Multiple IP addresses, Multiple default gateway

ネットワーク管理

わけあって(仕事の関係)一台のノートPCの一個のイーサネットインタフェースに異なるサブネットのIPアドレスを複数振り、それぞれのアドレスから異なるデフォルトゲートウェイを設定するという課題ができたので調査および実験。実験はVMware Player上のvirtual machine, CentOS7とUbuntu14.04 LTSで行った。

構成はこんな感じ.

ルータのインタフェースIPアドレスが変更になってもつながるようにしたいというわけ。

CentOS 7



1.    Install  NetworkManager-config-routing-rules


[root@localhost kenhrd]# yum install NetworkManager-config-routing-rules


Loaded plugins: fastestmirror, langpacks


base                                                     | 3.6 kB     00:00     


extras                                                   | 3.4 kB     00:00     


updates                                                  | 3.4 kB     00:00     


Loading mirror speeds from cached hostfile


 * base: centos.01link.hk


 * extras: centos.01link.hk


 * updates: centos.01link.hk


Resolving Dependencies


--> Running transaction check


---> Package NetworkManager-config-routing-rules.x86_64 1:1.0.0-16.git20150121.b4ea599c.el7_1 will be installed


--> Finished Dependency Resolution




Dependencies Resolved




================================================================================


 Package             Arch   Version                               Repository


                                                                           Size


================================================================================


Installing:


 NetworkManager-config-routing-rules


                     x86_64 1:1.0.0-16.git20150121.b4ea599c.el7_1 updates 112 k




Transaction Summary


================================================================================


Install  1 Package




Total download size: 112 k


Installed size: 912  


Is this ok [y/d/N]: y


Downloading packages:


warning: /var/cache/yum/x86_64/7/updates/packages/NetworkManager-config-routing-rules-1.0.0-16.git20150121.b4ea599c.el7_1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY


Public key for NetworkManager-config-routing-rules-1.0.0-16.git20150121.b4ea599c.el7_1.x86_64.rpm is not installed


NetworkManager-config-routing-rules-1.0.0-16.git20150121.b | 112 kB   00:00     


Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7


Importing GPG key 0xF4A80EB5:


 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) "


 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5


 Package    : centos-release-7-1.1503.el7.centos.2.8.x86_64 (@anaconda)


 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7


Is this ok [y/N]: y


Running transaction check


Running transaction test


Transaction test succeeded


Running transaction


  Installing : 1:NetworkManager-config-routing-rules-1.0.0-16.git20150121   1/1 


  Verifying  : 1:NetworkManager-config-routing-rules-1.0.0-16.git20150121   1/1 




Installed:


  NetworkManager-config-routing-rules.x86_64 1:1.0.0-16.git20150121.b4ea599c.el7_1




Complete!




2.    Enable NetworkManager


[root@localhost ifcfg]# systemctl enable NetworkManager-dispatcher.service


[root@localhost ifcfg]# systemctl start NetworkManager-dispatcher.service




3.    IP address, routing and routing rule with subinterfaces


[root@localhost network-scripts]# pwd


/etc/sysconfig/network-scripts


[root@localhost network-scripts]# cat ifcfg-eno16777736


TYPE="Ethernet"


BOOTPROTO=none


DEFROUTE="yes"


IPV4_FAILURE_FATAL="no"


IPV6INIT="yes"


IPV6_AUTOCONF="yes"


IPV6_DEFROUTE="yes"


IPV6_FAILURE_FATAL="no"


NAME="eno16777736"


UUID="cf35db14-5918-4b68-8803-bd12d45c1ffe"


DEVICE="eno16777736"


ONBOOT="yes"


IPADDR=172.16.20.2


PREFIX=30


GATEWAY=172.16.20.1


IPV6_PEERDNS=yes


IPV6_PEERROUTES=yes


[root@localhost network-scripts]# cat ifcfg-eno16777736:1


TYPE="Ethernet"


BOOTPROTO=none


DEFROUTE="yes"


IPV4_FAILURE_FATAL="no"


IPV6INIT="yes"


IPV6_AUTOCONF="yes"


IPV6_DEFROUTE="yes"


IPV6_FAILURE_FATAL="no"


NAME="eno16777736"


UUID="cf35db14-5918-4b68-8803-bd12d45c1ffe"


DEVICE="eno16777736:1"


ONBOOT="yes"


IPADDR=172.16.30.2


PREFIX=30


GATEWAY=172.16.30.1


IPV6_PEERDNS=yes


IPV6_PEERROUTES=yes


[root@localhost network-scripts]# cat ifcfg-eno16777736:2


TYPE="Ethernet"


BOOTPROTO=none


DEFROUTE="yes"


IPV4_FAILURE_FATAL="no"


IPV6INIT="yes"


IPV6_AUTOCONF="yes"


IPV6_DEFROUTE="yes"


IPV6_FAILURE_FATAL="no"


NAME="eno16777736"


UUID="cf35db14-5918-4b68-8803-bd12d45c1ffe"


DEVICE="eno16777736:2"


ONBOOT="yes"


IPADDR=172.16.40.2


PREFIX=30


GATEWAY=172.16.40.1


IPV6_PEERDNS=yes


IPV6_PEERROUTES=yes




[root@localhost network-scripts]# cat route-eno16777736


default via 172.16.20.1 dev eno16777736 tab 100


default via 172.16.30.1 dev eno16777736:1 tab 101


default via 172.16.40.1 dev eno16777736:2 tab 102


[root@localhost network-scripts]# cat rule-eno16777736


from 172.16.20.2/30 tab 100 priority 100


from 172.16.30.2/30 tab 101 priority 200


from 172.16.40.2/30 tab 102 priority 300




4.    Restart network


[root@localhost network-scripts]# systemctl restart network


[root@localhost network-scripts]#






5.    Confirm IP Addresses and routing table


[root@localhost network-scripts]# ip rule show


0:    from all lookup local 


100:    from 172.16.20.2/30 lookup 100 


200:    from 172.16.30.2/30 lookup 101 


300:    from 172.16.40.2/30 lookup 102 


32766:    from all lookup main 


32767:    from all lookup default 


[root@localhost network-scripts]# ip route show table 100


default via 172.16.20.1 dev eno16777736 


[root@localhost network-scripts]# ip route show table 101


default via 172.16.30.1 dev eno16777736 


[root@localhost network-scripts]# ip route show table 102


default via 172.16.40.1 dev eno16777736




6.    Confirm from another VM on the same vmnet


[root@localhost network-scripts]# ip addr show eno16777736


2: eno16777736:  mtu 1500 qdisc pfifo_fast state UP qlen 1000


    link/ether 00:0c:29:73:34:a2 brd ff:ff:ff:ff:ff:ff


    inet 172.16.20.1/30 brd 172.16.20.3 scope global eno16777736


       valid_lft forever preferred_lft forever


    inet6 fe80::20c:29ff:fe73:34a2/64 scope link 


       valid_lft forever preferred_lft forever


[root@localhost network-scripts]# ping 172.16.20.1 -c 2


PING 172.16.20.1 (172.16.20.1) 56(84) bytes of data.


64 bytes from 172.16.20.1: icmp_seq=1 ttl=64 time=0.067 ms


64 bytes from 172.16.20.1: icmp_seq=2 ttl=64 time=0.082 ms




--- 172.16.20.1 ping statistics ---


2 packets transmitted, 2 received, 0% packet loss, time 999ms


rtt min/avg/max/mdev = 0.067/0.074/0.082/0.011 ms


[root@localhost network-scripts]# ping 172.16.30.1 -c 2


connect: Network is unreachable


[root@localhost network-scripts]# ping 172.16.40.1 -c 2


connect: Network is unreachable


[root@localhost network-scripts]# vi ifcfg-eno16777736 


[root@localhost network-scripts]# systemctl restart network


[root@localhost network-scripts]# ip addr show eno16777736


2: eno16777736:  mtu 1500 qdisc pfifo_fast state UP qlen 1000


    link/ether 00:0c:29:73:34:a2 brd ff:ff:ff:ff:ff:ff


    inet 172.16.30.1/30 brd 172.16.30.3 scope global eno16777736


       valid_lft forever preferred_lft forever


    inet6 fe80::20c:29ff:fe73:34a2/64 scope link 


       valid_lft forever preferred_lft forever


[root@localhost network-scripts]# ping 172.16.20.1 -c 2


connect: Network is unreachable


[root@localhost network-scripts]# ping 172.16.30.1 -c 2


PING 172.16.30.1 (172.16.30.1) 56(84) bytes of data.


64 bytes from 172.16.30.1: icmp_seq=1 ttl=64 time=0.074 ms


64 bytes from 172.16.30.1: icmp_seq=2 ttl=64 time=0.064 ms




--- 172.16.30.1 ping statistics ---


2 packets transmitted, 2 received, 0% packet loss, time 999ms


rtt min/avg/max/mdev = 0.064/0.069/0.074/0.005 ms


[root@localhost network-scripts]# ping 172.16.40.1 -c 2


connect: Network is unreachable


[root@localhost network-scripts]# vi ifcfg-eno16777736 


[root@localhost network-scripts]# systemctl restart network


[root@localhost network-scripts]# ip addr show eno16777736


2: eno16777736:  mtu 1500 qdisc pfifo_fast state UP qlen 1000


    link/ether 00:0c:29:73:34:a2 brd ff:ff:ff:ff:ff:ff


    inet 172.16.40.1/30 brd 172.16.40.3 scope global eno16777736


       valid_lft forever preferred_lft forever


    inet6 fe80::20c:29ff:fe73:34a2/64 scope link 


       valid_lft forever preferred_lft forever


[root@localhost network-scripts]# ping 172.16.20.1 -c 2


connect: Network is unreachable


[root@localhost network-scripts]# ping 172.16.30.1 -c 2


connect: Network is unreachable


[root@localhost network-scripts]# ping 172.16.40.1 -c 2


PING 172.16.40.1 (172.16.40.1) 56(84) bytes of data.


64 bytes from 172.16.40.1: icmp_seq=1 ttl=64 time=0.065 ms


64 bytes from 172.16.40.1: icmp_seq=2 ttl=64 time=0.085 ms




--- 172.16.40.1 ping statistics ---


2 packets transmitted, 2 received, 0% packet loss, time 999ms


rtt min/avg/max/mdev = 0.065/0.075/0.085/0.010 ms

Ubuntu14.04LTS



1.    Enable forwarding


root@ken-ubuntu14:/etc# vi sysctl.conf


root@ken-ubuntu14:/etc# grep net.ipv4.ip_forward sysctl.conf


net.ipv4.ip_forward=1


root@ken-ubuntu14:/etc# sysctl -p


net.ipv4.ip_forward = 1


root@ken-ubuntu14:/etc#




2.    IP address, routing and routing rule with subinterfaces


root@ken-ubuntu14:/etc/network# cat interfaces


# interfaces(5) file used by ifup(8) and ifdown(8)


auto lo


iface lo inet loopback




auto eth0


iface eth0 inet static


 address 172.16.10.2


 netmask 255.255.255.252


 gateway 172.16.10.1


    post-up ip route add default via 172.16.10.1 dev eth0 table 100


    post-up ip rule add from 172.16.10.2 table 100 priority 100


    post-down ip rule del from 172.16.10.2 table 100


    post-up ip route add default via 172.16.20.1 dev eth0:1 table 101


    post-up ip rule add from 172.16.20.2 table 101 priority 200


    post-down ip rule del from 172.16.20.2 table 101


    post-up ip route add default via 172.16.30.1 dev eth0:2 table 102


    post-up ip rule add from 172.16.30.2 table 102 priority 300


    post-down ip rule del from 172.16.30.2 table 102




auto eth0:1


iface eth0:1 inet static


 address 172.16.20.2


 netmask 255.255.255.252


 gateway 172.16.20.1




auto eth0:2


iface eth0:2 inet static


 address 172.16.30.2


 netmask 255.255.255.252


 gateway 172.16.30.1 




3.    Restart network


root@ken-ubuntu14:/etc/network# /etc/init.d/networking restart


root@ken-ubuntu14:/etc/network# ifdown eth0; ifup eth0




4.    Confirm IP Addresses and routing table


root@ken-ubuntu14:/etc/network# ip rule show


0:    from all lookup local 


100:    from 172.16.10.2 lookup 100 


200:    from 172.16.20.2 lookup 101 


300:    from 172.16.30.2 lookup 102 


32766:    from all lookup main 


32767:    from all lookup default 


root@ken-ubuntu14:/etc/network# ip route show table 100


default via 172.16.10.1 dev eth0 


root@ken-ubuntu14:/etc/network# ip route show table 101


default via 172.16.20.1 dev eth0 


root@ken-ubuntu14:/etc/network# ip route show table 102


default via 172.16.30.1 dev eth0 


root@ken-ubuntu14:/etc/network#






5.    Confirm from another VM on the same vmnet


[root@localhost network-scripts]# vi ifcfg-eno16777736 


[root@localhost network-scripts]# service network restart ; ip addr show eno16777736 ; ping -c 3 172.16.10.2


Restarting network (via systemctl):                        [  OK  ]


2: eno16777736:  mtu 1500 qdisc pfifo_fast state UP qlen 1000


    link/ether 00:0c:29:73:34:a2 brd ff:ff:ff:ff:ff:ff


    inet 172.16.10.1/30 brd 172.16.10.3 scope global eno16777736


       valid_lft forever preferred_lft forever


    inet6 fe80::20c:29ff:fe73:34a2/64 scope link tentative 


       valid_lft forever preferred_lft forever


PING 172.16.10.2 (172.16.10.2) 56(84) bytes of data.


64 bytes from 172.16.10.2: icmp_seq=1 ttl=64 time=2.09 ms


64 bytes from 172.16.10.2: icmp_seq=2 ttl=64 time=0.296 ms


64 bytes from 172.16.10.2: icmp_seq=3 ttl=64 time=0.246 ms




--- 172.16.10.2 ping statistics ---


3 packets transmitted, 3 received, 0% packet loss, time 2001ms


rtt min/avg/max/mdev = 0.246/0.877/2.091/0.858 ms




[root@localhost network-scripts]# vi ifcfg-eno16777736 


[root@localhost network-scripts]# service network restart ; ip addr show eno16777736 ; ping -c 3 172.16.20.2


Restarting network (via systemctl):                        [  OK  ]


2: eno16777736:  mtu 1500 qdisc pfifo_fast state UP qlen 1000


    link/ether 00:0c:29:73:34:a2 brd ff:ff:ff:ff:ff:ff


    inet 172.16.20.1/30 brd 172.16.20.3 scope global eno16777736


       valid_lft forever preferred_lft forever


    inet6 fe80::20c:29ff:fe73:34a2/64 scope link tentative 


       valid_lft forever preferred_lft forever


PING 172.16.20.2 (172.16.20.2) 56(84) bytes of data.


64 bytes from 172.16.20.2: icmp_seq=1 ttl=64 time=1.29 ms


64 bytes from 172.16.20.2: icmp_seq=2 ttl=64 time=0.263 ms


64 bytes from 172.16.20.2: icmp_seq=3 ttl=64 time=0.305 ms




--- 172.16.20.2 ping statistics ---


3 packets transmitted, 3 received, 0% packet loss, time 2001ms


rtt min/avg/max/mdev = 0.263/0.620/1.294/0.477 ms


[root@localhost network-scripts]#




[root@localhost network-scripts]# vi ifcfg-eno16777736 


[root@localhost network-scripts]# service network restart ; ip addr show eno16777736 ; ping -c 3 172.16.30.2


Restarting network (via systemctl):                        [  OK  ]


2: eno16777736:  mtu 1500 qdisc pfifo_fast state UP qlen 1000


    link/ether 00:0c:29:73:34:a2 brd ff:ff:ff:ff:ff:ff


    inet 172.16.30.1/30 brd 172.16.30.3 scope global eno16777736


       valid_lft forever preferred_lft forever


    inet6 fe80::20c:29ff:fe73:34a2/64 scope link tentative 


       valid_lft forever preferred_lft forever


PING 172.16.30.2 (172.16.30.2) 56(84) bytes of data.


64 bytes from 172.16.30.2: icmp_seq=1 ttl=64 time=0.491 ms


64 bytes from 172.16.30.2: icmp_seq=2 ttl=64 time=0.311 ms


64 bytes from 172.16.30.2: icmp_seq=3 ttl=64 time=0.254 ms




--- 172.16.30.2 ping statistics ---


3 packets transmitted, 3 received, 0% packet loss, time 2001ms


rtt min/avg/max/mdev = 0.254/0.352/0.491/0.101 ms


[root@localhost network-scripts]#

やれやれ、日曜日なのに仕事だ...(趣味?)