SSH broken pipe - asymetric routing issue?



  • Hi,
    I am receiving a broken pipe when I SSH to a machine in a different subnet. My research indicates it is linked to asymetric routing - but I am not experienced enough to diagnose it properly.

    I have two intefaces:
    LAN: 10.10.0.0/24
    CORE: 10.10.10.0/24
    Each have their own physical NIC and there are no VLANs.

    When I SSH to a server in the LAN network from the CORE network, after about 30 seconds the session hangs and then terminates with:

    packet_write_wait: Connection to 10.10.0.79 port 22: Broken pipe
    

    I have looked int he logs and can't find anything that is happening when the session is terminating.

    If I am directly patched into the LAN network I do not experience broken pipes. It is only when patched into the CORE network.

    Looking for suggestions to diagnose the problem.

    Thanks

    I have the following firewall rules set up:
    LAN

    States		Protocol	Source	Port	Destination	Port		Gateway	Queue	Schedule	Description
    0 /61.09 MiB	*		*	*	LAN Address	443, 80, 22	*	*			Anti-Lockout Rule	
    0 /46.25 GiB	IPv4 *		LAN net	*		*	*		*	none		 	Default allow LAN to any rule	    
    0 /0 B		IPv6 *		LAN net	*		*	*		*	none		 	Default allow LAN IPv6 to any rule
    

    CORE

    States		Protocol	Source	Port	Destination	Port		Gateway	Queue	Schedule	Description
    167 /45.82 GiB	IPv4 *		CORE net	*	*	*		*	none		 	Default allow CORE to any rule
    0 /0 B		IPv6 *		CORE net	*	*	*		*	none
    


  • I have done some diagnosis and I realise that the traffic is coming back from a second NIC. So it is indeed asymmetric routing.

    Screen Shot 2020-09-06 at 9.26.11 pm.png



  • @bryon I decided the simplest and most secure way forward is to create a jumpbox with two NICs. I ssh to the jumpbox when I need to access the management LAN.
    I plan to add a web proxy to the jump box so I can access web-based machines in the management LAN.
    If anyone has alternate ideas then I'd love to hear them.


Log in to reply