Configuring Policy-based Routes for a Linux ECS with Multiple Network Interfaces
Scenarios
This section describes how to configure policy-based routes for a CentOS 8.0 64-bit ECS with two network interfaces.
For details about the background knowledge and networking of an ECS with two network interfaces, see Overview.
Configuring IPv4 Policy-based Routes for a CentOS ECS
- Collect the ECS network information required for configuring policy-based routes.
For details, see Collecting ECS Network Information.
In this example, the network information of the ECS is shown in Table 1.
- Log in to the source ECS.
For details, see Logging In to an ECS.
- Check whether the source ECS can use its primary network interface to communicate with the destination ECS:
ping -I <IP-address-of-the-primary-network-interface-on-the-source-ECS> <IP-address-of-the-destination-ECS>
In this example, run the following command:
ping -I 10.0.0.115 10.0.2.12
If information similar to the following is displayed, the source ECS can use its primary network interface to communicate with the destination ECS.[root@ecs-resource ~]# ping -I 10.0.0.115 10.0.2.12 PING 10.0.2.12 (10.0.2.12) from 10.0.0.115 : 56(84) bytes of data. 64 bytes from 10.0.2.12: icmp_seq=1 ttl=64 time=0.775 ms 64 bytes from 10.0.2.12: icmp_seq=2 ttl=64 time=0.268 ms 64 bytes from 10.0.2.12: icmp_seq=3 ttl=64 time=0.220 ms 64 bytes from 10.0.2.12: icmp_seq=4 ttl=64 time=0.167 ms ^C --- 10.0.2.12 ping statistics ---
Before configuring policy-based routes, ensure that the source ECS can use its primary network interface to communicate with the destination ECS.
- Query the network interface names of the source ECS:
Search for the network interface names based on IP addresses.
- The primary network interface address is 10.0.0.115, and its name is eth0.
- The extended network interface address is 10.0.1.183, and its name is eth1.
[root@ecs-resource ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.115 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::f816:3eff:fe92:6e0e prefixlen 64 scopeid 0x20<link> ether fa:16:3e:92:6e:0e txqueuelen 1000 (Ethernet) RX packets 432288 bytes 135762012 (129.4 MiB) RX errors 0 dropped 0 overruns 0 frame 1655 TX packets 423744 bytes 106716932 (101.7 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.1.183 netmask 255.255.255.0 broadcast 10.0.1.255 inet6 fe80::f816:3eff:febf:5818 prefixlen 64 scopeid 0x20<link> ether fa:16:3e:bf:58:18 txqueuelen 1000 (Ethernet) RX packets 9028 bytes 536972 (524.3 KiB) RX errors 0 dropped 0 overruns 0 frame 1915 TX packets 6290 bytes 272473 (266.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 - Configure temporary routes for the source ECS.
Temporary routes are applied immediately but are lost after ECS restarts. To avoid network disruptions, perform 6 to configure persistent routes instead.
- Configure policy-based routes for both the primary and extended network interfaces.
- Primary network interface
ip route add default via <subnet-gateway> dev <network-interface-name> table <route-table-name>
ip route add <subnet-CIDR-block> dev <network-interface-name> table <route-table-name>
ip rule add from <network-interface-address> table <route-table-name>
- Extended network interface
ip route add default via <subnet-gateway> dev <network-interface-name> table <route-table-name>
ip route add <subnet-CIDR-block> dev <network-interface-name> table <route-table-name>
ip rule add from <network-interface-address> table <route-table-name>
Configure the parameters as follows:In this example, run the following commands:
- Primary network interface
ip route add default via 10.0.0.1 dev eth0 table 10
ip route add 10.0.0.0/24 dev eth0 table 10
ip rule add from 10.0.0.115 table 10
- Extended network interface
ip route add default via 10.0.1.1 dev eth1 table 20
ip route add 10.0.1.0/24 dev eth1 table 20
ip rule add from 10.0.1.183 table 20
If the ECS has multiple network interfaces, configure policy-based routes for all network interfaces one by one.
- Primary network interface
- Check whether the policy-based routes are added.
ip route show table <route-table-name-of-the-primary-network-interface>
ip route show table <route-table-name-of-the-extended-network-interface>
The route table name is the one configured in 5.a.
In this example, run the following commands:
ip rule
ip route show table 10
ip route show table 20
If information similar to the following is displayed, the policy-based routes have been added.[root@ecs-resource ~]# ip rule 0: from all lookup local 32764: from 10.0.1.183 lookup 20 32765: from 10.0.0.115 lookup 10 32766: from all lookup main 32767: from all lookup default [root@ecs-resource ~]# ip route show table 10 default via 10.0.0.1 dev eth0 10.0.0.0/24 dev eth0 scope link [root@ecs-resource ~]# ip route show table 20 default via 10.0.1.1 dev eth1 10.0.1.0/24 dev eth1 scope link
- Check whether the source and destination ECSs can communicate with each other.
ping -I <IP-address-of-the-primary-network-interface-on-the-source-ECS> <IP-address-of-the-destination-ECS>
ping -I <IP-address-of-the-extended-network-interface-on-the-source-ECS> <IP-address-of-the-destination-ECS>
In this example, run the following commands:
ping -I 10.0.0.115 10.0.2.12
ping -I 10.0.1.183 10.0.2.12
If information similar to the following is displayed, both the network interfaces of the source ECS can communicate with the destination ECS.
[root@ecs-resource ~]# ping -I 10.0.0.115 10.0.2.12 PING 10.0.2.12 (10.0.2.12) from 10.0.0.115 : 56(84) bytes of data. 64 bytes from 10.0.2.12: icmp_seq=1 ttl=64 time=0.775 ms 64 bytes from 10.0.2.12: icmp_seq=2 ttl=64 time=0.268 ms 64 bytes from 10.0.2.12: icmp_seq=3 ttl=64 time=0.220 ms 64 bytes from 10.0.2.12: icmp_seq=4 ttl=64 time=0.167 ms ^C --- 10.0.2.12 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 102ms rtt min/avg/max/mdev = 0.167/0.357/0.775/0.244 ms [root@ecs-resource ~]# ping -I 10.0.1.183 10.0.2.12 PING 10.0.2.12 (10.0.2.12) from 10.0.1.183 : 56(84) bytes of data. 64 bytes from 10.0.2.12: icmp_seq=1 ttl=64 time=2.84 ms 64 bytes from 10.0.2.12: icmp_seq=2 ttl=64 time=0.258 ms 64 bytes from 10.0.2.12: icmp_seq=3 ttl=64 time=0.234 ms 64 bytes from 10.0.2.12: icmp_seq=4 ttl=64 time=0.153 ms ^C --- 10.0.2.12 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 92ms rtt min/avg/max/mdev = 0.153/0.871/2.840/1.137 ms
- Configure policy-based routes for both the primary and extended network interfaces.
- Configure persistent routes for the source ECS.
- Run the following command to open the /etc/rc.local file:
vi /etc/rc.local
- Press i to enter the editing mode.
- Add the following content to the end of the file:
# check eth0 for ((x=0; x<30; x++)); do if (ping -I eth0 10.0.0.1 -c 1 -W 1 >/dev/null 2>&1); then break fi done # Add v4 routes for eth0 ip route flush table 10 ip route add default via 10.0.0.1 dev eth0 table 10 ip route add 10.0.0.0/24 dev eth0 table 10 ip rule add from 10.0.0.115 table 10 # check eth1 for ((x=0; x<30; x++)); do if (ping -I eth1 10.0.1.1 -c 1 -W 1 >/dev/null 2>&1); then break fi done # Add v4 routes for eth1 ip route flush table 20 ip route add default via 10.0.1.1 dev eth1 table 20 ip route add 10.0.1.0/24 dev eth1 table 20 ip rule add from 10.0.1.183 table 20 # Add v4 routes for cloud-init ip rule add to 169.254.169.254 table mainThe parameters are as follows:
- check eth0: checks whether the primary network interface is started by pinging the IPv4 gateway of the subnet where the primary network interface resides. In this example, 10.0.0.1 indicates the IPv4 gateway of the subnet where primary network interface eth0 resides, -c 1 indicates that one data packet is sent at a time, and -W 1 indicates that the timeout duration is 1s and the number of retries is 30.
- Add v4 routes for eth0: policy-based routes of the primary network interface. Set the value to be the same as that configured in 5.a.
- check eth1: checks whether the extended network interface is started by pinging the IPv4 gateway of the subnet where the extended network interface resides. In this example, 10.0.0.1 indicates the IPv4 gateway of the subnet where extended network interface eth1 resides, -c 1 indicates that one data packet is sent at a time, and -W 1 indicates that the timeout duration is 1s and the number of retries is 30.
- Add v4 routes for eth1: policy-based routes of the extended network interface. Set the value to be the same as that configured in 5.a.
- Add v4 routes for cloud-init: Configure the Cloud-Init address. Set the value to be the same as that in the preceding configurations.
- Press ESC to exit and enter :wq! to save the configuration.
- Run the following command to assign execute permissions to the /etc/rc.local file:
chmod +x /etc/rc.local
If your operating system is Red Hat or EulerOS, run the following command after you perform 6.e:
chmod +x /etc/rc.d/rc.local
- Run the following command to restart the ECS:
Policy-based routes added to the /etc/rc.local file take effect only after the ECS is restarted. Ensure that workloads on the ECS will not be affected before restarting the ECS.
- Repeat 5.b to 5.c to check whether the policy-based routes are added and whether the source ECS and the destination ECS can communicate with each other.
- Run the following command to open the /etc/rc.local file:
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
