13 February 2012

64. Two network cards on the same network, splitting traffic

Some thoughts on using two LAN network cards: While it sounds instinctively neat, the main issue here is to decide how it should actually work i.e. where is what traffic going.

One idea is send traffic to one subset (e.g. 192.168.1.1-100) of IP addresses via one card, and another subset (e.g. 192.168.1.101-255) to another.

This isn't a job for a firewall (other than to restrict/allow traffic) but a situation where you use routing.

Some background
To see your routing table, run
sudo route 
(or sudo route -n if you want to resolve names)

Here's the routing table of the gateway in this post where eth0 is connected to the Outside World, and eth1 is connected (and acting as the gateway of) a subnet of 192.168.0.-255:

Kernel IP routing table
Destination     Gateway            Genmask   Flags Metric Ref    Use Iface
default             xxx.xxx.xx7.254    0.0.0.0           UG     0        0        0    eth0
xxx.xxx.xx0.0     *                      255.255.248.0   U     0         0        0    eth0
link-local            *                      255.255.0.0       U     1000   0        0    eth1
192.168.1.0       *                      255.255.255.0   U     0         0        0    eth1

It says:
Route everything by default to the gw at xxx.xxx.xx7.254,
unless the target is in network xxx.xxx.xx0.0-255 or
unless the target is in 169.254.0.0 - 169.254.255.255 (link-local is 169.254.0.0) or
unless the target is in 192.168.1.0-255

Here's the routing table of a box with a single card attached to the LAN:

Kernel IP routing table
Destination     Gateway              Genmask   lags Metric Ref    Use Iface
default          192.168.1.1             0.0.0.0          UG    0      0        0 eth0
192.168.1.0     *                    255.255.255.0      U     0      0       0 eth0

Finally, here's the routing table of a box with two cards connected to different LANs:

Kernel IP routing table
Destination     Gateway             Genmask         Flags Metric Ref    Use Iface
default         192.168.2.1            0.0.0.0         UG     0      0        0 eth3
default         192.168.1.1            0.0.0.0         UG     0      0        0 eth2
192.168.1.0     *                     255.255.255.0   U     0      0        0 eth2
192.168.2.0     *                     255.255.255.0   U     0      0        0 eth3
Default and * both equal 0.0.0.0 using sudo route -n.


SOLUTIONS
1. Two cards on the same network using /etc/network/interfaces -- very simple:
Yup, I talked about route before, but this is a less granular method using /etc/network/interfaces:

auto eth2
iface eth2 inet static
address 192.168.1.105
netmask 255.255.255.0
gateway 192.168.1.1
auto eth3
iface eth3 inet static
address 192.168.1.130
netmask 255.255.255.128
gateway 192.168.1.1


This configuration gives the following sudo route -n:

Kernel IP routing table
Destination         Gateway         Genmask      Flags Metric    Ref    Use   Iface
0.0.0.0                192.168.1.1           0.0.0.0           UG       0         0        0      eth2
192.168.1.0           0.0.0.0        255.255.255.0     U        0         0        0      eth2
192.168.1.128        0.0.0.0       255.255.255.128     U        0         0        0      eth3

Which is exactly what we wanted.


Solution 1.b using network-manager
In gnome 3/gnome-shell, go to system settings/network/select your interface (e.g. eth1), click on Configure (bottom right corner), and select the IP v4 tab and change the address and netmask as shown in solution 2. Or hit 'Routes...' in the lower left corner and do your configuration there...




Solution 2. Two cards on the same network and another card connected to 'internet'

eth0 is connected to the outside world, eth1 acts as the gateway for 192.168.1.0-127, and eth2 acts as the gateway for 192.168.1.128-255

I configured this in network-manager by setting:
eth0 to dhcp
eth1 to 192.168.1.1, mask 255.255.255.0, gw 192.168.1.1
eth2 to 192.168.1.129, mask 255.255.255.128, gw 192.168.1.129
I didn't edit route settings.

The corresponding /etc/network/interfaces settings would probably be:
auto eth0
iface eth0 inet dhcp
auto eth1
iface eth1 inet static
address 192.168.1.1
netmask 255.255.255.0
gateway 192.168.1.1
auto eth2
iface eth2 inet static
address 192.168.1.129
netmask 255.255.255.128
gateway 192.168.1.129



Anyway, here's the sudo route -n:
Kernel IP routing table
Destination        Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0            130.194.167.254 0.0.0.0          UG    0         0        0 eth0
130.194.160.0   0.0.0.0         255.255.248.0     U     0         0        0 eth0
169.254.0.0       0.0.0.0         255.255.0.0         U     1000   0        0 eth1
192.168.1.0       0.0.0.0         255.255.255.0     U     0         0        0 eth1
192.168.1.128   0.0.0.0         255.255.255.128 U     0         0        0 eth2


Using this configuration you should probably set the gateway for eth3 in solution 1 to 192.168.1.128 -- that way you split all the traffic and in effect create two subnets (so technically, the 'same LAN' isn't really true)

Don't forget to open up your firewall to allow broadcasting from both 192.168.1.127 and 192.168.1.255

No comments:

Post a Comment