SEO

Hi all,

I have one big problem with routing.

See my network diagram bellow:


+---------------------------+------------------------------
| |
OSR506A ROUTER-A (Linux Box)
192.168.10.10 192.168.10.254
|
|
|
FRAME-RELAY
|
|
|
ROUTER-B (Linux Box)
192.168.13.254
|
+-----------------------+-----------------------------
|
|
192.168.13.1 (net0)
OSR506B
129.168.100.1 (net1)
|
|
+-------------- FDDI -----------+
|
|
192.168.100.2 (net1)
OSR506C
129.12.130.3 (net0)


>From host OSR506A i can ping to ROUTER-A, ROUTER-B, OSR506B (net0),
OSR506B (net1), OSR506C (net0) and OSR506C (net1).


Traceroute from OSR506A to OSR506C runs fine too.

osr506a # traceroute 129.12.130.3
traceroute to 129.12.130.3 (129.12.130.3), 30 hops max, 40 byte packets
1 192.168.10.254 (192.168.10.254) 0.481 ms 0.395 ms 0.001 ms
2 192.168.248.5 (192.168.248.5) 37.808 ms 39.336 ms 42.508 ms
(WAN)
3 osr506b (192.168.13.1) 32.190 ms 27.678 ms 39.581 ms
4 osr506c (129.12.130.3) 33.296 ms 25.877 ms 43.831 ms


But from host OSR506C i can not ping or traceroute to OSR506A.

osr506c # traceroute 192.168.10.10
traceroute to 192.168.10.10 (192.168.10.10), 30 hops max, 40 byte
packets
1 osr506b-gw (192.168.100.1) 0.481 ms 0.377 ms 0.339 ms
2 * * *
3 * * *
4 * * *
5 * * *
.. ... ... ...
... ... ... ...


Running a tcpdump on ROUTER-B and starting a ping from OSR506C
to ROUTER-B, no one package is displayed.

My first conclusion is that OSR506B is not forwarding packages.

The paramenters ipforwarding and ipsendredirects are set to 1
at the file /etc/default/inet on both servers.

The inconfig command show the same informations too.


OSR506A route table:

osr506a # netstat -nr
Routing tables
Destination Gateway Flags Refs Use Interface
127.0.0.1 127.0.0.1 UH 3 426105 lo0
129.12.130 192.168.10.254 UGS 0 34 net0
192.168.10 192.168.10.10 UC 1 0 net0
192.168.10.10 127.0.0.1 UGHS 5 572 lo0
192.168.13 192.168.10.254 UGS 3 102 net0
224 192.168.10.10 UCS 0 0 net0


OSR506B route table:

osr506b # netstat -nr
Routing tables
Destination Gateway Flags Refs Use Interface
127.0.0.1 127.0.0.1 UH 3 36341 lo0
129.12.130 192.168.100.2 UGS 1 32475 net1
192.168.10 192.168.13.254 UGS 8 236 net0
192.168.13 192.168.13.1 UC 1 0 net0
192.168.13.1 127.0.0.1 UGHS 4 49 lo0
192.168.100 192.168.100.1 UC 1 0 net1
192.168.100.1 127.0.0.1 UGHS 0 45 lo0
224 192.168.13.1 UCS 0 0 net0


OSR506C route table:

osr506c # netstat -nr
Routing tables
Destination Gateway Flags Refs Use Interface
127.0.0.1 127.0.0.1 UH 3 488 lo0
129.12.130 129.12.130.3 UC 1 0 net0
129.12.130.3 127.0.0.1 UGHS 4 26 lo0
192.168.10 192.168.100.1 UGS 0 18 net1
192.168.13 192.168.100.1 UGS 3 1 net1
192.168.100 192.168.100.2 UC 1 0 net1
192.168.100.2 127.0.0.1 UGHS 0 0 lo0
224 129.12.130.3 UCS 0 0 net0


All servers have SCO OpenServer 5.0.6 with rs506a and all recomended
patches applied.

Any help will be apreciatted.


Excuse-me but my english is under construction

TIA,

Fernando

<snippage throughout>

fernando.scheid@gmail.com wrote:
> Hi all,
>
> I have one big problem with routing.

Maybe not...

<snip>

>From host OSR506A i can ping to ROUTER-A, ROUTER-B, OSR506B (net0),
> OSR506B (net1), OSR506C (net0) and OSR506C (net1).

<snip>

> But from host OSR506C i can not ping or traceroute to OSR506A.

A quick glance at your routing tables looks like they're correct.

If ping and traceroute work in one direction but not another, it's more
than likely not a routing problem. For OSR506A to recieve the replies
from OSR506C when querying it, *both* machines have to know how to get
to each other. Unless there's a dynamic routing protocol running on any
of the boxes in the network path, you probably have a firewall rather
than a routing problem. From your traceroutes, the most likely culprit
is OSR506B.


JS

John Schmidt wrote:
> <snippage throughout>
>
> fernando.scheid@gmail.com wrote:
> > Hi all,
> >
> > I have one big problem with routing.
>
> Maybe not...
>
> <snip>
>
> >From host OSR506A i can ping to ROUTER-A, ROUTER-B, OSR506B (net0),
> > OSR506B (net1), OSR506C (net0) and OSR506C (net1).
>
> <snip>
>
> > But from host OSR506C i can not ping or traceroute to OSR506A.
>
> A quick glance at your routing tables looks like they're correct.
>
> If ping and traceroute work in one direction but not another, it's
more
> than likely not a routing problem. For OSR506A to recieve the replies

> from OSR506C when querying it, *both* machines have to know how to
get
> to each other. Unless there's a dynamic routing protocol running on
any
> of the boxes in the network path, you probably have a firewall rather

> than a routing problem. From your traceroutes, the most likely
culprit
> is OSR506B.
>
>
> JS

John,

I can guarantee to you that there are no dynamic routing protocol
configured and no firewall in the network path.

The server osr506b does not forward the packages between the interfaces
when it originates from osr506c.

This behavior can be seen by the command traceroute.

The package is directed to interface 192.168.100.1 and dies.

Thanks for your attention.

Fernando

On Tue, 29 Mar 2005 20:52:48 +0100, fernando.scheid@gmail.com wrote
(in message <1112125968.333544.243040@f14g2000cwb.googlegroups .com>):

> Hi all,
>
> I have one big problem with routing.
>
> See my network diagram bellow:
>
>
> +---------------------------+------------------------------
> | |
> OSR506A ROUTER-A (Linux Box)
> 192.168.10.10 192.168.10.254
> |
> |
> |
> FRAME-RELAY
> |
> |
> |
> ROUTER-B (Linux Box)
> 192.168.13.254
> |
> +-----------------------+-----------------------------
> |
> |
> 192.168.13.1 (net0)
> OSR506B
> 129.168.100.1 (net1)
> |
> |
> +-------------- FDDI -----------+
> |
> |
> 192.168.100.2 (net1)
> OSR506C
> 129.12.130.3 (net0)
>
>
>> From host OSR506A i can ping to ROUTER-A, ROUTER-B, OSR506B (net0),
> OSR506B (net1), OSR506C (net0) and OSR506C (net1).
>
>
> Traceroute from OSR506A to OSR506C runs fine too.
>
> osr506a # traceroute 129.12.130.3
> traceroute to 129.12.130.3 (129.12.130.3), 30 hops max, 40 byte packets
> 1 192.168.10.254 (192.168.10.254) 0.481 ms 0.395 ms 0.001 ms
> 2 192.168.248.5 (192.168.248.5) 37.808 ms 39.336 ms 42.508 ms
> (WAN)
> 3 osr506b (192.168.13.1) 32.190 ms 27.678 ms 39.581 ms
> 4 osr506c (129.12.130.3) 33.296 ms 25.877 ms 43.831 ms
>
>
> But from host OSR506C i can not ping or traceroute to OSR506A.
>
> osr506c # traceroute 192.168.10.10
> traceroute to 192.168.10.10 (192.168.10.10), 30 hops max, 40 byte
> packets
> 1 osr506b-gw (192.168.100.1) 0.481 ms 0.377 ms 0.339 ms
> 2 * * *
> 3 * * *
> 4 * * *
> 5 * * *
> .. ... ... ...
> ... ... ... ...
>
>
> Running a tcpdump on ROUTER-B and starting a ping from OSR506C
> to ROUTER-B, no one package is displayed.
>
> My first conclusion is that OSR506B is not forwarding packages.
>
> The paramenters ipforwarding and ipsendredirects are set to 1
> at the file /etc/default/inet on both servers.
>
> The inconfig command show the same informations too.
>
>
> OSR506A route table:
>
> osr506a # netstat -nr
> Routing tables
> Destination Gateway Flags Refs Use Interface
> 127.0.0.1 127.0.0.1 UH 3 426105 lo0
> 129.12.130 192.168.10.254 UGS 0 34 net0
> 192.168.10 192.168.10.10 UC 1 0 net0
> 192.168.10.10 127.0.0.1 UGHS 5 572 lo0
> 192.168.13 192.168.10.254 UGS 3 102 net0
> 224 192.168.10.10 UCS 0 0 net0
>
>
> OSR506B route table:
>
> osr506b # netstat -nr
> Routing tables
> Destination Gateway Flags Refs Use Interface
> 127.0.0.1 127.0.0.1 UH 3 36341 lo0
> 129.12.130 192.168.100.2 UGS 1 32475 net1
> 192.168.10 192.168.13.254 UGS 8 236 net0
> 192.168.13 192.168.13.1 UC 1 0 net0
> 192.168.13.1 127.0.0.1 UGHS 4 49 lo0
> 192.168.100 192.168.100.1 UC 1 0 net1
> 192.168.100.1 127.0.0.1 UGHS 0 45 lo0
> 224 192.168.13.1 UCS 0 0 net0
>
>
> OSR506C route table:
>
> osr506c # netstat -nr
> Routing tables
> Destination Gateway Flags Refs Use Interface
> 127.0.0.1 127.0.0.1 UH 3 488 lo0
> 129.12.130 129.12.130.3 UC 1 0 net0
> 129.12.130.3 127.0.0.1 UGHS 4 26 lo0
> 192.168.10 192.168.100.1 UGS 0 18 net1
> 192.168.13 192.168.100.1 UGS 3 1 net1
> 192.168.100 192.168.100.2 UC 1 0 net1
> 192.168.100.2 127.0.0.1 UGHS 0 0 lo0
> 224 129.12.130.3 UCS 0 0 net0
>
>
> All servers have SCO OpenServer 5.0.6 with rs506a and all recomended
> patches applied.
>
> Any help will be apreciatted.

Your routing tables are incorrect

When you ping from osr506A to 129.12.130.3, there is a route in the osr506A
server (and the osr506B server/router) to the network 129.12.130.0. Also,
osr506C and osr506B both have routes back to the network 192.168.10.0.
Result: Pings work.

Now ping A from C. C (and B) both have routes to 192.168.10.0 - hence the
outgoing packet will arrive. osr506B replies and the reply arrives because
osr506B is directly connected to the net 192.168.100.0. However, osr506A
cannot reply because it has no route to 192.168.100.0 - and from the fact
that you don't see replies from the two Linux routers suggest that they too
are missing this route.

If you were to try "ping -S 192.12.130.3 192.168.10.10 on the osr506C machine
then it may work because the reply packets will be routed to the 192.12.130.3
address instead of the unroutable 192.168.100.2 address.


As you will now realise, it is 110% vital that all your routing tables are
correct.

Personally, I prefer to avoid routing tables in hosts as much as possible as
it is nearly always possible to do it all in the routers. Assuming that there
are no other networks involved, then you could simplify your routing tables
thus (leaving out the system inserted stuff for clarity) :

OSR506A route table:

Destination Gateway Flags Refs Use Interface
0.0.0.0 192.168.10.254


OSR506B route table:

osr506b # netstat -nr
Routing tables
Destination Gateway Flags Refs Use Interface
129.12.130 192.168.100.2 UGS 1 32475 net1
192.168.10 192.168.13.254 UGS 8 236 net0


OSR506C route table:

osr506c # netstat -nr
Routing tables
Destination Gateway Flags Refs Use Interface
0.0.0.0 129.168.100.1


This means that osr506A will send all traffic for non-local networks to the
router at 192.168.10.254 and need know nothing more about the route it takes.

Similarly, osr506C will send all non-local traffic via 129.168.100.1 and not
care about what route it takes after that.

Obviously, osr506B needs to know about the routes to all other networks as it
is a router itself. Similarly, the two Linux router must have full knowledge
of how to reach all networks.


As far as osr506A is concerned, it doesn't matter even if you have another
router on the 192.168.10.0 network - if the correct route for a packet isn't
via 192.168.10.254 then it will receive an ICMP-redirect message telling it
the correct route (assuming the routers are correctly configured).

Simon

Simon,

BINGO BINGO BINGO !!!!

The routes for network 192.168.100.X had been created and ping
functions in both directions.

A thousand times I am thankful !!!!

Fernando