0

I am setting up CI environment where I have two subnets connected by two peered bird routers.

My current ipv4 config on one of the routers is as follows:

protocol device {
}

protocol direct {
  interface "eth0";
  interface "eth1";
}

protocol kernel {
  import none;
  export all;
}

protocol bgp {
  import all;
  export all;

  local    10.100.0.9 as 9;
  neighbor 10.100.0.7 as 7;
}

This and the other router are connected over 10.100.0.0/24. LAN instances connect to this router over 10.9.0.0/24.

Currently, when I send LAN ethernet packets from e.g. 10.9.0.71 to 10.9.0.72, and the ethernet dst is router's MAC then the packet is delivered to LAN server. What I would like to achieve for LAN packets is:

  • when dst MAC is router's MAC then the packet does not reach the destination,
  • when dst MAC is destination server's MAC then the packet reaches that destination, just as it does now.

I don't know very much about routing and bird documentation is rather targeted to experienced users. So far I tried using filters and blackholed static routes, but it was more of a guesswork and none of it worked.

Wojciech Migda
  • 101
  • 2
  • Are you describing what happens when a router forwards IP packets in the same LAN and also sends along an [ICMP redirect](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Redirect) message to the source so it changes its behavior? I'm trying to identify without doubt the issue you're describing. Also, unless the router has a special setup (brouting etc.) the router is not supposed to see a destination MAC which is not its own. – A.B May 05 '23 at 17:56
  • Or is this happening during a failover? – A.B May 05 '23 at 18:07
  • @A.B Application I am testing operates at the link layer. It constructs its own ethernet headers. Its primary operation involves sending a packet to a specified server (A), which could be also in the same subnet. In such case it fills ethernet header with A's MAC. It has a fallback mode as well, where if it cannot resolve A's MAC address then it uses router's (R) MAC to fill dst address in said ethernet header, while IP dst address remains that of server A. (continued...) – Wojciech Migda May 05 '23 at 18:33
  • (...) In another setting, e.g. my laptop, fallback frame with router's MAC address does not reach A. In the CI environment which I am configuring it does. In this CI environment I use bird for routing. My assumption is that such such fallback mode frame after it reaches the router (it has its MAC address) then it is forwarded by the router to A. I would like to reconfigure bird to stop doing that. – Wojciech Migda May 05 '23 at 18:36

0 Answers0