[11:15] <danboid> I've set up a route with netplan on one of our servers but I can't ping theserver its connected to via that route
[11:17] <danboid> Can anyonespot any problems with this config?
[11:17] <danboid> https://paste.ubuntu.com/p/TTNsykwf4s/
[11:17] <danboid> The route shows up correctly under `ip r` and `route`
[11:19] <danboid> Ah! Looks like I've got to: and via: the wrong way round
[11:31] <danboid> Are there no tools to help with netplan config yet? I'd like something like nmtui for netplan
[11:34] <danboid> Swapping ther to: and via: values hasn't fixed my problem. I now wondering if its a formatting issue
[11:34] <danboid> Or if I've inserted the route in the wrong section
[11:36] <schopin> danboid: how do you reach 192.168.10.1 ?
[11:38] <danboid> Here's theroute output from the machne its connecting to (which is using network-manager)
[11:38] <danboid> https://paste.ubuntu.com/p/tNBM7FrMph/
[11:39] <danboid> I can ping thetarget machine from that, but not the other way around
[11:39] <danboid> schopin: Its a 10Gb fibre link
[11:40] <schopin> You mean that from the machine that is 192.168.10.1 you cannot ping your netplan-configured machine? Which IP are you using for the failing ping?
[11:40] <schopin> Because there's no route from your /30 subnetwork to your global network.
[11:42] <danboid> Ah OK, I need to add another route
[11:44] <danboid> I'm trying to ping 192.168.10.1
[11:46] <danboid> I don't seem to have a route from my /30 network to my global network on either box
[11:46] <danboid> What would you suggest that would look like?
[11:47] <danboid> ie what woukld the to: and via: values be andwhere do I put them?
[11:47] <danboid> to: would be 0.0.0.0 ?
[11:47] <schopin> You don't want to route your /30 to the Internet.
[11:48] <danboid> No, I don't
[11:48] <schopin> Well, that's basically what you're asking for :)
[11:49] <danboid> So I route it to thesame gateway as my other interface then?
[11:50] <schopin> No, if you want your /30 to be able to communicate with the Internet you need to do some NAT-ing on your server.
[11:50] <schopin> I don't think netplan can do that for you.
[11:50] <danboid> I don't want that. The /30 isa private network with one other host on it
[11:51] <schopin> Yes, I understand that. And the IPs in your /30 cannot leak to the outside world.
[11:51] <danboid> You said I was missing a route?
[11:51] <danboid> From the/30 to my global netywork
[11:51] <schopin> If both of your networks were using public IPs yes you would be missing a route from your /30 to your /24
[11:52] <schopin> BUT you shouldn't use routing to connect your /30 to the Internet.
[11:53] <danboid>  the /30 doesn't need to be on the net
[11:54] <schopin> OK, so you just want the machines on your /24 to be able to ping the private IPs in your /30 ?
[11:54] <danboid> Yes
[11:54] <danboid> Erm no
[11:55] <danboid> I've got two servers
[11:55] <danboid> Both have a /24 address, on the net
[11:55] <danboid> Both also havea 2nd nic (SFP) with a /30 address and I want to usethat to transfer files netween the two
[11:56] <schopin> OK, what do you need routing for then? The default on-link route that comes with the static address definition should be enough.
[11:57] <schopin> When you add 192.168.10.1/30 to an interface, you automatically add a route to 192.168.10.0/30 via this interface.
[11:58] <danboid> I was unable to ping the other machine plus theSFP nic didn't show under route on the netplan box without adding the route manually. On the network-manager both everything 'just worked' (TM)
[11:59] <danboid> I'm thinking I should switch them both tio network-manager. Its much easier than netplan
[11:59] <danboid> I'm only trying tio use netplan becauseitsthedefault in Ubuntu
[12:00] <schopin> danboid: have you checked that ens5f0 is up and has the correct address?
[12:02] <danboid> schopin: Yes, ens5f0 is fine according to both ethtool and `ip a`
[12:03] <danboid> Correct address and link is up
[12:04] <schopin> And yet when you write `ip r` you don't find `192.168.10.0/24 dev enf5s0 proto kernel scope link src 192.168.10.2 metric 100` ?
[12:06] <schopin> (hem, that'd be 192.168.10.0/30 of course)
[12:06] <danboid> No, that is on both
[12:07] <danboid> The difference being I had to manually add a route to get that on the netplan box whilst on the nm machine it was already there
[12:08] <danboid> I can ping from the nm box to the other /30 address but not the otherway around
[12:08] <schopin> You shouldn't *need* to add a route to get the output I quoted.
[12:10] <danboid> OK, I'm going to removethe route from netplan, andtry it again to makesure I wasn't imagining it
[12:10] <kjetilho> so this is just .10.1 (nm) and .10.2 (netplan) which should be able to talk, right?
[12:10] <danboid> Yes
[12:11] <kjetilho> btw, my favourite debugging tool is `ip route get 192.168.10.1`
[12:11] <kjetilho> in particular, it will tell you what source address and interface the kernel will choose
[12:12] <danboid> I'dalready tried that and I think the output is correct
[12:13] <kjetilho> well then...  perhaps a local firewall?
[12:20] <danboid> OK, I got rid of the manually added route on the netplan machine but yes, the route is still there
[12:20] <danboid> After rebooting
[12:20] <danboid> So I presume thats a good sign
[12:20] <danboid> but I still can't ping the other machine
[12:21] <kjetilho> feel free to share the `ip route get X` output :)
[12:22] <danboid> $ ip route get 192.168.10.1
[12:22] <danboid> 192.168.10.1 dev ens5f0 src 192.168.10.2 uid 1000
[12:22] <danboid>     cache
[12:22] <danboid> cache , hmmm
[12:23] <danboid> Might I need to clear the arp cache?
[12:24] <kjetilho> well, check arp -n and see if there is anything relevant?
[12:24] <kjetilho> I would whip out tcpdump at this point.
[12:25] <danboid> $ arp -n
[12:25] <danboid> Address                  HWtype  HWaddress           Flags Mask            Iface
[12:25] <danboid> 146.87.15.1              ether   00:08:e3:ff:fc:78   C                     bond0
[12:25] <danboid> 192.168.10.1             ether   14:18:77:5c:29:5c   C                     ens5f0
[12:26] <danboid> Here's the route outpu on the other machinethat can ping
[12:26] <danboid> $ route
[12:26] <danboid> Kernel IP routing table
[12:26] <danboid> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
[12:26] <danboid> default         146.87.15.1     0.0.0.0         UG    100    0        0 eth5
[12:26] <danboid> 146.87.15.0     *               255.255.255.0   U     100    0        0 eth5
[12:26] <danboid> link-local      *               255.255.255.0   U     100    0        0 idrac
[12:26] <danboid> link-local      *               255.255.0.0     U     1000   0        0 eth5
[12:26] <danboid> 192.168.10.0    *               255.255.255.252 U     100    0        0 eth7
[12:27] <danboid> Dodgy machine:
[12:27] <danboid> $ route
[12:27] <danboid> Kernel IP routing table
[12:27] <danboid> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
[12:27] <danboid> default         _gateway        0.0.0.0         UG    0      0        0 bond0
[12:27] <danboid> 146.87.15.0     0.0.0.0         255.255.255.0   U     0      0        0 bond0
[12:27] <danboid> 192.168.10.0    0.0.0.0         255.255.255.252 U     0      0        0 ens5f0
[12:28] <danboid> What does a * mean?
[12:29] <danboid> Why don't I have any link-local routes on netplan?
[12:30] <danboid> I presume thats what I need to replicate with netplan?
[12:31] <kjetilho> are you absolutely sure it's not a local firewall?
[12:31] <danboid> I could be, I'm not thenetwork guy here, as I think you can tell :)
[12:32] <danboid> He thinks it should beconfigured correctly but... doesn't seem so
[12:32] <danboid> Oh you mean ufw
[12:32] <danboid> or iptables
[12:32] <kjetilho> yeah
[12:33] <danboid> ufw / iptables is disabled
[12:34] <danboid> on the machine I'm having probswith
[12:34] <danboid> No comment on those link-local routes I get under nm but not netplan?
[12:36] <schopin> I'm not really familiar with the `route` output myself, so I can't really explain what's going on, but 0.0.0.0 is definitely not a valid gateway.
[12:36] <kjetilho> danboid: you need to check on the "working" machine