Get webhook notifications whenever Network & Infrastructure creates an incident, updates an incident, resolves an incident or changes a component status.
To improve the network security and avoid the spoofs in the network (which are blocked by ACLs on the switches, but we never know) we added the commands \"ip verify\" on all dedicated servers infrastructure.
The router verifies that the packets coming from the server via vlan have the best root via the same vlan.
This prevents spoof problems that can be generated by vracks: the packet comes to the server via the vrack and goes out through the standard network.
This configuration is no longer possible.
The packet incoming by vrack must outcome by vrack.
You must use the iproute2 that manages this kind of routing:
Considering that the server IP is 123.123.123.123 IN THE VRACK
Considering that the gateway of the vrack is 123.123.123.254
Considering that your vlan number is 2000
ip rule add from 123.123.123.123/32 table 666
ip route add default via 123.123.123.254 dev eth0.2000 table 666