when I open a connection from this host to another host, it's established from ip 192.168.100.11
but I want it to be established from 192.168.100.21 to one special host behind a firewall
the interface name on which the ips reside on may differ, so I need a host route, and specify the source ip, and not the source interface, it would be easy to say take en1 when connecting to host x, but that's not what I want
any ideas?
I am not sure if i understand you correctly, but wouldn't a simple static route solve your problem? Use "route add -host ..." to add a static route to the destination with a network mask of 255.255.255.255 and your desired local IP address as gateway. You can indeed use an IP address as gateway, can't you?
If omitting "-interface", the system would use the primary address on the same interface as gateway, in your case 1.1.1.20, which is not what you want.[LEFT]
[/LEFT]
No do not use route add with AIX as the route will disappear when you reboot the server. The correct way to this is via smithy tcpip and add static route.
You can do this via the command line with a chdev command on the inter device, but it needs a lot of commas in the right place. You can specify the en device that you want a route to use.
In relation to the original question, the trouble is that the TCP/IP stack can't differentiate between which of the two source addresses that you have as they are in the same subnet. My understanding of TCP/IP tells me that this will lead to ambiguous routing and problems. Would you not be better to create an ether channel with the two intfaces and have a single ip address on it as being easier to manage?
AIX cannot handle multiple adapters, or interfaces, in the same subnet. Why would it?
You need to separate the the addressed in to different subnets if you need to gain control over what goes where.
Or do you have subnet masks one IP address wide?
I need to have IPs in the same subnet, because this is an hacmp (tsm) cluster, with 7 resource groups / 7 service ips, + persistent IPs
I have one IP-range that is routed (lets say the 192.168.100.x)
and I can use as many unrouted IPs as I like
that is 1.1.1.x in this case
AIX can handle more IPs in the same subnet, incoming virtual IP interface = outgoing virtual IP interface
the only problem I have is outgoing traffic behind a firewall, since hacmp load balances the service IPs over adapters
so I can never say which virtual IP resides on which adapter
as a workaround, there is a firewall rule for every service and persistent ip, but that's not what I want
@gurumeditation
I will try this, but are you sure, that the virtual ip is stored in the route, and not the interface the ip is applied on, the time you run the command?
sounds good to me, I let you know if it is possible
Edit: tried this, doesn't work, I think because the packages are not being routed to the default gateway in this case
cheers
Edit2:
I'm not the only one facing this problem, look at these articles:
I start to understand. The following is untested and just an idea, try it at your own risk:
The kernel has one - and only one - routing table. This data structure is consulted sequentially and later entries are overruled by earlier ones. Therefore the host.route you want to establish should be declared as early as possible. It might help to replace all the routes you have now (which are probably defined via "chdev -l inet0 ...") by lists of route definitions using "route add ..." which are placed in /etc/rc.net. This way you could exert control over the sequence in which the routing table is built.
Another idea is to create a (non-routed) IP alias which acts as a gateway for that host route and only for this IP alias establish routing information to the network gateway. You could bind the IP alias onto any interface and this way force traffic to be dispatched via this interface.
Another thing is:
You might want to put these commands into a resource group and use start-/stop-scripts to create/remove these routing table entries.
but I like the idea with the own routing table
maybe there is a way to manipulate ODM-entries, to change the routing boot-sequence
but for sure I have to test this exactly
I think the safest and best way, don't know why I didn't think about that jet:
I add an virtual adapter from vio, and thats my "firewall interface" (2 vios, sea)
away from hacmp, on both nodes, always configured
what do you think about that?
the only thing that's not so great about it: for now, this machine has nothing to do with the virtual io servers on the system, with that I will generate a dependency
