[SOLVED] Route trafic back from the interface it came from : make this persistent

T

toxic

Active Member
Aug 1, 2020
56
6
28
37
Hello,
======
Edit:
No I've actually found a simpler solution to my problem : route the trafic back from the interface it came from, I do this as follows :
Code: 
echo 200 myname >> /etc/iproute2/rt_tables.d/myname.conf
ip rule add from 10.0.10.0/24 table myname prio 1
ip route add default via 10.0.10.1 dev vmbr10 table myname

Now I just need help to make this persistent across reboots...
I guess some if-up command in my /etc/network/interface would do the trick but I'm not good with the syntax, and not sure if I can put several lines in there and if the order of the lines will be respected.

Here is what I have in there for the moment :
Code: 
auto vmbr10
iface vmbr10 inet static
        address 10.0.10.9/24
        gateway 10.0.10.1
        bridge-ports vmbr0.10
        bridge-stp off
        bridge-fd 0
Thanks in advance for any help !
======
I'm realy new to networking it seems since it took me a while to understand why my ssh connection is dropping off, in fact, my client is going through the gateway but the return packets are coming directly since the server knows of a more direct route.

Now I could cut off the direct route alltogether but in fact I'd like to keep this route in case my gateway goes down (or I shutdown the gateway VM...).

So the server has these routes for now :
Code: 
# ip route show
default via 10.0.10.1 dev vmbr10 proto kernel onlink
10.0.10.0/24 dev vmbr10 proto kernel scope link src 10.0.10.9
10.0.11.0/24 dev vmbr0.11 proto kernel scope link src 10.0.11.9
10.0.30.0/24 dev vmbr0.30 proto kernel scope link src 10.0.30.9

and that's true for all 3 last routes : I would like for the default route to be preffered to the last 3 "direct" routes since in fact when the 10.0.10.1 gateway is up it will work just fine (and as you see it breaks some things to keep the other routes when gateway is up... that's because my client has a 10.0.30.0/24 IP and is contacting the server on his 10.0.10.0/24 IP, so client to server goes through the gateway and return trip is direct since servers already lives on 10.0.30.0/24, but that bypasses the gateway and the next packets are then dropped since the TCP state has been killed seeing no traffic...)

I think there is a "weight" mechanism, but not sure how it would indeed detect that the 10.0.10.1 gateway is down...

Any hep in setting up this debian(proxmox) server to always prefer the gateway over the other known routes would be greatly appreciated, info on how gateway status is evaluated is also welcome !

I think I need to add a route "10.0.30.0/24 via 10.0.10.1 dev vmbr10" that would have a higher weight than the existing route to 10.0.30.0/24.
But I'm realy looking for info on how proxmox would detect that the first route does not have a chance of working..

Thanks in advance,

Regards

Edit: looking up route weight, it seems it's not what I need... In fact, I want some failover of routes... can we change the routing table if a CARP VIP is free for example ? In fact, vmbr10 will never be down since it's a bridge with a virtual link to the gateway, and physical to the failover gateway... but both gateways that are fighting for the CARP VIP might be down (with my skill in opnSense that happens more often than I wish, and then this direct route is my last resort to access proxmox and rescue the situation...)
 
Last edited:
Hmm, with two edits in one post it is hard to see what the current status is ;)

If you haven't solved it yet, I would look into networking on Debian and how such things can be dealt with if you want/need to configure it directly on the PVE host as it isn't directly a PVE specific topic but more a Debian networking one. Other places on the internet will most likely be more knowledgeable.
 
Hmm, sorry, looking at it it's not clear yes, but indeed I did solve it : the ip rule thing did work, no need for weight or anything else...
The final solution :
echo 200 myname >> /etc/iproute2/rt_tables.d/myname.conf ip rule add from 10.0.10.0/24 table myname prio 1 ip route add default via 10.0.10.1 dev vmbr10 table myname

I do agree it's not specific to proxmox, but I also find I get better, quicker and more useful answers here than anywhere else more debian oriented... That's a praise to the community here, congrats and thanks !
 
Cool! Thanks for showing how you solved it :) I marked the thread as solved.

toxic said:
I do agree it's not specific to proxmox, but I also find I get better, quicker and more useful answers here than anywhere else more debian oriented... That's a praise to the community here, congrats and thanks !
Click to expand...
That's nice to hear :)
 
To be totally complete, I was still missing a route , final fix looks like this :
Code: 
        post-up   ip rule add from 10.0.10.0/24 table 10Server prio 1
        post-up   ip route add default via 10.0.10.1 dev vmbr10 table 10Server
        post-up   ip route add 10.0.10.0/24 dev vmbr10 table 10Server

This in the /etc/network/interfaces applies the fix at eveyr reboot and I was missing the last one that caused the pve host to send response to trafic from 10.0.10.0/24 to the gatewxay even when it was on the same network... That caused issues...
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back