0

I have a Linux router multihomed:

  • eth0: "Normal" unicast IP address, global reachable, a single default route
  • eth1: Connected to an Internet Exchange, not global reachable, plenty of routes

The server runs frr and receives plenty of routes from the IX peers. By default, when connecting to some IP address where a route was received from the IX, the route's next hop is via eth1 and hence Linux uses the eth1 IP address as src-IP. Which of course will not work as the IX IP adresses are not global reachable.

So I need to tell Linux, for outgoing connections, to always use the IP address of eth0, regardless which route is used.

I found https://blog.sdn.clinic/2022/10/influencing-linux-source-address-selection-on-routes-installed-by-bird-and-frr/ and tried the "set src " approach in a frr route map, but for whatever reason that did not work for me:

route-map from-peer-v4 permit 11
 description Mark prefixes from peers or transit to filter them outgoing
 set community 1921:0
 set src 185.222.xx.xx
exit

Are there other methods available in Linux to specify the src IP globally for all outgoing connections?

KlausD
  • 13
  • 4
  • What about putting the global IP address on lo (as a /32 not as /24 or whatever else) instead of eth0 (where a /24 or whatever LAN route would still have to be added back), and then doing as written in your blog (with the set-loopback-src-ip option)? – A.B Jul 01 '23 at 16:00

1 Answers1

0

I have now found a different approach: All routes received from the Internet Exchange are stored in a dedicated routing table, using FRR's route map option set table X.

The server has an IP address for management (shh...) and one IP for the service. With ip rule add from <service-IP> table 2, traffic from the service IP is using the routes from the IX. The normal management traffic of the server now only see the default route and hence always use the eth0 IP address as source IP.

KlausD
  • 13
  • 4