Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
Good afternoon,
I'm working on a three computers (under Linux Mint 14) LAN. They are connected to a switch and none of them have any firewall.
The problem is that each one of them is really slow to detect failures of one of their peers.
For example, I proceed to that test :
I ping from 192.168.0.2 to 192.168.0.3. After 10 seconds, I unplung 192.168.0.3 from the switch... the problem is that 192.168.0.2 takes 48 seconds to detect that !
Here you'll finds logs of that test
oneadmin#192.168.0.2 ~ $ ping -v -i 1 192.168.0.3
PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data.
64 bytes from 192.168.0.3: icmp_req=1 ttl=64 time=0.233 ms
64 bytes from 192.168.0.3: icmp_req=2 ttl=64 time=0.236 ms
64 bytes from 192.168.0.3: icmp_req=3 ttl=64 time=0.220 ms
64 bytes from 192.168.0.3: icmp_req=4 ttl=64 time=0.229 ms
64 bytes from 192.168.0.3: icmp_req=5 ttl=64 time=0.233 ms
64 bytes from 192.168.0.3: icmp_req=6 ttl=64 time=0.210 ms
64 bytes from 192.168.0.3: icmp_req=7 ttl=64 time=0.271 ms
64 bytes from 192.168.0.3: icmp_req=8 ttl=64 time=0.273 ms
64 bytes from 192.168.0.3: icmp_req=9 ttl=64 time=0.291 ms
64 bytes from 192.168.0.3: icmp_req=10 ttl=64 time=0.201 ms
From 192.168.0.2 icmp_seq=58 Destination Host Unreachable
From 192.168.0.2 icmp_seq=59 Destination Host Unreachable
From 192.168.0.2 icmp_seq=60 Destination Host Unreachable
From 192.168.0.2 icmp_seq=61 Destination Host Unreachable
From 192.168.0.2 icmp_seq=62 Destination Host Unreachable
From 192.168.0.2 icmp_seq=63 Destination Host Unreachable
From 192.168.0.2 icmp_seq=64 Destination Host Unreachable
From 192.168.0.2 icmp_seq=65 Destination Host Unreachable
From 192.168.0.2 icmp_seq=66 Destination Host Unreachable
From 192.168.0.2 icmp_seq=67 Destination Host Unreachable
From 192.168.0.2 icmp_seq=68 Destination Host Unreachable
From 192.168.0.2 icmp_seq=69 Destination Host Unreachable
What shall I do to reduce that time?
Best regards,
Sonsolès
You can use -w to specify timeout
ping -c1 -w1 192.168.0.3
Options Details:
-c count
Stop after sending count ECHO_REQUEST packets. With deadline option, ping
waits for count ECHO_REPLY packets, until the timeout expires.
-w deadline
Specify a timeout, in seconds, before ping exits regardless of how many pack‐
ets have been sent or received. In this case ping does not stop after count
packet are sent, it waits either for deadline expire or until count probes
are answered or for some error notification from network.
I guess you can you -O
ping -O host.com
claudionei#TI-03 ~ $ ping -O 10.251.15.251
PING 10.251.15.251 (10.251.15.251) 56(84) bytes of data.
64 bytes from 10.251.15.251: icmp_seq=1 ttl=62 time=4.50 ms
no answer yet for icmp_seq=2
64 bytes from 10.251.15.251: icmp_seq=2 ttl=62 time=1950 ms
no answer yet for icmp_seq=3
64 bytes from 10.251.15.251: icmp_seq=3 ttl=62 time=1409 ms
64 bytes from 10.251.15.251: icmp_seq=4 ttl=62 time=576 ms
64 bytes from 10.251.15.251: icmp_seq=5 ttl=62 time=654 ms
64 bytes from 10.251.15.251: icmp_seq=6 ttl=62 time=4.41 ms
--- 10.251.15.251 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5001ms
rtt min/avg/max/mdev = 4.416/766.491/1950.291/710.053 ms, pipe 2
Related
On my single DNS server, bind9 (version 9.11.5-P4-5.1), I have configured a Response Policy Zone (RPZ) to block certain domains. The IP of the DNS server is 192.168.1.5
Now I am going to put the relevant parts to the configuration of the different files and commands:
On the server:
In /etc/bind/named.conf.options
acl trusted {
localhost; # this server
192.168.1.0/24; #my net
}
Also
// Only allows trusted client to use the service
allow-query { trusted; };
forwarders {
The IP of the NS1 of IPS#1;
The IP of the NS2 of IPS#1;
The IP of the NS1 of IPS#2;
The IP of the NS2 of IPS#2;
8.8.8.8;
8.8.4.4;
1.1.1.1;
};
And also
// For Ad-Blocking/Blacklisting/Whitelisting
response-policy {
zone "rpz.blacklist";
zone "office.local" policy passthru;
zone "1.168.192.in-addr.arpa" policy passthru;
};
In /etc/bind/named.conf.local
zone "rpz.blacklist" {
typemaster;
file "/etc/bind/zones/rpz.blacklist.db";
allow-query { trusted; };
allow-transfer { localhost; };
};
And finally in /etc/bind/zones/rpz.blacklist.db
; BIND reverse data file for empty rfc1918 zone
;
; DO NOT EDIT THIS FILE - it is used for multiple zones.
; Instead, copy it, edit named.conf, and use that copy.
;
$TTL 86400
# IN SOA localhost. root.localhost. (
1 ; Serial
604800; Refresh
86400; Retry
2419200; expire
86400); Negative Cache TTL
;
# IN NS localhost.
;.:#====================#:.
; Blacklist Domains
;.:#====================#:.
ads2000.hw.net IN A 127.0.0.1
There are more domains but I leave one only for the example.
The commands [named-checkconf] and [named-checkconf "rpz.blacklist" /etc/bind/zones/rpz.blacklist.db] return OK and the service starts successfully
Now if I ping ads2000.hw.net from the same server it works fine
ping -c 5 ads2000.hw.net
PING ads2000.hw.net (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.037 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.037 ms
64 bytes from localhost (127.0.0.1): icmp_seq=4 ttl=64 time=0.201 ms
64 bytes from localhost (127.0.0.1): icmp_seq=5 ttl=64 time=0.034 ms
--- ads2000.hw.net ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 105ms
rtt min/avg/max/mdev = 0.034/0.069/0.201/0.066ms
Now if I do it from a linux client, it does not :
ping -c 5 ads2000.hw.net
PING ads2000.hw.net (65.8.181.28) 56(84) bytes of data.
64 bytes from server-65-8-181-28.mia3.r.cloudfront.net (65.8.181.28): icmp_seq=1 ttl=246 time=131 ms
64 bytes from server-65-8-181-28.mia3.r.cloudfront.net (65.8.181.28): icmp_seq=2 ttl=246 time=131 ms
64 bytes from server-65-8-181-28.mia3.r.cloudfront.net (65.8.181.28): icmp_seq=3 ttl=246 time=131 ms
64 bytes from server-65-8-181-28.mia3.r.cloudfront.net (65.8.181.28): icmp_seq=4 ttl=246 time=131 ms
64 bytes from server-65-8-181-28.mia3.r.cloudfront.net (65.8.181.28): icmp_seq=5 ttl=246 time=131 ms
This is my dns settings on that computer
cat /etc/resolv.conf
## Generated by NetworkManager
domain office.local
search office.local
nameserver 192.168.1.5
nameserver 1.1.1.1
nameserver 8.8.8.8
Now if I do it from a windows client, it does not work either:
ping ads2000.hw.net
Ping ads2000.hw.net [65.8.181.28] with 32 bytes of data:
Response from 65.8.181.28: bytes=32 time=131ms TTL=246
Response from 65.8.181.28: bytes=32 time=131ms TTL=246
Response from 65.8.181.28: bytes=32 time=131ms TTL=246
Response from 65.8.181.28: bytes=32 time=131ms TTL=246
Ping statistics for 65.8.181.28:
Packets: sent = 4, received = 4, lost = 0
(0% lost),
Approximate round trip times in milliseconds:
Minimum = 131ms, Maximum = 131ms, Average = 131ms
This is my dns settings on that computer
Ethernet Ethernet Adapter:
Specific DNS suffix for the connection. . : office.local
DNS servers. . . . . . . . . . . . . . : 192.168.1.5
1.1.1.1
8.8.8.8
If I remove the servers "1.1.1.1" and "8.8.8.8" from the clients, it works but from them I lose Internet (I can not resolve names from internet domains from the clients.)
What am I doing wrong?
I thank you in advance for your help.
PS: Sorry for my bad English
Try :
sudo systemd-resolve --flush-caches
sudo systemctl restart systemd-resolved
Incase it didn't help,
Please add the input return from -
dig hw.net
I'm running Linux:
Linux davide 5.7.0-kali1-amd64 #1 SMP Debian 5.7.6-1kali2 (2020-07-01) x86_64 GNU/Linux
When I try to run some process in the background they appear on the terminal and I can see all the STDOUT. I tried both with the command "'Ctrl+z'+bg" and '&' after the expression.
Example: Ping -c 10 127.0.0.1 &
It seems that the process is running in the background (in fact I receive the PID like if it is working) but then I see all the output in the terminal.
I can also run other commands like here:
$ ping -c 10 127.0.0.1 &
[1] 2079
$ PING 127.0.0.1 (127.0.0.1) 56 (84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.041 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.053 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.053 ms
64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.047 ms
64 bytes from 127.0.0.1: icmp_seq=5 ttl=64 time=0.052 ms
64 bytes from 127.0.0.1: icmp_seq=6 ttl=64 time=0.059 ms
64 bytes from 127.0.0.1: icmp_seq=7 ttl=64 time=0.053 ms
ls
Desktop Documents Downloads Music Pictures Public Templates Videos
$ 64 bytes from 127.0.0.1: icmp_seq=8 ttl=64 time=0.054 ms
64 bytes from 127.0.0.1: icmp_seq=9 ttl=64 time=0.057 ms
64 bytes from 127.0.0.1: icmp_seq=10 ttl=64 time=0.054 ms
--- 127.0.0.1 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9215ms
Rtt min/avg/max/mdev = 0.041/0.052/0.059/0.004 ms
[1]+ Done ping -c 10 127.0.0.1
I don't know if is a bug of the new release or a misconfiguration, but I could't find any topic about this. Can Somebody help with this?
& is used to make the command run the background but it does not make its output to hide.
If you want to redirect the output to a file use >, which is used to redirect the output.
E.g:
ping www.wikipedia.com > output.txt &
Also, you can redirect the output to /dev/null if you don't want to store it although it would not be relevant here.
Regarding Ctrl + z: It is used to put a command to suspend mode not run in background. For more information see here
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I'm have configured GRE tunnels between centos machines and corresponding routing tables on individual centos machines as shown in the image:
Im able to
Ping from Router-1 to gre1 tunnels other end:
worker]# ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=1.43 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.472 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.291 ms
64 bytes from 10.0.0.2: icmp_seq=4 ttl=64 time=0.319 ms
The traffic reaches Transit Router over the GRE tunnel(this is verified by tcpdump proto gre)
Ping from Router-2 to gre2 tunnels other end:
worker]# ping 11.0.0.2
PING 11.0.0.2 (11.0.0.2) 56(84) bytes of data.
64 bytes from 11.0.0.2: icmp_seq=1 ttl=64 time=1.10 ms
64 bytes from 11.0.0.2: icmp_seq=2 ttl=64 time=0.392 ms
64 bytes from 11.0.0.2: icmp_seq=3 ttl=64 time=0.369 ms
64 bytes from 11.0.0.2: icmp_seq=4 ttl=64 time=0.258 ms
This traffic too flows on tunnel
and on the transit router I'm able to ping the private address of both Router-1 and Router-2 after adding the routing entry:
Transit Router:
[root#vmc-centos conf]# ping 10.2.32.1
PING 10.2.32.1 (10.2.32.1) 56(84) bytes of data.
64 bytes from 10.2.32.1: icmp_seq=1 ttl=64 time=0.589 ms
64 bytes from 10.2.32.1: icmp_seq=2 ttl=64 time=0.380 ms
64 bytes from 10.2.32.1: icmp_seq=3 ttl=64 time=0.383 ms
Router-1:
worker]# tcpdump -i any proto gre -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
04:54:36.684864 IP 10.206.83.3 > 10.206.90.103: GREv0, length 88: IP 10.0.0.2 > 10.2.32.1: ICMP echo request, id 20445, seq 34, length 64
04:54:36.684951 IP 10.206.90.103 > 10.206.83.3: GREv0, length 88: IP 10.2.32.1 > 10.0.0.2: ICMP echo reply, id 20445, seq 34, length 64
04:54:37.684776 IP 10.206.83.3 > 10.206.90.103: GREv0, length 88: IP 10.0.0.2 > 10.2.32.1: ICMP echo request, id 20445, seq 35, length 64
Transit Router:
[root#vmc-centos conf]# ping 10.4.32.1
PING 10.4.32.1 (10.4.32.1) 56(84) bytes of data.
64 bytes from 10.4.32.1: icmp_seq=1 ttl=64 time=0.553 ms
64 bytes from 10.4.32.1: icmp_seq=2 ttl=64 time=0.325 ms
64 bytes from 10.4.32.1: icmp_seq=3 ttl=64 time=0.354 ms
Router-2:
worker]# sudo tcpdump -i any proto gre -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
04:56:57.549823 IP 10.206.83.3 > 10.206.86.199: GREv0, length 88: IP 11.0.0.2 > 10.4.32.1: ICMP echo request, id 20690, seq 24, length 64
04:56:57.549896 IP 10.206.86.199 > 10.206.83.3: GREv0, length 88: IP 10.4.32.1 > 11.0.0.2: ICMP echo reply, id 20690, seq 24, length 64
But now when I try to reach the private network of Router-2(10.4.32.1) from Router-1, the packets reach till Transit Router but are not being forwarded from there to Router-2:
Router-1:
worker]# ping 10.4.32.1
PING 10.4.32.1 (10.4.32.1) 56(84) bytes of data.
Transit Router:
[root#vmc-centos conf]# tcpdump -i any proto gre -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
04:59:06.382024 IP 10.206.90.103 > 10.206.83.3: GREv0, length 88: IP 10.0.0.1 > 10.4.32.1: ICMP echo request, id 36131, seq 40, length 64
04:59:07.382007 IP 10.206.90.103 > 10.206.83.3: GREv0, length 88: IP 10.0.0.1 > 10.4.32.1: ICMP echo request, id 36131, seq 41, length 64
Router-2:
[root#wdc-10-206-86-199 worker]# sudo tcpdump -i any proto gre -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
Route forwarding is enabled on all the machines:
[root#vmc-centos conf]# sudo sysctl -p
net.ipv4.ip_forward = 1
iptables on transit router:
[root#vmc-centos ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT gre -- anywhere anywhere
ACCEPT gre -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT gre -- anywhere anywhere
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Note: I have tried this before and the packets were reaching the other private network. Now Im trying on another setup, theres some config I'm missing.
Got the answer here:
https://serverfault.com/questions/1010565/packets-not-getting-forwarded-on-centos7-between-gre-tunnels
The Docker daemon seems to be running on the forwarding machine. By default to isolate containers on different bridges and the host machine, Docker will install a default DROP policy on the forwarding chain in iptables. There is a setting in Docker daemon to not do this. Set iptables to false in /etc/docker/daemon.json. See Docker and iptables.
If you change default policy to ACCEPT, that will work.
iptables --policy FORWARD ACCEPT
BUT, when you (or a package upgrade of docker, or a reboot) restarts the Docker daemon the default policy will again change to DROP, if you didn't change the setting of the docker daemon.
So lately, I update my SSH port to 558
cat /etc/ssh/sshd_config | grep Po
Port 558
I notice that my git pull keep hanging.
I research online, I found this SO link
Why does git pull hang?
I tried
git fsck && git gc --prune=now
I got
Checking object directories: 100% (256/256), done.
Checking objects: 100% (3806/3806), done.
Counting objects: 3840, done.
Compressing objects: 100% (1566/1566), done.
Writing objects: 100% (3840/3840), done.
Total 3840 (delta 2120), reused 3795 (delta 2096)
I tried git pull again after that , hang again.
My VM have access to the internet.
ping google.com
PING google.com (172.217.12.142) 56(84) bytes of data.
64 bytes from lga34s19-in-f14.1e100.net (172.217.12.142): icmp_seq=1 ttl=56 time=1.68 ms
64 bytes from lga34s19-in-f14.1e100.net (172.217.12.142): icmp_seq=2 ttl=56 time=1.31 ms
64 bytes from lga34s19-in-f14.1e100.net (172.217.12.142): icmp_seq=3 ttl=56 time=1.11 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.118/1.374/1.689/0.238 ms
This is my
└── git config --list
core.repositoryformatversion=0
core.filemode=true
core.bare=false
core.logallrefupdates=true
remote.origin.url=git#bitbucket.org:bb/cc.git
remote.origin.fetch=+refs/heads/*:refs/remotes/origin/*
branch.master.remote=origin
branch.master.merge=refs/heads/master
remote.origin2.url=https://rajakannan#bitbucket.org/bb/cc.git
What should I check ?
Update
I am not sure if it is related to my sshd_config or not, but
I tried
mkdir test
cd test
git clone git#bitbucket.bb/cc.git
Cloning into 'cc'...
|...
hang again ... even on clone 👆🏼
Update 2
Could this be a firewall issues ? I can't even ping bitbucket.org
ping bitbucket.org
PING bitbucket.org (18.205.93.2) 56(84) bytes of data.
... stuck ... freeze ...
but I can ping google.com
ping google.com
PING google.com (172.217.9.238) 56(84) bytes of data.
64 bytes from lga34s11-in-f14.1e100.net (172.217.9.238): icmp_seq=1 ttl=56 time=1.59 ms
64 bytes from lga34s11-in-f14.1e100.net (172.217.9.238): icmp_seq=2 ttl=56 time=1.27 ms
^C64 bytes from lga34s11-in-f14.1e100.net (172.217.9.238): icmp_seq=3 ttl=56 time=1.05 ms
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.052/1.307/1.596/0.227 ms
BitBucket status is clean, so the issue is not on the remote side.
You are cloning with an SSH URL git#bitbucket.org:bb/cc.git.
Try, for testing, an HTTPS URL: https://bitbucket.org/bb/cc.git
I am creating a new network namespace called OAM, along wit the veth interfaces to communicate between the new namespace and the default namespace:
$ sudo ip netns add OAM
$ sudo ip link add veth0 type veth peer name veth1
$ sudo ip link set veth1 netns OAM
$ ip netns exec OAM ip link set dev veth1 up
$ ip link set dev veth0 up
$ sudo ip netns exec OAM ip addr add dev veth1 192.168.0.1/24
$ sudo ip addr add dev veth0 192.168.0.2/24
Now I check the value of ip_default_ttl parameter from within the default namespace:
$ cat /proc/sys/net/ipv4/ip_default_ttl
64
It is set to 64. Next I check the same parameter in the newly created OAM namespace:
$ sudo ip netns exec OAM cat /proc/sys/net/ipv4/ip_default_ttl
cat: /proc/sys/net/ipv4/ip_default_ttl: No such file or directory
So, there isn't a copy of this parameter in the new network namespace.
If I try to test what is the value of TTL in both namespaces by using ping, I can see it's ttl=64:
Default namespace:
$ ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_req=1 ttl=64 time=0.072 ms
64 bytes from 192.168.0.1: icmp_req=2 ttl=64 time=0.060 ms
64 bytes from 192.168.0.1: icmp_req=3 ttl=64 time=0.053 ms
^C
--- 192.168.0.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3997ms
rtt min/avg/max/mdev = 0.036/0.051/0.072/0.016 ms
Newly created OAM namespace:
$ sudo ip netns exec OAM ping 192.168.0.2
PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
64 bytes from 192.168.0.2: icmp_req=1 ttl=64 time=0.042 ms
64 bytes from 192.168.0.2: icmp_req=2 ttl=64 time=0.030 ms
64 bytes from 192.168.0.2: icmp_req=3 ttl=64 time=0.053 ms
^C
--- 192.168.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.030/0.041/0.053/0.012 ms
So it seems that even though the ip_default_ttl parameter is not present in the new OAM namespace, the value used is the same (ttl=64).
I confirm that by logging in as root into another terminal and changing the ip_default_ttl value from 64 to 32 like this:
$ echo 32 > /proc/sys/net/ipv4/ip_default_ttl
Now if I retest the pings to check TTL, I get the same value of ttl=32 in both default and OAM namespace:
$ ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_req=1 ttl=32 time=0.029 ms
64 bytes from 192.168.0.1: icmp_req=2 ttl=32 time=0.038 ms
64 bytes from 192.168.0.1: icmp_req=3 ttl=32 time=0.053 ms
^C
--- 192.168.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.029/0.040/0.053/0.009 ms
$ sudo ip netns exec OAM ping 192.168.0.2
PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
64 bytes from 192.168.0.2: icmp_req=1 ttl=32 time=0.023 ms
64 bytes from 192.168.0.2: icmp_req=2 ttl=32 time=0.031 ms
64 bytes from 192.168.0.2: icmp_req=3 ttl=32 time=0.082 ms
^C
--- 192.168.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.023/0.045/0.082/0.026 ms
So, it seems that the kernel parameter ip_default_ttl defined in the default namespace is used globally across all the network namespaces.
Finally, my question is, what if I want to have different TTL values depending on different namespaces. Is there a way to achieve that ? Is there a way to somehow clone the ip_default_ttl kernel parameter (or other ones which don't get copied) from default to a newly created network namespace and have a separate value ?
Thanks for your answer in advance.
Different namespaces and thus containers, etc. operate within a single instance kernel, so parameters like ip_default_ttl are global.
You can however explicitly set hoplimit for routes:
# ip route change 192.168.50.0/24 dev xenbr0 hoplimit 32