Help Center> Virtual Private Cloud> Best Practices> Configuring Policy-based Routes for an ECS with Multiple NICs> Configuring Policy-based Routes for a Linux ECS with Multiple NICs (IPv4/IPv6)

Updated on 2022-09-01 GMT+08:00

View PDF

Configuring Policy-based Routes for a Linux ECS with Multiple NICs (IPv4/IPv6)

Scenarios

This section describes how to configure policy-based routes for a dual-NIC ECS running CentOS 8.0 (64-bit).

IPv4: Procedure (Linux ECS Using IPv4)
IPv6: Procedure (Linux ECS Using IPv6)

For details about the background knowledge and networking of dual-NIC ECSs, see Overview.

Procedure (Linux ECS Using IPv4)

Collect the ECS network information required for configuring policy-based routes.
For details, see Collecting ECS Network Information.
Log in to the ECS.
Multiple methods are available for logging in to an ECS. For details, see Logging In to an ECS.
Check whether the source ECS can use its primary NIC to communicate with the destination ECS:
ping -I IP address of the primary NIC on the source ECS IP address of the destination ECS

In this example, run the following command:

ping -I 10.0.0.115 10.0.2.12
If information similar to the following is displayed, the source ECS can use its primary NIC to communicate with the destination ECS.
```
[root@ecs-resource ~]# ping -I 10.0.0.115 10.0.2.12
PING 10.0.2.12 (10.0.2.12) from 10.0.0.115 : 56(84) bytes of data.
64 bytes from 10.0.2.12: icmp_seq=1 ttl=64 time=0.775 ms
64 bytes from 10.0.2.12: icmp_seq=2 ttl=64 time=0.268 ms
64 bytes from 10.0.2.12: icmp_seq=3 ttl=64 time=0.220 ms
64 bytes from 10.0.2.12: icmp_seq=4 ttl=64 time=0.167 ms
^C
--- 10.0.2.12 ping statistics ---
```
Before configuring policy-based routes, ensure that the source ECS can use its primary NIC to communicate with the destination ECS.

Run the following command to query the NIC names of the ECS:

ifconfig

Search for the NIC name based on the NIC address.

10.0.0.115 is the IP address of the primary NIC, and the NIC name is eth0.
10.0.1.183 is the IP address of the extension NIC, and the NIC name is eth1.

[root@ecs-resource ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.115  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::f816:3eff:fe92:6e0e  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:92:6e:0e  txqueuelen 1000  (Ethernet)
        RX packets 432288  bytes 135762012 (129.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 1655
        TX packets 423744  bytes 106716932 (101.7 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.1.183  netmask 255.255.255.0  broadcast 10.0.1.255
        inet6 fe80::f816:3eff:febf:5818  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:bf:58:18  txqueuelen 1000  (Ethernet)
        RX packets 9028  bytes 536972 (524.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 1915
        TX packets 6290  bytes 272473 (266.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Configure temporary routes for the ECS.

Temporary routes take effect immediately after being configured and will be lost after the ECS is restarted. To prevent network interruptions after the ECS is restarted, perform 6 after this step to configure persistent routes.
1. Run the following commands in sequence to configure policy-based routes for both the primary and extension NICs:
  - Primary NIC
    ip route add default via Subnet gateway dev NIC name table Route table name
    
    ip route add Subnet CIDR block dev NIC name table Route table name
    
    ip rule add from NIC address table Route table name
  - Extension NIC
    ip route add default via Subnet gateway dev NIC name table Route table name
    
    ip route add Subnet CIDR block dev NIC name table Route table name
    
    ip rule add from NIC address table Route table name
  Configure the parameters as follows:
  - NIC name: Enter the name obtained in 4.
  - Route table name: Customize a route table name using a number.
  - Other network information: Enter the IP addresses collected in 1.
  In this example, run the following commands:
  - Primary NIC
    ip route add default via 10.0.0.1 dev eth0 table 10
    
    ip route add 10.0.0.0/24 dev eth0 table 10
    
    ip rule add from 10.0.0.115 table 10
  - Extension NIC
    ip route add default via 10.0.1.1 dev eth1 table 20
    
    ip route add 10.0.1.0/24 dev eth1 table 20
    
    ip rule add from 10.0.1.183 table 20
  If the ECS has multiple NICs, configure policy-based routes for all NICs one by one.
2. Check whether the policy-based routes are successfully added.
  ip rule
  
  ip route show table Route table name of the primary NIC
  
  ip route show table Route table name of the extension NIC
  
  The route table name is the customized in 5.a.
  
  In this example, run the following commands:
  
  ip rule
  
  ip route show table 10
  
  ip route show table 20
  If information similar to the following is displayed, the policy-based routes have been added.
```
[root@ecs-resource ~]# ip rule
0:      from all lookup local
32764:  from 10.0.1.183 lookup 20
32765:  from 10.0.0.115 lookup 10
32766:  from all lookup main
32767:  from all lookup default
[root@ecs-resource ~]# ip route show table 10
default via 10.0.0.1 dev eth0 
10.0.0.0/24 dev eth0 scope link 
[root@ecs-resource ~]# ip route show table 20
default via 10.0.1.1 dev eth1 
10.0.1.0/24 dev eth1 scope link 
```
3. Check whether the source ECS and the destination ECS can communicate with each other.
  ping -I IP address of the primary NIC on the source ECS IP address of the destination ECS
  
  ping -I IP address of the extension NIC on the source ECS IP address of the destination ECS
  
  In this example, run the following commands:
  
  ping -I 10.0.0.115 10.0.2.12
  
  ping -I 10.0.1.183 10.0.2.12
  
  If information similar to the following is displayed, both the NICs of the source ECS can communicate with the destination ECS.
```
[root@ecs-resource ~]# ping -I 10.0.0.115 10.0.2.12
PING 10.0.2.12 (10.0.2.12) from 10.0.0.115 : 56(84) bytes of data.
64 bytes from 10.0.2.12: icmp_seq=1 ttl=64 time=0.775 ms
64 bytes from 10.0.2.12: icmp_seq=2 ttl=64 time=0.268 ms
64 bytes from 10.0.2.12: icmp_seq=3 ttl=64 time=0.220 ms
64 bytes from 10.0.2.12: icmp_seq=4 ttl=64 time=0.167 ms
^C
--- 10.0.2.12 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 102ms
rtt min/avg/max/mdev = 0.167/0.357/0.775/0.244 ms
[root@ecs-resource ~]# ping -I 10.0.1.183 10.0.2.12
PING 10.0.2.12 (10.0.2.12) from 10.0.1.183 : 56(84) bytes of data.
64 bytes from 10.0.2.12: icmp_seq=1 ttl=64 time=2.84 ms
64 bytes from 10.0.2.12: icmp_seq=2 ttl=64 time=0.258 ms
64 bytes from 10.0.2.12: icmp_seq=3 ttl=64 time=0.234 ms
64 bytes from 10.0.2.12: icmp_seq=4 ttl=64 time=0.153 ms
^C
--- 10.0.2.12 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 92ms
rtt min/avg/max/mdev = 0.153/0.871/2.840/1.137 ms
```
Configure persistent routes for the ECS.
1. Run the following command to open the /etc/rc.local file:
  vi /etc/rc.local
2. Press i to enter the editing mode.
3. Add the following content to the end of the file:
```
# wait for nics up
sleep 5
# Add v4 routes for eth0
ip route flush table 10
ip route add default via 10.0.0.1 dev eth0 table 10
ip route add 10.0.0.0/24 dev eth0 table 10
ip rule add from 10.0.0.115 table 10
# Add v4 routes for eth1
ip route flush table 20
ip route add default via 10.0.1.1 dev eth1 table 20
ip route add 10.0.1.0/24 dev eth1 table 20
ip rule add from 10.0.1.183 table 20
# Add v4 routes for cloud-init
ip rule add to 169.254.169.254 table main
```
  Parameters are described as follows:
  - wait for nics up: file startup time. Set the value to be the same as that in the preceding configurations.
  - Add v4 routes for eth0: policy-based routes of the primary NIC. Set the value to be the same as that configured in 5.a.
  - Add v4 routes for eth1: policy-based routes of the extension NIC. Set the value to be the same as that configured in 5.a.
  - Add v4 routes for cloud-init: Configure the Cloud-Init address. Set the value to be the same as that in the preceding configurations.
4. Press ESC to exit and enter :wq! to save the configuration.
5. Run the following command to assign execute permissions to the /etc/rc.local file:
  chmod +x /etc/rc.local
  
  If your operating system is Red Hat or EulerOS, run the following command after you perform 6.e:
  
  chmod +x /etc/rc.d/rc.local
6. Run the following command to restart the ECS:
  reboot
  
  Policy-based routes added to the /etc/rc.local file take effect only after the ECS is restarted. Ensure that workloads on the ECS will not be affected before restarting the ECS.
7. Repeat 5.b to 5.c to check whether the policy-based routes are added and whether the source ECS and the destination ECS can communicate with each other.

Procedure (Linux ECS Using IPv6)

Before configuring policy-based routes for an ECS, ensure that the ECS can obtain IPv6 addresses dynamically.

Collect the ECS network information required for configuring policy-based routes.
For details, see Collecting ECS Network Information.
Log in to the ECS.
Multiple methods are available for logging in to an ECS. For details, see Logging In to an ECS.

Check whether the ECS has IPv6 enabled and can obtain IPv6 addresses.

Perform this step for both the source and destination ECSs to ensure that the ECSs have obtained IPv6 addresses. Otherwise, the ECSs cannot communicate with each other using IPv6 addresses.

ECSs in this example run CentOS 8.0 (64-bit). For details about how to obtain IPv6 addresses for ECSs running other OSs, see Dynamically Assigning IPv6 Addresses.

Run the following command to check whether the ECS has IPv6 addresses:

ip addr

In the following command output, eth0 and eth1 are the NICs of the ECS. Each NIC has one inet6 followed by an IP address starting with fe80. This indicates that the ECS has IPv6 enabled but has not obtained IPv6 addresses. In this case, perform 3.b to 3.g obtain IPv6 addresses.

[root@ecs-resource ~]# ip addr
...
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether fa:16:3e:4f:92:d2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.226/24 brd 192.168.0.255 scope global dynamic noprefixroute eth0
       valid_lft 31535994sec preferred_lft 31535994sec
    inet6 fe80::f816:3eff:fe4f:92d2/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether fa:16:3e:d2:61:ef brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.6/24 brd 192.168.1.255 scope global dynamic noprefixroute eth1
       valid_lft 31535994sec preferred_lft 31535994sec
    inet6 fe80::f816:3eff:fed2:61ef/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

Run the following command to query the NIC names of the ECS:

ifconfig

Search for the NIC name based on the NIC address.

192.168.0.58 is the IP address of the primary NIC, and the NIC name is eth0.
192.168.1.237 is the IP address of the extension NIC, and the NIC name is eth1.

[root@ecs-resource ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.58  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::f816:3eff:feca:2330  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:ca:23:30  txqueuelen 1000  (Ethernet)
        RX packets 528  bytes 119212 (116.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 623  bytes 98235 (95.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.237 netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::f816:3eff:feee:2d00  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:ee:2d:00  txqueuelen 1000  (Ethernet)
        RX packets 16  bytes 2066 (2.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 12  bytes 1332 (1.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Configure the ifcfg file of the primary NIC.
1. Run the following command to open the ifcfg file of the primary NIC:
  vi /etc/sysconfig/network-scripts/ifcfg-Primary NIC name
  
  The name of the primary NIC is obtained in 3.b.
  
  In this example, run the following command:
  
  vi /etc/sysconfig/network-scripts/ifcfg-eth0
2. Press i to enter the editing mode.
3. Add the following content to the end of the file:
```
IPV6INIT="yes"
DHCPV6C="yes"
```
4. Press ESC to exit and enter :wq! to save the configuration.
Configure the ifcfg file of the extension NIC.
1. Run the following command to open the ifcfg file of the extension NIC:
  vi /etc/sysconfig/network-scripts/ifcfg-Extension NIC name
  
  The name of the extension NIC is obtained in 3.b.
  
  In this example, run the following command:
  
  vi /etc/sysconfig/network-scripts/ifcfg-eth1
2. Press i to enter the editing mode.
3. Add the following content to the end of the file:
```
IPV6INIT="yes"
DHCPV6C="yes"
```
4. Press ESC to exit and enter :wq! to save the configuration.
Edit the /etc/sysconfig/network file.
1. Run the following command to open the /etc/sysconfig/network file:
  vi /etc/sysconfig/network
2. Press i to enter the editing mode.
3. Add the following content to the end of the file:
```
NETWORKING_IPV6="yes"
```
4. Press ESC to exit and enter :wq! to save the configuration.
Run the following command to restart the network service for the configuration to take effect:
systemctl restart NetworkManager

Run the following command to check whether the ECS has IPv6 addresses:

ip addr

In the following command output, each NIC has one more inet6 followed by an IP address starting with 2407 in addition to the one followed by an IP address starting with fe80. In this case, the ECS has obtained IPv6 addresses.

[root@ecs-resource ~]# ip addr
...
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether fa:16:3e:4f:92:d2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.226/24 brd 192.168.0.255 scope global dynamic noprefixroute eth0
       valid_lft 31535994sec preferred_lft 31535994sec
    inet6 2407:c080:802:aba:fe7f:f7fb:b3d1:ed68/128 scope global dynamic noprefixroute 
       valid_lft 31535994sec preferred_lft 31535994sec
    inet6 fe80::f816:3eff:fe4f:92d2/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether fa:16:3e:d2:61:ef brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.6/24 brd 192.168.1.255 scope global dynamic noprefixroute eth1
       valid_lft 31535994sec preferred_lft 31535994sec
    inet6 2407:c080:802:be6:235a:7186:c7b5:6191/128 scope global dynamic noprefixroute 
       valid_lft 31535994sec preferred_lft 31535994sec
    inet6 fe80::f816:3eff:fed2:61ef/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

Check whether the source ECS can use its primary NIC to communicate with the destination ECS:

ping6 -I IP address of the primary NIC on the source ECS IP address of the destination ECS

In this example, run the following command:

ping6 -I 2407:c080:802:aba:ac57:214e:125d:ab3e 2407:c080:802:be7:60ab:e557:c60c:6b7d

If information similar to the following is displayed, the source ECS can use its primary NIC to communicate with the destination ECS.

[root@ecs-resource ~]# ping6 -I 2407:c080:802:aba:ac57:214e:125d:ab3e 2407:c080:802:be7:60ab:e557:c60c:6b7d
PING 2407:c080:802:be7:60ab:e557:c60c:6b7d(2407:c080:802:be7:60ab:e557:c60c:6b7d) from 2407:c080:802:aba:ac57:214e:125d:ab3e : 56 data bytes
64 bytes from 2407:c080:802:be7:60ab:e557:c60c:6b7d: icmp_seq=1 ttl=64 time=0.656 ms
64 bytes from 2407:c080:802:be7:60ab:e557:c60c:6b7d: icmp_seq=2 ttl=64 time=0.246 ms
64 bytes from 2407:c080:802:be7:60ab:e557:c60c:6b7d: icmp_seq=3 ttl=64 time=0.231 ms
64 bytes from 2407:c080:802:be7:60ab:e557:c60c:6b7d: icmp_seq=4 ttl=64 time=0.168 ms
^C
--- 2407:c080:802:be7:60ab:e557:c60c:6b7d ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 67ms
rtt min/avg/max/mdev = 0.168/0.325/0.656/0.193 ms

Before configuring policy-based routes, ensure that the source ECS can use its primary NIC to communicate with the destination ECS.

Disable Source/Destination Check for the primary NIC.
1. Log in to the management console.
2. Click in the upper left corner and select the desired region and project.
3. Click Service List and choose Compute > Elastic Cloud Server.
4. In the ECS list, click the target ECS name.
  The Summary tab page of the ECS is displayed.
5. Click the NICs tab, click to expand information about the primary NIC, and disable Source/Destination Check.
For an ECS using IPv6, you do not need to configure policy-based routes for the ECS. You only need to disable Source/Destination Check for the primary NIC of the ECS.
Log in to the ECS.
Multiple methods are available for logging in to an ECS. For details, see Logging In to an ECS.

Check whether the source ECS and the destination ECS can communicate with each other.

ping6 -I IP address of the primary NIC on the source ECS IP address of the destination ECS

ping6 -I IP address of the extension NIC on the source ECS IP address of the destination ECS

In this example, run the following commands:

ping6 -I 2407:c080:802:aba:ac57:214e:125d:ab3e 2407:c080:802:be7:60ab:e557:c60c:6b7d

ping6 -I 2407:c080:802:be6:c741:db0f:4dbb:21db 2407:c080:802:be7:60ab:e557:c60c:6b7d

If information similar to the following is displayed, both the NICs of the source ECS can communicate with the destination ECS.

[root@ecs-resource ~]# ping6 -I 2407:c080:802:aba:ac57:214e:125d:ab3e 2407:c080:802:be7:60ab:e557:c60c:6b7d
PING 2407:c080:802:be7:60ab:e557:c60c:6b7d(2407:c080:802:be7:60ab:e557:c60c:6b7d) from 2407:c080:802:aba:ac57:214e:125d:ab3e : 56 data bytes
64 bytes from 2407:c080:802:be7:60ab:e557:c60c:6b7d: icmp_seq=1 ttl=64 time=0.656 ms
64 bytes from 2407:c080:802:be7:60ab:e557:c60c:6b7d: icmp_seq=2 ttl=64 time=0.246 ms
64 bytes from 2407:c080:802:be7:60ab:e557:c60c:6b7d: icmp_seq=3 ttl=64 time=0.231 ms
64 bytes from 2407:c080:802:be7:60ab:e557:c60c:6b7d: icmp_seq=4 ttl=64 time=0.168 ms
^C
--- 2407:c080:802:be7:60ab:e557:c60c:6b7d ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 67ms
rtt min/avg/max/mdev = 0.168/0.325/0.656/0.193 ms
[root@ecs-resource ~]# ping6 -I 2407:c080:802:be6:c741:db0f:4dbb:21db 2407:c080:802:be7:60ab:e557:c60c:6b7d
PING 2407:c080:802:be7:60ab:e557:c60c:6b7d(2407:c080:802:be7:60ab:e557:c60c:6b7d) from 2407:c080:802:be6:c741:db0f:4dbb:21db : 56 data bytes
64 bytes from 2407:c080:802:be7:60ab:e557:c60c:6b7d: icmp_seq=1 ttl=64 time=0.630 ms
64 bytes from 2407:c080:802:be7:60ab:e557:c60c:6b7d: icmp_seq=2 ttl=64 time=0.237 ms
64 bytes from 2407:c080:802:be7:60ab:e557:c60c:6b7d: icmp_seq=3 ttl=64 time=0.238 ms
64 bytes from 2407:c080:802:be7:60ab:e557:c60c:6b7d: icmp_seq=4 ttl=64 time=0.207 ms
^C
--- 2407:c080:802:be7:60ab:e557:c60c:6b7d ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 105ms
rtt min/avg/max/mdev = 0.207/0.328/0.630/0.174 ms

Parent topic: Configuring Policy-based Routes for an ECS with Multiple NICs

Previous topic: Collecting ECS Network Information

Next topic: Configuring Policy-based Routes for a Windows ECS with Multiple NICs (IPv4/IPv6)

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with GUI

Incorrect steps

Lack of examples

Missing parameter descriptions

Unclear descriptions

Function issues

Other

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot