Incoming Network Packets Discarded on Non-Gateway Interface (Doc ID 1269099.1)

Last updated on MARCH 08, 2017

Applies to:

Linux OS - Version: 5.5 and later   [Release: OEL5U5 and later ]
Linux x86-64

Symptoms


After installing Unbreakable Enterprise Kernel (OL5) 2.6.32.x, networks accessed through the non-default gateway cannot be accessed.  If the kernel is changed back to EL5 (2.6.18.x), network routing works as expected. If the default gateway is changed, the networks previously unreachable can be reached, but the networks on the previous default gateway cannot.

Changes


An example of a network configuration that exhibits the problem:



               +-------------------------+
               |           SUT           |
               | 10.3.76.99   10.3.65.99 |
               +-----+------------+------+
                     |            |
        10.3.76.0/24 |            | 10.3.65.0/24
  -----+-------------+---      ---+------------+------
       |                                       |
+------+--------+                      +-------+-------+
| 10.3.76.101   |                      | 10.3.65.101   |
|RA    |        |                      |RB     |       |
| 10.3.105.101  |                      | 10.3.105.102  |
+------+--------+                      +-------+-------+
       |                                       |
       |            10.3.105.0/24              |
 ------+-----------------+---------------------+------
                         |
                         |
                  +------+-------+
                  | 10.3.105.99  |
                  |    source    |
                  +--------------+

A ping from "source" (at the bottom) to the system under test (SUT) at the top is made. The default route for both "source" and "SUT" is "RA", the node on the left. Both RA and RB forward packets between both interfaces; "SUT" does not forward packets between its interfaces.

With the above configuration, "source" can ping both the IP addresses of both "RA" and "RB". It can also ping 10.3.76.99 in "SUT". However, it cannot ping 10.3.65.99 in "SUT" because there is no route to the 10.3.65.0/24 network. However, a ping to "source" (10.3.105.99) from "SUT" will work.

With the default route through RA (so that the ICMP ECHO response goes back the way it came) the ping to 10.3.76.99 in "SUT" works with both 2.6.18 and 2.6.32 kernels.

With the default route through RB (so that the ICMP ECHO response goes back through RB rather than RA) the ping to 10.3.76.99 in "SUT" works with the 2.6.18 kernel, but not with the 2.6.32 kernel.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms