0

I have a network interface for which I would like to configure routes.

# ip address show br_10G_V888
6: br_10G_V888: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 78:ac:44:09:9d:82 brd ff:ff:ff:ff:ff:ff
    inet 172.21.1.48/24 brd 172.21.1.255 scope global noprefixroute br_10G_V888
       valid_lft forever preferred_lft forever

I am able to set the rules using ip:

# ip route add default via 172.21.1.1 dev br_10G_V888 table dmz
# ip rule add from 172.21.1.0/24 lookup dmz
# ip route show table dmz
default via 172.21.1.1 dev br_10G_V888
# ip rule
0:      from all lookup local
32765:  from 172.21.1.0/24 lookup dmz
32766:  from all lookup main
32767:  from all lookup default

I would like to make these changes persistent using nmcli. However, I am unable to recreate the configuration.

# nmcli connection modify br_10G_V888 \
  ipv4.routes '0.0.0.0/0 172.21.1.1 table=1' \
  ipv4.routing-rules 'priority 32765 from 172.21.1.0/24 table 1'
# nmcli connection up br_10G_V888
# ip route show table dmz
default via 172.21.1.1 dev br_10G_V888 proto static
172.21.1.1 dev br_10G_V888 proto static scope link
# ip rule
0:      from all lookup local
32765:  from 172.21.1.0/24 lookup dmz
32766:  from all lookup main
32767:  from all lookup default

Any feedback would be greatly appreciated. Thank you!

Improve this question
3
  • 1
    I'm unclear on the problem: after making the changes with nmcli in your second example, ip route show table dmz shows the default route via 172.21.1.1 that you created, and ip rule shows the lookup rule with priority 32765. What's missing?
    – larsks
    Jan 13 at 4:30
  • I'm pretty new to networking, so please bear with me! I'm seeing extra terms such as proto static on the first line and a new line with 172.21.1.1 dev br_10G_V888 proto static scope link. Are these configurations the same?
    – Nicolas De Jay
    Jan 13 at 22:36
  • 1
    "proto static" just means "set statically" as opposed to set via dhcp (proto dhcp) or set implicitly by the kernel (proto kernel) or via some other routing protocol (proto zebra, etc)
    – larsks
    Jan 16 at 0:12

1 Answer 1

Reset to default
1

I'm pretty new to networking, so please bear with me! I'm seeing extra terms such as proto static on the first line...

You see proto static because you have created a static route. Routes created by the kernel implicitly are marked proto kernel (e.g., if you create an interface with address 192.168.1.100/24, the kernel will create an implicit route to the 192.168.1.0/24 network via that interface). You'll see proto dhcp for routes set via dhcp, proto zebra for routes set via the Zebra routing daemon, etc (these are actually all stored as numbers, and the name/number mapping is in /etc/iproute2/rt_protos).

...and a new line with 172.21.1.1 dev br_10G_V888 proto static scope link.

If you add a default route to a routing table (as you have by setting ipv4.routes '0.0.0.0/0 172.21.1.1 table=1'), you need a route to that 172.21.1.1 address. In the usual case, your default route will share a network with one of your interfaces, so you will have an appropriate implicit kernel route (see the previous section).

In this case, you have added the default route to an empty routing table. That additional static route was added by nmcli to ensure that the specified gateway is reachable.

Improve this answer
1
  • This makes perfect sense, many thanks!
    – Nicolas De Jay
    Jan 17 at 1:53

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .