From nobody Sat Nov 11 11:03:40 2023 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SSCVh3jGRz50Cxj for ; Sat, 11 Nov 2023 11:03:56 +0000 (UTC) (envelope-from zlei@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SSCVh3GX6z4k7K; Sat, 11 Nov 2023 11:03:56 +0000 (UTC) (envelope-from zlei@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1699700636; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=GzXroJEOuBpzOq8ecQbauEuNZ0vPF3UEduQ+GcUpjuc=; b=ZtybbNcIMKzo/jw4S8s07rrMnAM8CkvN2GYLcRbNbvwzf1kz0rBjj8PicGRWc3GfyPDEBr Im/KHorKAYCtyquIxfFdpzRyNjGQG7eN4vpxIwsMQJnFeH/SBfF6M0vxBJWmZa4ExazMNx NAj0pM9qt1gLCHKvv7kK6oGCQg7VTBrxmZ6ua0QrZW4jo7amBd/5ANxdNuTm+zzgbKMnOz EtBxbJUXrQWRj46CmXWCXjD+GHh5vPG4u2W/+ljktEAMu7WbNbh5+Jph1GXzySeolGzTTF xwxSfm3k4Goe5sMnDYKcYMH1QMuDWZVpz7n4xNnjm9OVQ/d6zgqRgCvb7aCWgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1699700636; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=GzXroJEOuBpzOq8ecQbauEuNZ0vPF3UEduQ+GcUpjuc=; b=JeWZ43FOmU6xlOxN22jMC9cSHGY9y0lkBAoC0g8B60z3Ia6kTYm90jllcegiakkgJXnudY jGa+s2XCdzIw+54MmITwgJucsjolak2R3wijg0Ey4bqojpfhZzU2Aa7pEUW8v4YDJbmVpD hZ46LxkjvO2avU0Yg7uOfrjpr54/FV7Mn4KDvR5jUnb1boJd0vT9rTFVAViJrt43tnQqBY VjwNjgO0YkaCbpU8ZJk1hZAA/CZrYOdRF1MFpkByo7jwIxV+Z7ogRWd6kPH4O4hxi+Ot3x 6wDH2PsLcertDYsE+Oph8WSNb8wi1zHIkgepdMaQ2wbm9mys3SK6LA0yvY6/xg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1699700636; a=rsa-sha256; cv=none; b=WTrpMkbdXg55S3XRrtctJsnk4U/5VLyu/thDCOyqJHku/YFRyqjBzGPPmLjbRq9htiJfdm RWtuKbhPc+IcTgBX+8+gQEiW7E1GNIF7k7PjJ8fNzuhpddPZtG4pXdYrsKnhcHRLz3wvTA ZG3VHusBLiTzzikPhnAJt9sxhzK8RW/vMpB69nuTJywXE8Kex+q7nvXPqgwFjiFFgU1l8+ SV/La86zFL8cImi/mSyPgNGMUmyexY7wfP02sJ+mxKZyor6B6hPpXlpfuXlUga284lfu2x mWjM79MYLGBNj1oYcQsW3meoC+2tbnLUrSfbzzqyz/JVob24YyXAbHy9/arm/w== Received: from smtpclient.apple (ns1.oxydns.net [45.32.91.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: zlei/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4SSCVg1gt2z3Lb; Sat, 11 Nov 2023 11:03:54 +0000 (UTC) (envelope-from zlei@FreeBSD.org) From: Zhenlei Huang Message-Id: <7BA2954F-D9DF-4D95-A8A8-9FF8E1A07E63@FreeBSD.org> Content-Type: multipart/alternative; boundary="Apple-Mail=_CA32C2FB-65D5-48D5-97CC-A156325D5CF8" List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.4\)) Subject: Re: loopback and IP source Date: Sat, 11 Nov 2023 19:03:40 +0800 In-Reply-To: Cc: "freebsd-net@FreeBSD.org" To: Benoit Chesneau References: X-Mailer: Apple Mail (2.3696.120.41.1.4) --Apple-Mail=_CA32C2FB-65D5-48D5-97CC-A156325D5CF8 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On Nov 11, 2023, at 5:56 PM, Benoit Chesneau = wrote: >=20 > Is there a way to ensure that the IP set in loopback on the rc.conf is = always used as source for routing. I setup it like this: >=20 > ``` > cloned_interfaces=3D"lo1" > ifconfig_lo1=3D"inet 195.24.245.226/32 up" > ifconfig_lo1_ipv6=3D"inet6 2a12:5541:1:1::3/128" > ``` >=20 > and others IP are set on interfaces or vlans. All routes informations = are fetched via BGP. The strange thing is that when I do a ping to = `1.1.1.1`` this work (and pass via one of the vlan through the transit). = But when I do a ping to another IP going through an IX the ping only = work when I force the source using `-S`: `ping -S $MY_IP $OTHER_IP` . Is = there something to do ? How to investigate such issue?=20 >=20 That is expected behavior. I'll explain IPv4 source ip selection shortly. For applications that do not set the source IP address, the source IP is = selected at best effort. This "best effort" is choosing a IP nearest (lowest metric) to target. = Apparently an IP address on loopback interfaces are "further" than any IP addresses on the outgoing = interface. > Is there something to do ? How to investigate such issue? You can refer to RFC 1122 section 3.3.4.3 [1] for IPv4 and RFC 6724 [2] = for IPv6. 1. https://datatracker.ietf.org/doc/html/rfc1122#section-3.3.4.3 = 2. https://datatracker.ietf.org/doc/html/rfc6724 = >=20 >=20 > Beno=C3=AEt >=20 Best regards, Zhenlei --Apple-Mail=_CA32C2FB-65D5-48D5-97CC-A156325D5CF8 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8

On Nov 11, 2023, at 5:56 PM, Benoit Chesneau <benoitc@enki-multimedia.eu> wrote:

Is = there a way to ensure that the IP set in loopback on the rc.conf is = always used as source for routing. I setup it like this:
```
cloned_interfaces=3D"lo1"
ifconfig_lo1=3D"inet 195.24.245.226/32 up"
ifconfig_lo1_ipv6=3D"inet6 2a12:5541:1:1::3/128"
```

and others IP are set on = interfaces or vlans. All routes informations are fetched via BGP. The = strange thing is that when I do a ping to `1.1.1.1`` this work (and pass = via one of the vlan through the transit). But when I do a ping to = another IP going through an IX the ping only work when I force the = source using `-S`: `ping -S $MY_IP $OTHER_IP` . Is there something to do = ? How to investigate such issue?


That = is expected behavior.

I'll explain = IPv4 source ip selection shortly.
For applications that do not = set the source IP address, the source IP is selected at best = effort.
This "best effort" is choosing a IP nearest (lowest = metric) to target. Apparently an IP address on
loopback = interfaces are "further" than any IP addresses on the outgoing = interface.

Is there something to do ? How to investigate such = issue?
You can refer to RFC 1122 section 3.3.4.3 = [1] for IPv4 and RFC 6724 [2] for IPv6.




Beno=C3=AEt


Best regards,
Zhenlei

= --Apple-Mail=_CA32C2FB-65D5-48D5-97CC-A156325D5CF8--