| Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback |
| Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition | ||
|
|
||
 |
||||||||||||||||||
Solution Type Problem Resolution Sure Solution 1452569.1 : Configuring Exalogic N/W Routing to ensure packets arriving via a given interface will have their responses sent out using that same interface instead of always sending via the default gateway
Configuring Exalogic N/W Routing to ensure packets arriving via a given interface will have their responses sent out using that same interface instead of always sending via the default gateway In this Document
Created from <SR 3-5567966411> Applies to:Oracle Exalogic Elastic Cloud Software - Version 1.0.0.0.0 and laterExalogic Elastic Cloud X3-2 Hardware - Version X3 to X3 [Release X3] Oracle Virtual Assembly Builder - Version 11.1.1.6.0 to 11.1.1.6.0 [Release 11g] Information in this document applies to any platform. This Note applies to Exalogic Physical as well as Virtual deployments. SymptomsWhen client is off subnet and connecting through management network (net0) and the default router is over bond1, the packets which are arriving via a given interface will have their responses sent out using the default gateway instead of that same interface where they are arriving from. CauseExalogic Environment is by default configured with 3 logical network interfaces configured: management network (typically eth0), client access network (typically bond1), and private network (typically bond0). The default route for the system uses the client access network and the gateway for that network. All outbound traffic that is not destined for an IP address on the management or private networks is sent out via the client access network. This poses a problem for some connections to the management network in some Exalogic environments. Due to this routing setup the ARP table entry for default does not get updated. Tracing the eth0 traffic shows that a ping from the windows client 10.180.xx.xx to the net0 management address 10.xx.xxx.128 will trigger an ARP REQUEST for the default router from bond1 with the source mac address of net0. This causes random connectivity failures for the client if the default gw ARP entry has timed out. One of the situations, this behavior can be seen in a Exalogic environment is, if the eth0 (management) and bond1 (client) networks are tied on same physical LAN segment outside of Exalogic, then the compute node's/vServer ARP entries get mixed up. This is not a mis-configuration or incorrect network setup , but depending the requirement, this type of network configuration might have been configured in this Exalogic environment. Sample network tracing packet 520 below illustrates this problem: Frame 520 (64 bytes on wire, 64 bytes captured)
Ethernet II, Src: a0:dxxx:5x:00:01 (a0:dx:xx:5x:00:01), Dst: Broadcast (ff:ff:ff:ff:ff:ff) 802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 462 Address Resolution Protocol (request) Hardware type: Ethernet (0x0001) Protocol type: IP (0x0800) Hardware size: 6 Protocol size: 4 Opcode: request (0x0001) [Is gratuitous: False] Sender MAC address: a0:dxxx:5x:00:01 (a0:dx:xx:5x:00:01) <-----******** Bond1 MAC address *** Sender IP address: 10.180.xx.xx (10.180.xx.xx ) <-----******** Net0 IP ************* Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00) Target IP address: 10.xx.196.x (10.xx.196.x) <-----******** Default route *******
SolutionThe configuration changes outlined in this note will modify that behavior so that any connections that come in via the management network interface will have their responses sent out via the management network interface. Similarly, packets arriving via the client access network will have responses sent out via the client access network. The private network needs no such arrangements since all network traffic on the private network is direct communication between the two end points without any routers involved. The Below configuration changes need to be done on each and every Compute Node/vServer in the Exalogic rack to achieve the modified behavior. This below method of configuring rules and routes is referred as " iproute2" and is the best way to solve network routing issues in these situations. Configuration for boot-time routing configuration: Several specially-configured files must exist in /etc/sysconfig/network-scripts on each Exalogic Compute Node/vServer in order to support the boot-time configuration of the modified routing tables. For each Ethernet interface that have configured IP addresses (not for slaves), each Exalogic Compute Node/vServer must have route-ethX and rule-ethX files configured. Rule/route table number should start with 220 for eth0, 221 for eth1, etc. Assume eth0 has IP address 10.149.49.12, netmask 255.255.252.0 (network 10.149.48.0/22) and gateway 10.149.48.1. /etc/sysconfig/network-scripts/rule-eth0 contains from 10.149.49.12 table 220 to 10.149.49.12 table 220
/etc/sysconfig/network-scripts/route-eth0 contains 10.149.48.0/22 dev eth0 table 220 default via 10.149.48.1 dev eth0 table 220 For each bond over Ethernet interface, Exalogic compute node must have route-bondX and rule-bondX. Rule/route table number should start with 210 for bond1, 211 for bond2, etc. Assume bond1 has IP address 10.204.78.15, netmask 255.255.255.0 (network 10.204.78.0/24) and gateway 10.204.78.1. /etc/sysconfig/network-scripts/rule-bond1 contains from 10.204.78.15 table 210 to 10.204.78.15 table 210
/etc/sysconfig/network-scripts/route-bond1 contains 10.204.78.0/24 dev bond1 table 210 default via 10.204.78.1 dev bond1 table 210 For bond over IB interfaces, the route and rule files are already there for Exalogic Compute Node/vServer, and in general should not have IP route and rule files for a single bond0 interface. NOTE: Even if the following section is used to configure the routing in real-time, it is highly recommended to reboot the Exalogic Compute Nodes/vServers to validate that the boot-time configuration will result in the desired configuration. Configuration for real-time routing configuration: To configure the rules on the running system, the /sbin/ip command is used to create the same configuration that will be performed at boot-time. The following commands will result in the same configuration as outlined in the examples above. /sbin/ip rule add from 10.149.49.12 table 220 /sbin/ip rule add to 10.149.49.12 table 220 /sbin/ip route add 10.149.48.0/22 dev eth0 table 220 /sbin/ip route add default via 10.149.48.1 dev eth0 table 220
/sbin/ip rule add from 10.204.78.15 table 210 /sbin/ip rule add to 10.204.78.15 table 210 /sbin/ip route add 10.204.78.0/24 dev bond1 table 210 /sbin/ip route add default via 10.204.78.1 dev bond1 table 210 NOTE: Even if the preceding commands are used to configure the routing in real-time, it is highly recommended to reboot the Exalogic Compute Nodes/vServers to validate that the boot-time configuration will result in the desired configuration. Removing real-time configuration (for troubleshooting purposes): While performing configuration or troubleshooting, if you need to remove the rules and routes, use the below details .The following commands are for removing rules and routes (ordered in reverse intentionally). /sbin/ip route del default via 10.149.48.1 dev eth0 table 220 /sbin/ip route del 10.149.48.0/22 dev eth0 table 220 /sbin/ip rule del to 10.149.49.12 table 220 /sbin/ip rule del from 10.149.49.12 table 220
/sbin/ip route del default via 10.204.78.1 dev bond1 table 210 /sbin/ip route del 10.204.78.0/24 dev bond1 table 210 /sbin/ip rule del to 10.204.78.15 table 210 /sbin/ip rule del from 10.204.78.15 table 210 Verification and status commands: To verify the routes and rules, use these commands. Checking rules: The rules can be checked via the same /sbin/ip command using the "rule list" argument. This command output shows all rules on the system. root@xxxxxx# ip rule list 0: from all lookup 255 32762: from all to 10.204.78.15 lookup 210 32763: from 10.204.78.15 lookup 210 32764: from all to 10.149.49.12 lookup 220 32765: from 10.149.49.12 lookup 220 32766: from all lookup main 32767: from all lookup default root@xxxxxx# Checking routes: In the configuration outlined in this note, we leave the default routing table as it is and add two new routing tables. The two new routing tables are used when the rules dictate their use. The default route table has no indication that two alternate tables exist. The only indication that alternate routing tables are in use is by reviewing the rules (shown above). To see the default route table, use: root@xxxxxx# ip route list 10.204.78.0/24 dev bond1 proto kernel scope link src 10.204.78.15 192.168.10.0/24 dev bond0 proto kernel scope link src 192.168.10.8 10.149.48.0/22 dev eth0 proto kernel scope link src 10.149.49.12 default via 10.149.52.1 dev bond1 root@xxxxxx# To see the supplemental routing tables identified by the rules in the "ip rule list" output earlier, append the table name to the end of the "ip route list" command, like this: root@xxxxxx# ip route list table 220 10.149.48.0/22 dev eth0 scope link default via 10.149.48.1 dev eth0
root@xxxxxx# ip route list table 210 10.204.78.0/24 dev bond1 scope link default via 10.204.78.1 dev bond1 root@xxxxxx#
Removal and backout: The best way to clean up and return to default behavior is to remove the files added to /etc/sysconfig/network-scripts and reboot the node. /bin/rm -f /etc/sysconfig/network-scripts/rule-eth0 /bin/rm -f /etc/sysconfig/network-scripts/route-eth0 /bin/rm -f /etc/sysconfig/network-scripts/rule-bond1 /bin/rm -f /etc/sysconfig/network-scripts/route-bond1 reboot
References<BUG:11725389> - TRACK112230: MARTIAN SOURCE REPORTED ON DB NODES BONDETH0 INTERFACESR #3-6957535088 <BUG:13986667> - NETWORK PACKETS ROUTING FOR TRAFFIC OVER THE ADMIN N/W RESPONSES VIA DEFAULT GW <NOTE:1348904.1> - Useful Network Diagnostics Commands for Oracle Exalogic Machine <NOTE:1306154.1> - Configuring Exadata Database Server Routing Attachments This solution has no attachment |
||||||||||||||||||
|
||||||||||||||||||