[ale] Does Linux discover routes by magic? Does Traceroute fib?

Brian Mathis brian.mathis+ale at betteradmin.com
Thu Jan 17 13:51:16 EST 2013 

It looks to me like the traffic is going through the Cisco and not the
Sonicwall.  On my simple home network, my first hop in traceroute is
my router.

Check to see what your external IP address is by using:
    curl http://checkip.dyndns.com
Does it match what you expect it to be?

The culprit may be the Cisco router, depending on what kind of device
that is, using proxyarp.  I have seen Cisco ASAs try to proxy every
connection on a network by responding with its own MAC address for all
ARP requests.  This has the effect of sending even local traffic
through the Cisco.  I would check your ARP tables and see if anything
looks strange, like multiple IPs having the same MAC address.

Another option might be that the Cisco router is using some routing
protocol like BGP and announcing itself as a route, but I really have
no experience with that.

Might be a good idea to pull out tcpdump or wireshark and see what's
happening on the wire.


❧ Brian Mathis


On Thu, Jan 17, 2013 at 12:41 PM, Neal Rhodes <neal at mnopltd.com> wrote:
> Maybe this is basic linux routing that I've been oblivious to all these
> years.
>
> Picture a local lan with a primary Sonicwall router at 192.168.220.1,
> and a little Cisco router to handle one side of a T1 circuit sitting at
> 192.168.220.254, and the network on the other side of the T1 is
> xxx.yyy.47.0.
>
> The servers have nothing but the most minimal routing:
> Kernel IP routing table on EV4:
> Destination     Gateway         Genmask         Flags   MSS Window  irtt
> Iface
> 192.168.220.0   0.0.0.0         255.255.255.0   U         0 0          0
> eth0
> 169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0
> eth0
> 0.0.0.0         192.168.220.1   0.0.0.0         UG        0 0          0
> eth0
>
> When we traceroute to a host on the other side of the T1...
> traceroute to xxx.yyy.47.9 (xxx.yyy.47.9), 30 hops max, 60 byte packets
> 1  192.168.220.254 (192.168.220.254)  2.043 ms  2.055 ms  2.128 ms
> 2  xxx.yyy.42.129 (xxx.yyy.42.129)  20.148 ms  20.974 ms  22.040 ms
> 3  xxx.yyy.41.41 (xxx.yyy.41.41)  23.397 ms  24.409 ms  25.533 ms
> 4  * * *
> 5  xxx.yyy.47.9 (xxx.yyy.47.9)  30.735 ms  31.734 ms  33.216 ms
>
> one gets the impression that it never hit its default gateway at
> 192.168.220.1, but somehow figured out that the .254 router could get it
> there.
>
> Is that accurate? Or was there an access to the default gateway that isn't
> shown by the traceroute?    Looking at several other hosts, including our
> own,  it looks like traceroute or mtr to "google.com" never shows me hitting
> our local gateway.    If I had two different routes, two local routers, how
> would I know which one it took?
>
>
> What I'm trying to do is configure the routes such that access through this
> T1 be independent of failure of the primary Sonicwall router.    But adding
> a specific route for the xxx.yyy LAN appears to have no effect, as least
> from what I'm seeing.
>
> Is there a layer deeper that I should be looking at?  Does the gateway just
> not count as a hop?  The route cache shows no reference to xxx.yyy.
>
> BTW, this is a Centos 6.x (mumble) server.    (2.6.32-279.1.1.el6.x86_64 #1
> SMP)
>
> Regards,
> Neal
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>

More information about the Ale mailing list