Discussion:
host route out of subnet
(too old to reply)
Roy Marples
2015-02-27 12:34:04 UTC
Permalink
Hi List

I am working on an issue with managing a host route to a host outside of
the defined subnet.
We have a wiki on it here:
http://www.netbsd.org/docs/network/#nonsubnetgateway

# ifconfig fxp0 inet 10.0.0.1
# route add -host 192.168.0.1 -link fxp0 -iface
# route add default -ifa 10.0.0.1 192.168.0.1

On -current at least, this fails.
netstat and route report the gateway as being an ethernet address made
from the letters fxp0 which also looks odd but seems to be a failing of
link_addr(3) or the way route and netstat display it.

On the other hand this works instead:

# ifconfig fxp0 inet 10.0.0.1
# route add -net 192.168.0.1/32 -link fxp0 -iface -cloning
# route add default -ifa 10.0.0.1 192.168.0.1

I have had a very unsatisfactory ad-hoc chat with a few people, so I'm
bring this here.

1) Is the route add -host command above expected to work as described in
the wiki? If so a simple fix is not to use link_addr(3) and instead set
sdl->sdl_index to the interface index. This makes it then work.
However, the kernel then displays an advisory of arpresolve: unresolved
and rt_expire == 0 so it might just be working by accident rather than
design.

2) Is this a problem with link_addr(3) or how it's being used?

3) Is the route add -net command a better way of describing the host
route being off the subnet net but on the link and we should update the
wiki?

Thanks

Roy

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Greg Troxel
2015-02-27 12:41:44 UTC
Permalink
Post by Roy Marples
I am working on an issue with managing a host route to a host outside of
the defined subnet.
This is basically a mess, although I can see why you want to have this
work.

The basic issue in the 4.4BSD stack is how arp and cloning routes work.
Normally hitting a C routes is the trigger for a Lc entry (link-layer,
was cloned).

So somehow, there needs to be a routing entry that says "for this
address, arp on this interface", and additional state to store the mac
address obtained by arp.
Post by Roy Marples
# ifconfig fxp0 inet 10.0.0.1
# route add -net 192.168.0.1/32 -link fxp0 -iface -cloning
# route add default -ifa 10.0.0.1 192.168.0.1
I have had a very unsatisfactory ad-hoc chat with a few people, so I'm
bring this here.
It makes sense that it works; it sets up the cloning route that the arp
code expects. Presumably you can ping the 192.168.0.1 and it will arp
after just the first route.
Post by Roy Marples
1) Is the route add -host command above expected to work as described in
the wiki? If so a simple fix is not to use link_addr(3) and instead set
sdl->sdl_index to the interface index. This makes it then work.
However, the kernel then displays an advisory of arpresolve: unresolved
and rt_expire == 0 so it might just be working by accident rather than
design.
I don't see how it would work not to have two entries, one to trigger
arp and one to store it. But maybe a L route with an empty arp RHS will
trigger. I would read if_ethersubr.c to find out.
Post by Roy Marples
3) Is the route add -net command a better way of describing the host
route being off the subnet net but on the link and we should update the
wiki?
Good question, and probably, unless the single-entry update-RHS code for
arp is ok. Have you looked at the other BSDs? (This is really about
the 4.4BSD approach to arp, not about standards.)
Roy Marples
2015-02-27 12:58:20 UTC
Permalink
Hi Greg
Post by Greg Troxel
Post by Roy Marples
I am working on an issue with managing a host route to a host outside of
the defined subnet.
This is basically a mess, although I can see why you want to have this
work.
The basic issue in the 4.4BSD stack is how arp and cloning routes work.
Normally hitting a C routes is the trigger for a Lc entry (link-layer,
was cloned).
So somehow, there needs to be a routing entry that says "for this
address, arp on this interface", and additional state to store the mac
address obtained by arp.
Yes, this I understand fine. However, see this old thread from 2006
https://mail-index.netbsd.org/netbsd-help/2006/12/15/0000.html
So my guess is it worked at some point, rightly or wrongly.
Post by Greg Troxel
Post by Roy Marples
# ifconfig fxp0 inet 10.0.0.1
# route add -net 192.168.0.1/32 -link fxp0 -iface -cloning
# route add default -ifa 10.0.0.1 192.168.0.1
I have had a very unsatisfactory ad-hoc chat with a few people, so I'm
bring this here.
It makes sense that it works; it sets up the cloning route that the arp
code expects. Presumably you can ping the 192.168.0.1 and it will arp
after just the first route.
Post by Roy Marples
1) Is the route add -host command above expected to work as described in
the wiki? If so a simple fix is not to use link_addr(3) and instead set
sdl->sdl_index to the interface index. This makes it then work.
However, the kernel then displays an advisory of arpresolve: unresolved
and rt_expire == 0 so it might just be working by accident rather than
design.
I don't see how it would work not to have two entries, one to trigger
arp and one to store it. But maybe a L route with an empty arp RHS will
trigger. I would read if_ethersubr.c to find out.
As I said it does work, but you get the diagnostic error I mentioned
earlier.
arpresolve: unresolved and rt_expire == 0
Post by Greg Troxel
Post by Roy Marples
3) Is the route add -net command a better way of describing the host
route being off the subnet net but on the link and we should update the
wiki?
Good question, and probably, unless the single-entry update-RHS code for
arp is ok. Have you looked at the other BSDs? (This is really about
the 4.4BSD approach to arp, not about standards.)
See my reply above :)
What I don't know is if the single-entry which is described in the wiki
and that old thread needs to be fixed or we can just change to using -net.

I haven't looked at the other BSD's yet and can't until the weekend.

Roy
Mouse
2015-02-27 15:21:27 UTC
Permalink
Post by Roy Marples
I am working on an issue with managing a host route to a host outside
of the defined subnet.
My first reaction is "just point the host route to the on-subnet
gateway". But...
Post by Roy Marples
http://www.netbsd.org/docs/network/#nonsubnetgateway
..."the gateway you need to route through may not be on the same subnet
as the address assigned to your network interface".

That's an utterly bizarre way to set up a network and I'm not a bit
surprised it's not well supported; indeed, I'm slightly surprised it's
even possible to kludge it as you outline. (I'm not surprised it
happens, mind you. Lots of brokenness happens.)

If I were faced by such a thing, I'd either (a) add an address to my
interface that's on-subnet for the gateway, or (b) do that once and ARP
to get the MAC, then hardwire an ARP entry for a fictitions address
that _is_ on my subnet and configure that as my gateway. I even recall
doing (b) once, though I don't recall details.

/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML ***@rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Joerg Sonnenberger
2015-02-27 19:41:00 UTC
Permalink
Post by Mouse
Post by Roy Marples
http://www.netbsd.org/docs/network/#nonsubnetgateway
..."the gateway you need to route through may not be on the same subnet
as the address assigned to your network interface".
That's an utterly bizarre way to set up a network and I'm not a bit
surprised it's not well supported; indeed, I'm slightly surprised it's
even possible to kludge it as you outline. (I'm not surprised it
happens, mind you. Lots of brokenness happens.)
Strato has such a setup for all the root servers they rent out. I guess
they implement it by a strict Layer 2 filter policy in the switches in
combination with ARP filtering.
Post by Mouse
If I were faced by such a thing, I'd either (a) add an address to my
interface that's on-subnet for the gateway, or (b) do that once and ARP
to get the MAC, then hardwire an ARP entry for a fictitions address
that _is_ on my subnet and configure that as my gateway. I even recall
doing (b) once, though I don't recall details.
You have no subnet @Strato. You have a single /32 and a single IP that
is willing to route your traffic. What the interface route is giving you
is effectively point-to-point over Ethernet.

Joerg

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
David Laight
2015-03-02 19:56:42 UTC
Permalink
Post by Mouse
Post by Roy Marples
I am working on an issue with managing a host route to a host outside
of the defined subnet.
My first reaction is "just point the host route to the on-subnet
gateway". But...
Post by Roy Marples
http://www.netbsd.org/docs/network/#nonsubnetgateway
..."the gateway you need to route through may not be on the same subnet
as the address assigned to your network interface".
We used to have that 'problem'.
The solution was to locally allocate the gateway an IP address
in your local subnet and then add a permanent arp entry for
that IP address to the gateway's mac address.

David
--
David Laight: ***@l8s.co.uk

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...