Newsgroups: comp.protocols.tcp-ip
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!cunixf.cc.columbia.edu!cs.columbia.edu!ji
From: ji@cs.columbia.edu (John Ioannidis)
Subject: Re: How to set up subnets where logical subnet != physical subnet
Message-ID: <1991Apr10.063716.9725@cs.columbia.edu>
Followup-To: comp.protocols.tcp-ip
Keywords: subnet routing
Sender: news@cs.columbia.edu (The Daily News)
Reply-To: ji@liberty.columbia.edu (John Ioannidis)
Organization: Columbia University Department of Computer Science
References: <dcm.671220071@baldur.dell.com>
Date: Wed, 10 Apr 91 06:37:16 GMT

In article <dcm.671220071@baldur.dell.com> dcm@baldur.dell.com (Dave McCracken) writes:
>I am trying to solve a problem we are having trying to set up a
>subnet in our corporate network.
>
>
 [ Description of their corporate network with MAC-layer bridges and
   multiple IP subnets on the same wire delted. ]
	

>is necessary for several logical subnets, based on the subnet
>mask, to be on the same physical network.  The routing code in the IP
>driver will cheerfully accept that the other subnets are local when
>I specify 0 hops to the route command, but it absolutely refuses
>to let me specify an IP address for the router that is not in the
>same logical subnet.  We are currently running mostly System V Release 4,
>but the same problem exists on our Suns and in the straight BSD4.3
>code (I looked in the source).

Let us be specific. Assume your campus network is 182.95 (nice unused
Class-B network), and that "subnets" 182.95.20, 182.95.21 and
182.95.22 are all on the same wire.

Your hostname is host-20-19 and its address is 182.95.20.19.
Your ethernet inteface has been configured as

# ifconfig le0 182.95.20.19 up netmask 255.255.255.0 -trailers

Your routing table looks something like:

# netstat -r -n
Routing tables
Destination          Gateway              Flags    Refcnt Use        Interface
127.0.0.1            127.0.0.1            UH       0      0          lo0
182.95.20            182.95.20.19         U        0      5          le0

Now, in order to access machines on the subnets .21. and .22., you add
static routes like this:

# route add net 182.95.21 182.95.20.19 0
# route add net 182.95.22 182.95.20.19 0

So that your routing table now looks like:

# netstat -r -n
Routing tables
Destination          Gateway              Flags    Refcnt Use        Interface
127.0.0.1            127.0.0.1            UH       0      0          lo0
182.95.20            182.95.20.19         U        0      5          le0
182.95.21            182.95.20.19         U        0      0          le0
182.95.22            182.95.20.19         U        0      0          le0

Now, for reasons that I'd rather not know (!), there exists a router
(call it router-21-1, address 182.95.21.1) to some other net(s), that
you want to use from subnets .20. and .22.. Evidently, you cannot say

# route add default 182.95.21.1 1 

on host-20-19; the route command will say (and with good reason):

add net default: gateway 182.95.21.1: Network is unreachable

>
>What I would like to know from the collected wisdom of Usenet is
>why the restriction is there, and if you think anything would break
>if I changed the IP driver in SVR4 to accept a router address outside

The "restriction" is there because of the way routes are set up with
SIOCADDRT. For gatewaying through another machine (metric > 0), the
code checks whether that gateway is on the same subnet as yourself. If
it is not, it gives you a "network is unreachable" error.

Conceivably, you may want to check whether the subnet of the gateway
you are trying to route through already has a route through yourself
(which is your case), and thus allow the addition of routes to
machines not on your subnet but still on the same physical network.
There is no reason this should create any problems, unless someone
deletes those static routes.

Of course, the whole reason for these network gymnastics is that you
need the *ethernet* address of a gateway to send the packets through.
The gateway may be on the same wire as you are (so you can send it the
packets), but the routing code will not allow you to add it.

Instead, you can fool your code into thinking it's using a gateway on
its subnet in the following (hacky) way: Assign a dummy IP address on
sunet 20 to your router and a machine on the same physical to
proxy-arp for it: We've already said that your router is 182.95.21.1.
Now, reserve the address 182.95.20.254 for it. On some machine on the
wire, add the following ARP entry:

# arp -s 182.95.20.254 <router-21-1's ethernet address>

and on all machines on subnet .20. add the routing entry:

# route add default 182.95.20.254 1

On router-21-1, add the following static routes:

# route add net 182.95.20 182.95.21.1 0
# route add net 182.95.22 182.95.21.1 0

Now, every time you want to send something out that would have to go
through router-21-1, host-20-19 will arp for 182.95.20.254. The
machine with the static ARP entry will respond with .21.1's ethernet
address, and your host will send the IP packet to that ethernet
address. Now, the router does not care what the source is; it only
cares what the destination is. Upon receipt of a packet, if it can
route the packet, it will do so. So this takes care of routing packets
out. The static routes we set up on router-21-1 will take care of
routing packets back to hosts on .20. and .22. 

>the subnet.  I would also like to know is there is a simple way in the
>router to present miltiple IP addresses without plugging in extra
>network cards.  This would be an alternate solution that would not

CISCOs can do that. On BSD-derived Unixes, although there is a linked
list of addresses for each interface, there are no ioctl's that will
allow you to bind multiple addresses to an interface. The ifnet
structure has a pointer to a linked list of addresses for the
interface, but I suspect that too much code just assumes that there is
only one address per interface. I haven't looked at the multicast code
lately, but I don't think it uses the linked list of addresses;
someone please correct me if I'm wrong (I hope I am; I'll be needing
the ability to have the same interface have multiple addresses very soon!)


>require changing all clients.
>
>Thanks,
>
>--
>Dave McCracken      dcm@dell.dell.com      (512) 343-3720
>Dell Computer       9505 Arboretum Blvd    Austin, TX 78759-7299

Hope this helps

/ji

In-Real-Life: John "Heldenprogrammer" Ioannidis
E-Mail-To: ji@cs.columbia.edu
V-Mail-To: +1 212 854 8120
P-Mail-To: 450 Computer Science \n Columbia University \n New York, NY 10027

