Nic_router and multiple NIC drivers in the same domain

trimpim · December 10, 2025, 1:53pm

Hi

In our testing environment we encountered a problem when two NIC drivers connected to the same domain (see config example below).

<config>
  <domain name="uplink">
    <nat domain="downlink" udp-ports="2000" tcp-ports="2000" icmp-ids="2000"/>
  </domain>

  <domain name="downlink" interface="10.10.10.250/16">
    ...
  </domain>

  <policy label="eth1 ->" domain=uplink"/>
  <policy label="eth2 ->" domain=uplink"/>
  <default-policy domain=downlink"/>
</config>

Both Ethernet ports, of the device under test, are connected to the same test network.

What we observed:

all ports on the switches were blinking in sync
in wireshark we could see, that ARP requests for the gateway were sent out on both interfaces in really fast succession
after the run script was terminated the network recovered most of the time, sometime some switches needed to be restarted

This leads to some questions:

are the described observations what one should expect to happen?
would it have made a difference if the two Ethernet ports were in two separated networks?
Is there a way to prevent a domain from accepting multiple connections?
- I did not see anything in the README. In general accepting multiple connections is what one wants

chelmuth · December 17, 2025, 7:53am

I never tried a scenario like yours that adds two uplinks into one domain because I could not answer the question which one will/should/must be used for certain connections from downlink domains. What would you expect to happen in this configuration? In my opinion, the current implementation does not support bonding scenarios and all routing decisions are based on domains, which represent IP address ranges.

Regarding the experienced behavior, I expect it to reveal a bug in ARP handling when both uplinks are used simultaneously. Maybe the ARP waiters play havoc?

are the described observations what one should expect to happen?

In a sense: Yes, we never tried this in practice and I can’t remember if the original author planned to address such use cases.

would it have made a difference if the two Ethernet ports were in two separated networks?

In my opinion: Definitely, cause this is the intended use case of the router.

Is there a way to prevent a domain from accepting multiple connections?

I did not see anything in the README. In general accepting multiple connections is what one wants

None that I know of.

trimpim · December 17, 2025, 12:18pm

@chelmuth thanks for you reply.

It was never intended to have both NIC drivers to connect to the same domain, but it happened due to a config error in a test run script.

We have already planed in two different Networks in the upcoming update of our testing infrastructure.