/srv/irclogs.ubuntu.com/2021/12/10/#netplan.txt

danboidI've set up a route with netplan on one of our servers but I can't ping theserver its connected to via that route11:15
danboidCan anyonespot any problems with this config?11:17
danboidhttps://paste.ubuntu.com/p/TTNsykwf4s/11:17
danboidThe route shows up correctly under `ip r` and `route`11:17
danboidAh! Looks like I've got to: and via: the wrong way round11:19
danboidAre there no tools to help with netplan config yet? I'd like something like nmtui for netplan11:31
danboidSwapping ther to: and via: values hasn't fixed my problem. I now wondering if its a formatting issue11:34
danboidOr if I've inserted the route in the wrong section11:34
schopindanboid: how do you reach 192.168.10.1 ?11:36
danboidHere's theroute output from the machne its connecting to (which is using network-manager)11:38
danboidhttps://paste.ubuntu.com/p/tNBM7FrMph/11:38
danboidI can ping thetarget machine from that, but not the other way around11:39
danboidschopin: Its a 10Gb fibre link11:39
schopinYou mean that from the machine that is 192.168.10.1 you cannot ping your netplan-configured machine? Which IP are you using for the failing ping?11:40
schopinBecause there's no route from your /30 subnetwork to your global network.11:40
danboidAh OK, I need to add another route11:42
danboidI'm trying to ping 192.168.10.111:44
danboidI don't seem to have a route from my /30 network to my global network on either box11:46
danboidWhat would you suggest that would look like?11:46
danboidie what woukld the to: and via: values be andwhere do I put them?11:47
danboidto: would be 0.0.0.0 ?11:47
schopinYou don't want to route your /30 to the Internet.11:47
danboidNo, I don't11:48
schopinWell, that's basically what you're asking for :)11:48
danboidSo I route it to thesame gateway as my other interface then?11:49
schopinNo, if you want your /30 to be able to communicate with the Internet you need to do some NAT-ing on your server.11:50
schopinI don't think netplan can do that for you.11:50
danboidI don't want that. The /30 isa private network with one other host on it11:50
schopinYes, I understand that. And the IPs in your /30 cannot leak to the outside world.11:51
danboidYou said I was missing a route?11:51
danboidFrom the/30 to my global netywork11:51
schopinIf both of your networks were using public IPs yes you would be missing a route from your /30 to your /2411:51
schopinBUT you shouldn't use routing to connect your /30 to the Internet.11:52
danboid the /30 doesn't need to be on the net11:53
schopinOK, so you just want the machines on your /24 to be able to ping the private IPs in your /30 ?11:54
danboidYes11:54
danboidErm no11:54
danboidI've got two servers11:55
danboidBoth have a /24 address, on the net11:55
danboidBoth also havea 2nd nic (SFP) with a /30 address and I want to usethat to transfer files netween the two11:55
schopinOK, what do you need routing for then? The default on-link route that comes with the static address definition should be enough.11:56
schopinWhen you add 192.168.10.1/30 to an interface, you automatically add a route to 192.168.10.0/30 via this interface.11:57
danboidI was unable to ping the other machine plus theSFP nic didn't show under route on the netplan box without adding the route manually. On the network-manager both everything 'just worked' (TM)11:58
danboidI'm thinking I should switch them both tio network-manager. Its much easier than netplan11:59
danboidI'm only trying tio use netplan becauseitsthedefault in Ubuntu11:59
schopindanboid: have you checked that ens5f0 is up and has the correct address?12:00
danboidschopin: Yes, ens5f0 is fine according to both ethtool and `ip a`12:02
danboidCorrect address and link is up12:03
schopinAnd yet when you write `ip r` you don't find `192.168.10.0/24 dev enf5s0 proto kernel scope link src 192.168.10.2 metric 100` ?12:04
schopin(hem, that'd be 192.168.10.0/30 of course)12:06
danboidNo, that is on both12:06
danboidThe difference being I had to manually add a route to get that on the netplan box whilst on the nm machine it was already there12:07
danboidI can ping from the nm box to the other /30 address but not the otherway around12:08
schopinYou shouldn't *need* to add a route to get the output I quoted.12:08
danboidOK, I'm going to removethe route from netplan, andtry it again to makesure I wasn't imagining it12:10
kjetilhoso this is just .10.1 (nm) and .10.2 (netplan) which should be able to talk, right?12:10
danboidYes12:10
kjetilhobtw, my favourite debugging tool is `ip route get 192.168.10.1`12:11
kjetilhoin particular, it will tell you what source address and interface the kernel will choose12:11
danboidI'dalready tried that and I think the output is correct12:12
kjetilhowell then...  perhaps a local firewall?12:13
danboidOK, I got rid of the manually added route on the netplan machine but yes, the route is still there12:20
danboidAfter rebooting12:20
danboidSo I presume thats a good sign12:20
danboidbut I still can't ping the other machine12:20
kjetilhofeel free to share the `ip route get X` output :)12:21
danboid$ ip route get 192.168.10.112:22
danboid192.168.10.1 dev ens5f0 src 192.168.10.2 uid 100012:22
danboid    cache12:22
danboidcache , hmmm12:22
danboidMight I need to clear the arp cache?12:23
kjetilhowell, check arp -n and see if there is anything relevant?12:24
kjetilhoI would whip out tcpdump at this point.12:24
danboid$ arp -n12:25
danboidAddress                  HWtype  HWaddress           Flags Mask            Iface12:25
danboid146.87.15.1              ether   00:08:e3:ff:fc:78   C                     bond012:25
danboid192.168.10.1             ether   14:18:77:5c:29:5c   C                     ens5f012:25
danboidHere's the route outpu on the other machinethat can ping12:26
danboid$ route12:26
danboidKernel IP routing table12:26
danboidDestination     Gateway         Genmask         Flags Metric Ref    Use Iface12:26
danboiddefault         146.87.15.1     0.0.0.0         UG    100    0        0 eth512:26
danboid146.87.15.0     *               255.255.255.0   U     100    0        0 eth512:26
danboidlink-local      *               255.255.255.0   U     100    0        0 idrac12:26
danboidlink-local      *               255.255.0.0     U     1000   0        0 eth512:26
danboid192.168.10.0    *               255.255.255.252 U     100    0        0 eth712:26
danboidDodgy machine:12:27
danboid$ route12:27
danboidKernel IP routing table12:27
danboidDestination     Gateway         Genmask         Flags Metric Ref    Use Iface12:27
danboiddefault         _gateway        0.0.0.0         UG    0      0        0 bond012:27
danboid146.87.15.0     0.0.0.0         255.255.255.0   U     0      0        0 bond012:27
danboid192.168.10.0    0.0.0.0         255.255.255.252 U     0      0        0 ens5f012:27
danboidWhat does a * mean?12:28
danboidWhy don't I have any link-local routes on netplan?12:29
danboidI presume thats what I need to replicate with netplan?12:30
kjetilhoare you absolutely sure it's not a local firewall?12:31
danboidI could be, I'm not thenetwork guy here, as I think you can tell :)12:31
danboidHe thinks it should beconfigured correctly but... doesn't seem so12:32
danboidOh you mean ufw12:32
danboidor iptables12:32
kjetilhoyeah12:32
danboidufw / iptables is disabled12:33
danboidon the machine I'm having probswith12:34
danboidNo comment on those link-local routes I get under nm but not netplan?12:34
schopinI'm not really familiar with the `route` output myself, so I can't really explain what's going on, but 0.0.0.0 is definitely not a valid gateway.12:36
kjetilhodanboid: you need to check on the "working" machine12:36

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!