Why Cannot the EIP Bound to the Extension NIC of My ECS Access the Internet?
Symptom
Your ECS has one primary NIC and one extension NIC in the same subnet. Both the NICs have an EIP bound to access the Internet. The EIP bound to the primary NIC can access the Internet, but that bound to the extension NIC cannot.
Possible Causes
By default, ECSs running CentOS have the reverse path filtering (RP-Filter) enabled. The default route of the ECSs is to forward outgoing traffic through the extension NIC to eth0. However, the system considers that the response data packets should be forwarded from eth1. The system determines that the traffic is received from a wrong NIC and then discards the response packets.
Solution
Configure a policy-based routing rule so that the extension NIC traffic is forwarded from the extension NIC.
- Run the following command to edit the rt_tables file:
vi /etc/iproute2/rt_tables
Add an alias for the routing table, such as test.
- Save the modification and exit.
- Run the following command to add a route to the test table:
ip route add default via Gateway IP address of the extension NIC dev eth1 table Name of the routing table
For example, run the following command:
ip route add default via 192.168.166.1 dev eth1 table test
- Run the following command to add a policy-based routing rule:
ip rule add from IP address of the extension NIC lookup Name of the routing table prio lower than 32766 but higher than the main table
For example, run the following command:
ip rule add from 192.168.166.22 lookup test prio 32000
Check whether the EIP bound to the extension NIC can access the Internet. If you want to make this rule take effect permanently, add the preceding command to the startup script /etc/rc.local.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.