Network perversions: several identical ip on different router interfaces in FreeBSD

A small introduction. Today they asked for help in one friendly network. We have: a small ISP, a fairly distributed structure, some on radio channels, no authorization, there is a link to mac and ip addresses. On one of the directions, the band of the radio channel ceased to be enough, it became necessary to raise the second channel and throw some of the users onto it. Everything seems simple and trivial, but the addresses and all the settings of the clients are given statically (yes, stupidity, but we work with what they gave) and it is necessary that the network remains working for all subscribers, without any gestures on their part.

In brief, the network structure is shown in the flowchart.

Attempts to unite the channels via LACP did not succeed (radio environment, intermediate iron, etc.), it was decided to pervert, but to raise quickly (a temporary solution, optics will arrive there in a couple of weeks and it will be done in a normal way, so please do not kick).

On the server, we have: FreeBSD 9.0-RELEASE-p3 with the kernel reassembled to fit its needs, network, looking towards the em0 subscribers, radio channel 1 is on vlan2814, and radio channel 2 is on vlan2819.

We add wilan

Add to /etc/rc.conf

cloned_interfaces="vlan2814 vlan2819" ifconfig_em0="up" ifconfig_vlan2814="inet 172.16.1.254 netmask 255.255.255.0 vlan 2814 vlandev em0" ifconfig_vlan2814_alias0="inet 172.16.52.254 netmask 255.255.255.0" ifconfig_vlan2814_alias1="inet 172.16.3.254 netmask 255.255.255.0" ifconfig_vlan2814_alias2="inet 10.55.1.1 netmask 255.255.255.0" ifconfig_vlan2819="inet 172.16.1.254 netmask 255.255.255.0 vlan 2819 vlandev em0" ifconfig_vlan2819_alias0="inet 172.16.52.254 netmask 255.255.255.0" ifconfig_vlan2819_alias1="inet 172.16.3.254 netmask 255.255.255.0" ifconfig_vlan2819_alias2="inet 10.55.1.1 netmask 255.255.255.0" 

As you can see on 2 different interfaces, we specify to use the same ip address. In terms of cisco, this technology is called unnumbered, for FreeBSD I have come across such a name as SuperVlan. The peculiarity of working under FreeBSD is that for the first interface that comes up (in our case, vlan2814), all addresses are automatically routed and no additional gestures are needed.
')
Reboot.

We look at the routing table

 netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire 172.16.1.0/24 link#14 U 0 17830227 vlan2814 172.16.1.254 link#14 UHS 1 0 lo0 172.16.3.0/24 link#14 U 0 2375127 vlan2814 172.16.3.254 link#14 UHS 1 0 lo0 172.16.52.0/24 link#14 U 0 231 vlan2814 172.16.52.254 link#14 UHS 1 0 lo0 10.55.1.0/24 link#14 U 0 36399 vlan2814 10.55.1.1 link#14 UHS 1 0 lo0 

We look the lifted interfaces

 vlan2814: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=3<RXCSUM,TXCSUM> ether 00:1b:21:b8:: inet 172.16.1.254 netmask 0xffffff00 broadcast 172.16.1.255 inet 172.16.52.254 netmask 0xffffff00 broadcast 172.16.52.255 inet 172.16.3.254 netmask 0xffffff00 broadcast 172.16.3.255 inet 10.55.1.1 netmask 0xffffff00 broadcast 10.55.1.255 media: Ethernet autoselect (1000baseT <full-duplex>) status: active vlan: 2814 parent interface: em0 vlan2819: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=3<RXCSUM,TXCSUM> ether 00:1b:21:b8:: inet 172.16.1.254 netmask 0xffffff00 broadcast 172.16.1.255 inet 172.16.52.254 netmask 0xffffff00 broadcast 172.16.52.255 inet 172.16.3.254 netmask 0xffffff00 broadcast 172.16.3.255 inet 10.55.1.1 netmask 0xffffff00 broadcast 10.55.1.255 media: Ethernet autoselect (1000baseT <full-duplex>) status: active vlan: 2819 parent interface: em0 

As we expected both interfaces work on all ip, but the routing goes only through the first, what about the users who will go through vlan2819?
And here we come to a terrible crutch. The theory is this, those subscribers who will try to go through vlan2819 will get into its arp-table, but will not be routed. We write a small script:

 #!/bin/sh FILE=`arp -an -ivlan2819 | grep seconds | awk '{print $2}'| sed 's/[/(,/)]//g'` for I in $FILE do if [ -n "$I" ] then /sbin/route add $I -iface vlan2819 >/dev/null 2>&1 fi done 

The script checks all arps on the vlan2819 interface, selects only live ones (incomplete do not touch if there are any), parsit only the list of ip addresses and drives them into the FILE variable, then the loop adds a static route to each ip from the list and tells to route it through vlan2819. The script is added to the crontab to run once a minute. As a result, when you first connect, the user will wait a maximum of a minute before the script triggers, after which he will receive the Internet.

As a result of the script, our Routing tables changed as follows:

 172.16.1.0/24 link#14 U 0 23476495 vlan2814 172.16.1.12 00:1b:21:b8:: UHS 0 378788 vlan2819 172.16.1.16 00:1b:21:b8:: UHS 0 223 vlan2819 172.16.1.17 00:1b:21:b8:: UHS 0 320660 vlan2819 172.16.1.18 00:1b:21:b8:: UHS 0 322459 vlan2819 {  } 172.16.1.254 link#14 UHS 1 0 lo0 172.16.3.0/24 link#14 U 0 2561712 vlan2814 172.16.3.8 00:1b:21:b8:: UHS 0 22770 vlan2819 172.16.3.13 00:1b:21:b8:: UHS 0 60442 vlan2819 {  } 172.16.3.254 link#14 UHS 1 0 lo0 10.55.1.0/24 link#14 U 0 55592 vlan2814 10.55.1.1 link#14 UHS 1 0 lo0 {  } 10.55.1.102 00:1b:21:b8:: UHS 0 43619 vlan2819 10.55.1.103 00:1b:21:b8:: UHS 0 18 vlan2819 

I repeat once again - the solution is temporary, only good if the subscriber receives the same IP each time (in principle, you can extend the script and add checks to which of the interfaces the subscriber’s mac is lit and if the interface has changed to rebuild the route). Note that I wanted to show that it’s quite possible to use the same ip address on several interfaces (not necessarily 2) and in some cases it can be justified, for example, if there are not enough white addresses and a large number of interfaces, only the required 1 address is output to the interface, but not translate 4 pieces by mask / 30