LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices


Reply
  Search this Thread
Old 11-17-2016, 07:50 AM   #1
asmoljo
LQ Newbie
 
Registered: Nov 2016
Posts: 3

Rep: Reputation: Disabled
Question Problem with primary and secondary IP address on RHEL7


I'm using NetworkManager service (network service is stopped)
I'm trying to add a secondary IP address to RHEL7 connection.
First I create connection like this:
nmcli con add con-name enp0s4 ifname enp0 autoconnect no type ethernet ip4 10.1.212.122/24 gw4 10.1.212.1
after that i start connection like this:
nmcli con up enp0s4
Then I add new IP on connection 'enp0s4' like this:
nmcli con mod enp0s4 +ipv4.addresses 10.1.212.120/24 and restart with 'nmcli con up enp0s4'
After I list with 'ip a' it shows that my secondary IP address is 10.1.212.122 and 10.1.212.120 is primary!
How I can force RHEL7 to set my 10.1.212.122 as primary IP address ?
 
Old 11-18-2016, 05:18 PM   #2
Emerson
LQ Sage
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~arch
Posts: 7,070

Rep: Reputation: Disabled
Thinking of it I have never heard of primary and secondary IP addresses. What is it? Granted, you can have more than one IP address, and you can configure your daemons (or shall I say services in systemd language?) to listen on certain addresses, but primary and secondary?
 
Old 11-19-2016, 12:25 AM   #3
cliffordw
Member
 
Registered: Jan 2012
Location: South Africa
Posts: 506

Rep: Reputation: 194Reputation: 194
asmoljo, intriguing problem. I've been playing with this for a while now, and haven't found a solution yet, sorry...

One approach I've been trying is to specify all the addresses when creating the connection, in one step:

Code:
sudo nmcli con add con-name test1 ifname br0 autoconnect no type bridge ip4 "10.1.212.122/24,10.1.212.120/24"
The order in which I specify the addresses seems to make no difference, though - looks like NM sorts them first, and the lowest number IP becomes primary.

Emerson, as far as I know, the first IP on an interface is referred to as the "primary", while others are secondary. The "ip a" output actually says "secondary" where appropriate:

Code:
12: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 4a:ae:94:73:59:5d brd ff:ff:ff:ff:ff:ff
    inet 10.1.212.118/24 brd 10.1.212.255 scope global br0
       valid_lft forever preferred_lft forever
    inet 10.1.212.120/24 brd 10.1.212.255 scope global secondary br0
       valid_lft forever preferred_lft forever
    inet 10.1.212.122/24 brd 10.1.212.255 scope global secondary br0
       valid_lft forever preferred_lft forever
One key area where this is relevant, is that the primary address is the default "source" address for outgoing connections:

Code:
$ ip route
10.1.212.0/24 dev br0 proto kernel scope link src 10.1.212.118 metric 425 linkdown
This might be important for routing and firewall purposes, depending on your network layout.
 
Old 11-19-2016, 12:55 AM   #4
Emerson
LQ Sage
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~arch
Posts: 7,070

Rep: Reputation: Disabled
RHEL admin is not allowed to set route? If you have more than one IP address shouldn't you configure them as needed instead of relying something called "default"?
 
Old 11-19-2016, 01:14 AM   #5
cliffordw
Member
 
Registered: Jan 2012
Location: South Africa
Posts: 506

Rep: Reputation: 194Reputation: 194
Hi,

Quote:
Originally Posted by Emerson View Post
RHEL admin is not allowed to set route? If you have more than one IP address shouldn't you configure them as needed instead of relying something called "default"?
I'm not sure I understand what you're asking. Of course you can set the routes the way you want ;-)

I assume you're referring to my comment on the default source address for a connection, though. It is possible for a client-side connection to bind() to a specific address, which means that address will be used as source for the connection. This is not often done, though, so for most outgoing connections (think your browser's request for a web page for example), the kernel picks the source based on the routing table or IP config. So the "default" source for a route is the address specified as "src" in the route, or if not present, the first address on that interface. See http://linux-ip.net/html/routing-saddr-selection.html for details.

It is possible (with manual "ip" commands) to configure the interface addresses in the correct order, and to configure the routes appropriately. The OP's question was about doing this with NetworkDamager, though, which seems to be harder to do (if possible at all).

Hope this makes sense ;-)

Last edited by cliffordw; 11-19-2016 at 01:15 AM. Reason: Added reference link
 
Old 11-21-2016, 04:31 AM   #6
asmoljo
LQ Newbie
 
Registered: Nov 2016
Posts: 3

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Emerson View Post
RHEL admin is not allowed to set route? If you have more than one IP address shouldn't you configure them as needed instead of relying something called "default"?
Emerson, I do not want to configure some routes. I want a clean configuration with NetworkManager. I can workoround this problem using the old 'network' service, but I do not want to use the 'network', because
NM is default in RHEL7,and I use NM on all other RHEL7 servers. This is the first time that I ran into this problem.
cliffordw also noticed that NM sorts IP's from lowest IP number to highest IP number, with the lowest being the primary. My server is web server in DMZ and it must forward request through the firewall
to the application server. Web must do forward request with specific source IP address(primary) and specifici port because of the firewall configuration.
 
Old 11-21-2016, 08:48 AM   #7
asmoljo
LQ Newbie
 
Registered: Nov 2016
Posts: 3

Original Poster
Rep: Reputation: Disabled
I tried the same scenario on centos7 (CentOS Linux release 7.2.1511 (Core)) and it behave differently.
These are my steps:

1.
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:63:40:9a brd ff:ff:ff:ff:ff:ff
inet 10.1.212.123/24 brd 10.1.212.255 scope global enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe63:409a/64 scope link
valid_lft forever preferred_lft forever

2.
# nmcli connection modify static +ipv4.addresses 10.1.212.124/24
# nmcli connection up static
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:63:40:9a brd ff:ff:ff:ff:ff:ff
inet 10.1.212.123/24 brd 10.1.212.255 scope global enp0s3
valid_lft forever preferred_lft forever
inet 10.1.212.124/24 brd 10.1.212.255 scope global secondary enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe63:409a/64 scope link
valid_lft forever preferred_lft forever

3.
# nmcli connection modify static +ipv4.addresses 10.1.212.122/24
# nmcli connection up static
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:63:40:9a brd ff:ff:ff:ff:ff:ff
inet 10.1.212.123/24 brd 10.1.212.255 scope global enp0s3
valid_lft forever preferred_lft forever
inet 10.1.212.124/24 brd 10.1.212.255 scope global secondary enp0s3
valid_lft forever preferred_lft forever
inet 10.1.212.122/24 brd 10.1.212.255 scope global secondary enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe63:409a/64 scope link
valid_lft forever preferred_lft forever
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
primary ip address works, but secondary does not on ubuntu on vmare esxi coal-fire-ice Linux - Networking 0 08-11-2010 06:00 AM
Secondary Primary does not show up. SolarisZen Linux - Hardware 11 12-31-2007 08:41 AM
primary - secondary DNS jsheffie Solaris / OpenSolaris 2 08-01-2005 06:55 AM
Using a primary/secondary HD slave mvendramini Linux - Hardware 4 04-20-2003 11:45 AM
Primary and Secondary DNS dilberim82 Linux - Networking 3 07-13-2001 10:50 AM

LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise

All times are GMT -5. The time now is 04:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration