Discussions
Categories
- 17.9K All Categories
- 3.4K Industry Applications
- 3.3K Intelligent Advisor
- 63 Insurance
- 535.7K On-Premises Infrastructure
- 138.1K Analytics Software
- 38.6K Application Development Software
- 5.6K Cloud Platform
- 109.3K Database Software
- 17.5K Enterprise Manager
- 8.8K Hardware
- 71K Infrastructure Software
- 105.2K Integration
- 41.5K Security Software
Solaris 11 using wrong Route for networking (cant delete the wrong one)
Dear Community,
Im trying to configure our Solaris 11.2 Server to use different Interfaces with different IPs in different VLANs. The Server is connected to our Switch with 2x10Gbit on net4 and net7. Net 4 and net 7 are combined to aggr2 with LACP active and an active IP Interface (ip 192.168.120.91). The Switch is configured equally and gives Acces to VLAN VLAN 120 on this Connection.
Creating the Interface was no Problem, but pinging in 192.168.120.x doesnt work. So I Added a route( 192.168.120.0 192.168.120.1 aggr2) and recognised that Solaris automatically created a route for this Interface(192.168.120.0 192.168.120.91 aggr2) where the Gateway is the IP of the Server (clearly not what I want) which I am not able to delete!
When im trying to ping i can see in the netstat command that only the wrong route is used and because of the wrong Gateway i dont get an answer from the Network.
So my question is: How can i delete the automatically created route and just use my configured Gateway????
Best regards
Jamie
I attached some commandline ouputs which I think could be useful for understanding the Problem.
Best Answer
-
Hi.
Becouse you have direct connections to network 192.168.120.0 via interface aggr2 192.168.120.91, so solaris automaticaly add route record for this network.
This network not required additinal routing record.
In case you can not ping hosts from 192.168.120.0, check VLAN access list and other netowrk settings.
- On switch this trunk should be configured as untarget ports
- You can use snoop -d aggr2 for check what packet listen on network
Regards,
Nik.
Answers
-
Hi.
Becouse you have direct connections to network 192.168.120.0 via interface aggr2 192.168.120.91, so solaris automaticaly add route record for this network.
This network not required additinal routing record.
In case you can not ping hosts from 192.168.120.0, check VLAN access list and other netowrk settings.
- On switch this trunk should be configured as untarget ports
- You can use snoop -d aggr2 for check what packet listen on network
Regards,
Nik.
-
Thank you really much for this post. You got me on the right path. The Problem were tagged ports on the Switch.
-
Since you're using a multihomed host, you may also want to look into tweaking the hostmodel (via ipadm). This helped me with some routing complications due to how they wanted the network setup.
I'll paste in my notes/copy from various docs since I don't have link handy:
For systems that are gateways to other domains, such as a firewall or a VPN node, use this procedure to turn on strict multihoming. The hostmodel property controls the send and receive behavior for IP packets on a multihomed system.
You must become an administrator who is assigned the Network Management rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
Set the hostmodel property to strong for IP packets.
# ipadm set-prop -p hostmodel=strong ipv4
# ipadm set-prop -p hostmodel=strong ipv6
Verify the current value and note the possible values.
# ipadm show-prop -p hostmodel ip
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
ipv6 hostmodel rw strong strong weak strong,src-priority,weak
ipv4 hostmodel rw strong strong weak strong,src-priority,weak
Description
Controls send and receive behavior for IPv4 or IPv6 packets on a multi-homed system. This property can have the following values: weak, strong, and src-priority. The default value is weak.
Default
weak
Range
weak
, strong, or src-priority
weak
Outgoing packets - The source address of the packet going out need not match the address configured on the outgoing interface.
Incoming packets - The destination address of the incoming packet need not match the address configured on the incoming interface.
strong
Outgoing packets - The source address of the packet going out must match the address configured on the outgoing interface.
Incoming packets - The destination address of the incoming packet must match the address configured on the incoming interface.
src-priority
Outgoing packets - If multiple routes for the IP destination in the packet are available, the system prefers routes where the IP source address in the packet is configured on the outgoing interface.
If no such route is available, the system falls back to selecting the best route, as with the weak ES case.
Incoming packets - The destination address of the incoming packet must be configured on any one of the host's interface.
Dynamic?
Yes
When to Change
If a ystem has interfaces that cross strict networking domains (for example, a firewall or a VPN node), set this parameter to strong.
Commitment Level
Stable