shambright
asked on
Solaris 10 multiple subnets/routing issues
I have a Solaris 10 server with 4 ethernet ports.
I would like to use two of these ports so that the server will be accessible from two completely different subnets, each with their own gateway. For example:
192.168.1.64/26
192.168.2.64/26
I was able to set up a default gateway for 192.168.1 network by using the /etc/defaultrouter file.
I tried adding a gateway for the 192.168.2 network using route -p, and it shows up in the routing table, but I cannot ping or get any response to the 192.168.2.64 IP from anywhere.
These two networks do NOT need to share packets, they should operate independently.
There is an /etc/notrouter file present.
I would like to use two of these ports so that the server will be accessible from two completely different subnets, each with their own gateway. For example:
192.168.1.64/26
192.168.2.64/26
I was able to set up a default gateway for 192.168.1 network by using the /etc/defaultrouter file.
I tried adding a gateway for the 192.168.2 network using route -p, and it shows up in the routing table, but I cannot ping or get any response to the 192.168.2.64 IP from anywhere.
These two networks do NOT need to share packets, they should operate independently.
There is an /etc/notrouter file present.
Joseph Gan
By default Solaris put /etc/notrouter file to stop routing, you should remove this file to make routing work.
ASKER
I put that file there because both interfaces stopped responding.
Though, I think at that time I had multiple default gateways defined as well, and now I have only one.
192.168.1 uses 'default' gateway, 192.168.2 has it's own 'UG' entry.
routeadm shows that IPv4 routing is enabled.
Though, I think at that time I had multiple default gateways defined as well, and now I have only one.
192.168.1 uses 'default' gateway, 192.168.2 has it's own 'UG' entry.
routeadm shows that IPv4 routing is enabled.
Try to use "route add" command to add specified route to the tables.
ASKER
That is how I got them in there in the first place.
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 192.168.1.1 UG 1 464873
192.168.1.0 192.168.1.32 U 1 3642 bge0
192.168.2.0 192.168.2.10 U 1 2 bge2
192.168.2.0 192.168.2.1 UG 1 0
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 192.168.1.1 UG 1 464873
192.168.1.0 192.168.1.32 U 1 3642 bge0
192.168.2.0 192.168.2.10 U 1 2 bge2
192.168.2.0 192.168.2.1 UG 1 0
You can add more defaut routers in /etc/defaultrouter, with each entry on its own line.
as ganjos posted
i.e.
192.168.1.1
192.168.2.1
i.e.
192.168.1.1
192.168.2.1
ASKER
My understanding is that putting more than one entry here creates a "round-robin" for the default route.
If they are on different subnets, packets will get lost.
If they are on different subnets, packets will get lost.
They will round robin based on external routes.
i.e. a traffic within segments will flow directly and will never reach the default router.
I.e. a packet from 192.168.1.x to 192.168.1.y will never be routed through 192.168.2.1. Routing rule will see the packet as local and will be "sent" directly by 192.168.1.x to 192.168.1.y
The issue is that you want to access EE from this system, there is 50/50 chance that the packet will go over to 192.168.1.1 as it would to 192.168.2.1. The issue hereis if the 192.168.2.1 does not have a path to the internet, this will cause problems you described. This is why when specifying default routes, they must have the same access, or you would need to define routing rules to distribute the traffic that should not go over one route versus the other.
The issue deals with other paths i.e. if the two paths do not provide the same access, you would have to add static routes to direct specific networks over a specific path
route add net w.x.y.0 mask 255.255.255.0 eth0 etc.
i.e. a traffic within segments will flow directly and will never reach the default router.
I.e. a packet from 192.168.1.x to 192.168.1.y will never be routed through 192.168.2.1. Routing rule will see the packet as local and will be "sent" directly by 192.168.1.x to 192.168.1.y
The issue is that you want to access EE from this system, there is 50/50 chance that the packet will go over to 192.168.1.1 as it would to 192.168.2.1. The issue hereis if the 192.168.2.1 does not have a path to the internet, this will cause problems you described. This is why when specifying default routes, they must have the same access, or you would need to define routing rules to distribute the traffic that should not go over one route versus the other.
The issue deals with other paths i.e. if the two paths do not provide the same access, you would have to add static routes to direct specific networks over a specific path
route add net w.x.y.0 mask 255.255.255.0 eth0 etc.
What netmasks are assigned to your interfaces?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The exart part from the URL above:
A Solaris server has 2 network interfaces, bge0 and bge2. bge0 has an IP of 192.168.1.1, the router on that network is 192.168.1.254. bge2 has an IP of 192.168.100.1, the router on that network is 192.168.100.254. The default route on the system in the /etc/defaultrouter is 192.168.1.254.
When a packet comes in for 192.168.100.1, Solaris will process it and send the answer out to the default router. It knows nothing about the default router on the 2nd network. If you place the 2nd router in /etc/defaultrouter, then Solaris just round-robins the IPs. So a request comes in bge2 and goes out bge0 to the default router, from bge2's IP. If the router is configured with anti-spoofing rules, then the router will ignore that packet. Thus, the answer never reaches the client.
In comes IPFilter. This is the Solaris firewall that’s built in. After exploring many different options to try to get it to route properly for that interface by checking the ‘route’ command I found this simple rule that allows it to work:
pass out quick on bge0 to bge2:192.168.100.254 from 192.168.100.1 to any
This rule says that any traffic going out bge0 from the IP 192.168.100.1 (bge2's IP) should be changed to go out bge1 interface and be sent to 192.168.100.254 (the default router on bge2).
A Solaris server has 2 network interfaces, bge0 and bge2. bge0 has an IP of 192.168.1.1, the router on that network is 192.168.1.254. bge2 has an IP of 192.168.100.1, the router on that network is 192.168.100.254. The default route on the system in the /etc/defaultrouter is 192.168.1.254.
When a packet comes in for 192.168.100.1, Solaris will process it and send the answer out to the default router. It knows nothing about the default router on the 2nd network. If you place the 2nd router in /etc/defaultrouter, then Solaris just round-robins the IPs. So a request comes in bge2 and goes out bge0 to the default router, from bge2's IP. If the router is configured with anti-spoofing rules, then the router will ignore that packet. Thus, the answer never reaches the client.
In comes IPFilter. This is the Solaris firewall that’s built in. After exploring many different options to try to get it to route properly for that interface by checking the ‘route’ command I found this simple rule that allows it to work:
pass out quick on bge0 to bge2:192.168.100.254 from 192.168.100.1 to any
This rule says that any traffic going out bge0 from the IP 192.168.100.1 (bge2's IP) should be changed to go out bge1 interface and be sent to 192.168.100.254 (the default router on bge2).
ASKER
Exact issue required was outlined in post. URL included in solution.