Meikel
2015-Dec-23 14:06 UTC
[CentOS] Network configuration issue with second public ip on CentOS 6
Hi folks,
I have a server at Soyoustart.com (which is a brand of OVH). I run
CentOS 6.7 and have problems with network configuration.
I want to add a second public ip (failover ip) to the server and did
follow the instructions in the CentOS-section of
http://hilfe.ovh.de/AdministrationIpAliasHinzufuegen
After executing the required steps I'm not able to reach the host via
the second ip from an external host. I tried it with ping and with ssh
commands.
Here the content of the config files (I anonymized the server ip with
xx.xx.xx.xx and the failover ip with yy.yy.yy.yy):
$ cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=<name-of-my-host>
NOZEROCONF=true
GATEWAY=xx.xx.xx.254
$ cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
IPADDR=xx.xx.xx.xx
NETMASK=255.255.255.0
ONBOOT=yes
GATEWAY=xx.xx.xx.254
$ cat /etc/sysconfig/network-scripts/ifcfg-eth0:0
DEVICE=eth0:0
BOOTPROTO=static
IPADDR=yy.yy.yy.yy
NETMASK=255.255.255.255
ONBOOT=yes
When I restart the network I get a message (two times) saying "RTNETLINK
answers: Operation not supported".
$ service network restart
Schnittstelle eth0 beenden: [ OK ]
Loopback-Schnittstelle beenden: [ OK ]
Loopback-Schnittstelle hochfahren: [ OK ]
Schnittstelle eth0 hochfahren: Determining if ip address xx.xx.xx.xx is
already in use for device eth0...
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
[ OK ]
I can see two interfaces eth0 and eth0:0
$ LANG="" ifconfig
eth0 Link encap:Ethernet HWaddr ..:..:..:..:..:..
inet addr:xx.xx.xx.xx Bcast:xx.xx.xx.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11122 errors:0 dropped:0 overruns:0 frame:0
TX packets:14371 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1362900 (1.2 MiB) TX bytes:3462327 (3.3 MiB)
Interrupt:20 Memory:fe500000-fe520000
eth0:0 Link encap:Ethernet HWaddr ..:..:..:..:..:..
inet addr:yy.yy.yy.yy Bcast:yy.yy.yy.yy Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:20 Memory:fe500000-fe520000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:3096 errors:0 dropped:0 overruns:0 frame:0
TX packets:3096 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:274948 (268.5 KiB) TX bytes:274948 (268.5 KiB)
I'm able to reach the host from another host (outside OVH network) via
xx.xx.xx.xx (I use ping and ssh), but not via yy.yy.yy.yy.
Just to be sure that there isn't an issue with the firewall I did
"service iptables stop" and ran the "ping" and
"ssh" commands again with
the same result. For ip xx.xx.xx.xx it works, but not for yy.yy.yy.yy.
Not sure if this is important, just in case it matters, some additional
information:
IPv6 is disabled by kernel parameter "ipv6.disable=1" in
/etc/grub.conf
The two mac addresses I see for eth0 and eth0:0 with the "ifconfig"
command are the same. In the OVH/Soyoustart.com GUI I created a virtual
mac for the failover ip, I'm not sure if that virtual mac should come
into play somewhere?
$ uname -a
Linux <name-of-my-host> 2.6.32-573.12.1.el6.x86_64 #1 SMP Tue Dec 15
21:19:08 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
$ LANG="" route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
xx.xx.xx.0 * 255.255.255.0 U 0 0 0 eth0
default vss-gw-6k.fr.eu 0.0.0.0 UG 0 0 0 eth0
Why is yy.yy.yy.yy not reachable from outside? What am I doing wrong or
what can I do to narrow down the problem?
Regards,
Meikel
Ulf Volmer
2015-Dec-23 14:43 UTC
[CentOS] Network configuration issue with second public ip on CentOS 6
On 12/23/2015 03:06 PM, Meikel wrote:> $ cat /etc/sysconfig/network-scripts/ifcfg-eth0 > DEVICE=eth0 > BOOTPROTO=static > IPADDR=xx.xx.xx.xx > NETMASK=255.255.255.0 > ONBOOT=yes > GATEWAY=xx.xx.xx.254 > > $ cat /etc/sysconfig/network-scripts/ifcfg-eth0:0 > DEVICE=eth0:0 > BOOTPROTO=static > IPADDR=yy.yy.yy.yy > NETMASK=255.255.255.255this looks weak. Try to use the same netmask as you use for eth0. best regards Ulf
Valeri Galtsev
2015-Dec-23 17:31 UTC
[CentOS] Network configuration issue with second public ip on CentOS 6
On Wed, December 23, 2015 8:06 am, Meikel wrote:> Hi folks, > > I have a server at Soyoustart.com (which is a brand of OVH). I run > CentOS 6.7 and have problems with network configuration. > > I want to add a second public ip (failover ip) to the server and did > follow the instructions in the CentOS-section of > http://hilfe.ovh.de/AdministrationIpAliasHinzufuegen > > After executing the required steps I'm not able to reach the host via > the second ip from an external host. I tried it with ping and with ssh > commands. > > Here the content of the config files (I anonymized the server ip with > xx.xx.xx.xx and the failover ip with yy.yy.yy.yy): > > $ cat /etc/sysconfig/network > NETWORKING=yes > HOSTNAME=<name-of-my-host> > NOZEROCONF=true > GATEWAY=xx.xx.xx.254 > > $ cat /etc/sysconfig/network-scripts/ifcfg-eth0 > DEVICE=eth0 > BOOTPROTO=static > IPADDR=xx.xx.xx.xx > NETMASK=255.255.255.0 > ONBOOT=yes > GATEWAY=xx.xx.xx.254 > > $ cat /etc/sysconfig/network-scripts/ifcfg-eth0:0 > DEVICE=eth0:0 > BOOTPROTO=static > IPADDR=yy.yy.yy.yy > NETMASK=255.255.255.255 > ONBOOT=yesIf I understand IP networking correctly, you only can have "aliases" of the interface appear on the _same_ network segment (I'm tempted to say same class C network) as the main IP of interface, say you have: DEVICE=eth0 IPADDR=x.y.z.w NETMASK=255.255.255.0 GATEWAY=x.y.z.254 Then with the restriction I mentioned you can have alias: DEVICE=eth0:0 IPADDR=x.y.z.a NETMASK=255.255.255.255 Note that "x.y.z." part is the same in both IPs. Somebody may correct me if I'm wrong. Valeri> > When I restart the network I get a message (two times) saying "RTNETLINK > answers: Operation not supported". > > $ service network restart > Schnittstelle eth0 beenden: [ OK ] > Loopback-Schnittstelle beenden: [ OK ] > Loopback-Schnittstelle hochfahren: [ OK ] > Schnittstelle eth0 hochfahren: Determining if ip address xx.xx.xx.xx is > already in use for device eth0... > RTNETLINK answers: Operation not supported > RTNETLINK answers: Operation not supported > [ OK ] > > I can see two interfaces eth0 and eth0:0 > > $ LANG="" ifconfig > eth0 Link encap:Ethernet HWaddr ..:..:..:..:..:.. > inet addr:xx.xx.xx.xx Bcast:xx.xx.xx.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:11122 errors:0 dropped:0 overruns:0 frame:0 > TX packets:14371 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:1362900 (1.2 MiB) TX bytes:3462327 (3.3 MiB) > Interrupt:20 Memory:fe500000-fe520000 > > eth0:0 Link encap:Ethernet HWaddr ..:..:..:..:..:.. > inet addr:yy.yy.yy.yy Bcast:yy.yy.yy.yy Mask:255.255.255.255 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:20 Memory:fe500000-fe520000 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:65536 Metric:1 > RX packets:3096 errors:0 dropped:0 overruns:0 frame:0 > TX packets:3096 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:274948 (268.5 KiB) TX bytes:274948 (268.5 KiB) > > > I'm able to reach the host from another host (outside OVH network) via > xx.xx.xx.xx (I use ping and ssh), but not via yy.yy.yy.yy. > > Just to be sure that there isn't an issue with the firewall I did > "service iptables stop" and ran the "ping" and "ssh" commands again with > the same result. For ip xx.xx.xx.xx it works, but not for yy.yy.yy.yy. > > Not sure if this is important, just in case it matters, some additional > information: > > IPv6 is disabled by kernel parameter "ipv6.disable=1" in /etc/grub.conf > > The two mac addresses I see for eth0 and eth0:0 with the "ifconfig" > command are the same. In the OVH/Soyoustart.com GUI I created a virtual > mac for the failover ip, I'm not sure if that virtual mac should come > into play somewhere? > > $ uname -a > Linux <name-of-my-host> 2.6.32-573.12.1.el6.x86_64 #1 SMP Tue Dec 15 > 21:19:08 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux > > $ LANG="" route > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > xx.xx.xx.0 * 255.255.255.0 U 0 0 0 eth0 > default vss-gw-6k.fr.eu 0.0.0.0 UG 0 0 0 eth0 > > Why is yy.yy.yy.yy not reachable from outside? What am I doing wrong or > what can I do to narrow down the problem? > > Regards, > > Meikel > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Patrick Bervoets
2015-Dec-23 18:04 UTC
[CentOS] Network configuration issue with second public ip on CentOS 6
> Op 23 dec. 2015 om 18:31 heeft Valeri Galtsev <galtsev at kicp.uchicago.edu> het volgende geschreven: > > >> > > If I understand IP networking correctly, you only can have "aliases" of > the interface appear on the _same_ network segment (I'm tempted to say > same class C network) as the main IP of interface, say you have: > > DEVICE=eth0 > IPADDR=x.y.z.w > NETMASK=255.255.255.0 > GATEWAY=x.y.z.254 > > Then with the restriction I mentioned you can have alias: > > DEVICE=eth0:0 > IPADDR=x.y.z.a > NETMASK=255.255.255.255 > > Note that "x.y.z." part is the same in both IPs. > > Somebody may correct me if I'm wrong. > > Valeri > >> >>I have used an 10. Alias on a 192. Interface so it is possible Patrick
Gordon Messmer
2015-Dec-24 06:42 UTC
[CentOS] Network configuration issue with second public ip on CentOS 6
On 12/23/2015 06:06 AM, Meikel wrote:> I want to add a second public ip (failover ip) to the server and did > follow the instructions in the CentOS-section of > http://hilfe.ovh.de/AdministrationIpAliasHinzufuegenWhat you're attempting to do is called "multi-homed routing" and isn't covered very well by that document. Try this one, or use Google to find another guide: https://blogs.oracle.com/networking/entry/advance_routing_for_multi_homed> After executing the required steps I'm not able to reach the host via > the second ip from an external host. I tried it with ping and with ssh > commands.I expect that your host is receiving the ICMP request packets and responding. The problem is the response. The reply packet has the correct source and destination addresses, and the kernel must consult its routing table to determine how and where to send it. There is only one route back to the destination address (the address from which you pinged the system), and that is the default route. Your system sends the packet out that link, where it is probably dropped by an upstream router since it came from an address that they don't handle. Your system needs both an additional default route, and rules to determine which route to use for which packets. The above link will help you set up both.> Here the content of the config files (I anonymized the server ip with > xx.xx.xx.xx and the failover ip with yy.yy.yy.yy): > > $ cat /etc/sysconfig/network > NETWORKING=yes > HOSTNAME=<name-of-my-host> > NOZEROCONF=true > GATEWAY=xx.xx.xx.254Don't set GATEWAY here.> $ cat /etc/sysconfig/network-scripts/ifcfg-eth0:0 > DEVICE=eth0:0 > BOOTPROTO=static > IPADDR=yy.yy.yy.yy > NETMASK=255.255.255.255 > ONBOOT=yesAs discussed, that's not a usable NETMASK. You should ignore pretty much everything in the document you linked to.> When I restart the network I get a message (two times) saying > "RTNETLINK answers: Operation not supported".I'm pretty sure that those are the result of the bad NETMASK.> IPv6 is disabled by kernel parameter "ipv6.disable=1" in /etc/grub.confI would discourage everyone from doing that.> The two mac addresses I see for eth0 and eth0:0 with the "ifconfig" > command are the same. In the OVH/Soyoustart.com GUI I created a > virtual mac for the failover ip, I'm not sure if that virtual mac > should come into play somewhere?I don't think there's any reason to have a virtual MAC.