+ Reply to Thread
Results 1 to 15 of 15
  1. The whole Shebang! hiddenknight821's Avatar
    Join Date
    Aug 2009
    Location
    Western NY
    Posts
    1,181

    Certifications
    BS:IT, RHCSA
    #1

    Default 2 NICs on 1 Host

    I'm a total noob on this and I don't have any time to figure out how to do this since I'm stressed with school now. We're wrapping up the quarter in two weeks.

    Here's what I'm trying to do. I have a linux box, Ubuntu 10.04 (actually a dual boot environment) with 2 PCI NICs and one integrated NIC of course.

    Integrated NIC: eth0 (main NIC use to get on the World Wide Web) disable for now

    (below is for strictly experimentation purpose)
    1st PCI NIC: eth1 - 192.168.2.2 MASK: 255.255.255.0 GW: none
    2nd PCI NIC: eth2 - 192.168.2.3 MASK: 255.255.255.0 GW: none

    I have attached straight twisted pairs from both NICs to an unmanaged switch.

    I'm trying to save resources, and instead of having two separate PCs, I thought I can isolate each NIC through virtualization. I plan to use the NIC to connect it to the cloud in GNS3 and bridge the NIC in VirtualBox. However, before I attempt any of that, I set up Wireshark capture on each NIC in promiscuous mode and executed the command:

    ping -I eth1 192.168.2.3

    And I got "Destination Host Unreachable." I only see ARP broadcasts coming from eth1 on both Wireshark captures. And yes, I'm logged in as root. Do you have any idea what I did wrong? I hope I can accomplish this so I don't have to waste money buying another computer.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Oct 2010
    Location
    United States
    Posts
    1,099

    Certifications
    CCNA, CCNA:Sec CCNA:Voice, A+, Project+, Sec+, Linux+, MCTS, ITIL v3, VCP-DCV
    #2
    Quote Originally Posted by hiddenknight821 View Post
    I'm a total noob on this and I don't have any time to figure out how to do this since I'm stressed with school now. We're wrapping up the quarter in two weeks.

    Here's what I'm trying to do. I have a linux box, Ubuntu 10.04 (actually a dual boot environment) with 2 PCI NICs and one integrated NIC of course.

    Integrated NIC: eth0 (main NIC use to get on the World Wide Web) disable for now

    (below is for strictly experimentation purpose)
    1st PCI NIC: eth1 - 192.168.2.2 MASK: 255.255.255.0 GW: none
    2nd PCI NIC: eth2 - 192.168.2.3 MASK: 255.255.255.0 GW: none

    I have attached straight twisted pairs from both NICs to an unmanaged switch.

    I'm trying to save resources, and instead of having two separate PCs, I thought I can isolate each NIC through virtualization. I plan to use the NIC to connect it to the cloud in GNS3 and bridge the NIC in VirtualBox. However, before I attempt any of that, I set up Wireshark capture on each NIC in promiscuous mode and executed the command:

    ping -I eth1 192.168.2.3

    And I got "Destination Host Unreachable." I only see ARP broadcasts coming from eth1 on both Wireshark captures. And yes, I'm logged in as root. Do you have any idea what I did wrong? I hope I can accomplish this so I don't have to waste money buying another computer.
    What's the output of ifconfig? Is eth2 up?

    My own personal experience trying to bridge NICs with KVM is it's a pain in the ass.
    Last edited by ehnde; 10-28-2010 at 02:39 AM.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Aug 2008
    Posts
    3,951
    #3
    Is there a particular reason you're trying to put 2 NIC's on the same machine into the same subnet?
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Aug 2008
    Posts
    3,951
    #4
    well, I'll be a little more helpful.

    I would strongly recommend you not put both NIC's in the same subnet, unless you have a very pressing reason to do so.

    if you absolutely must do it that way, do some research into the arp_filter kernel variable
    Reply With Quote Quote  

  6. The whole Shebang! hiddenknight821's Avatar
    Join Date
    Aug 2009
    Location
    Western NY
    Posts
    1,181

    Certifications
    BS:IT, RHCSA
    #5
    root@ubuntu-desktop:~# ifconfig -a
    eth0 Link encap:Ethernet HWaddr 00:1d:92:f6:9f:2f
    inet addr:192.168.1.113 Bcast:192.168.1.255 Mask:255.255.255.0
    inet6 addr: fe80::21d:92ff:fef6:9f2f/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:128526 errors:0 dropped:0 overruns:0 frame:0
    TX packets:77717 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:164319344 (164.3 MB) TX bytes:7644821 (7.6 MB)
    Interrupt:28 Base address:0x8000

    eth1 Link encap:Ethernet HWaddr 1c:bd:b9:87:07:01
    inet addr:192.168.2.2 Bcast:192.168.2.255 Mask:255.255.255.0
    inet6 addr: fe80::1ebd:b9ff:fe87:701/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:81 errors:0 dropped:0 overruns:0 frame:0
    TX packets:278 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:13073 (13.0 KB) TX bytes:40716 (40.7 KB)
    Interrupt:16 Base address:0x4800

    eth2 Link encap:Ethernet HWaddr 1c:bd:b9:87:06:fe
    inet addr:192.168.2.3 Bcast:192.168.2.255 Mask:255.255.255.0
    inet6 addr: fe80::1ebd:b9ff:fe87:6fe/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:161 errors:0 dropped:0 overruns:0 frame:0
    TX packets:82 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:22207 (22.2 KB) TX bytes:11941 (11.9 KB)
    Interrupt:21 Base address:0xac00

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:1325 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1325 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:103356 (103.3 KB) TX bytes:103356 (103.3 KB)

    vboxnet0 Link encap:Ethernet HWaddr 0a:00:27:00:00:00
    BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
    Why would putting both NICs in the same subnet be a problem? Like I said, they are physically attached to a unmanaged switch, so they have to be on the same subnet to communicate with each other. Don't forget that I was able to see the ARP request on my et02 while doing wireshark capture. Man, this is worth an experiment that everybody should try since so far none of you could figure this out. Thanks though.
    Reply With Quote Quote  

  7. Objectives my friend! varelg's Avatar
    Join Date
    Jul 2009
    Location
    Santa Fe, NM
    Posts
    784

    Certifications
    RHCSA
    #6
    Quote Originally Posted by hiddenknight821 View Post
    (below is for strictly experimentation purpose)
    1st PCI NIC: eth1 - 192.168.2.2 MASK: 255.255.255.0 GW: none
    2nd PCI NIC: eth2 - 192.168.2.3 MASK: 255.255.255.0 GW: none
    ... and executed the command:

    ping -I eth1 192.168.2.3

    And I got "Destination Host Unreachable." I only see ARP broadcasts coming from eth1 on both Wireshark captures. And yes, I'm logged in as root. Do you have any idea what I did wrong? I hope I can accomplish this so I don't have to waste money buying another computer.
    Also, GW none?
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Aug 2008
    Posts
    3,951
    #7
    Quote Originally Posted by hiddenknight821 View Post
    Why would putting both NICs in the same subnet be a problem?
    That's a very good question. Did you just dismiss me out of hand, or did you actually do some research on the subject? I'm not just talking out of my ass Did you actually look at the contents of those ARP conversations that you captured?

    Like I said, they are physically attached to a unmanaged switch, so they have to be on the same subnet to communicate with each other. Don't forget that I was able to see the ARP request on my et02 while doing wireshark capture. Man, this is worth an experiment that everybody should try since so far none of you could figure this out. Thanks though.
    I actually already know the problem, and the solution, and I've already pointed you in the right direction. It's up to you to follow up. I'll give you another suggestion as well - If I'm understanding what you're trying to do, you're basically just trying to get a pair of interfaces up to play with, all they need is local connectivity and not connectivity to another box across your unmanaged switch. If that's the case, you're going about this the wrong way. Look into adding some loopback interfaces.
    Last edited by Forsaken_GA; 10-28-2010 at 08:37 AM.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Aug 2008
    Posts
    3,951
    #8
    Quote Originally Posted by varelg View Post
    Also, GW none?
    Not really an issue, he's essentially creating a backend private network where no traffic would necessarily have to leave the subnet. You only need a gateway if you need to talk to nodes outside of your own subnet.
    Reply With Quote Quote  

  10. Cisco Moderator mikej412's Avatar
    Join Date
    May 2005
    Location
    Chicago
    Posts
    10,190

    Certifications
    CCNP CCIP CCSP CCVP CCDP CCDA CCNA CS-CIPSS CS-CIPTDS CS-CIPTOS CS-CIPCSS CS-CFWS CS-CVPNS CS-CISecS ISSP 4013 4011
    #9
    Quote Originally Posted by hiddenknight821 View Post
    this is worth an experiment that everybody should try since so far none of you could figure this out.
    What's to figure out?

    The issue -- and the solution of changing the
    Quote Originally Posted by Forsaken_GA View Post
    arp_filter kernel variable
    was documented at least as far back as 2007. That's when I added multiple 4 port Ethernet cards to a couple of my Linux systems to use with Dynamips -- and I avoided the issue/problem by changing that kernel variable.
    Reply With Quote Quote  

  11. Objectives my friend! varelg's Avatar
    Join Date
    Jul 2009
    Location
    Santa Fe, NM
    Posts
    784

    Certifications
    RHCSA
    #10
    Quote Originally Posted by Forsaken_GA View Post
    Not really an issue, he's essentially creating a backend private network where no traffic would necessarily have to leave the subnet. You only need a gateway if you need to talk to nodes outside of your own subnet.
    And he WILL need to talk outside of its subnet.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Aug 2008
    Posts
    3,951
    #11
    Quote Originally Posted by varelg View Post
    And he WILL need to talk outside of its subnet.
    Well, that depends. It sounds like all he's trying to do bridge some VM's to a GNS3 cloud, so not necessarily. The machines just need to be able to talk amongst each other, not talk to the public internet
    Reply With Quote Quote  

  13. Command Line Ninja Chris:/*'s Avatar
    Join Date
    Apr 2010
    Location
    In the void
    Posts
    657

    Certifications
    NSTISSI (4012 & 4011), eCPPT, CEH, CHFI, EDRP, CWSP, CWNA, RHCSA, VCP 3, G2700, GSEC, CIW:SP:WFA, Security+, Network+, A+
    #12
    Just for a reference you do not need two separate NICs for this. You could run a virtual NIC in linux by adding another configuration file a few other tidbits for an adapter designated like this eth0:1. This effectively allows one NIC to act as two interfaces.

    Assign Virtual IPs to your NIC

    BTW the reason you are getting destination host unreachable is because you put in the wrong IP.

    If you want specific traffic to go out one NIC or the other you have to set up a route stating that otherwise Linux will always default to the first adapter IF they are on the same subnet.
    Reply With Quote Quote  

  14. The whole Shebang! hiddenknight821's Avatar
    Join Date
    Aug 2009
    Location
    Western NY
    Posts
    1,181

    Certifications
    BS:IT, RHCSA
    #13
    After finding the time to play around with my linux box, I must say Josh is the man! I find his link on interface bridging very resourceful. I finally figured out exactly what I wanted to do with my NICs. Although, I still couldn't understand why both of my NIC couldn't communicate with each other directly, which it should. But when I hooked it to a router, it works. So, I guess you guys might be right. I can't place it in the same subnet.

    In the link above, it works for only Debian-based distro, and you would have to download and install two packages: uml-utilities and bridge-utils to be able to use tunctl and brctl commands. I used Ubuntu 10.04, and I gotta say I frigging love my linux box. Although, I need to do some hardware upgrade in the future to run more virtualization.

    What I did was that I created a bridge group interface (br0), where eth1 and tap0 (which I created with tunctl command) interfaces are able to communicate with each other. I'm assuming the bridge group is sort of like a hub. My GNS3 uses the tap0 interface to communicate with the computer. I can even have my XP guest in VirtualBox to communicate with the routers in GNS3 using the bridge (br0) interface. And the sweetest thing about it is that I can run SDM flawlessly. Gosh, I am in love with my linux box. It amazes me with what it can deliver utilizing the virtualization technology. I think I would lose my mind if I use Windows as my primary OS to attempt what I'm trying to accomplish.

    Thank you everyone for your inputs. I'm glad this experiment is over. Time for me to start routing and switching.
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Aug 2008
    Posts
    3,951
    #14
    Quote Originally Posted by hiddenknight821 View Post
    Although, I still couldn't understand why both of my NIC couldn't communicate with each other directly, which it should. But when I hooked it to a router, it works. So, I guess you guys might be right. I can't place it in the same subnet.
    By default, Linux kernels will reply to ARP requests on every interface for every IP they own.

    I'll leave it to you to figure out why this is bad in the situation you were trying to setup
    Reply With Quote Quote  

  16. Objectives my friend! varelg's Avatar
    Join Date
    Jul 2009
    Location
    Santa Fe, NM
    Posts
    784

    Certifications
    RHCSA
    #15
    Quote Originally Posted by hiddenknight821 View Post
    After finding the time to play around with my linux box, I must say Josh is the man! I find his link on interface bridging very resourceful. I finally figured out exactly what I wanted to do with my NICs. Although, I still couldn't understand why both of my NIC couldn't communicate with each other directly, which it should. But when I hooked it to a router, it works. So, I guess you guys might be right. I can't place it in the same subnet.

    In the link above, it works for only Debian-based distro, and you would have to download and install two packages: uml-utilities and bridge-utils to be able to use tunctl and brctl commands. I used Ubuntu 10.04, and I gotta say I frigging love my linux box. Although, I need to do some hardware upgrade in the future to run more virtualization.

    What I did was that I created a bridge group interface (br0), where eth1 and tap0 (which I created with tunctl command) interfaces are able to communicate with each other. I'm assuming the bridge group is sort of like a hub. My GNS3 uses the tap0 interface to communicate with the computer. I can even have my XP guest in VirtualBox to communicate with the routers in GNS3 using the bridge (br0) interface. And the sweetest thing about it is that I can run SDM flawlessly. Gosh, I am in love with my linux box. It amazes me with what it can deliver utilizing the virtualization technology. I think I would lose my mind if I use Windows as my primary OS to attempt what I'm trying to accomplish.

    Thank you everyone for your inputs. I'm glad this experiment is over. Time for me to start routing and switching.
    Oh where to start...
    Congratulations on your succesful experiment, it is always fun to read how experiments started with the objective of the said experiment being unclear/not set.
    Now that you are clear on both what you needed to achieve and how to achieve, perhaps you'll take the time to look at the alternatives to the path you took. Do you also you know why did it work?
    Comparing a desktop client OS to server OS is like comparing apples to oranges. You use hammer to hit the nail in the wall and screwdriver for a screw.
    Good luck with your study, what is:
    - the next experiment on your list, and
    - your experience with the amazon cloud and why did you choose it.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks