I have two interfaces eth0 and eth1. They belong to different vlans. They are accessible from their respective vlan. I have a need to access eth1 from the other vlan and it doesn’t work. Inter-vlan routing is configured in the switch and ideally it should work. When I ping eth1 from the other vlan, it timeout. This suggests the problem is not reaching eth1 but the response is unable to come through. When the server tries to respond the icmp traffic it receives at eth1, it tries to send it via the default gateway which belongs to eth0. Hence there is a need to configure per interface gateway. Windows let you do this easily.
To fix this, I need to configure policy based routing using iproute2. I followed the steps from here. The steps involve creating routing table for each interface, a route, default gateway for each subnet and then rules for each network.
As the referenced blog has a neat document on the configuration and commands to use, I don’t think I need to duplicate it. Just two notes though-
- You need to add the tables to /etc/iproute2/rt_tables before you can add the route and rule
- To inspect the route for each table run
ip route show table tablename
You will no longer see network interface named eth0, eth1 and so on. Instead you will see ethernet device named like ensxxx for a PCI add on device and enoxxx for onboard device. Major has written a blog post on how Systemd come up with a name for a network device. If you prefer, read Red Hat documentation.
ifconfig Continue reading
If you have used RHEL 7 or CentOS 7, you may have noticed the ifconfig command is missing in the default installation. The ifconfig command comes with net-tools package which contains other networking tools such as route, netstat, arp and others. You can still install net-tools if you want. These are why they took our ifconfig –
The main reason for moving net-tools out of default installation has been that it has some limitations, which can’t be fixed anymore. See bug #444036, comment #8.
Also all system tools and services now use iproute instead of net-tools so no package pulls net-tools into default install. See bug #687920.
Forwarding net-tools’ commands to iproute’s is next to impossible as their syntax is very different. See bug #444036, comment #5
As I already stated in comment #2, net-tools (unlike iproute2) has limitations which can’t be fixed anymore.
net-tools uses ioctl – obsolete kernel interface
iproute2 uses netlink – successor to ioctl (https://en.wikipedia.org/wiki/Ioctl#Netlink)