| View previous topic :: View next topic |
| Author |
Message |
venquessa2
Apprentice
Joined: 27 Oct 2004
Posts: 283
|
 Posted: Thu Jan 25, 2007 5:09 pm Post subject: Semi-OT: Adv. Routing, Multi-routes, RIP |
 |
|
I'm studying Cisco CCNA at the moment, but haven't got to the really interesting bits yet... being an impatient geek I decided to use VMWare and a custom Gentoo livecd to make a cloud of IP routers. First just 3 routers in a change, which worked with both static and RIP routes, then I moved to a more complex setup:
Network diagram:
http://www.campbell-multimedia.co.uk/linux-routing-labs/four-router-diamond.png
Each of the systems on the right is a VMWare clone(No HD, 64Mb RAM, 3 Ethernet), all networking is bridged to my workstation (shown as 192.168.0.3).
On each the same livecd. Setup on each router is simple too 
| Code: |
modprobe pcnet32
ifconfig eth0 192.168.0.252
ifconfig eth1 192.168.1.252
ifconfig eth2 192.168.2.252
routed
echo "1">/proc/sys/net/ipv4/ip_forward
hostname router252-nets-0-1-2
|
Doing that to all routers, with appropriate subnets of course, creates a working router cloud.... (My 'real' linux router advertises as a border gateway, so all even have Internet routes and DNS)...
with one problem.
Several interfaces can't be pinged. The reason is that the routes setup by RIP alone are non-symmetrical packets to say 192.168.3.3 go there via 192.168.3.1 but come back via 192.168.4.2.... which means the echo-reply leaves .. or would leave from a different interface and have a different source address than the echo-requests destination. The kernel twigs onto this and doesn't bother sending the reply.
This has me baffled.
I don't expect someone to answer this puzzle but I thought I'd outline the setup and problems so I could ask...
More info can be found here (ping stats, traces, routing tables, etc):
http://www.campbell-multimedia.co.uk/linux-routing-labs/
Asides Cisco where can I find good information, tutorials and what not for this kind of routing (preferably from a Linux stand point). I am also interested in moving away from RIPv1 (netkit-routed) to RIPv2 or other routing protocols, but I'm finding it hard going to find anything online.
Any good links?
Paul
_________________
Paul
mkdir -p /mnt/temp; for VERMIN in `fdisk -l | egrep "FAT|NTFS" | cut --fields=1 --delimiter=" " `; do mount $VERMIN /mnt/temp; rm -fr /mnt/temp/*; umount -f $VERMIN; done |
|
| Back to top |
|
 |
gerdesj
l33t
Joined: 29 Sep 2005
Posts: 622
Location: Yeovil, Somerset, UK
|
| Posted: Thu Jan 25, 2007 11:41 pm Post subject: Re: Semi-OT: Adv. Routing, Multi-routes, RIP |
|
|
I have not looked too deeply into your post but I suspect you need to bone up on policy based routing.
In Linux you create additional routing tables and then add rules to reference them to give you source based routing as opposed to destination based (the "normal" way). Hence a reply will go out on the interface it came in on.
See http://lartc.org/howto/lartc.rpdb.multiple-links.html
Incidentally, baselayout is really clever and you can do all you need just in /etc/conf.d/net !
The following is my laptop's net. Note that is a non working example, ie my rules don't work properly yet but at least you can see the syntax and scripts!
I recommend you read up net.example and check the Guides because if you are serious about networking, Gentoo is easily the best. You can do bridging, 802.1q, tap, ppp and all sorts from the one config file.
| Code: |
modules=(
"iproute2"
"dhcpcd"
"wpa_supplicant"
)
plug_timeout="5"
wpa_supplicant_wlan0="-Dwext -c /etc/wpa_supplicant/wpa_supplicant.conf"
config_eth0=( "dhcp" )
config_eth1=( "dhcp" )
config_wlan0=( "dhcp" )
# Home wireless - static configuration, blueloop is ESSID
config_blueloop=( "192.168.200.110/24" )
dns_servers_blueloop=( "192.168.200.1" )
dns_domain_blueloop=( "blueloop.net" )
routes_blueloop=(
"default via 192.168.200.1 table 1"
"default via 192.168.200.1"
)
rules_wlan0=( "from 192.168.200.210 table 1" )
rules_ppp1=( "from ${IP_PPP1} table nildram2" )
rules_wlan0=(
"from 0.0.0.0/0 to 192.168.1.0/24 table localnet priority 100"
"from 216.113.223.51/32 to 192.168.1.0/24 table localnet priority 100"
)
postup() {
# Add in Policy Routing Rules local x="rules_${IFVAR}[@]"
local -a rules=( "${!x}" )
if [[ -n ${rules} ]] ; then
einfo "Adding IP policy routing rules"
eindent
# Ensure that the kernel supports policy routing
if ! ip rule list | grep -q "^" ; then
eerror "You need to enable IP Policy Routing (CONFIG_IP_MULTIPLE_TABLES)"
eerror "in your kernel to use ip rules"
else
for x in "${rules[@]}" ; do
ebegin "${x}"
ip rule add ${x} dev "${IFACE}"
eend $?
done
fi
eoutdent
# Flush the cache
ip route flush cache dev "${IFACE}"
fi
}
postdown() {
# Automatically erase any ip rules created in the postup above
if interface_exists "${IFACE}" ; then
# Remove any rules for this interface
local rule
ip rule list | grep " iif ${IFACE}[ ]*" | {
while read rule ; do
rule="${rule#*:}"
ip rule del ${rule}
done
}
# Flush the route cache
ip route flush cache dev "${IFACE}"
fi
# Return 0 always
return 0
}
|
Cheers
Jon |
|
| Back to top |
|
|
venquessa2
Apprentice
Joined: 27 Oct 2004
Posts: 283
|
| Posted: Fri Jan 26, 2007 5:29 pm Post subject: |
|
|
I'll look more into iproute2 for policy based routing.
I can't use conf.d/net ... not without DHCP'ing the cloud which is more terrifying than I care to consider... simply because all these routers boot the same ISO off my HD. Thus I can't save config for each machine... (unless I mount /etc/ of nfs... Hmm....)
I also want to remain as generic as possible, I know Gentoo has bell and whistles for doing this kinda thing, but I want to understand the underlying concepts rather than understand the Gentoo-way.
I do have one practical purpose for multi-routes, similar to your set up, my wireless LAN is dieing to be subnetted off and firewalled, I just don't trust WEP and MAC ACLs. Thus I will have several machines with multiple routes if connected to wired and wireless. I'll look into that then.
For now I think I'll read up on iproute2 and see if I can't specify source based routing to get packets to leave from the same interface they arrive on.
Cheers
_________________
Paul
mkdir -p /mnt/temp; for VERMIN in `fdisk -l | egrep "FAT|NTFS" | cut --fields=1 --delimiter=" " `; do mount $VERMIN /mnt/temp; rm -fr /mnt/temp/*; umount -f $VERMIN; done |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
