[quagga-users 14028] Re: query w.r.t generic behaviour of quagga engine when PBR is in place

durga c.vijaya.durga at gmail.com
Thu Jun 25 13:16:52 BST 2015


Hi Nick,

I did disable rp_filter on all the interfaces from where I am expecting
packets

output for one of the routers as below:
R1 sysctl -a | grep \\.rp_filter
net.ipv4.conf.R1-eth0.rp_filter = 1
net.ipv4.conf.R1-eth1.rp_filter = 0
net.ipv4.conf.R1-eth2.rp_filter = 0
net.ipv4.conf.R1-eth3.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.lo.rp_filter = 1

I am not expecting data packets on R1-eth0 as such.
wireshark shows that the packet is recieved on say R2-eth1 but doesn't
leave R2, infact the packet is not forwarded to another interface of the
same router.
I can confirm ip_forward is turned on.

Also , another thought what crossed was - these routers are virtual machine
running on a host computer , is it that I will have to enable rp_filter on
host machine as well?

Thanks for all the suggestions



Cheers!
Durga


On Thu, Jun 25, 2015 at 8:26 PM, Nick Hilliard <nick at inex.ie> wrote:

> On 25/06/2015 11:08, durga wrote:
> > I did disable reverse path filter
>
> you probably didn't disable it hard enough.  You need to disable rp_filter
> for default, all and all the eth interfaces where it's enabled.  Try
> creating /etc/sysctl.d/rp_filter.conf with these contents:
>
> --
> net.ipv4.ip_forward=1
> net.ipv4.conf.all.rp_filter = 0
> net.ipv4.conf.default.rp_filter = 0
> net.ipv4.conf.eth0.rp_filter = 0
> net.ipv4.conf.eth1.rp_filter = 0
> [etc]
> net.ipv4.conf.lo.rp_filter = 1
> --
>
> then:
>
> # sysctl  --system
>
> Nick
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.quagga.net/pipermail/quagga-users/attachments/20150625/ec35d4b7/attachment.html>


More information about the Quagga-users mailing list