multiple IPs from different nets problem

Hi,

I want to use to nets 172.25/16 and 10.90/16 (for example) and give some hosts IPs in both, other hosts only in one of them.

I’ve set the ranges, I have both nets in the managed routes. When a host has IPs in both networks it’s local routing table is OK and it can ping both subnets.

When a (ubuntu) host has IP in only one of the networks, it’s routing table misses the rule for the other network and logically there’s no connectivity.

Feature or bug?

Welcome to teh forum.

Are you using two zerotier networks, or 1 network with 2 subnets configured?

thanks!

One ZT “network” with two ip ranges.

In essence I’m asking if it’s expected that ZT would not add the route for the 2nd range when a host has address only in the first range.

Of course I could add the route myself but would’ve preferred if ZT does this. Also I’m probably not understanding correct what managed routes are supossed to do.

Attached is my config for reference. I’d expect to see both subnets routed to the ZT interface on the ubuntu host, but when only 1 IP is assigned (regardless which subnet) only the respective route is present.

Thanks! That makes sense.

ZeroTier is probably not assigning the route and/or address unless both exists. If there is a reason for it to act this way, I don’t remember what it is.

What are you trying to do, at a higher level? There may be a better way to accomplish the same goal.

update: did the same experiment on OSX and it works as I expected it to: whatever manager route I add, it gets added to the routing table immediately. Regardless if it applies to ip range listed in the UI. On Ubuntu this is not the case. No manage route ever added unless I assign IP in that range.

verified both have allowManaged=1

my managed routes:

ubuntu’s routing table:

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         _gateway        0.0.0.0         UG        0 0          0 eth0
10.1.0.0        0.0.0.0         255.255.0.0     U         0 0          0 wg0
10.1.1.5        0.0.0.0         255.255.255.255 UH        0 0          0 wg0
10.1.1.50       0.0.0.0         255.255.255.255 UH        0 0          0 wg0
10.1.1.207      0.0.0.0         255.255.255.255 UH        0 0          0 wg0
172.17.0.0      0.0.0.0         255.255.0.0     U         0 0          0 docker0
172.19.0.0      0.0.0.0         255.255.0.0     U         0 0          0 br-1141be4f8397
172.25.0.0      0.0.0.0         255.255.0.0     U         0 0          0 ztyqb6mt4e
_gateway        0.0.0.0         255.255.255.255 UH        0 0          0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 wg0
192.168.88.0    0.0.0.0         255.255.255.0   U         0 0          0 wg0
192.168.203.0   0.0.0.0         255.255.255.0   U         0 0          0 br-25c911f160a6

OSX routing table excerpt:

Destination        Gateway            Flags        Refs      Use   Netif Expire
default            192.168.1.2        UGSc          129        4     en1
default            192.168.1.2        UGScI           4        0     en0
10.90/16           link#10            UCSc            0        0 feth322      !
127                localhost          UCS             0        0     lo0
172.25             link#10            UC              1        0 feth322      !
192.168.33         link#10            UCSc            0        0 feth322      !
192.168.222        192.168.222.1      UGSc            0        0     en1

interesting how the 222 subnet got assigned to en1, interested how that’s determined? but I guess that’s bit of a hack?

Re what I aim: I’m used to have 10.x network for backbone and 192 or 172 network for “user space” so to say. I can do it by using one range, yes, but I’m learning and if you offer me >1 subnet I’m gonna test it out :slight_smile: and I feel like I caught a bug?

You may have!
I think you will probably run into issues if you do things this way. Which is fine if you want to, but it might not get addressed quickly.

Some alternatives are

  • use multiple zerotier networks.
  • use a 1 network and 1 subnet, but use the rules engine to isolate things

Thanks!
I’d appreciate also link to the documentation where managed routes are explained. I searched but could not find good explanation how this is supposed to work.

Could just be a limitation of Linux. I’m not sure off the top of my head. It may not allow LAN routes to be added without an interface assigned with an address on that LAN.

nope, no problems adding such route manually.