Help Center/ Elastic Cloud Server/ Troubleshooting/ Configuring the Network/ Why Cannot the EIP Bound to the Extension NIC of My ECS Access the Internet?
Updated on 2022-02-22 GMT+08:00

Why Cannot the EIP Bound to the Extension NIC of My ECS Access the Internet?

Symptom

Your ECS has one primary NIC and one extension NIC in the same subnet. Both the NICs have an EIP bound to access the Internet. The EIP bound to the primary NIC can access the Internet, but that bound to the extension NIC cannot.

Possible Causes

By default, ECSs running CentOS have the reverse path filtering (RP-Filter) enabled. The default route of the ECSs is to forward outgoing traffic through the extension NIC to eth0. However, the system considers that the response data packets should be forwarded from eth1. The system determines that the traffic is received from a wrong NIC and then discards the response packets.

Solution

Configure a policy-based routing rule so that the extension NIC traffic is forwarded from the extension NIC.

  1. Run the following command to edit the rt_tables file:

    vi /etc/iproute2/rt_tables

    Add an alias for the routing table, such as test.

  2. Save the modification and exit.
  3. Run the following command to add a route to the test table:

    ip route add default via Gateway IP address of the extension NIC dev eth1 table Name of the routing table

    For example, run the following command:

    ip route add default via 192.168.166.1 dev eth1 table test

  4. Run the following command to add a policy-based routing rule:

    ip rule add from IP address of the extension NIC lookup Name of the routing table prio lower than 32766 but higher than the main table

    For example, run the following command:

    ip rule add from 192.168.166.22 lookup test prio 32000

    Check whether the EIP bound to the extension NIC can access the Internet. If you want to make this rule take effect permanently, add the preceding command to the startup script /etc/rc.local.