wiki:TipAndDoc/network/defaultgw

Version 9 (modified by mitty, 15 years ago) (diff)

--

default gateway

  • default gateway (default route)の変更方法・扱い
  • ip route flush cacheでRPDBの更新をせずにパケットの経路を確かめていた箇所があるので、要検証・要修正

CentOS

複数NICでdhcp時

  • 最後にLinkUPしたNICのdefaultGWのみ有効になる
    • ifconfig
      eth0      Link encap:Ethernet  HWaddr 00:0C:29:XX:XX:XX
                inet addr:133.XX.XX.177  Bcast:133.51.87.255  Mask:255.255.248.0
      (snip)
      
      eth1      Link encap:Ethernet  HWaddr 00:0C:29:YY:YY:YY
                inet addr:192.168.50.132  Bcast:192.168.50.255  Mask:255.255.255.0
      (snip)
      
      eth2      Link encap:Ethernet  HWaddr 00:0C:29:ZZ:ZZ:ZZ
                inet addr:192.168.40.156  Bcast:192.168.40.255  Mask:255.255.255.0
      (snip)
      
      eth3      Link encap:Ethernet  HWaddr 00:0C:29:XY:ZX:YZ
                inet addr:192.168.0.155  Bcast:192.168.0.255  Mask:255.255.255.0
      (snip)
      
    • ip route
      192.168.50.0/24 dev eth1  proto kernel  scope link  src 192.168.50.132
      192.168.0.0/24 dev eth3  proto kernel  scope link  src 192.168.0.155
      192.168.40.0/24 dev eth2  proto kernel  scope link  src 192.168.40.156
      133.51.80.0/21 dev eth0  proto kernel  scope link  src 133.51.80.177
      169.254.0.0/16 dev eth3  scope link
      default via 192.168.0.1 dev eth3
      

ifcfg-eth?

  • ifcfg-eth? に書いた場合
  • /etc/sysconfig/network-scripts/ifcfg-eth0
    DEVICE=eth0
    BOOTPROTO=static
    IPADDR=192.168.40.200
    NETMASK=255.255.255.0
    GATEWAY=192.168.40.1
    ONBOOT=yes
    
  • /etc/sysconfig/network-scripts/ifcfg-eth1
    DEVICE=eth1
    BOOTPROTO=static
    IPADDR=192.168.50.200
    NETMASK=255.255.255.0
    GATEWAY=192.168.50.1
    ONBOOT=yes
    
  • service network restart
    Bringing up interface eth0:                                [  OK  ]
    Bringing up interface eth1:                                [  OK  ]
    
  • 結果 => route
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    192.168.50.0    *               255.255.255.0   U     0      0        0 eth1
    192.168.40.0    *               255.255.255.0   U     0      0        0 eth0
    169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
    default         192.168.50.1    0.0.0.0         UG    0      0        0 eth1
    
    • この状態で、実際にWANへpingを送るとeth1を通る
    • tcpdump icmp -n -i eth1
      listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
      01:32:42.314543 IP 192.168.50.200 > 219.94.129.108: ICMP echo request, id 16947, seq 1, length 64
      01:32:42.330849 IP 219.94.129.108 > 192.168.50.200: ICMP echo reply, id 16947, seq 1, length 64
      
  • eth0とeth1を逆にしてみる
    • eth0
      IPADDR=192.168.50.200
      NETMASK=255.255.255.0
      GATEWAY=192.168.50.1
      
    • eth1
      IPADDR=192.168.40.200
      NETMASK=255.255.255.0
      GATEWAY=192.168.40.1
      
    • service network restart
      Bringing up interface eth0:                                [  OK  ]
      Bringing up interface eth1:                                [  OK  ]
      
    • 結果 => route
      Kernel IP routing table
      Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
      192.168.50.0    *               255.255.255.0   U     0      0        0 eth0
      192.168.40.0    *               255.255.255.0   U     0      0        0 eth1
      169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
      default         192.168.40.1    0.0.0.0         UG    0      0        0 eth1
      
      • 今度もeth1を通る
      • tcpdump icmp -n -i eth1
        listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
        01:39:05.380029 IP 192.168.40.200 > 219.94.129.108: ICMP echo request, id 26423, seq 1, length 64
        01:39:05.392541 IP 219.94.129.108 > 192.168.40.200: ICMP echo reply, id 26423, seq 1, length 64
        
  • LinkUPの順番を変える
    • ifup eth1; ifup eth0
      Kernel IP routing table
      Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
      192.168.50.0    *               255.255.255.0   U     0      0        0 eth0
      192.168.40.0    *               255.255.255.0   U     0      0        0 eth1
      169.254.0.0     *               255.255.0.0     U     0      0        0 eth0
      default         192.168.50.1    0.0.0.0         UG    0      0        0 eth0
      
    • tcpdump icmp -n -i eth0
      listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
      01:42:55.952191 IP 192.168.50.200 > 219.94.129.108: ICMP echo request, id 52536, seq 1, length 64
      01:42:55.965580 IP 219.94.129.108 > 192.168.50.200: ICMP echo reply, id 52536, seq 1, length 64
      

sysconfig/network

  • /etc/sysconfig/network
    GATEWAY=192.168.50.2
    
  • ifcfg-eth? に GATEWAY= があるとき
    • そちらが優先される
  • 無いとき
    • /etc/sysconfig/network の GATEWAY= が設定される
      Kernel IP routing table
      Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
      192.168.50.0    *               255.255.255.0   U     0      0        0 eth0
      192.168.40.0    *               255.255.255.0   U     0      0        0 eth1
      169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
      default         192.168.50.2    0.0.0.0         UG    0      0        0 eth0
      

結論

  • /etc/sysconfig/network-scripts/ifcfg-eth? に GATEWAY= の指定がない場合は、/etc/sysconfig/network が参照される
  • ifcfg-eth? に GATEWAY= の指定がある際は、そちらが参照される
    • NICが複数ある場合は、最後にLinkUPしたデバイスのgatewayが有効になる

  • eth0
    GATEWAY=192.168.50.1
    
  • eth1
    • 指定なし
  • network
    GATEWAY=192.168.50.2
    
  • => route
    default         192.168.50.1    0.0.0.0         UG    0      0        0 eth0
    

route コマンド

  • 以下の状態でroute addする
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    192.168.50.0    *               255.255.255.0   U     0      0        0 eth0
    192.168.40.0    *               255.255.255.0   U     0      0        0 eth1
    169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
    default         192.168.50.1    0.0.0.0         UG    0      0        0 eth0
    
  • route add default gw 192.168.40.1
    default         192.168.40.1    0.0.0.0         UG    0      0        0 eth1
    default         192.168.50.1    0.0.0.0         UG    0      0        0 eth0
    
    • この場合、実際にはeth1を通る
      listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
      02:03:27.195895 IP 192.168.40.200 > 219.94.129.108: ICMP echo request, id 51265, seq 1, length 64
      02:03:27.212349 IP 219.94.129.108 > 192.168.40.200: ICMP echo reply, id 51265, seq 1, length 64
      
  • route add default gw 192.168.0.1
    SIOCADDRT: Network is unreachable
    
    • routing table は変化せず

default が複数あるときの挙動

  • 挙動法則が不明
    • route コマンドで、先に表示された行のgwが必ず使われるとも限らない模様

  • ifconfig
    eth0 => 192.168.50.100
    eth1 => 192.168.60.100
    eth2 => 192.168.70.100
    eth3 => 192.168.40.100
    

例1

  • route
    default         192.168.70.200  0.0.0.0         UG    0      0        0 eth2
    default         192.168.60.200  0.0.0.0         UG    0      0        0 eth1
    default         192.168.50.200  0.0.0.0         UG    0      0        0 eth0
    default         192.168.40.200  0.0.0.0         UG    0      0        0 eth3
    
  • ping 219.94.129.108 -c1
    • client:eth2 (192.168.70.100)
      03:20:58.808400 IP 192.168.70.100 > 219.94.129.108: ICMP echo request, id 33555, seq 1, length 64
      
    • gw:eth2 (192.168.70.200)
      03:20:58.834723 IP 192.168.70.100 > 219.94.129.108: ICMP echo request, id 33555, seq 1, length 64
      

例2

  • route
    default         192.168.40.200  0.0.0.0         UG    0      0        0 eth3
    default         192.168.50.200  0.0.0.0         UG    0      0        0 eth0
    default         192.168.60.200  0.0.0.0         UG    0      0        0 eth1
    default         192.168.70.200  0.0.0.0         UG    0      0        0 eth2
    
  • ping 219.94.129.108 -c1
    • client:eth1 (192.168.60.100)
      03:25:08.077550 IP 192.168.60.100 > 219.94.129.108: ICMP echo request, id 37651, seq 1, length 64
      
    • gw:eth1 (192.168.60.200)
      03:25:08.106974 IP 192.168.60.100 > 219.94.129.108: ICMP echo request, id 37651, seq 1, length 64
      

例3

  • route
    default         192.168.50.200  0.0.0.0         UG    0      0        0 eth0
    default         192.168.60.200  0.0.0.0         UG    0      0        0 eth1
    default         192.168.70.200  0.0.0.0         UG    0      0        0 eth2
    default         192.168.40.200  0.0.0.0         UG    0      0        0 eth3
    
  • ping 219.94.129.108 -c1
    • client:eth3 (192.168.40.100)
      03:29:45.739584 IP 192.168.40.100 > 219.94.129.108: ICMP echo request, id 42515, seq 1, length 64
      
    • gw:eth3 (192.168.40.200)
      03:29:45.773401 IP 192.168.40.100 > 219.94.129.108: ICMP echo request, id 42515, seq 1, length 64
      

Ubuntu

  • CentOSとは違い、NICの設定ファイルは一つにまとまっている
  • default が複数あるときの挙動については、CentOS同様に不明
    • 最後に活性化されたNICがdefault gwになる? (そうとも限らない可能性があるので要検証)
    • default GWにしたくないdeviceに対して、interfacesファイル内でpost-upコマンドを使ってip route delする手法もある
      auto eth2
      iface eth2 inet dhcp
          post-up /sbin/ip route del default dev eth2
      

複数NICでdhcp時

  • 最後にDHCPから取得できるdefaultGW全てが列挙される
    • ifconfig
      eth0      Link encap:Ethernet  HWaddr 00:0c:29:xx:xx:xx
                inet addr:133.xx.xx.18  Bcast:133.51.87.255  Mask:255.255.248.0
      (snip)
      
      eth1      Link encap:Ethernet  HWaddr 00:0c:29:yy:yy:yy
                inet addr:192.168.50.128  Bcast:192.168.50.255  Mask:255.255.255.0
      (snip)
      
      eth2      Link encap:Ethernet  HWaddr 00:0c:29:zz:zz:zz
                inet addr:192.168.40.157  Bcast:192.168.40.255  Mask:255.255.255.0
      (snip)
      
      eth3      Link encap:Ethernet  HWaddr 00:0c:29:xy:zx:yz
                inet addr:192.168.0.222  Bcast:192.168.0.255  Mask:255.255.255.0
      (snip)
      
    • ip route
      192.168.50.0/24 dev eth1  proto kernel  scope link  src 192.168.50.128
      192.168.0.0/24 dev eth3  proto kernel  scope link  src 192.168.0.222
      192.168.40.0/24 dev eth2  proto kernel  scope link  src 192.168.40.157
      133.51.80.0/21 dev eth0  proto kernel  scope link  src 133.51.81.18
      default via 133.51.87.254 dev eth0
      default via 192.168.0.1 dev eth3
      default via 192.168.40.2 dev eth2
      
      • eth3にはGWが無いため設定されていない

interfaces

  • /etc/network/interfaces
    auto lo
    iface lo inet loopback
    
    auto eth0
    iface eth0 inet static
            address 192.168.50.200
            netmask  255.255.255.0
            gateway 192.168.50.1
    
    auto eth1
    iface eth1 inet static
            address 192.168.60.200
            netmask 255.255.255.0
            gateway 192.168.60.100
    
    auto eth2
    iface eth2 inet static
            address 192.168.70.200
            netmask 255.255.255.0
            gateway 192.168.70.100
    
    auto eth3
    iface eth3 inet static
            address 192.168.40.200
            netmask 255.255.255.0
            gateway 192.168.40.1
    
  • route
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    192.168.70.0    *               255.255.255.0   U     0      0        0 eth2
    192.168.50.0    *               255.255.255.0   U     0      0        0 eth0
    192.168.60.0    *               255.255.255.0   U     0      0        0 eth1
    192.168.40.0    *               255.255.255.0   U     0      0        0 eth3
    default         192.168.40.1    0.0.0.0         UG    100    0        0 eth3
    default         192.168.70.100  0.0.0.0         UG    100    0        0 eth2
    default         192.168.60.100  0.0.0.0         UG    100    0        0 eth1
    default         192.168.50.1    0.0.0.0         UG    100    0        0 eth0
    
  • ping 219.94.129.108 -c1
    listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
    07:56:54.264373 IP 192.168.50.200 > 219.94.129.108: ICMP echo request, id 12822, seq 1, length 64
    07:56:54.284695 IP 219.94.129.108 > 192.168.50.200: ICMP echo reply, id 12822, seq 1, length 64
    
  1. sudo ifdown eth2; sudo ifup eth2
    • route
      default         192.168.70.100  0.0.0.0         UG    100    0        0 eth2
      default         192.168.40.1    0.0.0.0         UG    100    0        0 eth3
      default         192.168.60.100  0.0.0.0         UG    100    0        0 eth1
      default         192.168.50.1    0.0.0.0         UG    100    0        0 eth0
      
  2. sudo ifdown eth1; sudo ifup eth1
    • route
      default         192.168.60.100  0.0.0.0         UG    100    0        0 eth1
      default         192.168.70.100  0.0.0.0         UG    100    0        0 eth2
      default         192.168.40.1    0.0.0.0         UG    100    0        0 eth3
      default         192.168.50.1    0.0.0.0         UG    100    0        0 eth0
      
    • ping 219.94.129.108 -c1
      08:01:24.453913 IP 192.168.50.200 > 219.94.129.108: ICMP echo request, id 42262, seq 1, length 64
      08:01:24.475447 IP 219.94.129.108 > 192.168.50.200: ICMP echo reply, id 42262, seq 1, length 64
      
  3. sudo ifdown eth0; sudo ifup eth0
    • route
      default         192.168.50.1    0.0.0.0         UG    100    0        0 eth0
      default         192.168.60.100  0.0.0.0         UG    100    0        0 eth1
      default         192.168.70.100  0.0.0.0         UG    100    0        0 eth2
      default         192.168.40.1    0.0.0.0         UG    100    0        0 eth3
      
    • ping 219.94.129.108 -c1
      08:02:22.346792 IP 192.168.50.200 > 219.94.129.108: ICMP echo request, id 56854, seq 1, length 64
      08:02:22.368070 IP 219.94.129.108 > 192.168.50.200: ICMP echo reply, id 56854, seq 1, length 64
      

route コマンド

  • ifup コマンドとは別に保存される
    1. sudo route add default gw 192.168.40.1
    2. sudo route add default gw 192.168.50.1
    3. sudo route add default gw 192.168.60.100
    4. sudo ifdown eth2; sudo ifup eth2
    5. sudo ifdown eth0; sudo ifup eth0
    • route
      Kernel IP routing table
      Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
      192.168.70.0    *               255.255.255.0   U     0      0        0 eth2
      192.168.50.0    *               255.255.255.0   U     0      0        0 eth0
      192.168.60.0    *               255.255.255.0   U     0      0        0 eth1
      192.168.40.0    *               255.255.255.0   U     0      0        0 eth3
      default         192.168.60.100  0.0.0.0         UG    0      0        0 eth1
      default         192.168.50.1    0.0.0.0         UG    0      0        0 eth0
      default         192.168.40.1    0.0.0.0         UG    0      0        0 eth3
      default         192.168.50.1    0.0.0.0         UG    100    0        0 eth0
      default         192.168.70.100  0.0.0.0         UG    100    0        0 eth2
      
    • ping 219.94.129.108 -c1
      08:35:41.384666 IP 192.168.50.200 > 219.94.129.108: ICMP echo request, id 39704, seq 1, length 64
      
  • 更にifdown/ifupするとdefault routeも追加される
    1. sudo ifdown eth1; sudo ifup eth1
      default         192.168.60.100  0.0.0.0         UG    0      0        0 eth1
      default         192.168.50.1    0.0.0.0         UG    0      0        0 eth0
      default         192.168.40.1    0.0.0.0         UG    0      0        0 eth3
      default         192.168.60.100  0.0.0.0         UG    100    0        0 eth1
      default         192.168.50.1    0.0.0.0         UG    100    0        0 eth0
      default         192.168.70.100  0.0.0.0         UG    100    0        0 eth2
      
    • しかし、実際にパケットが通るのはeth0のまま
    • ping 219.94.129.108 -c1
      08:37:52.757894 IP 192.168.50.200 > 219.94.129.108: ICMP echo request, id 52248, seq 1, length 64