Hello all Here is the scenario: We have a mail server VM which currently has two virtual NICs attached to it. One NIC is has an IP on a subnet with a default gateway defined and the other NIC has an IP on a different subnet with a different gateway on a different VLAN defined. Now when I activate both NICs, and run an ifconfig -a, I see that both IP addresses are showing. Now here is the problem. When I ping the VM, the first NIC's IP is not pingable at all, but the second NIC's IP is pingable. How do I configure the networking so that both IPs are pingable and the VM is reachable via both IPs? Please let me know what I may be doing wrong! Thank you! Sean
On 07/11/16 02:00 AM, Sean Son wrote:> Hello all > > Here is the scenario: We have a mail server VM which currently has two > virtual NICs attached to it. One NIC is has an IP on a subnet with a > default gateway defined and the other NIC has an IP on a different subnet > with a different gateway on a different VLAN defined. Now when I activate > both NICs, and run an ifconfig -a, I see that both IP addresses are > showing. Now here is the problem. When I ping the VM, the first NIC's IP is > not pingable at all, but the second NIC's IP is pingable. How do I > configure the networking so that both IPs are pingable and the VM is > reachable via both IPs? Please let me know what I may be doing wrong!We're missing a lot of details, but to speak generally, I'd look at the bridging on the host if you're confident that the interfaces are configured properly inside the host. Also, have you looked at iptables? -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education?
On Mon, 7 Nov 2016 02:00:24 -0500 Sean Son wrote:> When I ping the VM, the first NIC's IP is > not pingable at all, but the second NIC's IP is pingable. How do I > configure the networking so that both IPs are pingable and the VM is > reachable via both IPs?The last time I did that I did it on Centos 5. Here are my notes from back then. First, add two lines to /etc/iproute2/rt_tables, so it looks like this: # # reserved values # 255 local 254 main 253 default 0 unspec # # local # #1 inr.ruhep 50 access1 60 access2 Then add the following routes: ip route add 1.2.3.0/24 dev eth1 table access1 ip route add default via 1.2.3.1 dev eth1 table access1 ip rule add from 1.2.3.178/32 lookup access1 ip route add 1.2.3.0/24 dev eth2 table access2 ip route add default via 1.2.3.1 dev eth2 table access2 ip rule add from 1.2.3.180/32 lookup access2 Of course, in this example 1.2.3.178 is the IP address of the first nic and 1.2.3.180 is the address of the second nic. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
On 7/11/2016 6:00 PM, Sean Son wrote:> Hello all > > Here is the scenario: We have a mail server VM which currently has two > virtual NICs attached to it. One NIC is has an IP on a subnet with a > default gateway defined and the other NIC has an IP on a different subnet > with a different gateway on a different VLAN defined. Now when I activate > both NICs, and run an ifconfig -a, I see that both IP addresses are > showing. Now here is the problem. When I ping the VM, the first NIC's IP is > not pingable at all, but the second NIC's IP is pingable. How do I > configure the networking so that both IPs are pingable and the VM is > reachable via both IPs? Please let me know what I may be doing wrong! >I've done this recently on C7. The key words for your Google Fu is policy based routing. That ensures the incoming packets come back out the same interface they came in on. Mind you, depending on the routers in the way this may not be a problem. CISCO ASAs get really picky but otherwise there may be other problems to deal with as well. If you're using Network Manager then the package: NetworkManager-config-routing-rules will help. After that you create the rules and routes files in /etc/sysconfig/network-scripts So in my case I have: * enp3s0: 192.168.20.253 (the default gateway on this subnet is 192.168.20.2) * vlan22 at enp3s0: 192.168.22.253 (the default gateway on this subnet is 192.168.22.1) [root at host network-scripts]# cat route-enp3s0 192.168.20.0/24 dev enp3s0 tab 20 default via 192.168.20.2 dev enp3s0 tab 20 [root at host network-scripts]# cat rule-enp3s0 from 192.168.20.0/24 tab 20 priority 20 [root at host network-scripts]# cat route-vlan22 192.168.22.0/24 dev vlan22 tab 22 default via 192.168.22.1 dev vlan22 tab 22 [root at host network-scripts]# cat rule-vlan22 from 192.168.22.0/24 tab 22 priority 22 Wireshark can be really helpful here as it can confirm that the "unpingable" NIC is actually receiving the packets that you think it is. And hopefully in that case can also confirm if the echo packets are going out the alternate NIC. If there are no incoming packets then the PBR is no real help at all and you'd need to look further upstream. Hope that helps, -pete -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20161107/1ed82493/attachment-0001.sig>
Gordon Messmer
2016-Nov-07 21:36 UTC
[CentOS] Need help getting two NICs to work on CentOS 7
On 11/06/2016 11:00 PM, Sean Son wrote:> How do I > configure the networking so that both IPs are pingable and the VM is > reachable via both IPs?You need one rule file per interface, which directs traffic out the appropriate interface based on the source address of the packet: https://blogs.oracle.com/networking/entry/advance_routing_for_multi_homed
On 07/11/16 07:00, Sean Son wrote:> Hello all > > Here is the scenario: We have a mail server VM which currently has two > virtual NICs attached to it. One NIC is has an IP on a subnet with a > default gateway defined and the other NIC has an IP on a different subnet > with a different gateway on a different VLAN defined. Now when I activate > both NICs, and run an ifconfig -a, I see that both IP addresses are > showing. Now here is the problem. When I ping the VM, the first NIC's IP is > not pingable at all, but the second NIC's IP is pingable. How do I > configure the networking so that both IPs are pingable and the VM is > reachable via both IPs? Please let me know what I may be doing wrong! > > > Thank you! > > Sean > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centospolicy based routing is useful concept but in my mind should be the very last resort. It is the kernel's networking functions which are responsible for routing tables construction and if you can shed more details (like mentioned earlier) on what can(not) ping what(VM hosting box <-> VM guest / outside internal net <-> VM / etc.) centbuddies could share more concrete thoughts then. Basically - with policy/source based routing you need to be very careful, test everything - best is to leave it to the kernel and only use main table, kernel should be the smartest, for more complex setups maybe think "routing daemons".
Boris Epstein
2016-Nov-08 13:02 UTC
[CentOS] Need help getting two NICs to work on CentOS 7
Hello there, What is the hypervisor that hosts the VM? What does ifconfig show on it? Boris. On Mon, Nov 7, 2016 at 4:36 PM, Gordon Messmer <gordon.messmer at gmail.com> wrote:> On 11/06/2016 11:00 PM, Sean Son wrote: > >> How do I >> configure the networking so that both IPs are pingable and the VM is >> reachable via both IPs? >> > > > You need one rule file per interface, which directs traffic out the > appropriate interface based on the source address of the packet: > > https://blogs.oracle.com/networking/entry/advance_routing_for_multi_homed > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >