Configuring IPv4 and IPv6 Policy-based Routes for a Linux ECS with Multiple Network Interfaces (Ubuntu)
Scenarios
This section describes how to configure policy-based routes for an Ubuntu 22.04 server 64-bit ECS with two network interfaces.
- IPv4: Configuring IPv4 Policy-based Routes for an Ubuntu ECS
- IPv6: Configuring IPv6 Policy-based Routes for an Ubuntu ECS
For details about the background knowledge and networking of an ECS with two network interfaces, see Overview.
Configuring IPv4 Policy-based Routes for an Ubuntu ECS
- Collect the ECS network information required for configuring policy-based routes.
For details, see Collecting ECS Network Information.
In this example, the network information of the ECS is shown in Table 1.
- Log in to the source ECS.
For details, see How Do I Log In to My ECS?
- Check whether the source ECS can use its primary network interface to communicate with the destination ECS:
ping -I <IP-address-of-the-primary-network-interface-on-the-source-ECS> <IP-address-of-the-destination-ECS>
In this example, run the following command:
ping -I 10.0.0.138 10.0.2.146
If information similar to the following is displayed, the source ECS can use its primary network interface to communicate with the destination ECS.root@ecs-s:~# ping -I 10.0.0.138 10.0.2.146 PING 10.0.2.146 (10.0.2.146) from 10.0.0.138 : 56(84) bytes of data. 64 bytes from 10.0.2.146: icmp_seq=1 ttl=64 time=0.247 ms 64 bytes from 10.0.2.146: icmp_seq=2 ttl=64 time=0.194 ms 64 bytes from 10.0.2.146: icmp_seq=3 ttl=64 time=0.190 ms ^C --- 10.0.2.146 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2049ms rtt min/avg/max/mdev = 0.190/0.210/0.247/0.025 ms
Before configuring policy-based routes, ensure that the source ECS can use its primary network interface to communicate with the destination ECS.
- Query the network interface names of the source ECS:
Search for the network interface names based on IP addresses.
- The primary network interface address is 10.0.0.138, and its name is eth0.
- The extended network interface address is 10.0.1.25, and its name is eth1.
root@ecs-s:~# ip addr ... 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether fa:16:3e:22:22:ac brd ff:ff:ff:ff:ff:ff altname enp0s3 altname ens3 inet 10.0.0.138/24 brd 10.0.0.255 scope global dynamic noprefixroute eth0 valid_lft 107999167sec preferred_lft 107999167sec inet6 fe80::f816:3eff:fe22:22ac/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether fa:16:3e:22:23:3b brd ff:ff:ff:ff:ff:ff altname enp4s1 inet 10.0.1.25/24 brd 10.0.1.255 scope global dynamic noprefixroute eth1 valid_lft 107999167sec preferred_lft 107999167sec inet6 fe80::f816:3eff:fe22:233b/64 scope link valid_lft forever preferred_lft forever
- Configure temporary routes for the source ECS.
Temporary routes are applied immediately but are lost after ECS restarts. To avoid network disruptions, perform 6 to configure persistent routes instead.
- Configure policy-based routes for both the primary and extended network interfaces.
- Primary network interface
ip route add default via <subnet-gateway> dev <network-interface-name> table <route-table-name>
ip route add <subnet-CIDR-block> dev <network-interface-name> table <route-table-name>
ip rule add from <network-interface-address> table <route-table-name>
- Extended network interface
ip route add default via <subnet-gateway> dev <network-interface-name> table <route-table-name>
ip route add <subnet-CIDR-block> dev <network-interface-name> table <route-table-name>
ip rule add from <network-interface-address> table <route-table-name>
Configure the parameters as follows:In this example, run the following commands:
- Primary network interface
ip route add default via 10.0.0.1 dev eth0 table 10
ip route add 10.0.0.0/24 dev eth0 table 10
ip rule add from 10.0.0.138 table 10
- Extended network interface
ip route add default via 10.0.1.1 dev eth1 table 20
ip route add 10.0.1.0/24 dev eth1 table 20
ip rule add from 10.0.1.25 table 20
If the ECS has multiple network interfaces, configure policy-based routes for all network interfaces one by one.
- Primary network interface
- Check whether the policy-based routes are added.
ip route show table <route-table-name-of-the-primary-network-interface>
ip route show table <route-table-name-of-the-extended-network-interface>
The route table name is the one configured in 5.a.
In this example, run the following commands:
ip rule
ip route show table 10
ip route show table 20
If information similar to the following is displayed, the policy-based routes have been added.root@ecs-s:~# ip rule 0: from all lookup local 32764: from 10.0.1.25 lookup 20 32765: from 10.0.0.138 lookup 10 32766: from all lookup main 32767: from all lookup default root@ecs-s:~# ip route show table 10 default via 10.0.0.1 dev eth0 10.0.0.0/24 dev eth0 scope link root@ecs-s:~# ip route show table 20 default via 10.0.1.1 dev eth1 10.0.1.0/24 dev eth1 scope link
- Check whether the source and destination ECSs can communicate with each other.
ping -I <IP-address-of-the-primary-network-interface-on-the-source-ECS> <IP-address-of-the-destination-ECS>
ping -I <IP-address-of-the-extended-network-interface-on-the-source-ECS> <IP-address-of-the-destination-ECS>
In this example, run the following commands:
ping -I 10.0.0.138 10.0.2.146
ping -I 10.0.1.25 10.0.2.146
If information similar to the following is displayed, both the network interfaces of the source ECS can communicate with the destination ECS.root@ecs-s:~# ping -I 10.0.0.138 10.0.2.146 PING 10.0.2.146 (10.0.2.146) from 10.0.0.138 : 56(84) bytes of data. 64 bytes from 10.0.2.146: icmp_seq=1 ttl=64 time=0.258 ms 64 bytes from 10.0.2.146: icmp_seq=2 ttl=64 time=0.242 ms 64 bytes from 10.0.2.146: icmp_seq=3 ttl=64 time=0.165 ms ^C --- 10.0.2.146 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2039ms rtt min/avg/max/mdev = 0.165/0.221/0.258/0.040 ms root@ecs-s:~# ping -I 10.0.1.25 10.0.2.146 PING 10.0.2.146 (10.0.2.146) from 10.0.1.25 : 56(84) bytes of data. 64 bytes from 10.0.2.146: icmp_seq=1 ttl=64 time=0.498 ms 64 bytes from 10.0.2.146: icmp_seq=2 ttl=64 time=0.427 ms 64 bytes from 10.0.2.146: icmp_seq=3 ttl=64 time=0.185 ms ^C --- 10.0.2.146 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2031ms rtt min/avg/max/mdev = 0.185/0.370/0.498/0.133 ms
- Configure policy-based routes for both the primary and extended network interfaces.
- Configure persistent routes for the source ECS.
- Run the following command to add network-routes.service to the systemd service:
vi /etc/systemd/system/network-routes.service
- Press i to enter the editing mode.
- Add the following content to the end of the file:
[Unit] Description=Network Routes Configuration After=network.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/bash -c 'for((x=0; x<30; x++)); do [[ $(ping -I eth0 10.0.0.1 -c 1 -W 1 >/dev/null 2>&1 && echo 1) ]] && break; done; ip route flush table 10; ip route add default via 10.0.0.1 dev eth0 table 10; ip route add 10.0.0.0/24 dev eth0 table 10; ip rule add from 10.0.0.138 table 10; for((x=0; x<30; x++)); do [[ $(ping -I eth1 10.0.1.1 -c 1 -W 1 >/dev/null 2>&1 && echo 1) ]] && break; done; ip route flush table 20; ip route add default via 10.0.1.1 dev eth1 table 20; ip route add 10.0.1.0/24 dev eth1 table 20; ip rule add from 10.0.1.25 table 20; ip rule add to 169.254.169.254 table main' [Install] WantedBy=multi-user.target
The parameters are as follows:
- for loop: checks whether primary network interface eth0 and extended network interface eth1 are started by pinging the IPv4 gateways of the subnets where the network interfaces reside. In this example, 10.0.0.1 indicates the IPv4 gateway of the subnet where eth0 resides, 10.0.1.1 indicates the IPv4 gateway of the subnet where eth1 resides, and -c 1 indicates that one data packet is sent at a time, -W 1 indicates that the timeout duration is 1s and the number of retries is 30.
- ip route flush table route table name: Running this command will delete existing routes in the specified route table. This prevents new routes from being affected.
- Policy-based routes of the primary network interface: Set it to the same value as that in 5.a.
- Policy-based routes of the extended network interface: Set it to the same value as that in 5.a.
- ip rule add to 169.254.169.254 table main: Configure the Cloud-Init address. Set the value to be the same as that in the preceding configurations.
- Press ESC to exit and enter :wq! to save the configuration.
- Run the following commands to reload the systemd configuration and start the service:
systemctl enable network-routes.service
If information similar to the following is displayed, the service is started:root@ecs-s:~# systemctl daemon-reload root@ecs-s:~# systemctl enable network-routes.service Created symlink /etc/systemd/system/multi-user.target.wants/network-routes.service → /etc/systemd/system/network-routes.service.
- Run the following command to restart the source ECS:
Policy-based routes added to the network-routes.service file only work after the source ECS is restarted. Ensure that workloads on the ECS will not be affected before restarting the ECS.
- Repeat 5.b to 5.c to check whether the policy-based routes are added and whether the source ECS and the destination ECS can communicate with each other.
- Run the following command to add network-routes.service to the systemd service:
Configuring IPv6 Policy-based Routes for an Ubuntu ECS
- Collect the ECS network information required for configuring policy-based routes.
For details, see Collecting ECS Network Information.
In this example, the network information of the ECS is shown in Table 2.
Table 2 Ubuntu ECS using IPv6 ECS
Primary Network Interface
Extended Network Interface
Source
- IPv4 address: 10.0.0.138
- IPv6 address: 2407:c080:1200:1dd8:1473:49db:22d7:13c7
- IPv6 subnet: 2407:c080:1200:1dd8::/64
- IPv6 subnet gateway: 2407:c080:1200:1dd8::1
- IPv4 address: 10.0.1.25
- IPv6 address: 2407:c080:1200:1a9c:691e:fffe:7e22:12c4
- IPv6 subnet: 2407:c080:1200:1a9c::/64
- IPv6 subnet gateway: 2407:c080:1200:1a9c::1
Destination
- IPv4 address: 10.0.2.146
- IPv6 address: 2407:c080:1200:1dd9:f5e1:94d1:2822:dede
N/A
- Log in to the source ECS.
For details, see How Do I Log In to My ECS?
- Check whether the ECSs have IPv6 enabled and have IPv6 addresses.
Perform this step for both the source and destination ECSs to ensure that the ECSs have IPv6 addresses. Otherwise, the ECSs cannot communicate with each other using IPv6 addresses.
ECSs in this example run Ubuntu 22.04 server (64-bit). For details about how to assign IPv6 addresses for ECSs running other OSs, see Dynamically Assigning IPv6 Addresses.
- Run the following command to check whether the source ECS has IPv6 addresses:
In the following command output, eth0 and eth1 are the network interfaces of the ECS. Each network interface has one inet6 followed by an IP address starting with fe80. This indicates that the ECS has IPv6 enabled but has not been assigned IPv6 addresses. In this case, perform 3.b to 3.h to assign IPv6 addresses.
root@ecs-s:~# ip addr ... 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether fa:16:3e:22:22:ac brd ff:ff:ff:ff:ff:ff altname enp0s3 altname ens3 inet 10.0.0.138/24 brd 10.0.0.255 scope global dynamic noprefixroute eth0 valid_lft 107999781sec preferred_lft 107999781sec inet6 fe80::f816:3eff:fe22:22ac/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether fa:16:3e:22:23:3b brd ff:ff:ff:ff:ff:ff altname enp4s1 inet 10.0.1.25/24 brd 10.0.1.255 scope global dynamic noprefixroute eth1 valid_lft 107999781sec preferred_lft 107999781sec inet6 fe80::f816:3eff:fe22:233b/64 scope link valid_lft forever preferred_lft forever
- Query the network interface names of the source ECS:
Search for the network interface names based on IP addresses.
- The primary network interface address is 10.0.0.138, and its name is eth0.
- The extended network interface address is 10.0.1.25, and its name is eth1.
root@ecs-s:~# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.138 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::f816:3eff:fe22:22ac prefixlen 64 scopeid 0x20<link> ether fa:16:3e:22:22:ac txqueuelen 1000 (Ethernet) RX packets 863 bytes 269089 (269.0 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1117 bytes 359807 (359.8 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.1.25 netmask 255.255.255.0 broadcast 10.0.1.255 inet6 fe80::f816:3eff:fe22:233b prefixlen 64 scopeid 0x20<link> ether fa:16:3e:22:23:3b txqueuelen 1000 (Ethernet) RX packets 10 bytes 1358 (1.3 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 10 bytes 973 (973.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ...
- Configure the 01-netcfg.yaml file.
- Run the following command to access /etc/netplan/:
cd /etc/netplan
- Run the following command to open the 01-netcfg.yaml file:
vi 01-netcfg.yaml
- Press i to enter the editing mode.
- Add dhcp6: true to the network interfaces for which you want to assign IPv6 addresses as follows:
In this example, the primary network interface name queried in 3.b is eth0, and the extended network interface name is eth1.
network: version: 2 renderer: NetworkManager ethernets: eth0: dhcp4: true dhcp6: true eth1: dhcp4: true dhcp6: true eth2: dhcp4: true eth3: dhcp4: true eth4: dhcp4: true
- Press ESC to exit and enter :wq! to save the configuration.
- Run the following command to access /etc/netplan/:
- Run the following commands to change the permissions on the 01-netcfg.yaml file and ensure that only the file owner has the read and write permissions:
chmod 600 /etc/netplan/01-netcfg.yaml
chown root:root /etc/netplan/01-netcfg.yaml
- Run the following command to apply the modification:
- Configure the NetworkManager.conf file.
- Run the following command to open the NetworkManager.conf file:
vi /etc/NetworkManager/NetworkManager.conf
- Press i to enter the editing mode.
- Add dhcp=dhclient to the file as follows:
[main] plugins=ifupdown,keyfile dhcp=dhclient [ifupdown] managed=true [device] wifi.scan-rand-mac-address=no
- Press ESC to exit and enter :wq! to save the configuration.
- Run the following command to open the NetworkManager.conf file:
- Run the following command to restart the network service for the configuration to be applied:
- Run the following command to check whether the source ECS has IPv6 addresses:
In the following command output, each network interface has one more inet6 followed by an IP address starting with 2407 in addition to the one followed by an IP address starting with fe80. In this case, the ECS has been assigned IPv6 addresses.
root@ecs-s:/etc/netplan# ip addr ... 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether fa:16:3e:22:22:ac brd ff:ff:ff:ff:ff:ff altname enp0s3 altname ens3 inet 10.0.0.138/24 brd 10.0.0.255 scope global dynamic noprefixroute eth0 valid_lft 107999982sec preferred_lft 107999982sec inet6 2407:c080:1200:1dd8:1473:49db:22d7:13c7/128 scope global dynamic noprefixroute valid_lft 7182sec preferred_lft 7182sec inet6 fe80::f816:3eff:fe22:22ac/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether fa:16:3e:22:23:3b brd ff:ff:ff:ff:ff:ff altname enp4s1 inet 10.0.1.25/24 brd 10.0.1.255 scope global dynamic noprefixroute eth1 valid_lft 107999982sec preferred_lft 107999982sec inet6 2407:c080:1200:1a9c:691e:fffe:7e22:12c4/128 scope global dynamic noprefixroute valid_lft 7182sec preferred_lft 7182sec inet6 fe80::f816:3eff:fe22:233b/64 scope link noprefixroute valid_lft forever preferred_lft forever
- Log in to the destination ECS and assign an IPv6 address by performing operations from 3.a to 3.h.
In the following command output, the network interface has one more inet6 followed by an IP address starting with 2407 in addition to the one followed by an IP address starting with fe80. In this case, the ECS has been assigned an IPv6 address.
root@ecs-d:/etc/netplan# ip addr ... 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether fa:16:3e:22:24:b4 brd ff:ff:ff:ff:ff:ff altname enp0s3 altname ens3 inet 10.0.2.146/24 brd 10.0.2.255 scope global dynamic noprefixroute eth0 valid_lft 107999994sec preferred_lft 107999994sec inet6 2407:c080:1200:1dd9:f5e1:94d1:2822:dede/128 scope global dynamic noprefixroute valid_lft 7195sec preferred_lft 7195sec inet6 fe80::f816:3eff:fe22:24b4/64 scope link noprefixroute valid_lft forever preferred_lft forever
- Run the following command to check whether the source ECS has IPv6 addresses:
- Log in to the source ECS and check whether it can use its primary network interface to communicate with the destination ECS:
ping6 -I <IP-address-of-the-primary-network-interface-on-the-source-ECS> <IP-address-of-the-destination-ECS>
In this example, run the following command:
ping6 -I 2407:c080:1200:1dd8:1473:49db:22d7:13c7 2407:c080:1200:1dd9:f5e1:94d1:2822:dede
If information similar to the following is displayed, the source ECS can use its primary network interface to communicate with the destination ECS.root@ecs-s:/etc/netplan# ping6 -I 2407:c080:1200:1dd8:1473:49db:22d7:13c7 2407:c080:1200:1dd9:f5e1:94d1:2822:dede PING 2407:c080:1200:1dd9:f5e1:94d1:2822:dede(2407:c080:1200:1dd9:f5e1:94d1:2822:dede) from 2407:c080:1200:1dd8:1473:49db:22d7:13c7 : 56 data bytes 64 bytes from 2407:c080:1200:1dd9:f5e1:94d1:2822:dede: icmp_seq=1 ttl=64 time=0.244 ms 64 bytes from 2407:c080:1200:1dd9:f5e1:94d1:2822:dede: icmp_seq=2 ttl=64 time=0.212 ms 64 bytes from 2407:c080:1200:1dd9:f5e1:94d1:2822:dede: icmp_seq=3 ttl=64 time=0.169 ms ^C --- 2407:c080:1200:1dd9:f5e1:94d1:2822:dede ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2033ms rtt min/avg/max/mdev = 0.169/0.208/0.244/0.030 ms
Before configuring policy-based routes, ensure that the source ECS can use its primary network interface to communicate with the destination ECS.
- Log in to the source ECS and configure temporary routes for the ECS.
Temporary routes are applied immediately but are lost after ECS restarts. To avoid network disruptions, perform 6 to configure persistent routes instead.
- Configure policy-based routes for both the primary and extended network interfaces.
- Primary network interface
ip -6 route add default via <subnet-gateway> dev <network-interface-name> table <route-table-name>
ip -6 route add <subnet-CIDR-block> dev <network-interface-name> table <route-table-name>
ip -6 rule add from <network-interface-address> table <route-table-name>
- Extended network interface
ip -6 route add default via <subnet-gateway> dev <network-interface-name> table <route-table-name>
ip -6 route add <subnet-CIDR-block> dev <network-interface-name> table <route-table-name>
ip -6 rule add from <network-interface-address> table <route-table-name>
Configure the parameters as follows:In this example, run the following commands:
- Primary network interface
ip -6 route add default via 2407:c080:1200:1dd8::1 dev eth0 table 10
ip -6 route add 2407:c080:1200:1dd8::/64 dev eth0 table 10
ip -6 rule add from 2407:c080:1200:1dd8:1473:49db:22d7:13c7 table 10
- Extended network interface
ip -6 route add default via 2407:c080:1200:1a9c::1 dev eth1 table 20
ip -6 route add 2407:c080:1200:1a9c::/64 dev eth1 table 20
ip -6 rule add from 2407:c080:1200:1a9c:691e:fffe:7e22:12c4 table 20
If the ECS has multiple network interfaces, configure policy-based routes for all network interfaces one by one.
- Primary network interface
- Check whether the policy-based routes are added.
ip -6 route show table <route-table-name-of-the-primary-network-interface>
ip -6 route show table <route-table-name-of-the-extended-network-interface>
The route table name is the one configured in 5.a.
In this example, run the following commands:
ip -6 rule
ip -6 route show table 10
ip -6 route show table 20
If information similar to the following is displayed, the policy-based routes have been added.root@ecs-s:/etc/netplan# ip -6 rule 0: from all lookup local 32764: from 2407:c080:1200:1a9c:691e:fffe:7e22:12c4 lookup 20 32765: from 2407:c080:1200:1dd8:1473:49db:22d7:13c7 lookup 10 32766: from all lookup main root@ecs-s:/etc/netplan# ip -6 route show table 10 2407:c080:1200:1dd8::/64 dev eth0 metric 1024 pref medium default via 2407:c080:1200:1dd8::1 dev eth0 metric 1024 pref medium root@ecs-s:/etc/netplan# ip -6 route show table 20 2407:c080:1200:1a9c::/64 dev eth1 metric 1024 pref medium default via 2407:c080:1200:1a9c::1 dev eth1 metric 1024 pref medium
- Check whether the source and destination ECSs can communicate with each other.
ping -6 -I <IP-address-of-the-primary-network-interface-on-the-source-ECS> <IP-address-of-the-destination-ECS>
ping -6 -I <IP-address-of-the-extended-network-interface-on-the-source-ECS> <IP-address-of-the-destination-ECS>
In this example, run the following commands:
ping6 -I 2407:c080:1200:1dd8:1473:49db:22d7:13c7 2407:c080:1200:1dd9:f5e1:94d1:2822:dede
ping6 -I 2407:c080:1200:1a9c:691e:fffe:7e22:12c4 2407:c080:1200:1dd9:f5e1:94d1:2822:dede
If information similar to the following is displayed, both the network interfaces of the source ECS can communicate with the destination ECS.root@ecs-s:/etc/netplan# ping6 -I 2407:c080:1200:1dd8:1473:49db:22d7:13c7 2407:c080:1200:1dd9:f5e1:94d1:2822:dede PING 2407:c080:1200:1dd9:f5e1:94d1:2822:dede(2407:c080:1200:1dd9:f5e1:94d1:2822:dede) from 2407:c080:1200:1dd8:1473:49db:22d7:13c7 : 56 data bytes 64 bytes from 2407:c080:1200:1dd9:f5e1:94d1:2822:dede: icmp_seq=1 ttl=64 time=0.260 ms 64 bytes from 2407:c080:1200:1dd9:f5e1:94d1:2822:dede: icmp_seq=2 ttl=64 time=0.248 ms 64 bytes from 2407:c080:1200:1dd9:f5e1:94d1:2822:dede: icmp_seq=3 ttl=64 time=0.165 ms ^C --- 2407:c080:1200:1dd9:f5e1:94d1:2822:dede ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2043ms rtt min/avg/max/mdev = 0.165/0.224/0.260/0.042 ms root@ecs-s:/etc/netplan# ping6 -I 2407:c080:1200:1a9c:691e:fffe:7e22:12c4 2407:c080:1200:1dd9:f5e1:94d1:2822:dede PING 2407:c080:1200:1dd9:f5e1:94d1:2822:dede(2407:c080:1200:1dd9:f5e1:94d1:2822:dede) from 2407:c080:1200:1a9c:691e:fffe:7e22:12c4 : 56 data bytes 64 bytes from 2407:c080:1200:1dd9:f5e1:94d1:2822:dede: icmp_seq=1 ttl=64 time=0.592 ms 64 bytes from 2407:c080:1200:1dd9:f5e1:94d1:2822:dede: icmp_seq=2 ttl=64 time=0.208 ms 64 bytes from 2407:c080:1200:1dd9:f5e1:94d1:2822:dede: icmp_seq=3 ttl=64 time=0.162 ms ^C --- 2407:c080:1200:1dd9:f5e1:94d1:2822:dede ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2031ms rtt min/avg/max/mdev = 0.162/0.320/0.592/0.192 ms
- Configure policy-based routes for both the primary and extended network interfaces.
- Configure persistent routes for the source ECS.
- Run the following command to create the network-routes6.service file for the systemd service:
vi /etc/systemd/system/network-routes6.service
- Press i to enter the editing mode.
- Add the following content to the end of the file:
[Unit] Description=Network Routes Configuration After=network.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/bash -c 'for((x=0; x<30; x++)); do [[ $(ping6 -I eth0 2407:c080:1200:1dd8::1 -c 1 -W 1 >/dev/null 2>&1 && echo 1) ]] && break; done; ip route flush table 10; ip -6 route add default via 2407:c080:1200:1dd8::1 dev eth0 table 10; ip -6 route add 2407:c080:1200:1dd8::/64 dev eth0 table 10; ip -6 rule add from 2407:c080:1200:1dd8:859c:e5d5:8b3d:a2d9 table 10; for((x=0; x<30; x++)); do [[ $(ping6 -I eth1 2407:c080:1200:1a9c::1 -c 1 -W 1 >/dev/null 2>&1 && echo 1) ]] && break; done; ip route flush table 20; ip -6 route add default via 2407:c080:1200:1a9c::1 dev eth1 table 20; ip -6 route add 2407:c080:1200:1a9c::/64 dev eth1 table 20; ip -6 rule add from 2407:c080:1200:1a9c:7cc0:63b5:8e65:4dd8 table 20' [Install] WantedBy=multi-user.target
The parameters are as follows:
- for loop: checks whether primary network interface eth0 and extended network interface eth1 are started by pinging the IPv6 gateways of the subnets where the network interfaces reside. In this example, 2407:c080:1200:1dd8::1 indicates the IPv6 gateway of the subnet where eth0 resides, 2407:c080:1200:1a9c::1 indicates the IPv6 gateway of the subnet where eth1 resides, and -c 1 indicates that one data packet is sent at a time, -W 1 indicates that the timeout duration is 1s and the number of retries is 30.
- ip route flush table route table name: Running this command will delete existing routes in the specified route table. This prevents new routes from being affected.
- Policy-based routes of the primary network interface: Set it to the same value as that in 5.a.
- Policy-based routes of the extended network interface: Set it to the same value as that in 5.a.
- Press ESC to exit and enter :wq! to save the configuration.
- Run the following commands to reload the systemd configuration and start the service:
systemctl enable network-routes6.service
If information similar to the following is displayed, the service is started:root@ecs-s:/etc/netplan# systemctl daemon-reload root@ecs-s:/etc/netplan# systemctl enable network-routes6.service Created symlink /etc/systemd/system/multi-user.target.wants/network-routes6.service → /etc/systemd/system/network-routes6.service.
- Run the following command to restart the source ECS:
Policy-based routes added to the network-routes6.service file only work after the source ECS is restarted. Ensure that workloads on the ECS will not be affected before restarting the ECS.
- Repeat 5.b to 5.c to check whether the policy-based routes are added and whether the source ECS and the destination ECS can communicate with each other.
- Run the following command to create the network-routes6.service file for the systemd service:
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot