Linux two default gateway

linux ip routing: 2 default gateways

I’m using the latest Raspbian and have my device connected to 2 LANs that each have a gateway to the internet. (The device is connected to one LAN by an ethernet cable, and to the other by USB — a USB-tethered mobile phone.) It appears to just work out of the box, because I can access the intenet, and because the routing table was set up like this automatically after plugging in the cables:

Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.0.1 0.0.0.0 UG 202 0 0 eth0 default 192.168.42.129 0.0.0.0 UG 205 0 0 usb0 

However, I wonder if the device would still be able to access the internet if the gateway on one of the LANs randomly breaks? I have iproute2 package installed but I don’t know anything about how it works, and haven’t really found a good answer on the internet. Thanks.

What about to disconnect one of the gataway connection and check? Cable to the ISP for the router, mobile airplane mode for the mobile. After edit the question updating the result and ask why it happens what it happens. 🙂

2 Answers 2

you have 2 metrics. 202 will be the one used to route traffic. 205 will be in case of failure. You have FLAGS UG: Up & Gateway. If the U disappear, that means that your gateway is down. It will be down if the juice between your rasp and the router or anything in the middle will break. If the router is buggy, or his internet line is down then the traffic will route to a dead end.

If you want to avoid this scenario, and since it is not a dynamic routing protocol, you will need to build up an SLA strategy.

For instance: a script with «ping -I usb0» to google, and another with -I eth0 to google as well. If the one with lower metrics is up and fails to contact google, change its metric, or dramatically shut it down. (metrics: ip route add $/$ via $ metric $).

If you change the metric, you can still try the ping, and restore the connection when ping satisfy.

Use very slow ping, and let it have 3 or 4 fails before the switchover.

This is no silver bullet for your problem, but it is a cool scenario to build up some cool and easy scripts 🙂 :).

Источник

Linux two default gateway

Normally, in a Linux host with multiple network interfaces, you have a default getway that is basically routed. Everything else produces asynchronous routing in the system and routers the packages may possibly discard.

Troubleshooting

In order to avoid this problem, the program «iproute2» exists in all current Linux distributions, which is generally already installed. As already mentioned, only one routing table with only one gateway can be entered in a Linux system. On the one hand, «iproute2» makes it possible to create additional routing tables and, on the other hand, to have them rebased in the system.

Initial situation

It is assumed that the system has the two interfaces enp0s3lf6 and wpl5s0. The two networks to be used have the addresses 192.168.0.0/24 and 172.10.0.0/24. In each case, the .1 represents the gateway of the respective network. In Debian or Ubuntu, the initial configuration of the network in /etc/network/interfaces would look like this:

network interface auto lo
iface lo inet loopback
# The primary network interface allow-hotplug enp0s3lf6
iface enp0s3lf6 inet static
address 192.168.0.10
netmask 255.255.255.0
gateway 192.168.0.1
# The secondary network interface
allow-hotplug wpl5s0
iface wpl5s0 inet static
address 172.10.0.10
netmask 255.255.255.0

Generate the second routing table

For these additional routing tables there exists the file /etc/iproute2/rt_tables, which must be modified accordingly. We give our new routing table the name «srvnet» and the preference of 1.

#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
1 srvnet

Configuration of the routing tables and activation of the routing rules

The system then generates the new routing table and the rules for using the routing table as follows:

ip route add 172.10.0.0/24 dev wpl5s0 src 172.10.0.10 table svrnet
ip route add default via 172.10.0.1 dev wpl5s0 table srvnet

ip rule add from 172.10.0.10/32 table srvnet
ip rule add to 172.10.0.10/32 table srvnet

The first two lines specify that the 172.10.0.0/24 can be reached via the interface wpl5s0 and that the default gateway is located on this interface. The two rules in lines 3 and 4 specify that the incoming traffic should run via the IP address 172.10.0.10 as well as the traffic to and via this IP address must use the routing table srvnet each time.

Once the system is restarted, the «ip route» and «ip-rule» commands are lost again. To prevent the loss, the commands in the network configuration can be permanently entered with the parameter «post-up» in the file /etc/network/interfaces. Thus, the routing is already configured with each initialization of the interfaces.

iface wpl5s0 inet static
address 172.10.0.10
netmask 255.255.255.0
post-up ip route add 172.10.0.0/24 dev wpl5s0 src 172.10.0.10 table svrnet
post-up ip route add default via 172.10.0.1 dev wpl5s0 table srvnet
post-up ip rule add from 172.10.0.10/32 table srvnet
post-up ip rule add to 172.10.0.10/32 table srvnet

If more than two network interfaces exist, repeat this procedure for each additional interface as described.

Solution with dynamic IP addresses

As soon as DHCP with dynamic address allocation is used, our solution will not work like this. Because the IP address will not be known at the time the interface is configured. Remedy can also afford a «post-up» integrated script

iface wpl5s0 inet dhcp
post-up /etc/network/if-up.d/routeaddWlan

To do this, create the following bash script below /etc/network/if-up.d/.

#!/bin/bash
set -e
INTERFACE=`ip addr show | grep -e ‘:\s*wl’ | awk » | cut -d: -f 1`
IP=`ip addr show dev $INTERFACE | grep ‘inet ‘ | awk » | cut -d/ -f 1`
SUBNET=`ip route show | grep ‘default’ | grep $INTERFACE | awk » | sed ‘s/.$/0/g’`
GATEWAY=`ip route show | grep ‘default’ | grep $INTERFACE | awk »`
ip route add $SUBNET/24 dev $INTERFACE src $IP table srvnet
ip route add default via $GATEWAY dev $INTERFACE table srvnet
ip rule add from $IP/32 table srvnet
ip rule add to $IP/32 table srvnet

The script determines the DHCP-assigned IP address, subnet, and gateway to provide these values to the ip commands. Then it executes the ip commands so that they no longer have to be kept in the /etc/network/interfaces.

Final tests of the configuration

The ip command provides some parameters that can be used to display the routing tables and rules.

show all currently existing routing tables including the content. Alternatively, too

all rules indicate when which routing table is used. The rules are processed until a route is found.

• Open Source
• GRUB repair in the rescue system
• ARP Flux on Linux hosts with multiple network interfaces
• One system with two default gateways
• Restore passwords under Linux
• KVM — Mount qcow2 image using qemu
• Secure BIND9 with DNSSEC
• Dig HowTo
• Dynamic DNS (DDNS)
• Instructions for Jitsi Meet video conferencing
• Securing Apache2.4
• /var/ is extremely full
• VPN explained in more detail
• Kali Linux as a VirtualBox guest
• Kali Linux — OpenVAS
• Install PHP (8.2, 7.x and 5.6) on Debian Linux 11
• MyISAM or InnoDB — a comparison

Источник

How to set up two default routes in linux

How to set up two default routes in linux (corresponding to two interfaces), such that incoming traffic from both interfaces is accepted.

Scenario

• Dev: eth0 , IP: 1.1.1.4 , Netmask: 255.255.255.0 , Gateway: 1.1.1.1
• Dev: eth1 , IP: 2.2.2.4 , Netmask: 255.255.255.0 , Gateway: 2.2.2.1

(Both networks are connected to the internet.)

The routes are ( ip route show ):

default via 1.1.1.1 dev eth0 metric 1 default via 2.2.2.1 dev eth1 metric 2 1.1.1.0/24 dev eth0 src 1.1.1.4 2.2.2.0/24 dev eth1 src 2.2.2.4 

(Lower metric means higher priority.)

Now when someone pings 2.2.2.4 from some external host (say 4.4.4.4 ), there is no reply.

The output of tcpdump -i eth1 on my host is:

22:41:27.431539 IP 4.4.4.4 > 2.2.2.4: ICMP echo request, id 8625, seq 4, length 64 22:41:28.439492 IP 4.4.4.4 > 2.2.2.4: ICMP echo request, id 8625, seq 5, length 64 22:41:29.447666 IP 4.4.4.4 > 2.2.2.4: ICMP echo request, id 8625, seq 6, length 64 22:41:30.455528 IP 4.4.4.4 > 2.2.2.4: ICMP echo request, id 8625, seq 7, length 64 

After some research, it turns out that when linux network stack receives a packet from 4.4.4.4 , it checks its routing table to see what interface should have been used for 4.4.4.4 (which is eth0 in the routing table). Now, since the packet came from eth1 interface, linux simply discards it (This policy is probably to prevent IP spoofing).

• Outgoing traffic (locally originated) should use eth0 interface by default.
• Incoming traffic should be accepted from both interfaces. (So 4.4.4.4 should be able to ping both 1.1.1.4 and 2.2.2.4 )

Источник

How does Linux choose between multiple default gateways?

Default Gateway is Router IP address to connect to Internet.Can you connect to internet using 0.0.0.0 as Default gateway?Can you access www.xxxx.com using 0.0.0.0 as name server?

@lash Yes, destination 0.0.0.0 means ‘default’ and the getaway associated to this destination is the default GW. Either you define it manually, or automatically with DHCP. If there are several default GWs, the kernel choose the one to use according to many parameters (policy, metrics, etc). See Stephen’s answer.

3 Answers 3

In this case the kernel chooses based on the metric: the lower metric wins. (Route selection is based on route specificity, administrative cost, and metric in that order. Both your default gateways have the same specificity and administrative cost.)

To change the selection, the best approach is to change the route metric.

@xhienne the administrative cost is 0 for both default routes because they correspond to connected interfaces. A route’s administrative cost depends on the source of its definition: 0 if it’s a connected interface, 1 if it’s a static route, varying amounts for other route sources (depending on the protocol, e.g. RIP v. OSPF).

Ah ok, so it implied, not actually shown. Thanks for the explanation. But a default GW is necessarily on a connected interface, right?

@xhienne I guess it is — I’m trying to think of scenarios where it wouldn’t be but I can’t think of one (tunnels etc. appear as new interfaces).

In newer kernels you can use Policy-based routing (you also need the new iproute2 package) . you then put the default routes into different tables and create rules which determine when to use each table (and hence, which default route applies).

I came to this post because I had two different PCs, each with dual network cards, each one configured something like this:

auto enp6s0 iface enp6s0 inet dhcp address 192.168.20.36 netmask 255.255.255.0 gateway 192.168.20.1 auto enp7s0 iface enp7s0 inet static address 10.10.10.3 netmask 255.255.255.0 gateway 192.168.20.1 

They were both able to connect to the other machines on the 192.168.* LAN and the IOT gadgets on 10.10.*, but one of them could not get out to the Internet.

No policies had been defined, and the route command showed that Metrics were equal. except that for the one with no Internet connectivity the default gateway was using the network card associated with the 10.10.* network.

Apparently (empirically, not guaranteed!) if the Kernel has nothing better to go by it will use the first one it finds. Editing /etc/network/interfaces so that the reference to 192.168.* was listed before the reference to 10.10.* in /etc/network/interfaces appears to have solved the problem.

Источник