{"id":1173,"date":"2017-12-16T16:49:56","date_gmt":"2017-12-16T22:49:56","guid":{"rendered":"http:\/\/blog.ls-al.com\/?p=1173"},"modified":"2017-12-16T16:49:56","modified_gmt":"2017-12-16T22:49:56","slug":"linux-routing-two-interfaces-on-same-subnet","status":"publish","type":"post","link":"https:\/\/blog.ls-al.com\/linux-routing-two-interfaces-on-same-subnet\/","title":{"rendered":"Linux Routing Two Interfaces on Same Subnet"},"content":{"rendered":"

It's possible you will never need to do this and most likely there are experts that say avoid doing this. I recently had a challenge to do exactly this so I am recording my effort for future reference. This link helped me get it to work: https:\/\/access.redhat.com\/solutions\/30564<\/p>\n

My setup is similar to the link above but a few more layers. My setup is a Centos7 VM under KVM. KVM using SR-IOV Network Virtual Functions. And to further complicate it the KVM hypervisor is an Oracle Cloud (OCI) bare metal server. OCI hands out additional public IP addresses using VNIC's which are added to the host via pass through. Out of scope here is adding VNIC's to KVM guests. Also note the public IP is natted to private IP's.<\/p>\n

\r\n[root@centos7 opc]# cat \/etc\/iproute2\/rt_tables \r\n[..]\r\n100 t1\r\n101 t2\r\n\r\n[root@centos7 opc]# cat \/etc\/sysconfig\/network-scripts\/route-ens3\r\n10.1.0.0\/16 dev ens3 src 10.1.1.12 table t1\r\ndefault via 10.1.1.1 dev ens3 table t1\r\n\r\n[root@centos7 opc]# cat \/etc\/sysconfig\/network-scripts\/route-ens9\r\n10.1.0.0\/16 dev ens9 src 10.1.1.13 table t2\r\ndefault via 10.1.1.1 dev ens9 table t2\r\n\r\n[root@centos7 opc]# cat \/etc\/sysconfig\/network-scripts\/rule-ens3\r\ntable t1 from 10.1.1.12\r\n\r\n[root@centos7 opc]# cat \/etc\/sysconfig\/network-scripts\/rule-ens9\r\ntable t2 from 10.1.1.13\r\n<\/pre>\n
Note may not need all below settings for example ens3 and ens9.  Defaults may be enough.<\/p>\n
\r\n[root@centos7 opc]# cat \/etc\/sysctl.d\/99-sysctl.conf \r\n[..]\r\nnet.ipv4.conf.all.arp_filter = 1\r\nnet.ipv4.conf.default.arp_filter = 1\r\nnet.ipv4.conf.all.arp_announce = 2\r\nnet.ipv4.conf.default.arp_announce = 2\r\n\r\nnet.ipv4.conf.default.rp_filter = 2\r\nnet.ipv4.conf.all.rp_filter = 2\r\nnet.ipv4.conf.ens3.rp_filter = 2\r\nnet.ipv4.conf.ens9.rp_filter = 2\r\n<\/pre>\n
Had some issues with \/etc\/sysconfig\/network-scripts\/route-ens* script not working at reboots, but manually running \/etc\/sysconfig\/network-scripts\/route-ens3 and route-ens9 worked.  Commented DEFROUTE and GATEWAY and added NM_CONTROLLED=no and then routes worked at boot up.<\/p>\n
\r\n[root@centos7 opc]# cat \/etc\/sysconfig\/network-scripts\/ifcfg-ens3\r\nTYPE=Ethernet\r\nBOOTPROTO=static\r\n#DEFROUTE=yes\r\nNAME=ens3\r\nDEVICE=ens3\r\nONBOOT=yes\r\nIPADDR=10.1.1.12\r\nNETMASK=255.255.255.0\r\n#GATEWAY=10.1.1.1\r\nNM_CONTROLLED="no"\r\n\r\n[root@centos7 opc]# cat \/etc\/sysconfig\/network-scripts\/ifcfg-ens9\r\nTYPE=Ethernet\r\nBOOTPROTO=static\r\n#DEFROUTE=yes\r\nNAME=ens9\r\nDEVICE=ens9\r\nONBOOT=yes\r\nIPADDR=10.1.1.13\r\nNETMASK=255.255.255.0\r\n#GATEWAY=10.1.1.1\r\nNM_CONTROLLED="no"\r\n<\/pre>\n
Reboot<\/p>\n
\r\n[opc@centos7 ~]$ sudo -s\r\n[root@centos7 opc]# ip route show table t1\r\ndefault via 10.1.1.1 dev ens3 \r\n10.1.0.0\/16 dev ens3 scope link src 10.1.1.12 \r\n\r\n[root@centos7 opc]# ip route show table t2\r\ndefault via 10.1.1.1 dev ens9 \r\n10.1.0.0\/16 dev ens9 scope link src 10.1.1.13 \r\n\r\n[root@centos7 opc]# ip route show\r\n10.1.1.0\/24 dev ens3 proto kernel scope link src 10.1.1.12 \r\n10.1.1.0\/24 dev ens9 proto kernel scope link src 10.1.1.13 \r\n169.254.0.0\/16 dev ens3 scope link metric 1002 \r\n169.254.0.0\/16 dev ens9 scope link metric 1003 \r\n\r\n[root@centos7 opc]# ping -I 10.1.1.12 8.8.8.8\r\nPING 8.8.8.8 (8.8.8.8) from 10.1.1.12 : 56(84) bytes of data.\r\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=61 time=10.6 ms\r\n\r\n[root@centos7 opc]# ping -I 10.1.1.13 8.8.8.8\r\nPING 8.8.8.8 (8.8.8.8) from 10.1.1.13 : 56(84) bytes of data.\r\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=61 time=10.5 ms\r\n<\/pre>\n
Ping form hypervisor to VM IP's works now.<\/p>\n
\r\n# ping 10.1.1.12\r\nPING 10.1.1.12 (10.1.1.12) 56(84) bytes of data.\r\n64 bytes from 10.1.1.12: icmp_seq=1 ttl=64 time=0.223 ms\r\n\r\n# ping 10.1.1.13\r\nPING 10.1.1.13 (10.1.1.13) 56(84) bytes of data.\r\n64 bytes from 10.1.1.13: icmp_seq=1 ttl=64 time=0.189 ms\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
It’s possible you will never need to do this and most likely there are experts that say avoid doing this.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-1173","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/1173","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/comments?post=1173"}],"version-history":[{"count":0,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/1173\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/media?parent=1173"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/categories?post=1173"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/tags?post=1173"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}