Hi,
I'm wanting to configure a CentOS 6 server to have a fall-back default route via a second network interface.
Given:
- eth0 with 192.168.0.10 on subnet 192.168.0.0/24 gateway 192.168.0.1 - eth1 with 192.168.1.10 on subnet 192.168.1.0/24 gateway 192.168.1.1
Where eth0's network is a "back door" to the internet, and eth1's is the "front door", I believe I can configure the routing table manually like this:
ip route default scope global \ nexthop via 192.168.1.1 dev eth1 weight 1 \ nexthop via 192.168.0.1 dev eth0 weight 2
However, I've re-read the RHEL6 documents for configuring static routes here:
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment...
This kind of thing doesn't seem to fit into the scheme of /etc/sysconfig/network-scripts/route-eth? described there, since the route isn't "for" any single interface. Is there a "RHEL/CentOS" way to do this, or do I need to resort to some sort of script containing the above ip route command inserted somewhere?
And how do I stop CentOS from trying to pick its own default gateway settings (since /etc/sysconfig/network likely won't have a GATEWAY parameter)?
Cheers,
Nick
ps. Hints about this obtained from
http://lkml.indiana.edu/hypermail/linux/net/0201.0/0000.html http://lartc.org/lartc.html#AEN298
On 02/01/2012 02:03 PM, Nick wrote:
Hi,
I'm wanting to configure a CentOS 6 server to have a fall-back default route via a second network interface.
Given:
- eth0 with 192.168.0.10 on subnet 192.168.0.0/24 gateway 192.168.0.1
- eth1 with 192.168.1.10 on subnet 192.168.1.0/24 gateway 192.168.1.1
Where eth0's network is a "back door" to the internet, and eth1's is the "front door", I believe I can configure the routing table manually like this:
ip route default scope global \ nexthop via 192.168.1.1 dev eth1 weight 1 \ nexthop via 192.168.0.1 dev eth0 weight 2
However, I've re-read the RHEL6 documents for configuring static routes here:
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment...
This kind of thing doesn't seem to fit into the scheme of /etc/sysconfig/network-scripts/route-eth? described there, since the route isn't "for" any single interface. Is there a "RHEL/CentOS" way to do this, or do I need to resort to some sort of script containing the above ip route command inserted somewhere?
And how do I stop CentOS from trying to pick its own default gateway settings (since /etc/sysconfig/network likely won't have a GATEWAY parameter)?
Hmm...
I just tried this and besides needing ip route "add" default
It does not seem to work when I unplug the cable on my primary link.
On Wed, Feb 1, 2012 at 1:35 PM, Steve Clark sclark@netwolves.com wrote:
I'm wanting to configure a CentOS 6 server to have a fall-back default route via a second network interface.
Given:
- eth0 with 192.168.0.10 on subnet 192.168.0.0/24 gateway 192.168.0.1 - eth1 with 192.168.1.10 on subnet 192.168.1.0/24 gateway 192.168.1.1
Where eth0's network is a "back door" to the internet, and eth1's is the "front door", I believe I can configure the routing table manually like this:
ip route default scope global \ nexthop via 192.168.1.1 dev eth1 weight 1 \ nexthop via 192.168.0.1 dev eth0 weight 2
However, I've re-read the RHEL6 documents for configuring static routes here:
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment...
This kind of thing doesn't seem to fit into the scheme of /etc/sysconfig/network-scripts/route-eth? described there, since the route isn't "for" any single interface. Is there a "RHEL/CentOS" way to do this, or do I need to resort to some sort of script containing the above ip route command inserted somewhere?
And how do I stop CentOS from trying to pick its own default gateway settings (since /etc/sysconfig/network likely won't have a GATEWAY parameter)?
Hmm...
I just tried this and besides needing ip route "add" default
It does not seem to work when I unplug the cable on my primary link.
I don't think CentOS is smart enough to automatically drop routes associated with a NIC that is down like a Cisco would. If you put routes in /etc/sysconfig/network-scripts/routes-eth? to match the device names, the ifup and ifdown scripts will add/remove routes when you manually run time to enable/disable a particular NIC, but that doesn't get you automatic failover. And with ethernet type devices it is pretty rare for the link to go away at the same time the packets stop getting through anyway.
On 02/01/2012 04:06 PM, Les Mikesell wrote:
On Wed, Feb 1, 2012 at 1:35 PM, Steve Clarksclark@netwolves.com wrote:
I'm wanting to configure a CentOS 6 server to have a fall-back default route via a second network interface.
Given:
- eth0 with 192.168.0.10 on subnet 192.168.0.0/24 gateway 192.168.0.1
- eth1 with 192.168.1.10 on subnet 192.168.1.0/24 gateway 192.168.1.1
Where eth0's network is a "back door" to the internet, and eth1's is the "front door", I believe I can configure the routing table manually like this:
ip route default scope global \ nexthop via 192.168.1.1 dev eth1 weight 1 \ nexthop via 192.168.0.1 dev eth0 weight 2
However, I've re-read the RHEL6 documents for configuring static routes here:
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment...
This kind of thing doesn't seem to fit into the scheme of /etc/sysconfig/network-scripts/route-eth? described there, since the route isn't "for" any single interface. Is there a "RHEL/CentOS" way to do this, or do I need to resort to some sort of script containing the above ip route command inserted somewhere?
And how do I stop CentOS from trying to pick its own default gateway settings (since /etc/sysconfig/network likely won't have a GATEWAY parameter)?
Hmm...
I just tried this and besides needing ip route "add" default
It does not seem to work when I unplug the cable on my primary link.
I don't think CentOS is smart enough to automatically drop routes associated with a NIC that is down like a Cisco would. If you put routes in /etc/sysconfig/network-scripts/routes-eth? to match the device names, the ifup and ifdown scripts will add/remove routes when you manually run time to enable/disable a particular NIC, but that doesn't get you automatic failover. And with ethernet type devices it is pretty rare for the link to go away at the same time the packets stop getting through anyway.
I got it sort of work - but even with the weights and flushing the routing cache sometimes it seemed to want to go on the higher weighted route. Could be something in my setup.
I did onetime have if fail from the lower weight to the higher weighted route when I pulled the cable on the preferred route.
On 01/02/12 21:06, Les Mikesell wrote:
Hmm...
I just tried this and besides needing ip route "add" default
It does not seem to work when I unplug the cable on my primary link.
Well, I should disclose that is an experiment, and I may not have explained the config fully - see the pages I referenced for more authoritative information. I did think I had it working but I am less sure now, and caching looks like it may be a problem.
I should emphasise that the main question I have here is: is RHEL's scheme for configuring routing flexible enough to accommodate such configurations?
And if it isn't, is there anything I should bear in mind when hacking a script to do this sort of thing, in order to avoid breaking my system or generally fighting against the system's assumptions?
I don't think CentOS is smart enough to automatically drop routes associated with a NIC that is down like a Cisco would. If you put routes in /etc/sysconfig/network-scripts/routes-eth? to match the device names, the ifup and ifdown scripts will add/remove routes when you manually run time to enable/disable a particular NIC,
Right; and then one NIC's state controls the routing configuration for both. I can't see an easy way around that.
but that doesn't get you automatic failover. And with ethernet type devices it is pretty rare for the link to go away at the same time the packets stop getting through anyway.
Just to clarify, by "that" do you mean custom "routes in [..]/routes-eth?" or the nexthop configuration I mentioned? It'd guess the former, but I'm more interested in the latter.
Based on some tests I suspect it works initially, then if things change, the routing cache will keep the old non-working config until someone flushes it. Note, I'm not sure about this either (due to the general fog of fatigue), and I'm thinking I should try a an entirely different approach.
Thanks,
N
On 02/02/2012 11:28 AM, Nick wrote:
And if it isn't, is there anything I should bear in mind when hacking a script to do this sort of thing, in order to avoid breaking my system or generally fighting against the system's assumptions?
I would have ping the gateway of primary link (maybe both) and some outside IP on that path, and in case of timeouts I would activate changes or something. Like "heartbeat" tests.
But I recommend you read: http://www.shorewall.net/Shorewall_and_Routing.html
and then consider using shorewall in MultiISP environment. I do not think Basic routing is able to deal with changing circumstances, at least not fast enough. One solution would be running dynamic routing protocols, like OSPF or OLSR, which involves running then on several routers/systems, or using some active script like shorewall.
On 02/02/2012 05:41 AM, Ljubomir Ljubojevic wrote:
On 02/02/2012 11:28 AM, Nick wrote:
And if it isn't, is there anything I should bear in mind when hacking a script to do this sort of thing, in order to avoid breaking my system or generally fighting against the system's assumptions?
I would have ping the gateway of primary link (maybe both) and some outside IP on that path, and in case of timeouts I would activate changes or something. Like "heartbeat" tests.
Yes, we use a perl script that pings two different sites on the net using specific routes to direct the pings out specific interfaces, if after a configurable number of pings get lost out the primary interface the perl script changes the default route to the secondary interface while still trying to ping out the primary interface, when a configurable number of pings out the primary interface succeed the perl script changes the default route back to the primary.
But I recommend you read: http://www.shorewall.net/Shorewall_and_Routing.html
and then consider using shorewall in MultiISP environment. I do not think Basic routing is able to deal with changing circumstances, at least not fast enough. One solution would be running dynamic routing protocols, like OSPF or OLSR, which involves running then on several routers/systems, or using some active script like shorewall.
On 02/01/2012 11:03 AM, Nick wrote:
I believe I can configure the routing table manually like this: ip route default scope global \ nexthop via 192.168.1.1 dev eth1 weight 1 \ nexthop via 192.168.0.1 dev eth0 weight 2
This kind of thing doesn't seem to fit into the scheme of /etc/sysconfig/network-scripts/route-eth? described there, since the route isn't "for" any single interface.
It doesn't really matter that the route isn't "for" a specific interface. The route just has to be valid when the file is evaluated. You'd want to create route-eth1 and add a single line starting with "default" and containing the rest of the command you listed above.
And how do I stop CentOS from trying to pick its own default gateway settings (since /etc/sysconfig/network likely won't have a GATEWAY parameter)?
If you're not specifying one elsewhere, the system won't "pick" one as far as I know.
Having said that, I don't think that the kernel will do automatic route detection failures. IIRC, "weight" is used for load balancing, and connections will be pinned to whatever route is selected.
You probably don't want to do any of this. Instead, you'd want to use a package that's set up to handle the routes and rules that are required for multiple ISP handling, and scripts that are written to detect link failure and adjust the system accordingly. Consider: http://www.shorewall.net/MultiISP.html#LinkMonitor
-
Gordon Messmer -
Les Mikesell -
Ljubomir Ljubojevic -
Nick -
Steve Clark