Force local network traffic through the switch

Question

I have a machine with three network cards. One card is connected to a WAN and the other two cards are connected to the same switch with the same subnet (192.168.1.0/24). What I want to do is send data between the two cards, but make sure the data actually goes through the switch, rather than stay internal to the Linux network stack.

When I set up the two cards normally and try to ping one from the other, it works but Wireshark does not show any traffic, so it is not going to the network.

I have tried setting up static routes to the switch trying to force all traffic to have to go through the switch. When I do this, the pings are net responded to and I get a flood of unanswered ARP requests trying to find the other address. But either address can ping another machine on the subnet, and that machine can ping either address.

I have tried changing the arp filter settings on the Linux Kernel, but no luck.

Any suggestions? Thanks!

Also, bonus points for setting up one NIC with IP aliasing to do the same thing.

Answer 1

I'm new here but I might have the answer to this question.

The operating system will attempt to recognize that the other network card is a local dev. I think you can use the 'dev' option to 'ip route' to force it out the other network card.

For example, I have an ip address:

45.32.160.129

And the route for this subnet shows device dev ens3

45.32.160.0/24 dev ens3 proto kernel scope link src 45.32.160.129

But say I had another network card, ens4 at 45.32.161.4/24:

45.32.161.0/24 dev ens4 proto kernel scope link src 45.32.161.4

then you can use the 'dev' option to 'ip route' to specify the device used. This way you can specify that the other network card use itself for the ens3 ip instead of it using ens3 (itself) when you try to access it from the local machine. The trick to this is that you have to use policy routing too. Because you can't have the network card try to access itself and go out the other cards interface too because it will never find itself. So you have to specify with policy/source routing that it should only hop through the other card when that card is trying to access it. That is where you would have to specify a source match. Even further then you would have to make sure you are binding to the correct ip source address in your network software of choice that you are trying to use or test with. This should force it to access the other network card over the switch. Of course then you would do the same for the other card but the other way around.

This may solve your problem. Look at the 'ip route' man page for route precedence and the 'dev' parameter. Then Look at rule matching to do the policy part. It should look something like this:

ip rule add from 45.32.161.4 lookup from1
ip rule add from 45.32.160.129 lookup from2

Then add the opposite routes:

ip route add 45.32.160.129 via 45.32.161.4 dev ens4 table from1
ip route add 45.32.161.4 via 45.32.160.129 dev ens3 table from2

And you need those tables to be created in /etc/iproute2