Linux Dual Network Interface Routing Guide
Linux Dual Network Interface Routing Configuration Guide
1. Introduction to the Problem
When configuring dual network interfaces on servers, a common issue is that traffic fails to route correctly through the expected interface. This document, based on a real-world case, explains how to configure and troubleshoot routing issues in Linux systems (especially Ubuntu).
2. Environment Description
Sample Network Architecture
- Server: Ubuntu 20.04 LTS, running Zabbix service
- Network Interface 1 (ens5): 192.168.1.2/24, gateway 192.168.1.254
- Network Interface 2 (ens6): 192.168.1.1/24, gateway 192.168.1.254
- Service: Listening on port 10051 (Zabbix Server)
Problem Description
- From branch offices, connections to
192.168.1.2:10051 work - Connections to
192.168.1.1:10051 fail, despite the service listening on0.0.0.0:10051
3. Linux Routing Basics
Routing Table Structure
Linux uses multiple routing tables and policies to determine packet flow:
# View routing table listcat /etc/iproute2/rt_tables## reserved values#255 local254 main253 default0 unspec## local#100 primary200 secondary
Default Routes and Metrics
# View current routing tableip route showdefault via 192.168.1.254 dev ens5 proto dhcp src 192.168.1.2 metric 100192.168.1.0/24 dev ens6 proto kernel scope link src 192.168.1.1192.168.1.0/24 dev ens5 proto kernel scope link src 192.168.1.2 metric 100
4. Netplan Configuration
Ubuntu uses Netplan to manage network configurations. Below are configuration files for the two network interfaces:
Primary Interface Configuration /etc/netplan/50-cloud-init.yaml
network: ethernets: ens5: dhcp4: true dhcp6: false match: macaddress: 00:11:22:33:44:55 set-name: ens5 routing-policy: - from: 192.168.1.2 table: 100 - to: 192.168.1.2 table: 100 routes: - to: default via: 192.168.1.254 table: 100 metric: 200 # Higher value means lower priority version: 2
Secondary Interface Configuration /etc/netplan/99-ens6.yaml
network: ethernets: ens6: addresses: - 192.168.1.1/24 routing-policy: - from: 192.168.1.1 table: 200 - to: 192.168.1.1 table: 200 routes: - to: default via: 192.168.1.254 table: 200 - to: default via: 192.168.1.254 metric: 50 # Lower value means higher priority
5. Common Diagnostic Procedures
Routing Issue Checks
# View routing tableip route show# View policy routingip rule list# Check reverse path filtering settingssysctl -a | grep rp_filter# Check IP forwardingsysctl -a | grep ip_forward# Packet capture analysistcpdump -i any port 10051 -nn
Kernel Parameter Adjustments
# Enable IP forwardingsysctl -w net.ipv4.ip_forward=1# Set reverse path filtering to loose modesysctl -w net.ipv4.conf.all.rp_filter=2sysctl -w net.ipv4.conf.ens5.rp_filter=2sysctl -w net.ipv4.conf.ens6.rp_filter=2
6. Solution
Adjusting Route Priority
Control default route priority by setting metric values:
# Delete old default routesudo ip route del default via 192.168.1.254 dev ens5# Add new default route through the business interfacesudo ip route add default via 192.168.1.254 dev ens6 metric 50
7. Best Practices
- Avoid Multiple IPs in the Same Subnet: When possible, configure network interfaces on different subnets
- Define Clear Routing Policies: Configure explicit routing policies and tables for each IP
- Adjust Reverse Path Filtering: Use loose mode (
rp_filter=2) in multi-interface environments - Use Metrics to Differentiate Priority: Set different metric values for different interfaces
- Permanent Configuration: Use netplan to ensure configurations persist after reboot
- AWS-Specific Considerations:
- Check security group configurations
- Disable Source/Destination Check
- Configure correct route table associations
By following these configuration principles and troubleshooting methods, you can effectively solve routing problems in Linux servers with dual network interfaces, ensuring applications run correctly in multi-IP environments.