Solaris 10 Networking : Working with multiples output interfaces

By Toots, 5 years ago, modified Feb. 1, 2007

Solaris 10 networking has a particular behaviour when handling multiples interfaces on a same subnet :

e1000g36001:2:flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 9
       inet 172.16.20.44 netmask fffffc00 broadcast 172.16.23.255
e1000g36001:3: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 9
       inet 172.16.20.41 netmask fffffc00 broadcast 172.16.23.255

In this case the output interface for this network could either be e1000g36001:2 or e1000g36001:3 :

$ netstat -nrv

IRE Table: IPv4
  Destination             Mask           Gateway          Device Mxfrg  Rtt  Ref Flg  Out  In/Fwd
 -   - - - - - --
172.16.20.0          255.255.252.0   172.16.20.44         e1000g36001:2  1500*    0   1 U      846     0
172.16.20.0          255.255.252.0   172.16.20.41         e1000g36001:3  1500*    0   1 U        0     0
default              0.0.0.0         172.16.23.254                1500*    0   1 UGS 9427622     0

In fact Solaris uses the first working interface, no matter if the interface number or last bit is the highest or not. The problem could become very annoying for filtering or NAT configurations as we can't guess the output IP of this machine.

Example: in the following configuration, a default bind is set on 172.16.20.44 to allow this machine to make output connections on other networks :

Virtual server: V_OUT_TEST           Status: enabled  IP: 111.222.333.444
     default ---> R_OUT_TEST: 172.16.20.44,  default (Active)

If the other IP 172.16.20.41 is used for output, the NAT won't work.

The solution is to use the -setsrc option of the route command to force the output interface. In our example, we'd put the command on a script at boot time :

$ route add default 172.16.31.254 -setsrc 172.16.20.44 

$ route get default
    route to: default
destination: default
       mask: default
   gateway: 172.16.23.254
      setsrc: <my-output-interface-hostname>
  interface: e1000g36001:2
       flags: <UP,GATEWAY,DONE,STATIC,SETSRC>
 recvpipe  sendpipe  ssthresh    rtt,ms rttvar,ms  hopcount      mtu     expire
       0         0         0         0         0         0      1500         0

Notes :

The old -ifp modifier may work too :

$ route add -ifp e1000g36001:2 default 172.16.23.254

For IPv6, ifconfig has a preferred argument.

If the setsrc interface looks broken, Solaris will use another interface alias available on this network (in the above example if e1000g36001:2 is broken, e1000g36001:3 will be used). To avoid this, use the DEPRECATED flag of ifconfig.

Comments

1. 2 years, 4 months ago, by Bilal

Many thanks, but if we have traffice i want to send it throu the 2nd IP

default 172.16.31.254 -setsrc 172.16.20.44
static route to use 172.16.20.41

2. 1 year, 3 months ago, by thomas sabo

Well, really happy to read this article, I have bookmarked your website and will turn back to read your new articles.

3. 1 year, 3 months ago, by p90x

4. 1 year, 3 months ago, by Rolex Datejust

5. 1 year, 3 months ago, by p90x

6. 1 year, 3 months ago, by p90x

7. 1 year, 2 months ago, by cherry

Great resource. I really enjoyed your site!
<a href="http://www.promdressesol.com/alice/174-alice-cocktail-dresses-off-shoulder-white-chiffon-knee-length80306.html">white cocktail dresses</a> party gowns
<a href="http://www.promdressesol.com">wedding dresses</a> cheap prom dresses
<a href="http://www.promdressesol.com">red prom dresses 2011</a> party dresses 2010
<a href="http://www.promdressesol.com">short prom dresses 2011</a> prom dresses 2010 collection
<a href="http://www.promdressesol.com">purple wedding dresses</a> prom dresses and gowns
<a href="http://www.promdressesol.com/tiffany/183-tiffany-bridesmaid-dresses-one-shoulder-picture-color-netorganza-spumous0505.html">tiffany blue bridesmaid dresses</a> prom gowns on sale
<a href="http://www.promdressesol.com">blue prom dresses 2011</a> prom dresses 2010
<a href="http://www.promdressesol.com">prom dresses 2011 long</a> prom gowns wholesale
<a href="http://www.promdressesol.com">long prom dresses 2011</a> ball dresses
<a href="http://www.promdressesol.com">backless wedding dresses</a> ball dresses 2010
<a href="http://www.promdressesol.com">white prom dresses</a> ball dresses for sale
<a href="http://www.promdressesol.com">evening dress</a> brides dresses <a href="http://www.promdressesol.com/athena/366-asymmetrical-v-neck-sleeveless-elastic-satin-dress2880-.html">satin dress</a> girls bridesmaid dresses
<a href="http://www.promdressesol.com/fancy-world/226-fancy-world-party-gowns-off-shoulder-red-carpet-chiffon-sweetheart56308.html">red carpet dresses</a> handmade dresses
<a href="http://www.promdressesol.com/48-pink">purple sweet 16 dresses</a> prom dress shops

8. 1 year, 1 month ago, by UGG Outlet

This article was Very helpful. Actually, I am fond of reading online punjabi news. Thanks for writing such a complete ..
thank you for sharing.

9. 9 months, 3 weeks ago, by pandora Ireland

Exotic chandelier earrings can also be considered the perfect gift item. <a href=http://www.lovebeads-ireland.com/>pandora ireland</a> are available with embedded garnet, topaz, black diamond and other valuable stones. <a href=http://www.lovebeads-ireland.com/>pandora jewellry</a> 2010 has also seen a comeback in traditional <a href=http://www.lovebeads-ireland.com/>pandora jewellery</a> with a variety of designs and decorative shapes. <a href=http://www.lovebeads-ireland.com/>pandora online</a> You can choose from a myriad of necklaces, rings, <a href=http://www.lovebeads-ireland.com/bracelets>pandora bracelets</a> , brooches or earrings to suit the destined wearer's taste.If you are looking for a romantic gift, <a href=http://www.lovebeads-ireland.com/bracelets>pandora bracelets ireland</a> a heart-shaped pendant may best express your love. If you are looking for a sophisticated gift, you can choose a pearl necklace with a one-of-a-kind <a href=http://www.lovebeads-ireland.com/charms>pandora charm</a> . Even today, the fascinating look of pearls continues to enchant jewelry lovers the world over. You can find a <a href=http://www.lovebeads-ireland.com/beads>pandora beads</a> designer or a jewelry manufacturer to see the latest designs. A little box with jewelry can work wonders in adding delight to your festivities. So this Christmas, add to your loved one's <a href=http://www.lovebeads-ireland.com/beads>pandora beads charms</a> collection with some great jewelry items.

10. 8 months, 2 weeks ago, by online jewelry

Great motivational stories. It is rightly said that if you want something you can achieve it but you need to sacrifice one or the other thing.

11. 4 months, 2 weeks ago, by Nicolas

You just saved my life!!! One of my customers was having this exact issue due to a particular configured Firewall rules and after an IPMP implementatino it all went to Hell!!. This saved my day.

Keep Da Link

Solaris 10 Networking : Working with multiples output interfaces

Comments

Add a comment

Search via Google

À retenir

Photos

Tags

S'abonner

Liens

A lire

Bloggers

Fun