routing table oddities

From: Adam Levin (levins@westnet.com)
Date: Sat Nov 26 2005 - 17:28:46 EST

• Next message: Roetman, Paul: "repository for scripts for multiple machines, and multiple users"
• Previous message: john hanson: "best practice about /var"
• Next in thread: Adam Levin: "SUMMARY: Re: routing table oddities"
• Reply: Adam Levin: "SUMMARY: Re: routing table oddities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I have what seems to be a weird problem with routing that I hope y'all can
help with.

I have a Sun Fire V210 running Solaris 10 with a recommended patchcluster
a couple of weeks old.

It's got 8 interfaces -- the four on board plus a quad gigaswift (ce)
card.

It's on a pretty complicated network. We've got three VLANs on it, each
running IPMP for fault tolerance (active/standby):

bge0/ce0 are on a management (mgt) VLAN
bge1/ce1 are on a network-attached storage (nas) VLAN
bge3/ce3 are on an "application" (app) VLAN

mgt is 10.66.0.0/16
nas is 10.67.0.0/16
app is 10.65.0.0/16

There are no default routes, because none of the networks are routable
anyway, and it's not supposed to talk to the net.

Now we have a problem: it needs to talk to the net. Our network guy set
up our firewall (cisco FWSM in a 6509-e chassis) so that 10.66.0.3 is a
gateway.

I then add a static route:

route add -host 66.94.234.13 10.66.0.3 -static

That 66 address is yahoo.com, just for testing.

When I try to telnet to that address on port 80, I get no errors for
several minutes. I get the "Trying ..." message, and then several minutes
later, it times out and fails.

I've used tcpdump to watch the interfaces (all of them!) and I don't see
the packets at all. If I try to telnet to the 10.66.0.3 gateway, I do see
the packets, though the connection is refused by the firewall.

The firewall rule allows ip any any, but I don't think the problem is the
firewall since I'm not seeing packets on the interface.

The routing table looks like this:
Routing Table: IPv4
   Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
10.65.0.10 10.65.0.10 UGH 1 0
10.66.0.10 10.66.0.10 UGH 1 0
10.67.0.10 10.67.0.10 UGH 1 0
66.94.234.13 10.66.0.3 UGH 1 0
10.66.0.0 10.66.3.1 U 1 943 bge0:1
10.66.0.0 10.66.3.1 U 1 0 bge0
10.66.0.0 10.66.3.1 U 1 742 ce0
10.67.0.0 10.67.3.1 U 1 911 bge1:1
10.67.0.0 10.67.3.1 U 1 0 bge1
10.67.0.0 10.67.3.1 U 1 775 ce1
10.65.0.0 10.65.3.1 U 1 911 bge3:1
10.65.0.0 10.65.3.1 U 1 0 bge3
10.65.0.0 10.65.3.1 U 1 511 ce3
224.0.0.0 10.66.3.1 U 1 0 bge0:1
127.0.0.1 127.0.0.1 UH 28 73742 lo0

The .10 interfaces at the top are static routes to a router to answer ICMP
echoes for the IPMP probes.

Any ideas?

-Adam
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Roetman, Paul: "repository for scripts for multiple machines, and multiple users"
• Previous message: john hanson: "best practice about /var"
• Next in thread: Adam Levin: "SUMMARY: Re: routing table oddities"
• Reply: Adam Levin: "SUMMARY: Re: routing table oddities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:37:10 EDT