Re: Multiple NICs with Monolithic kernel

To: debian-user@lists.debian.org
Subject: Re: Multiple NICs with Monolithic kernel
From: Fraser Campbell <fraser@wehave.net>
Date: 23 Feb 2003 19:48:45 -0500
Message-id: <[🔎] 1046047725.32016.53.camel@shieldaig.wehave.net>
In-reply-to: <[🔎] 20030223165131.GA23402@seanet.com>
References: <[🔎] 20030223165131.GA23402@seanet.com>

On Sun, 2003-02-23 at 11:51, Michael West wrote:

> With this setup and only one card with a cable attached I can ping all
> three addresses 10.0.1.10, 10.0.1.11, and 10.0.1.12.  This is true no
> matter which card is plugged in.  

That's because the kernel doesn't particularly care which physical
interface a packet arrives on (unless you implement firewalling).  A
packet arrives on the ethernet interface and the kernel says "is that
me?" ... it is, it accepts the packet and it responds.  This is very
simplistic but I believe that's what's happening.

As an example of this behaviour we have a firewall that has a DSL
Internet connection (using rp-pppoe), along with our single DSL IP
(let's pretend 172.16.12.254) we have a /28 network routed to us (let's
say 172.16.13.0/28).

The DSL IP is assigned by rp-pppoe to ppp0, we actually assigned the /28
subnet to a dummy interface, so we have something like this:

dummy0   -> 172.16.31.1
dummy0:2 -> 172.16.31.2

We assigned the extra subnet to the dummy interface since that let us
keep it distinct from the pppoe connection. When our pppoe interface
gets reset we don't need to worry about making sure the extra IPs  are
brought up again as we would if we'd bound them to ppp0:1, ppp0:2, etc.

The point is that no matter how a packet arrives your machine will
respond to it provided routing and firewalling let it, it doesn't have
to arrive on the "right" interface.

If you can email as a copy of your routing table that would be helpful,
based on what you describe I would expect that the routing table looks
like this:

10.0.1.0    0.0.0.0   255.255.255.0 [snip]  eth0
10.0.1.0    0.0.0.0   255.255.255.0 [snip]  eth1
10.0.1.0    0.0.0.0   255.255.255.0 [snip]  eth2
0.0.0.0    10.0.1.3   0.0.0.0       [snip]  eth0
0.0.0.0    10.0.1.3   0.0.0.0       [snip]  eth1
0.0.0.0    10.0.1.3   0.0.0.0       [snip]  eth2

I might be wrong on this but I don't think the kernel tries additional
routes, when it finds the first matching route it routes that way and is
done with the packet.

So, no matter which ethernet cable is plugged in, the route to your
local network will always be bound to eth0, AFAIK.  To prove this try
pinging the other IPs from a remote machine, then check what MAC address
shows up in that machine's arp tables ... I suspect that you will see
the same MAC address for all IPs, obviously because all reponses are
coming through the same interface.

What is the effect that you're trying to achieve by assigning IPs to
dedicated network cards?  Are you expecting enough traffic to saturate
the ethernet connection?  If you're doing this for load balancing then
it can be done with multipath routing (see iproute2 tool).

> I wish to use a monolithic kernel for security.  Can you help me
> understand either how to set this up so each card gets one ip and/or
> understand how each card is getting all three?  

By monolithic kernel do you mean not using modules?  Why is that more
secure?

-- 
Fraser Campbell <fraser@wehave.net>                http://wehave.net/
Brampton, Ontario, Canada                   Linux 2.4.20 AuthenticAMD

Reply to:

Follow-Ups:
- Re: Multiple NICs with Monolithic kernel
  - From: Michael West <quagly@mitzit.net>

References:
- Multiple NICs with Monolithic kernel
  - From: Michael West <web@mitzit.net>

Prev by Date: Re: PHP --with-imap
Next by Date: Re: Screen scaling (was A bug?)
Previous by thread: Re: Multiple NICs with Monolithic kernel
Next by thread: Re: Multiple NICs with Monolithic kernel
Index(es):
- Date
- Thread