Re: Source IP selection

Reply: Paul Mather : "Re: Source IP selection"
In reply to: John Levine: "Re: Source IP selection"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Ian Zimmerman <possessor.assizer305_at_aceecat.org>
Date: Thu, 16 Feb 2023 05:22:33 UTC

On Wed, Feb 15, 2023 at 06:22:40PM -0500, John Levine wrote:
> >May the kernel choose an address through which there's no route to
> >the destination?
> 
> It knows what addreses it has configured on what interfaces, and
> what's in its local routing table, not the entire state of the global
> Internet. The routing table just tells it what interface to use for
> what networks. I think it does soemthing simple minded like using the
> first address configured on the interface if you don't override that
> with bind(). 
> 
> If you bind a local address and then tell it to send to a remote
> address that isn't in the routing table for the interface the address
> is assigned to, I have no idea what happens. Try it and let us know
> what happens.
> 
> If you told us what you are trying to do, you would get more useful
> answers.

Yes, fair enough.

This is a sysadmin question, not a programming one. I cannot recompile
every program installed on the system to fix this (if it needs fixing).

My VPS provider (Linode) gave me a secondary address so my two nodes
can talk to each other without accruing charges. Note that:

- it really is an alias on the same interface, *not* a VLAN

- it is not a publicly routable address (192.168.)

Here's an excerpt of the configuration, with one obvious change:

 6+1 ~$ ifconfig vtnet0
vtnet0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4c00b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6>
	...
        inet 123.123.123.4 netmask 0xffffff00 broadcast 123.123.123.255
        inet 192.168.135.161 netmask 0xffff8000 broadcast 192.168.255.255
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

 7+1 ~$ netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            123.123.123.1       UGS      vtnet0
123.123.123.0/24    link#1             U        vtnet0
123.123.123.4       link#1             UHS         lo0
127.0.0.1          link#2             UH          lo0
192.168.128.0/17   link#1             U        vtnet0
192.168.135.161    link#1             UHS         lo0

Now I am concerned what happens if something like unbound sends
to the outside world, in a client role. I don't think it binds its
socket, how would *it* know which address to use? It lets the kernel
decide, and I think most client programs do. So, can it get the
secondary address?

-- 
Ian