[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

traceroute and aliased interfaces



I have a router with 5 network adapters, one of which is configured in
the following way:

# cat /etc/hostname.em1
inet 158.75.3.1 255.255.255.0 158.75.3.255 media 10baseT
inet alias 158.75.16.1 255.255.255.0 NONE
inet alias 158.75.16.65 255.255.255.255 NONE
! route add -net 158.75.28.192/26 158.75.3.209

As you see, this interface serves two C-class subnets.
IP addresses from .3 are (slowly) migrating to .16 -- that's why these
two are existing there simultanously.

Now what is strange about all this.
When tracerouting, say from 158.75.3.22, thus configured router sends
"time exceeded in-transit" icmp packets with source address 158.75.16.65.
Not from 158.75.3.1 (gateway for .3.22), as I might expect.
It looks like this:

traceroute to 158.75.60.1 (158.75.60.1), 30 hops max, 40 byte packets
1  158.75.16.65 (158.75.16.65)  1 ms  1 ms  1 ms
2  158.75.64.25 (158.75.64.25)  3 ms  2 ms  2 ms
3  fizyka.man.torun.pl (158.75.33.160)  3 ms  3 ms  3 ms
[ ... ]

And here is what tcpdump shows (tcpdump run on router):

19:59:06.434236 158.75.3.22.44325 > 158.75.60.16.33435:  udp 12 (DF) [ttl 1]
19:59:06.434275 158.75.16.65 > 158.75.3.22: icmp: time exceeded in-transit
19:59:06.584974 158.75.3.22.65238 > 158.75.1.35.22: P 200:432(232) ack 1 win 8760 (DF)
19:59:06.590094 158.75.3.22.44325 > 158.75.60.16.33436:  udp 12 (DF) [ttl 1]
19:59:06.590126 158.75.16.65 > 158.75.3.22: icmp: time exceeded in-transit
19:59:06.592422 158.75.3.22.44325 > 158.75.60.16.33437:  udp 12 (DF) [ttl 1]
19:59:06.592465 158.75.16.65 > 158.75.3.22: icmp: time exceeded in-transit
19:59:06.595680 158.75.3.22.44325 > 158.75.60.16.33438:  udp 12 (DF) 
19:59:06.597192 158.75.64.25 > 158.75.3.22: icmp: time exceeded in-transit
19:59:06.621610 158.75.3.22.44325 > 158.75.60.16.33439:  udp 12 (DF)
19:59:06.622608 158.75.64.25 > 158.75.3.22: icmp: time exceeded in-transit
19:59:06.624733 158.75.3.22.44325 > 158.75.60.16.33440:  udp 12 (DF)
19:59:06.625930 158.75.64.25 > 158.75.3.22: icmp: time exceeded in-transit



As I didn't (and still don't) know why it does so, I started making some
experiments.  With this setup:

# cat /etc/hostname.em1
inet 158.75.16.1 255.255.255.0 media 10baseT
inet alias 158.75.16.65 255.255.255.255 NONE
inet alias 158.75.3.1 255.255.255.0 158.75.3.255 NONE
! route add -net 158.75.28.192/26 158.75.3.209

(16.1 as "main" address, 3.1 as an alias)
icmp packets are sent from 158.75.3.1.
No, that's not good. Now machines from 158.75.16. are getting those
mysteriously looking traceroute results:

traceroute to 158.75.60.1 (158.75.60.1), 30 hops max, 40 byte packets
1  158.75.3.1 (158.75.3.1)  1 ms  1 ms  1 ms
2  158.75.64.25 (158.75.64.25)  3 ms  2 ms  2 ms
3  fizyka.man.torun.pl (158.75.33.160)  3 ms  3 ms  3 ms
[ ... ]

Gateway for those machines is 158.75.16.1.

Tcpdump is showing icmps sent from ...3.1.

The observation from this is that source address for time-exceeded packets
appears to be the one that is configured as the last alias.


OK. To the point.
Should it be like that ?
Or: what am I missing ?
Sure, it doesn't break anything, it doesn't make any harm.
But is looks confusing and (for now) I run out of ideas on how to explain it.

Janusz


PS
This router runs OpenBSD 3.2.
With normal setup (first example, at the very top of this email),
routing table looks like this:

# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags     Refs     Use    Mtu Interface
default            158.75.64.25       UGS         1     7127      - em0
127/8              127.0.0.1          UGRS        0        0  33224 lo0
127.0.0.1          127.0.0.1          UH          4        0  33224 lo0
158.75.3/24        link#2             UC          0        0      - em1
158.75.3.2         link#2             UHRL        0        7      - em1
158.75.3.3         8:0:4e:5:8c:db     UHL         0        3      - em1
158.75.3.4         0:30:1e:ba:b0:58   UHL         0        3      - em1
[ cut off a few not meaningful entries ]
158.75.16/24       link#2             UC          0        0      - em1
158.75.16.1        127.0.0.1          UGHS        0        0  33224 lo0
158.75.16.3        0:d0:96:6f:78:58   UHL         0        4      - em1
158.75.16.5        0:1:2:8:13:e1      UHL         0       14      - em1
158.75.16.40       0:90:27:dc:89:b1   UHL         0     2914      - em1
158.75.16.65       127.0.0.1          UGHS        0        0  33224 lo0 =>
158.75.16.65/32    link#2             UC          0        0      - em1
158.75.16.66       8:0:20:d:af:bc     UHL         0        8      - em1
158.75.16.67       8:0:20:c3:8:a0     UHL         0        1      - em1
158.75.28.192/26   158.75.3.209       UGS         0       36      - em1
158.75.64.24/30    link#1             UC          0        0      - em0
158.75.64.25       0:d0:ba:e2:4:3a    UHL         1        0      - em0
158.75.64.26       127.0.0.1          UGHS        0        0  33224 lo0
224/4              127.0.0.1          URS         0        0  33224 lo0

What does this "=>" sign mean, by the way ?



Visit your host, monkey.org