I work in a manufacturing environment and I have the need to communicate with up to 50 devices that are all at 192.168.0.2 from a single (Windows) computer. Assume that I don't have the ability to change the IP addresses on these devices.
I have a couple of solutions in mind at the moment. One that I've confirmed is functional, and another that -almost- works. I'm basically probing to see what others have done, or if there is something better, or if there's a way to fix my -almost- working method.
The hardware setup is the same for both and is very similar to the setup described in this question. I have a Windows PC connected to a managed switch. The managed switch is setup so that each port is vlan'd into its own untagged vlan and all of those vlans are tagged on the port connected to the PC.
Option A (The -almost- works options)
I run a single Linux VM running the latest Ubuntu Server release on the Windows PC and run the following commands
# eth1 connects to the managed switch.
# eth2 connects to the Windows PC (Windows PC is at 192.168.1.50).
# This handles the initial setup and the first device
sudo ifconfig eth2 192.168.1.51/24
sudo vconfig add eth1 101
sudo ifconfig eth1.101 192.168.0.1
sudo ip route del 192.168.0.0/24
sudo ip addr add 192.168.1.61/24 dev eth2
sudo ip rule add fwmark 101 table 101
sudo ip route add 192.168.0.0/24 dev eth1.101 table 101
sudo ip route add 192.168.1.0/24 dev eth2 table 101
sudo iptables -t mangle -A PREROUTING -i eth2 -d 192.168.1.61 -j MARK --set-mark 101
sudo iptables -t nat -A PREROUTING -m mark --mark 101 -j DNAT --to-destination 192.168.0.2
#this handles a second device and is modified for each additional device
sudo vconfig add eth1 102
sudo ip addr add 192.168.1.62/24 dev eth2
sudo ifconfig eth1.102 192.168.0.1/24
sudo iptables -t mangle -A PREROUTING -i eth2 -d 192.168.1.62 -j MARK --set-mark 102
sudo iptables -t nat -A PREROUTING -m mark --mark 102 -j DNAT --to-destination 192.168.0.2
sudo ip rule add fwmark 102 table 102
sudo ip route del 192.168.0.0/24
sudo ip route add 192.168.0.0/24 dev eth1.102 table 102
Basically, I have multiple virtual IP addresses on the NIC facing the Windows PC and each virtual IP uses IPTables and routing rules to map and forward it to a specific virtual NIC representing a vlan. Now, I think something is getting screwed up in the ARP table judging from output I've seen via TCPDump (a lot of the times, nothing responds to the ARP request from the device). I can get it to work if I remove the ip route rules and have a "global" ip route to 192.168.0.0/24, but then it obviously doesn't work for multiple devices.
**Option B (Works great, but a bit silly)
I launch 50 VMs on the Windows PC running the latest version of DSL Linux. Each VM basically handles the routing for a single device. The commands are as follows.
# eth1 connects to the managed switch.
# eth2 connects to the Windows PC
ifconfig eth1 up
vconfig add eth1 101
ifconfig eth1.101 192.168.0.1
ip addr add 192.168.56.2/24 dev eth2
iptables -t nat -A PREROUTING -i eth2 -d 192.168.56.2 -j DNAT --to-destination 192.168.0.2
And and silly as it is to launch 50 VMs on a single desktop PC, it does work, and it works great.
I'd love to go with option A if I could get it to work, but I'm thinking I've hit a brick wall with that one. Option B is my last ditch effort if I can't get it to work. I might end up putting all those VMs on separate hardware if I have to do that. So my question(s) to Superuser are: Can I make Option A work? What other solutions are there? Are there hardware routers/NATs that can do what I want?
No comments:
Post a Comment