascal Hambourg on 15 Jun 2010 11:07 Barak Hermesh a �crit : > On Jun 15, 4:28 pm, Pascal Hambourg <boite-a-s...(a)plouf.fr.eu.org> > wrote: >> >> Barak Hermesh a �crit : >> >>> wan0 and wan1 should be looked at as two different physical >>> interfaces. >> >> Why "should be looked at as" ? Aren't they ? > > They are logical links sharing the same physical medium but for all > practical purposes they can be looked at as two different interfaces. Do you mean VLANs on the same trunk (or any kind of tunnel or VPN) ? Then they are not "physical" interfaces but different interfaces connected to different logical links FWIW. I just wanted to make sure they were not IP aliases on the same interface, or worse, different interfaces connected to the same logical link (which is also asking for trouble). >>> Both get their IP addresses from DHCP clients and both get different >>> default gateways. >> >> This is asking for trouble. A node should have only one default route at >> most. > > We have no option. This is per product specification. May I ask which product ? >>> The problem is that the Linux router sometimes routes traffic from >>> lan0 using the wan1 default gateway's rule. >> >> As stated above, expect trouble (i.e. unpredictable behaviour) when >> there are multiple routes to the same destination. > > This is why I am asking for help. > There are no multiple routes for the same destination in the sense > that I can define a logic of which route to use based on the source > network device. Unfortunately I do not know ho to do this with Linux. Looks like you need advanced routing. But DHCP clients may not deal well with it. > If Linux would have supported multiple logical routing tables, each > serving a subset of the interfaces, the problem would be solved. Linux supports multiple routing tables with routing policy based on inbound interface, source address, netfilter mark... Check LARTC (Linux advanced routing and traffic control) howto, and feel free to ask here if you need more details.
From: Moe Trin on 15 Jun 2010 12:11
On Tue, 15 Jun 2010, in the Usenet newsgroup comp.os.linux.networking, in article <6a88a6e9-0687-4acd-9a72-7200e06ecaa5(a)r27g2000yqb.googlegroups.com>, Barak Hermesh wrote: NOTE: Posting from groups.google.com (or some web-forums) dramatically reduces the chance of your post being seen. Find a real news server. >Pascal Hambourg <boite-a-s...(a)plouf.fr.eu.org> wrote: >> Barak Hermesh a �crit : >>> wan0 and wan1 should be looked at as two different physical >>> interfaces. >> Why "should be looked at as" ? Aren't they ? >They are logical links sharing the same physical medium but for all >practical purposes they can be looked at as two different interfaces. <snickers> >>> Both get their IP addresses from DHCP clients and both get >>> different default gateways. >> This is asking for trouble. A node should have only one default >> route at most. >We have no option. This is per product specification. Let me guess - written by marketing buzzword idiots who have absolutely no concept of what the words mean. If you have to live with this, please identify the product (I can see you're posting from Texas Instruments address space) so that prospective victims can avoid it. The word 'default' is used in the *PROGRAMMING* sense - meaning that if nothing else works/fits, use this choice. So there are three roads leaving an intersection - left, right, and straight ahead, and you have to make a choice which one to use. The one on the left goes into a brick wall - obviously not the way to go. The one straight ahead is labeled "TO EVERYWHERE - USE ME IF THE OTHER ROADS DON'T GO WHERE YOU WANT TO GO" - I'd guess that's the one to take... except the one to the right is also labeled exactly the same. So, which one does the marketing a$$h0le (or is it some equally clue deprived manager) want you to use? The additional problem you are having is that the definition of those multiple interfaces are not cast in stone - they're changing. Old guy |