* Multiple GRE tunnels on the same host, only one routes incoming packets
@ 2012-02-11 10:40 Rick Koshi
2012-02-11 10:59 ` "Oleg A. Arkhangelsky"
2012-02-11 11:29 ` Eric Dumazet
0 siblings, 2 replies; 6+ messages in thread
From: Rick Koshi @ 2012-02-11 10:40 UTC (permalink / raw)
To: netdev
I'm having a routing problem on CentOS 6.2 (kernel 2.6.32-220)
Here's the setup: One host is on my local network. It's talking
to two nearly identical hosts at a remote location. The two remote
hosts are on all the same networks, acting as redundant backups
for each other.
I set up two GRE tunnels from the local host, one to each
remote host:
ip tunnel add name tunnel1 mode gre local 10.2.1.2 remote 10.2.1.1
ip link set dev tunnel1 up
ip route add 172.16.1.0/24 dev tunnel1 metric 101
ip tunnel add name tunnel2 mode gre local 10.2.1.4 remote 10.2.1.3
ip link set dev tunnel2 up
ip route add 172.16.1.0/24 dev tunnel2 metric 102
Outgoing packets route properly, no problem. Incoming packets
are weird. It appears that whichever tunnel has the route
with the higher metric (tunnel2 in the example above) will
ignore incoming packets. They come in all right, and can be
seen on the local machine with 'tcpdump -i tunnel2', but they
are not routed properly to the local networks. They're simply
dropped. I can switch the two metrics, and then tunnel1 will
drop all incoming packets. The tunnel with the lower route
metric will route packets properly, both incoming and outgoing.
Is this "working as designed?" What I'd like to have happen,
of course, is for all packets on both tunnels to be properly
forwarded. Is this possible?
-- Rick
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Multiple GRE tunnels on the same host, only one routes incoming packets
2012-02-11 10:40 Multiple GRE tunnels on the same host, only one routes incoming packets Rick Koshi
@ 2012-02-11 10:59 ` "Oleg A. Arkhangelsky"
2012-02-11 11:18 ` Rick Koshi
2012-02-11 11:29 ` Eric Dumazet
1 sibling, 1 reply; 6+ messages in thread
From: "Oleg A. Arkhangelsky" @ 2012-02-11 10:59 UTC (permalink / raw)
To: Rick Koshi; +Cc: netdev
11.02.2012, 14:40, "Rick Koshi" <netdev@more-right-rudder.com>:
> Is this "working as designed?" What I'd like to have happen,
> of course, is for all packets on both tunnels to be properly
> forwarded. Is this possible?
Maybe you should try the "key" param to ip tunnel command?
--
wbr, Oleg.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Multiple GRE tunnels on the same host, only one routes incoming packets
2012-02-11 10:59 ` "Oleg A. Arkhangelsky"
@ 2012-02-11 11:18 ` Rick Koshi
0 siblings, 0 replies; 6+ messages in thread
From: Rick Koshi @ 2012-02-11 11:18 UTC (permalink / raw)
To: "Oleg A. Arkhangelsky"; +Cc: netdev
"\"Oleg A. Arkhangelsky\"" writes:
>
>
> 11.02.2012, 14:40, "Rick Koshi" <netdev@more-right-rudder.com>:
>
> > Is this "working as designed?" šWhat I'd like to have happen,
> > of course, is for all packets on both tunnels to be properly
> > forwarded. šIs this possible?
>
> Maybe you should try the "key" param to ip tunnel command?
Thank you for the suggestion. I tried adding key params
to the tunnel setup commands, but it had no effect. The
behavior is identical.
-- Rick
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Multiple GRE tunnels on the same host, only one routes incoming packets
2012-02-11 10:40 Multiple GRE tunnels on the same host, only one routes incoming packets Rick Koshi
2012-02-11 10:59 ` "Oleg A. Arkhangelsky"
@ 2012-02-11 11:29 ` Eric Dumazet
2012-02-11 12:10 ` Rick Koshi
1 sibling, 1 reply; 6+ messages in thread
From: Eric Dumazet @ 2012-02-11 11:29 UTC (permalink / raw)
To: Rick Koshi; +Cc: netdev
Le samedi 11 février 2012 à 05:40 -0500, Rick Koshi a écrit :
> I'm having a routing problem on CentOS 6.2 (kernel 2.6.32-220)
>
> Here's the setup: One host is on my local network. It's talking
> to two nearly identical hosts at a remote location. The two remote
> hosts are on all the same networks, acting as redundant backups
> for each other.
>
> I set up two GRE tunnels from the local host, one to each
> remote host:
> ip tunnel add name tunnel1 mode gre local 10.2.1.2 remote 10.2.1.1
> ip link set dev tunnel1 up
> ip route add 172.16.1.0/24 dev tunnel1 metric 101
>
> ip tunnel add name tunnel2 mode gre local 10.2.1.4 remote 10.2.1.3
> ip link set dev tunnel2 up
> ip route add 172.16.1.0/24 dev tunnel2 metric 102
>
> Outgoing packets route properly, no problem. Incoming packets
> are weird. It appears that whichever tunnel has the route
> with the higher metric (tunnel2 in the example above) will
> ignore incoming packets. They come in all right, and can be
> seen on the local machine with 'tcpdump -i tunnel2', but they
> are not routed properly to the local networks. They're simply
> dropped. I can switch the two metrics, and then tunnel1 will
> drop all incoming packets. The tunnel with the lower route
> metric will route packets properly, both incoming and outgoing.
>
> Is this "working as designed?" What I'd like to have happen,
> of course, is for all packets on both tunnels to be properly
> forwarded. Is this possible?
check :
grep . `find /proc/sys -name rp_filter`
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Multiple GRE tunnels on the same host, only one routes incoming packets
2012-02-11 11:29 ` Eric Dumazet
@ 2012-02-11 12:10 ` Rick Koshi
2012-02-11 12:55 ` Eric Dumazet
0 siblings, 1 reply; 6+ messages in thread
From: Rick Koshi @ 2012-02-11 12:10 UTC (permalink / raw)
To: Eric Dumazet; +Cc: netdev
Eric Dumazet writes:
>
> check :
>
> grep . `find /proc/sys -name rp_filter`
Thank you, thank you, thank you! This is exactly right.
CentOS by default sets reverse-path filtering (which I'd
never even heard of before your message) partially on
(value 1 in /proc/sys/net/ipv4/conf/default/rp_filter).
In my case, I need it completely off for my 2 tunnel
interfaces. A quick change to my setup script, and
everything works now.
Thank you so very much. You have saved me hours
of frustration and given me a good night's sleep. :-)
-- Rick
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Multiple GRE tunnels on the same host, only one routes incoming packets
2012-02-11 12:10 ` Rick Koshi
@ 2012-02-11 12:55 ` Eric Dumazet
0 siblings, 0 replies; 6+ messages in thread
From: Eric Dumazet @ 2012-02-11 12:55 UTC (permalink / raw)
To: Rick Koshi; +Cc: netdev
Le samedi 11 février 2012 à 07:10 -0500, Rick Koshi a écrit :
> Eric Dumazet writes:
> >
> > check :
> >
> > grep . `find /proc/sys -name rp_filter`
>
> Thank you, thank you, thank you! This is exactly right.
> CentOS by default sets reverse-path filtering (which I'd
> never even heard of before your message) partially on
> (value 1 in /proc/sys/net/ipv4/conf/default/rp_filter).
>
> In my case, I need it completely off for my 2 tunnel
> interfaces. A quick change to my setup script, and
> everything works now.
>
> Thank you so very much. You have saved me hours
> of frustration and given me a good night's sleep. :-)
>
You're very welcome :)
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2012-02-11 12:55 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-02-11 10:40 Multiple GRE tunnels on the same host, only one routes incoming packets Rick Koshi
2012-02-11 10:59 ` "Oleg A. Arkhangelsky"
2012-02-11 11:18 ` Rick Koshi
2012-02-11 11:29 ` Eric Dumazet
2012-02-11 12:10 ` Rick Koshi
2012-02-11 12:55 ` Eric Dumazet
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.