0
  1. does the src field in ip route have any affect on forwarding traffic? or is it only significant for output traffic?
  2. what is the significance of an ip route entry that specifies both dev and src, where src does not belong to dev (but rather to a different device in the system)?
Tomer
  • 13
  • 7

1 Answers1

1

When adding a route to a multihomed host, you might want to have control over the source IP address your host is sending from when starting communications using this route. This is what src is for.

Therefore to answer your question by point :

  1. No, it has no effect on forwarding traffic, it is only for local generated traffic.
  2. You can use bot dev and src to double-check if the src IP entered corresponds to the correct dev interfaces. If the source IP mentioned is not on the device specified you will get an error.
Oniceag George
  • 46
  • 4
  • actually when the `src` is *not* an address of `dev`, there is no error. moreover, i found a comment in `understanding linux network internals` that briefly addresses this (`35.7.2. Preferred Source Address Selection`) but it doesn't go into detail about when/how to make use of this. i encountered such a configuration in a legacy system i'm working on, and was wondering about the reason for it. – Tomer Dec 12 '17 at 17:00
  • 1
    [root@localhost ~]# ip r add 1.1.1.1 via 10.0.2.1 dev enp0s3 src 2.2.2.2 RTNETLINK answers: Invalid argument [root@localhost ~]# ip r add 1.1.1.1 via 10.0.2.1 dev enp0s3 [root@localhost ~]# ip r default via 10.0.2.2 dev enp0s3 proto static metric 100 1.1.1.1 via 10.0.2.1 dev enp0s3 10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 metric 100 [root@localhost ~]# ip r add 1.1.1.1 via 10.0.2.1 dev enp0s3 src 10.0.2.15 [root@localhost ~]# ip r Centos7/rhel7 detects it as an error . – Oniceag George Dec 20 '17 at 12:00
  • You can force a foreign src address by tuning the kernel a bit to allow bindings on non local IP's . How ever this is used on special situation like VRRP, LVS, etc ... or when you just need to generate traffic with a specific IP for audits and tests(but expect no return traffic!) – Oniceag George Dec 20 '17 at 12:06