Link to home
Create AccountLog in
Avatar of shambright
shambright

asked on

Solaris 10 multiple subnets/routing issues

I have a Solaris 10 server with 4 ethernet ports.

I would like to use two of these ports so that the server will be accessible from two completely different subnets, each with their own gateway. For example:
192.168.1.64/26
192.168.2.64/26

I was able to set up a default gateway for 192.168.1 network by using the /etc/defaultrouter file.

I tried adding a gateway for the 192.168.2 network using route -p, and it shows up in the routing table, but I cannot ping or get any response to the 192.168.2.64 IP from anywhere.

These two networks do NOT need to share packets, they should operate independently.
There is an /etc/notrouter file present.
Avatar of Joseph Gan
Joseph Gan
Flag of Australia image

By default Solaris put /etc/notrouter file to stop routing, you should remove this file to make routing work.
Avatar of shambright
shambright

ASKER

I put that file there because both interfaces stopped responding.
Though, I think at that time I had multiple default gateways defined as well, and now I have only one.
192.168.1 uses 'default' gateway, 192.168.2 has it's own 'UG' entry.

routeadm shows that IPv4 routing is enabled.
Try to use "route add" command to add specified route to the tables.
That is how I got them in there in the first place.


Routing Table: IPv4
  Destination           Gateway           Flags  Ref     Use     Interface
-------------------- -------------------- ----- ----- ---------- ---------
default              192.168.1.1          UG        1     464873          
192.168.1.0          192.168.1.32         U         1       3642 bge0      
192.168.2.0          192.168.2.10         U         1          2 bge2      
192.168.2.0          192.168.2.1          UG        1          0          
You can add more defaut routers in /etc/defaultrouter, with each entry on its own line.
as ganjos posted
i.e.
192.168.1.1
192.168.2.1





My understanding is that putting more than one entry here creates a "round-robin" for the default route.

If they are on different subnets, packets will get lost.
They will round robin based on external routes.
i.e. a traffic within segments will flow directly and will never reach the default router.

I.e. a packet from 192.168.1.x to 192.168.1.y will never be routed through 192.168.2.1. Routing rule will see the packet as local and will be "sent" directly by 192.168.1.x to 192.168.1.y

The issue is that you want to access EE from this system, there is 50/50 chance that the packet will go over to 192.168.1.1 as it would to 192.168.2.1.  The issue hereis if the 192.168.2.1 does not have a path to the internet, this will cause problems you described. This is why when specifying default routes, they must have the same access, or you would need to define routing rules to distribute the traffic that should not go over one route versus the other.


The issue deals with other paths i.e. if the two paths do not provide the same access, you would have to add static routes to direct specific networks over a specific path
route add net w.x.y.0 mask 255.255.255.0 eth0 etc.

What netmasks are assigned to your interfaces?
ASKER CERTIFIED SOLUTION
Avatar of shambright
shambright

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
The exart part from the URL above:


A Solaris server has 2 network interfaces, bge0 and bge2. bge0 has an IP of 192.168.1.1, the router on that network is 192.168.1.254. bge2 has an IP of 192.168.100.1, the router on that network is 192.168.100.254. The default route on the system in the /etc/defaultrouter is 192.168.1.254.

When a packet comes in for 192.168.100.1, Solaris will process it and send the answer out to the default router. It knows nothing about the default router on the 2nd network. If you place the 2nd router in /etc/defaultrouter, then Solaris just round-robins the IPs. So a request comes in bge2 and goes out bge0 to the default router, from bge2's IP. If the router is configured with anti-spoofing rules, then the router will ignore that packet. Thus, the answer never reaches the client.

In comes IPFilter. This is the Solaris firewall that’s built in. After exploring many different options to try to get it to route properly for that interface by checking the ‘route’ command I found this simple rule that allows it to work:

pass out quick on bge0 to bge2:192.168.100.254 from 192.168.100.1 to any

This rule says that any traffic going out bge0 from the IP 192.168.100.1 (bge2's IP) should be changed to go out bge1 interface and be sent to 192.168.100.254 (the default router on bge2).
Exact issue required was outlined in post. URL included in solution.