Networking help

bscott at ntisys.com bscott at ntisys.com
Mon Dec 16 13:42:52 EST 2002 

On Mon, 16 Dec 2002, at 10:46am, pll at lanminds.com wrote:
>> In particular, what is T?
> 
> T doesn't actually exist.

  Paul, I'm going to kill you.  :-)  You've got a route programmed for a
gateway that doesn't exist, and you wonder why you're having network
problems!  Arggghhhhhh!  :-)

  *bonk*  *bonk*  *bonk*  (Sound of Ben beating his head against the desk.)

  :-)

> If I'm coming in on the 10.241.38/24 interface to a node, then the return
> traffic should follow the routh for that network.

  No!

  ****** IP routing is a stateless operation. ******

  There is no such thing as "return traffic" in IP.  Higher level protocols,
like TCP, might implement virtual circuits, but the IP layer itself is
stateless.  Routing decisions are based entirely on the destination address
of each packet.  Period.

  (Again, load balancing, policy-based routing, and other things are
increasingly common exceptions to this rule, but they are rarely active
unless you explicitly configure them.)

> Even though there were 2 default routes, shouldn't the traffic (in theory)
> get sent out both interfaces (if what you described as "matching all
> packets" is accurate)?

  No!  A given IP packet should *never* be transmitted more than once (on a
particular node).

  Again: The router will pick the route which most closely matches a
packet's destination address.  If multiple routes match, the one with the
best metric wins.  If multiple routes still match, *one* of the routes will
be chosen, in an implementation-dependent fashion.  In most
implementations, the router simply uses whatever route happens to come first
in the internal routing table's structure.

> ... I had tcmdump monitoring all interfaces on C, and there were no 'icmp
> echo reply' packets being generated for any of the interfaces.  The 'icmp
> echo request' was coming in on the 10.241.38/24 interface.

  While I think it is a safe bet that your non-existent gateway was the
problem, the above is interesting.  If you were sending packets to a
blackhole, you should still have seen them going out the interface on their
way to the blackhole....

  Oh.  Damn.

  System 'C' would have been ARP'ing for 192.168.10.1 ('T' in my diagram).  
Since 'T' did not actually exist, 'C' would never get an ARP reply.  And
without an ARP table entry, a system cannot send IP packets on Ethernet.  
So the ICMP reply was never even making it off 'C'.  The ICMP reply was
dying in the kernel router.

-- 
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do not |
| necessarily represent the views or policy of any other person, entity or  |
| organization.  All information is provided without warranty of any kind.  |

More information about the gnhlug-discuss mailing list