0

I have a network interface for which I would like to configure routes.

# ip address show br_10G_V888
6: br_10G_V888: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 78:ac:44:09:9d:82 brd ff:ff:ff:ff:ff:ff
    inet 172.21.1.48/24 brd 172.21.1.255 scope global noprefixroute br_10G_V888
       valid_lft forever preferred_lft forever

I am able to set the rules using ip:

# ip route add default via 172.21.1.1 dev br_10G_V888 table dmz
# ip rule add from 172.21.1.0/24 lookup dmz
# ip route show table dmz
default via 172.21.1.1 dev br_10G_V888
# ip rule
0:      from all lookup local
32765:  from 172.21.1.0/24 lookup dmz
32766:  from all lookup main
32767:  from all lookup default

I would like to make these changes persistent using nmcli. However, I am unable to recreate the configuration.

# nmcli connection modify br_10G_V888 \
  ipv4.routes '0.0.0.0/0 172.21.1.1 table=1' \
  ipv4.routing-rules 'priority 32765 from 172.21.1.0/24 table 1'
# nmcli connection up br_10G_V888
# ip route show table dmz
default via 172.21.1.1 dev br_10G_V888 proto static
172.21.1.1 dev br_10G_V888 proto static scope link
# ip rule
0:      from all lookup local
32765:  from 172.21.1.0/24 lookup dmz
32766:  from all lookup main
32767:  from all lookup default

Any feedback would be greatly appreciated. Thank you!

Nicolas De Jay
  • 209
  • 2
  • 11
  • 1
    I'm unclear on the problem: after making the changes with `nmcli` in your second example, `ip route show table dmz` shows the default route via `172.21.1.1` that you created, and `ip rule` shows the lookup rule with priority 32765. What's missing? – larsks Jan 13 '23 at 04:30
  • I'm pretty new to networking, so please bear with me! I'm seeing extra terms such as `proto static` on the first line and a new line with `172.21.1.1 dev br_10G_V888 proto static scope link`. Are these configurations the same? – Nicolas De Jay Jan 13 '23 at 22:36
  • 1
    "proto static" just means "set statically" as opposed to set via dhcp (`proto dhcp`) or set implicitly by the kernel (`proto kernel`) or via some other routing protocol (`proto zebra`, etc) – larsks Jan 16 '23 at 00:12

1 Answers1

1

I'm pretty new to networking, so please bear with me! I'm seeing extra terms such as proto static on the first line...

You see proto static because you have created a static route. Routes created by the kernel implicitly are marked proto kernel (e.g., if you create an interface with address 192.168.1.100/24, the kernel will create an implicit route to the 192.168.1.0/24 network via that interface). You'll see proto dhcp for routes set via dhcp, proto zebra for routes set via the Zebra routing daemon, etc (these are actually all stored as numbers, and the name/number mapping is in /etc/iproute2/rt_protos).

...and a new line with 172.21.1.1 dev br_10G_V888 proto static scope link.

If you add a default route to a routing table (as you have by setting ipv4.routes '0.0.0.0/0 172.21.1.1 table=1'), you need a route to that 172.21.1.1 address. In the usual case, your default route will share a network with one of your interfaces, so you will have an appropriate implicit kernel route (see the previous section).

In this case, you have added the default route to an empty routing table. That additional static route was added by nmcli to ensure that the specified gateway is reachable.

larsks
  • 43,623
  • 14
  • 121
  • 180