From owner-freebsd-stable@freebsd.org Wed Jun 8 10:43:33 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C6B7B6FAB0 for ; Wed, 8 Jun 2016 10:43:33 +0000 (UTC) (envelope-from emz@norma.perm.ru) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id ED2871B1D for ; Wed, 8 Jun 2016 10:43:32 +0000 (UTC) (envelope-from emz@norma.perm.ru) Received: by mailman.ysv.freebsd.org (Postfix) id E8CAEB6FAAE; Wed, 8 Jun 2016 10:43:32 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E5D0FB6FAAD; Wed, 8 Jun 2016 10:43:32 +0000 (UTC) (envelope-from emz@norma.perm.ru) Received: from elf.hq.norma.perm.ru (unknown [IPv6:2a00:7540:1::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.norma.perm.ru", Issuer "Vivat-Trade UNIX Root CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 453EF1B1C; Wed, 8 Jun 2016 10:43:32 +0000 (UTC) (envelope-from emz@norma.perm.ru) Received: from bsdrookie.norma.com. (pc846408.norma.com [IPv6:fd00::73d] (may be forged)) by elf.hq.norma.perm.ru (8.15.2/8.15.2) with ESMTPS id u58AhR55024539 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 8 Jun 2016 15:43:28 +0500 (YEKT) (envelope-from emz@norma.perm.ru) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=norma.perm.ru; s=key; t=1465382609; bh=UxHrrexhPG3Bdz7REQ2ENRhK/MRSTg8WvFItPi/zFLQ=; h=To:Cc:From:Subject:Date; b=c2a+D+dv3X+PDhkML6rD3yW9+NBLSOAfAi9ekGGyrqPY9HQHEXqQl9fXh37yqaPOC K3VKoa63hm6UwtoaxXjVTvaBE4JIdCXJfsqjDNWkwG+WEZ3urJAuqn1UemUUY0JHgO zDIIibTPyt89nXkdq+RtUO1HgkjioJ8NLDp8IoBk= To: stable@freebsd.org Cc: freebsd-net@freebsd.org From: "Eugene M. Zheganin" Subject: cannot delete on-interface route in FIB Message-ID: <5757F6CF.7070807@norma.perm.ru> Date: Wed, 8 Jun 2016 15:43:27 +0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.7.0 MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2016 10:43:33 -0000 Hi. (first part of the message is describing why I need this, so impatient people can proceed to th 'setfib 2 route delete' part directly). I have a FreeBSD router connected to the ISP network, which is organized according to the rfc3069 (you know, when all of the clients think they have /24. but in reality they have /32 and a central router is proxy-arping requests). This router is handling two organizations LANs, and it has two Internet links connected, I'm using FIB 0 for the first organization, and FIB 2 for second. To be specific: 46.146.220.88/24 - main router IP, gateway is 46.146.220.254, interface vlan2 46.146.206.94/24 - second router IP, gateway is 46.146.206.254, interface vlan4 Both 46.146.220.24 and .206.254 are the same ISP router. I also have the application server on IP 46.146.220.92, which FIB 0 thinks is on-interface. Now the tricky part: When FIB 0 need to communicate with 46.146.220.92, it does so from it's address 46.146.220.88, since it thinks it's directly reachable. But when requesting MAC from 46.146.220.88 it receives the ISP router MAC, so it does so via ISP router. This part is fine. Now the troubled part: When FIB 2 needs to communicate with 46.146.220.92, it thinks.... yeah, that it's directly reachable from vlan2. When it initiates the session, it takes 46.146.220.88 as source interface and everything is fine (again). But when the client in the LAN initiates the exchange, the packet IP src is translated to the 46.146.206.94 address, and the route still points to the vlan2 interface. So, network stack sends the packet with IP src of 46.146.206.94 via vlan2, and the ISP router seems to dislike such packets. Two workarounds come to mind: - translating the packets from internal LAN destined to specific address of 46.146.220.92 to appropriate address of vlan2 - deleting the on-interface route from FIB 2. I have chosen the second (more obvious to me) but then I discovered that I cannot do this: # setfib 2 route delete 46.146.220.0/24 route: writing to routing socket: Address already in use delete net 46.146.220.0 fib 2: gateway uses the same route why ? Finally I added the host route to 46.146.220.92 in FIB 2 pointing to the appropriate (46.146.206.254) gateway and got my connectivity, but I still don't understand why the deletion of on-interface route is impossible. After all, it's the second FIB, and I don;t understand whet gateway the error is talking about. I tried this without having the default gateway in FIB 2, same result. Thanks. Eugene.