Multiple NICs with addresses on same network segment

matsvw · 08-02-2016, 04:23 PM

I have a Virtual Ubuntu 14 Tomcat server. It's hosting three sites. Each site has it's own IP address. System was working before I upgraded the RAM on it this morning and restarted it. At the moment I have the gateways commented out in the interfaces file, previously I had the gateway specified for each interface. Prior to that I specified only the gateway for eth0's ip address. I'm going in circles now.

All three interfaces are up and responding to pings from other hosts on the same subnet. Only one ip address (172.18.180.161) will respond to hosts on other subnets. It seems like a routing issue but I swear I've had other hosts configured like this without issue. Any thoughts?

ifconfig -a

Code:

eth0      Link encap:Ethernet  HWaddr 00:50:56:9c:12:4b
          inet addr:172.18.180.161  Bcast:172.18.180.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fe9c:124b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:945 errors:0 dropped:21 overruns:0 frame:0
          TX packets:802 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:281477 (281.4 KB)  TX bytes:127959 (127.9 KB)

eth1      Link encap:Ethernet  HWaddr 00:50:56:9c:31:f4
          inet addr:172.18.180.163  Bcast:172.18.180.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fe9c:31f4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:195 errors:0 dropped:20 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:17174 (17.1 KB)  TX bytes:868 (868.0 B)

eth2      Link encap:Ethernet  HWaddr 00:50:56:9c:5f:be
          inet addr:172.18.180.154  Bcast:172.18.180.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fe9c:5fbe/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:615 errors:0 dropped:18 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:46443 (46.4 KB)  TX bytes:798 (798.0 B)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

my interfaces file looks like this:

Code:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 172.18.180.161
        netmask 255.255.255.0
        network 172.18.180.0
        broadcast 172.18.180.255
#       gateway 172.18.180.254
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 172.17.202.27 172.17.202.28
        dns-search ori-eug.ori.org ori.org

auto eth1
iface eth1 inet static
        address 172.18.180.163
        netmask 255.255.255.0
        network 172.18.180.0
        broadcast 172.18.180.255
 #       gateway 172.18.180.254
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 172.17.202.27 172.17.202.28
        dns-search ori-eug.ori.org ori.org

auto eth2
iface eth2 inet static
        address 172.18.180.154
        netmask 255.255.255.0
        network 172.18.180.0
        broadcast 172.18.180.255
  #      gateway 172.18.180.254
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 172.17.202.27 172.17.202.28
        dns-search ori-eug.ori.org ori.org

Current routing table:

Code:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         172.18.180.254  0.0.0.0         UG    0      0        0 eth0
localnet        *               255.255.255.0   U     0      0        0 eth0
localnet        *               255.255.255.0   U     0      0        0 eth1
localnet        *               255.255.255.0   U     0      0        0 eth2

matsvw · 08-03-2016, 11:53 AM

It's also worth noting that I've also tried:
Listing the gateway explicitly in the interfaces file for each NIC
Listing the gateway only for eth0
Setting up sub-interfaces on eth0 and

No matter how I slice it, I get one address that's accessible via the gateway and two addresses that are only available on the local network. There has to be a way to do this, otherwise how could you use Ubuntu in a hosting environment?

nini09 · 08-03-2016, 02:51 PM

The problem is that your environment is like multihoming network. You have to use source routing to route outgoing packet to correct outgoing interface. Otherwise, outgoing interface always is eth0 no matter what's incoming interface.
For source routing, you can use 'ip route' tool to create mulit route table to support source routing.

sgrlscz · 08-04-2016, 08:47 AM

You've got an asymmetric routing situation (i.e. packets come in one way and go out another). I would suggest checking the reverse path filtering (rp_filter) setting.

To check the rp_filter setting:

Code:

sysctl -a | grep -e '\.rp_filter'

If it's set to 1, then try setting it to 2:

Code:

echo 2 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter

When rp_filter is set to 1, the system does strict reverse path filtering, which doesn't work with asymmetric routing. In a simple configuration (without a bunch of static routes), it basically means that the IP address of incoming packets is compared to the IP address(es) on the NIC it comes in on and if it doesn't match, the packet is discarded. Since there can only be one default route (without policy based routing), all packets from outside the subnet will come in through one NIC (the one with the default route), so anything destined to the other IP addresses will be discarded.

Setting the rp_filter value to 2 allows "loose" reverse path filtering, which basically means that if the packet is destined for any of the IP addresses on the system, it will be allowed through. So, even though the packet still comes in through the NIC with default route, as long as it is destined for one of the NICs on the system, the packet will get through.

To make the change permanent, you need to add the settings to /etc/sysctl.conf.

matsvw · 08-04-2016, 11:16 AM

Thanks for the replies. I've cloned the system off to get things going again, but I'll try the ideas outlined above on a test system as soon as I have time.

I did try setting static routes, but there's a good chance I didn't do it correctly.