Very Computer

I am just not "getting" this whole Linux networking thing.

I am using RH6.[0,1,2] mostly, and solely the 2.2 kernels.
I have x86 class machines with dual NICs (Intel EtherExpress).
The NICs are in two separate VLANs.  Also, I tried the Linux
boxes with three NICs and could get absolutely no connectivity
no matter what I tried so I am back to dual NICs now.

My network consists of multiple VLANs created by two Catalyst
6500s in Layer 2 mode with IEEE Spanning Tree (except using
Cisco's Per-VLAN STP model).  I have ISL trunks configured between
them and to a 3500XL.  All are in the same VTP domain, and I am
using pruning to limit the VLAN exchange information.  I am not
using portfast, or any other obscure Cisco setting.  Does Linux
work well in this type of environment, or should I change to
something different?

I am having some strange networking problems with these Linux boxes.
They are not forwarding/routing IP in any way (as set by myself),
but the routing tables are often different on these boxes.  Sometimes
when I reboot them or down the interfaces and bring them back up, I see
strange things happen.

First off, I see the routing tables change, they are never the same.
I cannot make all the servers maintain the same routing table.  This
should be something I can statically set and maintain, but it does not
seem that way after many hours of playing with it.

Sometimes the routing tables with show the interfaces' IP addresses, and
sometimes not.  I have used the 'ip route' command to verify my 'netstat -rn'
settings and sometimes they don't even match.

The most bothersome thing is displaying the ARP cache.  When using 'arp -an',
sometimes it gets the wrong MAC addresses off of a different interface.
And the worst part is, that I can find no setting for ARP cache timeouts,
or what not.  I found gc_timeout, but I believe that is routing related.

E.g. When I ping a broadcast addr to find all of the ips attached to the
network, I then list the arp table, finding no entries.  Then, 15 seconds
later I list the arp table and they are all there.  Finally, in another
15 seconds they are all gone.  How am I supposed to troubleshoot any
networking problems under Linux when the arp cache and routing tables
are constantly changing?

Also, what is this business with route -net?  Why doesn't route just
know that 10.0.1.0 is a network and not a host?  Why can't I sometimes
add a -net or -host?  Actually, I've never had -host even work.

After reading everything I could on linux.com, linuxdoc.org, linuxports.com,
kernel.org, linuxhq.com, and redhat.com -- nothing talks about this.  The
Net3/4/Networking HOWTO is very poorly written, it does not identify or
discuss any of these problems.  I even started reading usenet and mailing
lists to look for this information.  It is not available.  Please advise.

dre
--
This program has been brought to you by the language C and the number F.

Hi Andre,

With linux routing entries are not stored persistently. So if you
shutdown an interface and bring it back up all routes over it but the
network-route will be away. Most distributions use some text files to
make the routing info persistent. However you'll have to use an script
to down/up the interface to notice the effect of these.

Quote:> First off, I see the routing tables change, they are never the same.

Aslong you do not run a routing daemon the routing table does not change
magicly. All changes happen base on an network configuration related
action taken by you.

Quote:> I cannot make all the servers maintain the same routing table.  This
> should be something I can statically set and maintain, but it does not
> seem that way after many hours of playing with it.

As mentioned it does what you tell it.

Quote:> Sometimes the routing tables with show the interfaces' IP addresses, and
> sometimes not.  I have used the 'ip route' command to verify my 'netstat -rn'
> settings and sometimes they don't even match.

Looks you definitly run a routing daemon like gated in changing the
routing table in background.

Quote:> The most bothersome thing is displaying the ARP cache.  When using 'arp -an',
> sometimes it gets the wrong MAC addresses off of a different interface.

If you are speaking about the ARP entry within a remote machine for
another IP of the linux machine then notice: It is quite normal Linux is
answering ARP request for each of the IPs assigned to it on all
interfaces. So if you have two physical network cards eth0 and eth1
connected to the same physical network you have no way to assign one
card a single IP it does receive packets for. It allways will accept
packets for the IP assigned to the other card too.

Quote:> And the worst part is, that I can find no setting for ARP cache timeouts,
> or what not.  I found gc_timeout, but I believe that is routing related.

/proc/sys/net/ipv4/neigh/ (atleast for Linux 2.3) does contain enough
possibilities to configure the ARP timing.

Quote:> E.g. When I ping a broadcast addr to find all of the ips attached to the
> network, I then list the arp table, finding no entries.  Then, 15 seconds
> later I list the arp table and they are all there.  Finally, in another
> 15 seconds they are all gone.  How am I supposed to troubleshoot any
> networking problems under Linux when the arp cache and routing tables
> are constantly changing?

It's the nature of a cache to change! Linux does use a very short
timeout for ARP entries by default. Pinging to the broadcast address
however is a point-less operation. Notice that the ARP-cache starts
filling with the answers coming in from some machines (do not have to be
all) since the request is simple send to ff:ff:ff:ff:ff:ff. So the delay
you experience seems acceptable.

Quote:> Also, what is this business with route -net?  Why doesn't route just
> know that 10.0.1.0 is a network and not a host?  Why can't I sometimes
> add a -net or -host?  Actually, I've never had -host even work.

Since 10.0.1.0 is a valid host address with in CIDR (classless inter
domain routing). If -host does not work for you there is probably
another mistake.

Quote:> After reading everything I could on linux.com, linuxdoc.org, linuxports.com,
> kernel.org, linuxhq.com, and redhat.com -- nothing talks about this.  The
> Net3/4/Networking HOWTO is very poorly written, it does not identify or
> discuss any of these problems.  I even started reading usenet and mailing
> lists to look for this information.  It is not available.  Please advise.

Because they are not any usual problems but the ones of somebody taking
over all windows learned stupidy into his linux.

Malware