Comments on: Distributing Static Routes with DHCP http://ignore.tv/2009/07/17/distributing-static-routes-with-dhcp/ Living Without Privacy Sun, 15 Jan 2012 05:31:49 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: James Cape http://ignore.tv/2009/07/17/distributing-static-routes-with-dhcp/comment-page-1/#comment-178921 James Cape Mon, 03 Oct 2011 22:47:49 +0000 http://ignore-your.tv/?p=728#comment-178921 @Ben, Assuming the code is still enabled* and the kernel(s) in question haven't been patched, it should exhibit the same behavior---but it's definitely worth watching it with a sniffer. * According to some old howtos, there is a kconfig option to enable/disable multicast, I dunno if that's been removed or not. @Ben,

Assuming the code is still enabled* and the kernel(s) in question haven’t been patched, it should exhibit the same behavior—but it’s definitely worth watching it with a sniffer.

* According to some old howtos, there is a kconfig option to enable/disable multicast, I dunno if that’s been removed or not.

]]> By: Ben http://ignore.tv/2009/07/17/distributing-static-routes-with-dhcp/comment-page-1/#comment-178920 Ben Mon, 03 Oct 2011 18:58:51 +0000 http://ignore-your.tv/?p=728#comment-178920 So sounds like I really just need to verify the behavior of my devices when configuring the static routes. In this case they are xDSL modems running some flavor of Linux, but I would guess that the behavior will be as you describe there as well. So sounds like I really just need to verify the behavior of my devices when configuring the static routes. In this case they are xDSL modems running some flavor of Linux, but I would guess that the behavior will be as you describe there as well.

]]> By: James Cape http://ignore.tv/2009/07/17/distributing-static-routes-with-dhcp/comment-page-1/#comment-178903 James Cape Thu, 29 Sep 2011 20:43:28 +0000 http://ignore-your.tv/?p=728#comment-178903 @Ben, Unfortunately I don't have a reference for it other than the fact that all the multicast route examples online don't set a next-hop address, just the interface. I did just re-confirm that it still fails with my laptop here on em1/eth0 vs. wlan0. Em1 is the default interface (wired), and I added a route to 224/4 via <gwaddr> dev wlan0---it still fails. Quit the app, delete the route and re-add with 224/4 dev wlan0 (no via), restart the app, it works fine. Fired up wireshark, and Linux is doing what I remembered it doing since RHEL5 (at least): firing the IGMP join at the group IP address, but the gateway's MAC address. My <em>guess</em> is that IGMP snooping on the switch (which is enabled by default on Catalysts) is watching on the MAC layer and not the IP layer. Since my join is not on the right Ethernet address at all, it won't get caught by the snooper process and my port would not be added to the switch's MFIB (in this scenario it's AP1200 -> 2960 -> 3750 SVI, but the theory holds regardless). If you don't specify a gateway address, then Linux does the standard thing and bitshifts the group address to derive the multicast MAC. @Ben,

Unfortunately I don’t have a reference for it other than the fact that all the multicast route examples online don’t set a next-hop address, just the interface.

I did just re-confirm that it still fails with my laptop here on em1/eth0 vs. wlan0. Em1 is the default interface (wired), and I added a route to 224/4 via <gwaddr> dev wlan0—it still fails.

Quit the app, delete the route and re-add with 224/4 dev wlan0 (no via), restart the app, it works fine.

Fired up wireshark, and Linux is doing what I remembered it doing since RHEL5 (at least): firing the IGMP join at the group IP address, but the gateway’s MAC address. My guess is that IGMP snooping on the switch (which is enabled by default on Catalysts) is watching on the MAC layer and not the IP layer. Since my join is not on the right Ethernet address at all, it won’t get caught by the snooper process and my port would not be added to the switch’s MFIB (in this scenario it’s AP1200 -> 2960 -> 3750 SVI, but the theory holds regardless).

If you don’t specify a gateway address, then Linux does the standard thing and bitshifts the group address to derive the multicast MAC.

]]> By: Ben http://ignore.tv/2009/07/17/distributing-static-routes-with-dhcp/comment-page-1/#comment-178901 Ben Thu, 29 Sep 2011 16:11:23 +0000 http://ignore-your.tv/?p=728#comment-178901 I've been looking for more info on issues with Cisco and setting the next hop address for multicast addresses but have been unable to track it down. Do you potentially have some links or a let me google that for you smack in the face? I’ve been looking for more info on issues with Cisco and setting the next hop address for multicast addresses but have been unable to track it down. Do you potentially have some links or a let me google that for you smack in the face?

]]> By: Jim Snyder http://ignore.tv/2009/07/17/distributing-static-routes-with-dhcp/comment-page-1/#comment-178370 Jim Snyder Tue, 21 Sep 2010 13:28:55 +0000 http://ignore-your.tv/?p=728#comment-178370 Incidentally, /etc/sysconfig/network-scripts/ifup-post checks for /sbin/ifup-local for (one presumes) site-specific post-"up" local customizations. It doesn't exist, but one could always roll one's own in the same way that one rolls /etc/...dhclient-*-hooks. And in /sbin/ifup, there's a similarly futile reference to /sbin/ifup-pre-local. Probably just me, but I'd rather have site-specific scripts in /etc/sysconfig/network-scripts, or at least *not* /sbin. Incidentally, /etc/sysconfig/network-scripts/ifup-post checks for /sbin/ifup-local for (one presumes) site-specific post-“up” local customizations.

It doesn’t exist, but one could always roll one’s own in the same way that one rolls /etc/…dhclient-*-hooks.

And in /sbin/ifup, there’s a similarly futile reference to /sbin/ifup-pre-local.

Probably just me, but I’d rather have site-specific scripts in /etc/sysconfig/network-scripts, or at least *not* /sbin.

]]> By: Jim Snyder http://ignore.tv/2009/07/17/distributing-static-routes-with-dhcp/comment-page-1/#comment-178369 Jim Snyder Tue, 21 Sep 2010 00:57:59 +0000 http://ignore-your.tv/?p=728#comment-178369 Looks like dhclient-(enter|exit)-hooks moved to /etc/dhcp in FC13. I run my firewall from /etc/dhclient-*-hooks. Imagine my surprise. I gather this change originates in ISC's new dhcp release: http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg225247.html I haven't looked closely, but I think this bug report is relevant to your post: https://bugzilla.redhat.com/show_bug.cgi?id=516325 Looks like dhclient-(enter|exit)-hooks moved to /etc/dhcp in FC13.

I run my firewall from /etc/dhclient-*-hooks.

Imagine my surprise.

I gather this change originates in ISC’s new dhcp release:

http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg225247.html

I haven’t looked closely, but I think this bug report is relevant to your post:

https://bugzilla.redhat.com/show_bug.cgi?id=516325

]]> By: Receiving static routes through DHCP in Fedora 12 « Tusheto's Blog http://ignore.tv/2009/07/17/distributing-static-routes-with-dhcp/comment-page-1/#comment-178252 Receiving static routes through DHCP in Fedora 12 « Tusheto's Blog Tue, 23 Feb 2010 11:50:01 +0000 http://ignore-your.tv/?p=728#comment-178252 [...] file for dhclient, that will parse the DHCP option 121. I found how this could be done here on this blog. You can copy the file from there, or below [...] […] file for dhclient, that will parse the DHCP option 121. I found how this could be done here on this blog. You can copy the file from there, or below […]

]]>