ip Routing Through Cluster

Mon Jun 14 23:24:12 UTC 2004

On Sun, Jun 13, 2004 at 10:37:43PM -0500, Jeff Vian wrote:
> T. 'Nifty New Hat' Mitchell wrote:
> >On Fri, Jun 11, 2004 at 05:54:54AM -0400, gswallow at cfl.rr.com wrote:
> >
> >
> >>Am successfully bonding two dual PII266 machines via crossover
> >>cables to make a workstation out of the hardware I have 'round the
> >>house. node1 and node2 on network.com (192.168.2.0) can ping between
> >>eachother just fine on each machine's bond0 NIC
> >>(192.168.2.1/192.168.2.2 node1/node2). eth0 and eth1 in each machine
> >>are SLAVE of bond0 device.
> >
> >>node1 can access internet fine...
> >
> >>What amm I getting wrong here? And, please let me know if ya need more 
> >>infor.
> >>   
> >>
> >
> >Remember that private internets are not routed!
> >
> > # The Internet Assigned Numbers Authority (IANA) has reserved the
> > #    following three blocks of the IP address space for private internets:
> > #
> > #       10.0.0.0        - 10.255.255.255  (10/8 prefix)
> > #       172.16.0.0      - 172.31.255.255  (172.16/12 prefix)
> > #       192.168.0.0     - 192.168.255.255 (192.168/16 prefix)
> >
> >What this means is that there should never be a published route
> >between net 192.168.2.xx and your 192.168.1.xx net (or any other
> >private internet).
> > 
> >
> You are correct if the route would cross any portion of the public 
> network/internet.  However, private networks can be and often are routed 
> within an intranet.
> 
> >Host routes and gateway hosts may solve the problem.  Check the man
> >page for route I see some examples at this URL that look close
> >
....

> >The key is that private nets are not routed and very special actions
> >are needed to get to and from the Internet from the second private
> >net.
> >  
> >   "private <--> public" 
> >is common and easy
> >
> >   "private <--> private <--> public" 
> >is trouble.
> > 
> >
> Not when using NAT or MASQ at the interface to the public. A properly 
> configured NAT router will handle this as easily (in my experience) as 
> the first one above. YMMV depending on config and hardware.

Yes NAT and MASQ solve the most common class of problems.

I was musing on the more general case of a single public routed IP
address and then only private nets inside.  Since it is nearly
impossible to get a set of net numbers the interesting cases of public
to private nets needs more than a nat/squid solution.

              /-<-->- 192.168.2 <->\                 /-<-->- 192.168.4
              |                    |                |
   public <-->|-<-->- 192.168.1 -<-|->- 10.0.1.0 -<-|-> 192.168.5
              |                    |
              \-<-->- 192.168.3 <->/                 \-<-->- 192.168.5

I see that the original poster solved it by getting the sense
of direction corrected on one of the boxes so we are good enough
for now.

-- 
	T o m  M i t c h e l l 
	/dev/null the ultimate in secure storage.