Service Traffic Failed to Be Forwarded Through a Server Having Two Network Adapters

Publication Date:  2013-12-28 Views:  232 Downloads:  0
Issue Description
A server has two network adapters. Eth0 is connected to the network segment 1.1.1.0/24 and has an IP address of 1.1.1.100; Eth1 is connected to the network segment 2.2.2.0/24 and has an IP address of 2.2.2.100. When a user on another network segment (such as 3.3.3.1) attempt to access Eth0, the access fails and the ping operation times out.
The networking is as follows.
Alarm Information
None
Handling Process
Disable RPF.
A temporary solution is available without restarting the server (resulting in a transient network disconnection):
1. Change the value of /proc/sys/net/ipv4/conf/all/rp_filter.
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
2. Restart the network service.
service network restart
The permanent solution is as follows (requiring a server restart):
1. Modify Linux parameters.
Modify the file /etc/sysctl.conf and set net.ipv4.conf.all.rp_filter to 0.
2. Restart the server.
reboot
Root Cause
An initial conclusion is that two network adapters lead to inconsistent paths for incoming and outgoing traffic, resulting in a failure to set up sessions on the firewall. Bypass the firewall so that traffic does not pass through the firewall. The fault persists. Then capture packets on the two switch interfaces connected to the server. It is found that only packets sent to the server exist and the server sends no response packet from Eth0 or Eth1 to the switch interfaces.

Therefore, the fault is located on the server but not the switch. Contact the system administrator to log in to the server for analysis.

When packets are sent to 1.1.1.100 from another network segment, the packets reach Eth0 of the server from VLAN 301. A common server searches for a route and sends response packets to the source. However, the server on this network uses the Linux SUSE 11 operating system. After the uname –a command is executed, it is found that the Linux kernel version is 2.6.32.12 and RPF is enabled in strict mode.
# cat /proc/sys/net/ipv4/conf/all/rp_filter
1
#
1 indicates the strict mode, 0 indicates RPF is disabled, and 2 indicates the loose mode.
RPF enhances route security and supports the following data forwarding mechanisms:
Loose mode: When receiving a data packet, the device searches the routing table for the route matching the source address. If such a route is found, the device forwards the packet; if no route matches the source address of the packet, the device discards the packet.
Strict mode: When receiving a data packet, the device searches the routing table to check whether the outbound interface mapping the source address of the packet is the same as the interface receiving the packet. If so, the device forwards the packet; if not, the device discards the packet.
In this example, when a data packet reaches Eth0 on the server, the server searches the routing table for the route matching the source address of the packet. No specific route matches the source address; therefore, the default route 2.2.2.1 is used and its mapping outbound interface is Eth1. The outbound interface is different from the interface receiving the packet (Eth0), leading to an RPF failure. The server discards the packet.
Suggestions
Two network adapters on a server may lead to the following problems:
1. Inconsistent paths for incoming and outgoing traffic lead to a failure to set up sessions on the firewall. Packets sent to the server are therefore discarded.
2. Data packets sent to the server are discarded because RPF is enabled.
Analyze the problem in the aspects of the network and operating system.

END