Quantcast

shouldn't ping -I bypass all normal routing?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

shouldn't ping -I bypass all normal routing?

Gregory Edigarov-5
Hi, everybody

I've run into a strange problem while trying to implement cisco's 'ip
sla' replacement for a customer.

at an openbsd router i have

em0: 192.168.0.1/24 - local network

em1: 111.111.111.2/30 - uplink 1

em2: 222.222.222.2/30 - uplink 2

ip forwarding is on, routes received via bgp, everything work as expected.

the only problem is when something happens deep inside uplink's network:

sessions stay up, routes still present, but no traffic can pass though
uplink.

BFD would help, may be, but I stick to what i have right now.

I am trying to
ping -I 111.111.111.2 8.8.8.8

but get no answer, because route to 8.8.8.8 set through uplink2, furthermore

i see my pings on em2 with tcpdump which seems rather strange to me, as
I am enforcing the interface.

if i ping 8.8.8.8 the normal way "it works" (tm).

pinging with -I 222.222.222.2 works too.

so ?

perhaps I am overlooking something very-very basic, so help me to get
off the brake.

--

With best regards,

          Gregory Edigarov



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: shouldn't ping -I bypass all normal routing?

Gregory Edigarov-5


On 19.05.17 18:47, Gregory Edigarov wrote:

> Hi, everybody
>
> I've run into a strange problem while trying to implement cisco's 'ip
> sla' replacement for a customer.
>
> at an openbsd router i have
>
> em0: 192.168.0.1/24 - local network
>
> em1: 111.111.111.2/30 - uplink 1
>
> em2: 222.222.222.2/30 - uplink 2
>
> ip forwarding is on, routes received via bgp, everything work as
> expected.
>
> the only problem is when something happens deep inside uplink's network:
>
> sessions stay up, routes still present, but no traffic can pass though
> uplink.
>
> BFD would help, may be, but I stick to what i have right now.
>
> I am trying to
> ping -I 111.111.111.2 8.8.8.8
>
> but get no answer, because route to 8.8.8.8 set through uplink2,
> furthermore
>
> i see my pings on em2 with tcpdump which seems rather strange to me,
> as I am enforcing the interface.
>
> if i ping 8.8.8.8 the normal way "it works" (tm).
>
> pinging with -I 222.222.222.2 works too.
>
> so ?
>
> perhaps I am overlooking something very-very basic, so help me to get
> off the brake.
>
and yes, it is the 6.1 amd64
> --
>
> With best regards,
>
>          Gregory Edigarov
>
>
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: shouldn't ping -I bypass all normal routing?

Stuart Henderson
In reply to this post by Gregory Edigarov-5
On 2017-05-19, Gregory Edigarov <[hidden email]> wrote:

> Hi, everybody
>
> I've run into a strange problem while trying to implement cisco's 'ip
> sla' replacement for a customer.
>
> at an openbsd router i have
>
> em0: 192.168.0.1/24 - local network
>
> em1: 111.111.111.2/30 - uplink 1
>
> em2: 222.222.222.2/30 - uplink 2
>
> ip forwarding is on, routes received via bgp, everything work as expected.
>
> the only problem is when something happens deep inside uplink's network:
>
> sessions stay up, routes still present, but no traffic can pass though
> uplink.
>
> BFD would help, may be, but I stick to what i have right now.
>
> I am trying to
> ping -I 111.111.111.2 8.8.8.8
>
> but get no answer, because route to 8.8.8.8 set through uplink2, furthermore
>
> i see my pings on em2 with tcpdump which seems rather strange to me, as
> I am enforcing the interface.
>
> if i ping 8.8.8.8 the normal way "it works" (tm).
>
> pinging with -I 222.222.222.2 works too.
>
> so ?
>
> perhaps I am overlooking something very-very basic, so help me to get
> off the brake.

ping -I doesn't enforce the interface, all it does is set the source
address.  You could enforce with a PF route-to rule if you like.


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: shouldn't ping -I bypass all normal routing?

Gregory Edigarov-5


On 21.05.17 17:16, Stuart Henderson wrote:

> On 2017-05-19, Gregory Edigarov <[hidden email]> wrote:
>> Hi, everybody
>>
>> I've run into a strange problem while trying to implement cisco's 'ip
>> sla' replacement for a customer.
>>
>> at an openbsd router i have
>>
>> em0: 192.168.0.1/24 - local network
>>
>> em1: 111.111.111.2/30 - uplink 1
>>
>> em2: 222.222.222.2/30 - uplink 2
>>
>> ip forwarding is on, routes received via bgp, everything work as expected.
>>
>> the only problem is when something happens deep inside uplink's network:
>>
>> sessions stay up, routes still present, but no traffic can pass though
>> uplink.
>>
>> BFD would help, may be, but I stick to what i have right now.
>>
>> I am trying to
>> ping -I 111.111.111.2 8.8.8.8
>>
>> but get no answer, because route to 8.8.8.8 set through uplink2, furthermore
>>
>> i see my pings on em2 with tcpdump which seems rather strange to me, as
>> I am enforcing the interface.
>>
>> if i ping 8.8.8.8 the normal way "it works" (tm).
>>
>> pinging with -I 222.222.222.2 works too.
>>
>> so ?
>>
>> perhaps I am overlooking something very-very basic, so help me to get
>> off the brake.
> ping -I doesn't enforce the interface, all it does is set the source
> address.  You could enforce with a PF route-to rule if you like.
well, it's ok, but then I will need to switch rules every time like:  
ping uplink1, switch pf rule, ping, switch..... which is not good.
but may be i will be able to implement something with multiple routing
tables....
anyway thanks, Stuart.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: shouldn't ping -I bypass all normal routing?

Stuart Henderson
On 2017-05-22, Gregory Edigarov <[hidden email]> wrote:

>
>
> On 21.05.17 17:16, Stuart Henderson wrote:
>> On 2017-05-19, Gregory Edigarov <[hidden email]> wrote:
>>> Hi, everybody
>>>
>>> I've run into a strange problem while trying to implement cisco's 'ip
>>> sla' replacement for a customer.
>>>
>>> at an openbsd router i have
>>>
>>> em0: 192.168.0.1/24 - local network
>>>
>>> em1: 111.111.111.2/30 - uplink 1
>>>
>>> em2: 222.222.222.2/30 - uplink 2
>>>
>>> ip forwarding is on, routes received via bgp, everything work as expected.
>>>
>>> the only problem is when something happens deep inside uplink's network:
>>>
>>> sessions stay up, routes still present, but no traffic can pass though
>>> uplink.
>>>
>>> BFD would help, may be, but I stick to what i have right now.
>>>
>>> I am trying to
>>> ping -I 111.111.111.2 8.8.8.8
>>>
>>> but get no answer, because route to 8.8.8.8 set through uplink2, furthermore
>>>
>>> i see my pings on em2 with tcpdump which seems rather strange to me, as
>>> I am enforcing the interface.
>>>
>>> if i ping 8.8.8.8 the normal way "it works" (tm).
>>>
>>> pinging with -I 222.222.222.2 works too.
>>>
>>> so ?
>>>
>>> perhaps I am overlooking something very-very basic, so help me to get
>>> off the brake.
>> ping -I doesn't enforce the interface, all it does is set the source
>> address.  You could enforce with a PF route-to rule if you like.
> well, it's ok, but then I will need to switch rules every time like:  
> ping uplink1, switch pf rule, ping, switch..... which is not good.
> but may be i will be able to implement something with multiple routing
> tables....
> anyway thanks, Stuart.

No need to switch rules, you can use a rule like "pass out from
vlan123:0 route-to 192.0.2.1@vlan123".


Loading...