Updated on 2024-11-26 GMT+08:00

Configuring IPv4 and IPv6 Policy-based Routes for a Linux ECS with Multiple Network Interfaces (Ubuntu)

Scenarios

This section describes how to configure policy-based routes for an Ubuntu 22.04 server 64-bit ECS with two network interfaces.

For details about the background knowledge and networking of an ECS with two network interfaces, see Overview.

Configuring IPv4 Policy-based Routes for an Ubuntu ECS

  1. Collect the ECS network information required for configuring policy-based routes.

    For details, see Collecting ECS Network Information.

    In this example, the network information of the ECS is shown in Table 1.

    Table 1 Ubuntu ECS using IPv4

    ECS

    Primary Network Interface

    Extended Network Interface

    Source

    • IP address: 10.0.0.138
    • Subnet: 10.0.0.0/24
    • Subnet gateway: 10.0.0.1
    • IP address: 10.0.1.25
    • Subnet: 10.0.1.0/24
    • Subnet gateway: 10.0.1.1

    Destination

    IP address: 10.0.2.146

    N/A

  2. Log in to the source ECS.

    For details, see How Do I Log In to My ECS?

  3. Check whether the source ECS can use its primary network interface to communicate with the destination ECS:

    ping -I <IP-address-of-the-primary-network-interface-on-the-source-ECS> <IP-address-of-the-destination-ECS>

    In this example, run the following command:

    ping -I 10.0.0.138 10.0.2.146

    If information similar to the following is displayed, the source ECS can use its primary network interface to communicate with the destination ECS.
    root@ecs-s:~# ping -I 10.0.0.138 10.0.2.146
    PING 10.0.2.146 (10.0.2.146) from 10.0.0.138 : 56(84) bytes of data.
    64 bytes from 10.0.2.146: icmp_seq=1 ttl=64 time=0.247 ms
    64 bytes from 10.0.2.146: icmp_seq=2 ttl=64 time=0.194 ms
    64 bytes from 10.0.2.146: icmp_seq=3 ttl=64 time=0.190 ms
    ^C
    --- 10.0.2.146 ping statistics ---
    3 packets transmitted, 3 received, 0% packet loss, time 2049ms
    rtt min/avg/max/mdev = 0.190/0.210/0.247/0.025 ms

    Before configuring policy-based routes, ensure that the source ECS can use its primary network interface to communicate with the destination ECS.

  4. Query the network interface names of the source ECS:

    ip addr

    Search for the network interface names based on IP addresses.
    • The primary network interface address is 10.0.0.138, and its name is eth0.
    • The extended network interface address is 10.0.1.25, and its name is eth1.
    root@ecs-s:~# ip addr
    ...
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
        link/ether fa:16:3e:22:22:ac brd ff:ff:ff:ff:ff:ff
        altname enp0s3
        altname ens3
        inet 10.0.0.138/24 brd 10.0.0.255 scope global dynamic noprefixroute eth0
           valid_lft 107999167sec preferred_lft 107999167sec
        inet6 fe80::f816:3eff:fe22:22ac/64 scope link 
           valid_lft forever preferred_lft forever
    3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
        link/ether fa:16:3e:22:23:3b brd ff:ff:ff:ff:ff:ff
        altname enp4s1
        inet 10.0.1.25/24 brd 10.0.1.255 scope global dynamic noprefixroute eth1
           valid_lft 107999167sec preferred_lft 107999167sec
        inet6 fe80::f816:3eff:fe22:233b/64 scope link 
           valid_lft forever preferred_lft forever
  5. Configure temporary routes for the source ECS.

    Temporary routes are applied immediately but are lost after ECS restarts. To avoid network disruptions, perform 6 to configure persistent routes instead.

    1. Configure policy-based routes for both the primary and extended network interfaces.
      • Primary network interface

        ip route add default via <subnet-gateway> dev <network-interface-name> table <route-table-name>

        ip route add <subnet-CIDR-block> dev <network-interface-name> table <route-table-name>

        ip rule add from <network-interface-address> table <route-table-name>

      • Extended network interface

        ip route add default via <subnet-gateway> dev <network-interface-name> table <route-table-name>

        ip route add <subnet-CIDR-block> dev <network-interface-name> table <route-table-name>

        ip rule add from <network-interface-address> table <route-table-name>

      Configure the parameters as follows:
      • Network interface name: Enter the name obtained in 4.
      • Route table name: Name the route table with a number.
      • Other network information: Enter the IP addresses collected in 1.

      In this example, run the following commands:

      • Primary network interface

        ip route add default via 10.0.0.1 dev eth0 table 10

        ip route add 10.0.0.0/24 dev eth0 table 10

        ip rule add from 10.0.0.138 table 10

      • Extended network interface

        ip route add default via 10.0.1.1 dev eth1 table 20

        ip route add 10.0.1.0/24 dev eth1 table 20

        ip rule add from 10.0.1.25 table 20

      If the ECS has multiple network interfaces, configure policy-based routes for all network interfaces one by one.

    2. Check whether the policy-based routes are added.

      ip rule

      ip route show table <route-table-name-of-the-primary-network-interface>

      ip route show table <route-table-name-of-the-extended-network-interface>

      The route table name is the one configured in 5.a.

      In this example, run the following commands:

      ip rule

      ip route show table 10

      ip route show table 20

      If information similar to the following is displayed, the policy-based routes have been added.
      root@ecs-s:~# ip rule
      0:      from all lookup local
      32764:  from 10.0.1.25 lookup 20
      32765:  from 10.0.0.138 lookup 10
      32766:  from all lookup main
      32767:  from all lookup default
      root@ecs-s:~# ip route show table 10
      default via 10.0.0.1 dev eth0 
      10.0.0.0/24 dev eth0 scope link 
      root@ecs-s:~# ip route show table 20
      default via 10.0.1.1 dev eth1 
      10.0.1.0/24 dev eth1 scope link 
    3. Check whether the source and destination ECSs can communicate with each other.

      ping -I <IP-address-of-the-primary-network-interface-on-the-source-ECS> <IP-address-of-the-destination-ECS>

      ping -I <IP-address-of-the-extended-network-interface-on-the-source-ECS> <IP-address-of-the-destination-ECS>

      In this example, run the following commands:

      ping -I 10.0.0.138 10.0.2.146

      ping -I 10.0.1.25 10.0.2.146

      If information similar to the following is displayed, both the network interfaces of the source ECS can communicate with the destination ECS.
      root@ecs-s:~# ping -I 10.0.0.138 10.0.2.146
      PING 10.0.2.146 (10.0.2.146) from 10.0.0.138 : 56(84) bytes of data.
      64 bytes from 10.0.2.146: icmp_seq=1 ttl=64 time=0.258 ms
      64 bytes from 10.0.2.146: icmp_seq=2 ttl=64 time=0.242 ms
      64 bytes from 10.0.2.146: icmp_seq=3 ttl=64 time=0.165 ms
      ^C
      --- 10.0.2.146 ping statistics ---
      3 packets transmitted, 3 received, 0% packet loss, time 2039ms
      rtt min/avg/max/mdev = 0.165/0.221/0.258/0.040 ms
      root@ecs-s:~# ping -I 10.0.1.25 10.0.2.146
      PING 10.0.2.146 (10.0.2.146) from 10.0.1.25 : 56(84) bytes of data.
      64 bytes from 10.0.2.146: icmp_seq=1 ttl=64 time=0.498 ms
      64 bytes from 10.0.2.146: icmp_seq=2 ttl=64 time=0.427 ms
      64 bytes from 10.0.2.146: icmp_seq=3 ttl=64 time=0.185 ms
      ^C
      --- 10.0.2.146 ping statistics ---
      3 packets transmitted, 3 received, 0% packet loss, time 2031ms
      rtt min/avg/max/mdev = 0.185/0.370/0.498/0.133 ms
  6. Configure persistent routes for the source ECS.
    1. Run the following command to add network-routes.service to the systemd service:

      vi /etc/systemd/system/network-routes.service

    2. Press i to enter the editing mode.
    3. Add the following content to the end of the file:
      [Unit]
      Description=Network Routes Configuration
      After=network.target
      
      [Service]
      Type=oneshot
      RemainAfterExit=yes
      ExecStart=/bin/bash -c 'for((x=0; x<30; x++)); do [[ $(ping -I eth0 10.0.0.1 -c 1 -W 1 >/dev/null 2>&1 && echo 1) ]] && break; done; ip route flush table 10; ip route add default via  10.0.0.1 dev eth0 table 10; ip route add 10.0.0.0/24 dev eth0 table 10; ip rule add from 10.0.0.138 table 10; for((x=0; x<30; x++)); do [[ $(ping -I eth1 10.0.1.1 -c 1 -W 1 >/dev/null 2>&1 && echo 1) ]] && break; done; ip route flush table 20; ip route add default via 10.0.1.1 dev eth1 table 20; ip route add 10.0.1.0/24 dev eth1 table 20; ip rule add from 10.0.1.25 table 20; ip rule add to 169.254.169.254 table main'
      
      [Install]
      WantedBy=multi-user.target

      The parameters are as follows:

      • for loop: checks whether primary network interface eth0 and extended network interface eth1 are started by pinging the IPv4 gateways of the subnets where the network interfaces reside. In this example, 10.0.0.1 indicates the IPv4 gateway of the subnet where eth0 resides, 10.0.1.1 indicates the IPv4 gateway of the subnet where eth1 resides, and -c 1 indicates that one data packet is sent at a time, -W 1 indicates that the timeout duration is 1s and the number of retries is 30.
      • ip route flush table route table name: Running this command will delete existing routes in the specified route table. This prevents new routes from being affected.
      • Policy-based routes of the primary network interface: Set it to the same value as that in 5.a.
      • Policy-based routes of the extended network interface: Set it to the same value as that in 5.a.
      • ip rule add to 169.254.169.254 table main: Configure the Cloud-Init address. Set the value to be the same as that in the preceding configurations.
    4. Press ESC to exit and enter :wq! to save the configuration.
    5. Run the following commands to reload the systemd configuration and start the service:

      systemctl daemon-reload

      systemctl enable network-routes.service

      If information similar to the following is displayed, the service is started:
      root@ecs-s:~# systemctl daemon-reload 
      root@ecs-s:~# systemctl enable network-routes.service
      Created symlink /etc/systemd/system/multi-user.target.wants/network-routes.service → /etc/systemd/system/network-routes.service.
    6. Run the following command to restart the source ECS:

      reboot

      Policy-based routes added to the network-routes.service file only work after the source ECS is restarted. Ensure that workloads on the ECS will not be affected before restarting the ECS.

    7. Repeat 5.b to 5.c to check whether the policy-based routes are added and whether the source ECS and the destination ECS can communicate with each other.

Configuring IPv6 Policy-based Routes for an Ubuntu ECS

  1. Collect the ECS network information required for configuring policy-based routes.

    For details, see Collecting ECS Network Information.

    In this example, the network information of the ECS is shown in Table 2.

    Table 2 Ubuntu ECS using IPv6

    ECS

    Primary Network Interface

    Extended Network Interface

    Source

    • IPv4 address: 10.0.0.138
    • IPv6 address: 2407:c080:1200:1dd8:1473:49db:22d7:13c7
    • IPv6 subnet: 2407:c080:1200:1dd8::/64
    • IPv6 subnet gateway: 2407:c080:1200:1dd8::1
    • IPv4 address: 10.0.1.25
    • IPv6 address: 2407:c080:1200:1a9c:691e:fffe:7e22:12c4
    • IPv6 subnet: 2407:c080:1200:1a9c::/64
    • IPv6 subnet gateway: 2407:c080:1200:1a9c::1

    Destination

    • IPv4 address: 10.0.2.146
    • IPv6 address: 2407:c080:1200:1dd9:f5e1:94d1:2822:dede

    N/A

  2. Log in to the source ECS.

    For details, see How Do I Log In to My ECS?

  3. Check whether the ECSs have IPv6 enabled and have IPv6 addresses.

    Perform this step for both the source and destination ECSs to ensure that the ECSs have IPv6 addresses. Otherwise, the ECSs cannot communicate with each other using IPv6 addresses.

    ECSs in this example run Ubuntu 22.04 server (64-bit). For details about how to assign IPv6 addresses for ECSs running other OSs, see Dynamically Assigning IPv6 Addresses.

    1. Run the following command to check whether the source ECS has IPv6 addresses:

      ip addr

      In the following command output, eth0 and eth1 are the network interfaces of the ECS. Each network interface has one inet6 followed by an IP address starting with fe80. This indicates that the ECS has IPv6 enabled but has not been assigned IPv6 addresses. In this case, perform 3.b to 3.h to assign IPv6 addresses.
      root@ecs-s:~# ip addr
      ...
      2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
          link/ether fa:16:3e:22:22:ac brd ff:ff:ff:ff:ff:ff
          altname enp0s3
          altname ens3
          inet 10.0.0.138/24 brd 10.0.0.255 scope global dynamic noprefixroute eth0
             valid_lft 107999781sec preferred_lft 107999781sec
          inet6 fe80::f816:3eff:fe22:22ac/64 scope link 
             valid_lft forever preferred_lft forever
      3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
          link/ether fa:16:3e:22:23:3b brd ff:ff:ff:ff:ff:ff
          altname enp4s1
          inet 10.0.1.25/24 brd 10.0.1.255 scope global dynamic noprefixroute eth1
             valid_lft 107999781sec preferred_lft 107999781sec
          inet6 fe80::f816:3eff:fe22:233b/64 scope link 
             valid_lft forever preferred_lft forever
    2. Query the network interface names of the source ECS:

      ifconfig

      Search for the network interface names based on IP addresses.
      • The primary network interface address is 10.0.0.138, and its name is eth0.
      • The extended network interface address is 10.0.1.25, and its name is eth1.
      root@ecs-s:~# ifconfig
      eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
              inet 10.0.0.138  netmask 255.255.255.0  broadcast 10.0.0.255
              inet6 fe80::f816:3eff:fe22:22ac  prefixlen 64  scopeid 0x20<link>
              ether fa:16:3e:22:22:ac  txqueuelen 1000  (Ethernet)
              RX packets 863  bytes 269089 (269.0 KB)
              RX errors 0  dropped 0  overruns 0  frame 0
              TX packets 1117  bytes 359807 (359.8 KB)
              TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
      
      eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
              inet 10.0.1.25  netmask 255.255.255.0  broadcast 10.0.1.255
              inet6 fe80::f816:3eff:fe22:233b  prefixlen 64  scopeid 0x20<link>
              ether fa:16:3e:22:23:3b  txqueuelen 1000  (Ethernet)
              RX packets 10  bytes 1358 (1.3 KB)
              RX errors 0  dropped 0  overruns 0  frame 0
              TX packets 10  bytes 973 (973.0 B)
              TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
      ...
    3. Configure the 01-netcfg.yaml file.
      1. Run the following command to access /etc/netplan/:

        cd /etc/netplan

      2. Run the following command to open the 01-netcfg.yaml file:

        vi 01-netcfg.yaml

      3. Press i to enter the editing mode.
      4. Add dhcp6: true to the network interfaces for which you want to assign IPv6 addresses as follows:
        In this example, the primary network interface name queried in 3.b is eth0, and the extended network interface name is eth1.
        network:
            version: 2
            renderer: NetworkManager
            ethernets:
                eth0:
                    dhcp4: true
                    dhcp6: true
                eth1:
                    dhcp4: true
                    dhcp6: true
                eth2:
                    dhcp4: true
                eth3:
                    dhcp4: true
                eth4:
                    dhcp4: true
      5. Press ESC to exit and enter :wq! to save the configuration.
    4. Run the following commands to change the permissions on the 01-netcfg.yaml file and ensure that only the file owner has the read and write permissions:

      chmod 600 /etc/netplan/01-netcfg.yaml

      chown root:root /etc/netplan/01-netcfg.yaml

    5. Run the following command to apply the modification:

      netplan apply

    6. Configure the NetworkManager.conf file.
      1. Run the following command to open the NetworkManager.conf file:

        vi /etc/NetworkManager/NetworkManager.conf

      2. Press i to enter the editing mode.
      3. Add dhcp=dhclient to the file as follows:
        [main]
        plugins=ifupdown,keyfile
        dhcp=dhclient
        
        [ifupdown]
        managed=true
        
        [device]
        wifi.scan-rand-mac-address=no
      4. Press ESC to exit and enter :wq! to save the configuration.
    7. Run the following command to restart the network service for the configuration to be applied:

      systemctl restart NetworkManager

    8. Run the following command to check whether the source ECS has IPv6 addresses:

      ip addr

      In the following command output, each network interface has one more inet6 followed by an IP address starting with 2407 in addition to the one followed by an IP address starting with fe80. In this case, the ECS has been assigned IPv6 addresses.
      root@ecs-s:/etc/netplan# ip addr
      ...
      2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
          link/ether fa:16:3e:22:22:ac brd ff:ff:ff:ff:ff:ff
          altname enp0s3
          altname ens3
          inet 10.0.0.138/24 brd 10.0.0.255 scope global dynamic noprefixroute eth0
             valid_lft 107999982sec preferred_lft 107999982sec
          inet6 2407:c080:1200:1dd8:1473:49db:22d7:13c7/128 scope global dynamic noprefixroute 
             valid_lft 7182sec preferred_lft 7182sec
          inet6 fe80::f816:3eff:fe22:22ac/64 scope link noprefixroute 
             valid_lft forever preferred_lft forever
      3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
          link/ether fa:16:3e:22:23:3b brd ff:ff:ff:ff:ff:ff
          altname enp4s1
          inet 10.0.1.25/24 brd 10.0.1.255 scope global dynamic noprefixroute eth1
             valid_lft 107999982sec preferred_lft 107999982sec
          inet6 2407:c080:1200:1a9c:691e:fffe:7e22:12c4/128 scope global dynamic noprefixroute 
             valid_lft 7182sec preferred_lft 7182sec
          inet6 fe80::f816:3eff:fe22:233b/64 scope link noprefixroute 
             valid_lft forever preferred_lft forever
    9. Log in to the destination ECS and assign an IPv6 address by performing operations from 3.a to 3.h.
      In the following command output, the network interface has one more inet6 followed by an IP address starting with 2407 in addition to the one followed by an IP address starting with fe80. In this case, the ECS has been assigned an IPv6 address.
      root@ecs-d:/etc/netplan# ip addr
      ...
      2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
          link/ether fa:16:3e:22:24:b4 brd ff:ff:ff:ff:ff:ff
          altname enp0s3
          altname ens3
          inet 10.0.2.146/24 brd 10.0.2.255 scope global dynamic noprefixroute eth0
             valid_lft 107999994sec preferred_lft 107999994sec
          inet6 2407:c080:1200:1dd9:f5e1:94d1:2822:dede/128 scope global dynamic noprefixroute 
             valid_lft 7195sec preferred_lft 7195sec
          inet6 fe80::f816:3eff:fe22:24b4/64 scope link noprefixroute 
             valid_lft forever preferred_lft forever
  4. Log in to the source ECS and check whether it can use its primary network interface to communicate with the destination ECS:

    ping6 -I <IP-address-of-the-primary-network-interface-on-the-source-ECS> <IP-address-of-the-destination-ECS>

    In this example, run the following command:

    ping6 -I 2407:c080:1200:1dd8:1473:49db:22d7:13c7 2407:c080:1200:1dd9:f5e1:94d1:2822:dede

    If information similar to the following is displayed, the source ECS can use its primary network interface to communicate with the destination ECS.
    root@ecs-s:/etc/netplan# ping6 -I 2407:c080:1200:1dd8:1473:49db:22d7:13c7 2407:c080:1200:1dd9:f5e1:94d1:2822:dede
    PING 2407:c080:1200:1dd9:f5e1:94d1:2822:dede(2407:c080:1200:1dd9:f5e1:94d1:2822:dede) from 2407:c080:1200:1dd8:1473:49db:22d7:13c7 : 56 data bytes
    64 bytes from 2407:c080:1200:1dd9:f5e1:94d1:2822:dede: icmp_seq=1 ttl=64 time=0.244 ms
    64 bytes from 2407:c080:1200:1dd9:f5e1:94d1:2822:dede: icmp_seq=2 ttl=64 time=0.212 ms
    64 bytes from 2407:c080:1200:1dd9:f5e1:94d1:2822:dede: icmp_seq=3 ttl=64 time=0.169 ms
    ^C
    --- 2407:c080:1200:1dd9:f5e1:94d1:2822:dede ping statistics ---
    3 packets transmitted, 3 received, 0% packet loss, time 2033ms
    rtt min/avg/max/mdev = 0.169/0.208/0.244/0.030 ms

    Before configuring policy-based routes, ensure that the source ECS can use its primary network interface to communicate with the destination ECS.

  5. Log in to the source ECS and configure temporary routes for the ECS.

    Temporary routes are applied immediately but are lost after ECS restarts. To avoid network disruptions, perform 6 to configure persistent routes instead.

    1. Configure policy-based routes for both the primary and extended network interfaces.
      • Primary network interface

        ip -6 route add default via <subnet-gateway> dev <network-interface-name> table <route-table-name>

        ip -6 route add <subnet-CIDR-block> dev <network-interface-name> table <route-table-name>

        ip -6 rule add from <network-interface-address> table <route-table-name>

      • Extended network interface

        ip -6 route add default via <subnet-gateway> dev <network-interface-name> table <route-table-name>

        ip -6 route add <subnet-CIDR-block> dev <network-interface-name> table <route-table-name>

        ip -6 rule add from <network-interface-address> table <route-table-name>

      Configure the parameters as follows:
      • Network interface name: Enter the name obtained in 3.b.
      • Route table name: Name the route table with a number.
      • Other network information: Enter the IP addresses collected in 1.

      In this example, run the following commands:

      • Primary network interface

        ip -6 route add default via 2407:c080:1200:1dd8::1 dev eth0 table 10

        ip -6 route add 2407:c080:1200:1dd8::/64 dev eth0 table 10

        ip -6 rule add from 2407:c080:1200:1dd8:1473:49db:22d7:13c7 table 10

      • Extended network interface

        ip -6 route add default via 2407:c080:1200:1a9c::1 dev eth1 table 20

        ip -6 route add 2407:c080:1200:1a9c::/64 dev eth1 table 20

        ip -6 rule add from 2407:c080:1200:1a9c:691e:fffe:7e22:12c4 table 20

      If the ECS has multiple network interfaces, configure policy-based routes for all network interfaces one by one.

    2. Check whether the policy-based routes are added.

      ip -6 rule

      ip -6 route show table <route-table-name-of-the-primary-network-interface>

      ip -6 route show table <route-table-name-of-the-extended-network-interface>

      The route table name is the one configured in 5.a.

      In this example, run the following commands:

      ip -6 rule

      ip -6 route show table 10

      ip -6 route show table 20

      If information similar to the following is displayed, the policy-based routes have been added.
      root@ecs-s:/etc/netplan# ip -6 rule
      0:      from all lookup local
      32764:  from 2407:c080:1200:1a9c:691e:fffe:7e22:12c4 lookup 20
      32765:  from 2407:c080:1200:1dd8:1473:49db:22d7:13c7 lookup 10
      32766:  from all lookup main
      root@ecs-s:/etc/netplan# ip -6 route show table 10
      2407:c080:1200:1dd8::/64 dev eth0 metric 1024 pref medium
      default via 2407:c080:1200:1dd8::1 dev eth0 metric 1024 pref medium
      root@ecs-s:/etc/netplan# ip -6 route show table 20
      2407:c080:1200:1a9c::/64 dev eth1 metric 1024 pref medium
      default via 2407:c080:1200:1a9c::1 dev eth1 metric 1024 pref medium
    3. Check whether the source and destination ECSs can communicate with each other.

      ping -6 -I <IP-address-of-the-primary-network-interface-on-the-source-ECS> <IP-address-of-the-destination-ECS>

      ping -6 -I <IP-address-of-the-extended-network-interface-on-the-source-ECS> <IP-address-of-the-destination-ECS>

      In this example, run the following commands:

      ping6 -I 2407:c080:1200:1dd8:1473:49db:22d7:13c7 2407:c080:1200:1dd9:f5e1:94d1:2822:dede

      ping6 -I 2407:c080:1200:1a9c:691e:fffe:7e22:12c4 2407:c080:1200:1dd9:f5e1:94d1:2822:dede

      If information similar to the following is displayed, both the network interfaces of the source ECS can communicate with the destination ECS.
      root@ecs-s:/etc/netplan# ping6 -I 2407:c080:1200:1dd8:1473:49db:22d7:13c7 2407:c080:1200:1dd9:f5e1:94d1:2822:dede
      PING 2407:c080:1200:1dd9:f5e1:94d1:2822:dede(2407:c080:1200:1dd9:f5e1:94d1:2822:dede) from 2407:c080:1200:1dd8:1473:49db:22d7:13c7 : 56 data bytes
      64 bytes from 2407:c080:1200:1dd9:f5e1:94d1:2822:dede: icmp_seq=1 ttl=64 time=0.260 ms
      64 bytes from 2407:c080:1200:1dd9:f5e1:94d1:2822:dede: icmp_seq=2 ttl=64 time=0.248 ms
      64 bytes from 2407:c080:1200:1dd9:f5e1:94d1:2822:dede: icmp_seq=3 ttl=64 time=0.165 ms
      ^C
      --- 2407:c080:1200:1dd9:f5e1:94d1:2822:dede ping statistics ---
      3 packets transmitted, 3 received, 0% packet loss, time 2043ms
      rtt min/avg/max/mdev = 0.165/0.224/0.260/0.042 ms
      root@ecs-s:/etc/netplan# ping6 -I 2407:c080:1200:1a9c:691e:fffe:7e22:12c4 2407:c080:1200:1dd9:f5e1:94d1:2822:dede
      PING 2407:c080:1200:1dd9:f5e1:94d1:2822:dede(2407:c080:1200:1dd9:f5e1:94d1:2822:dede) from 2407:c080:1200:1a9c:691e:fffe:7e22:12c4 : 56 data bytes
      64 bytes from 2407:c080:1200:1dd9:f5e1:94d1:2822:dede: icmp_seq=1 ttl=64 time=0.592 ms
      64 bytes from 2407:c080:1200:1dd9:f5e1:94d1:2822:dede: icmp_seq=2 ttl=64 time=0.208 ms
      64 bytes from 2407:c080:1200:1dd9:f5e1:94d1:2822:dede: icmp_seq=3 ttl=64 time=0.162 ms
      ^C
      --- 2407:c080:1200:1dd9:f5e1:94d1:2822:dede ping statistics ---
      3 packets transmitted, 3 received, 0% packet loss, time 2031ms
      rtt min/avg/max/mdev = 0.162/0.320/0.592/0.192 ms
  6. Configure persistent routes for the source ECS.
    1. Run the following command to create the network-routes6.service file for the systemd service:

      vi /etc/systemd/system/network-routes6.service

    2. Press i to enter the editing mode.
    3. Add the following content to the end of the file:
      [Unit]
      Description=Network Routes Configuration
      After=network.target
      
      [Service]
      Type=oneshot
      RemainAfterExit=yes
      
      ExecStart=/bin/bash -c 'for((x=0; x<30; x++)); do [[ $(ping6 -I eth0 2407:c080:1200:1dd8::1 -c 1 -W 1 >/dev/null 2>&1 && echo 1) ]] && break; done; ip route flush table 10; ip -6 route add default via 2407:c080:1200:1dd8::1 dev eth0 table 10; ip -6 route add 2407:c080:1200:1dd8::/64 dev eth0 table 10; ip -6 rule add from 2407:c080:1200:1dd8:859c:e5d5:8b3d:a2d9 table 10; for((x=0; x<30; x++)); do [[ $(ping6 -I eth1 2407:c080:1200:1a9c::1 -c 1 -W 1 >/dev/null 2>&1 && echo 1) ]] && break; done; ip route flush table 20; ip -6 route add default via 2407:c080:1200:1a9c::1 dev eth1 table 20; ip -6 route add 2407:c080:1200:1a9c::/64 dev eth1 table 20; ip -6 rule add from 2407:c080:1200:1a9c:7cc0:63b5:8e65:4dd8 table 20'
      
      [Install]
      WantedBy=multi-user.target

      The parameters are as follows:

      • for loop: checks whether primary network interface eth0 and extended network interface eth1 are started by pinging the IPv6 gateways of the subnets where the network interfaces reside. In this example, 2407:c080:1200:1dd8::1 indicates the IPv6 gateway of the subnet where eth0 resides, 2407:c080:1200:1a9c::1 indicates the IPv6 gateway of the subnet where eth1 resides, and -c 1 indicates that one data packet is sent at a time, -W 1 indicates that the timeout duration is 1s and the number of retries is 30.
      • ip route flush table route table name: Running this command will delete existing routes in the specified route table. This prevents new routes from being affected.
      • Policy-based routes of the primary network interface: Set it to the same value as that in 5.a.
      • Policy-based routes of the extended network interface: Set it to the same value as that in 5.a.
    4. Press ESC to exit and enter :wq! to save the configuration.
    5. Run the following commands to reload the systemd configuration and start the service:

      systemctl daemon-reload

      systemctl enable network-routes6.service

      If information similar to the following is displayed, the service is started:
      root@ecs-s:/etc/netplan# systemctl daemon-reload
      root@ecs-s:/etc/netplan# systemctl enable network-routes6.service
      Created symlink /etc/systemd/system/multi-user.target.wants/network-routes6.service → /etc/systemd/system/network-routes6.service.
    6. Run the following command to restart the source ECS:

      reboot

      Policy-based routes added to the network-routes6.service file only work after the source ECS is restarted. Ensure that workloads on the ECS will not be affected before restarting the ECS.

    7. Repeat 5.b to 5.c to check whether the policy-based routes are added and whether the source ECS and the destination ECS can communicate with each other.