0

Some of my instances are deployed with code into its /etc/rc.local

#!/bin/sh
# Managed by puppet - do not modify

/sbin/route del default
/sbin/route add default gw 11.0.0.254

All works fine at the beginning but after a few minutes the gateway changes to default value (11.0.0.1)

I think this is happening only recently.

Why is that? How can I change it?

More info:

Immediately after the boot. The instance route table looks like this...

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         11.0.0.254      0.0.0.0         UG    0      0        0 ens5
11.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 ens5
11.0.0.1        0.0.0.0         255.255.255.255 UH    100    0        0 ens5

After a while, looks like this.. (and of course, lost internet access)

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         11.0.0.1     0.0.0.0         UG    0      0        0 ens5
11.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 ens5
11.0.0.1        0.0.0.0         255.255.255.255 UH    100    0        0 ens5

If I change the route table manually. After a while it looks like this...

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         11.0.0.254      0.0.0.0         UG    0      0        0 ens5
0.0.0.0         11.0.0.1        0.0.0.0         UG    100    0        0 ens5
11.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 ens5
11.0.0.1        0.0.0.0         255.255.255.255 UH    100    0        0 ens5

Internet access works but I don't like this unasked change and I don't like this manually repair since these instances are in an Auto Scaling Group.

kenlukas
  • 2,886
  • 2
  • 14
  • 25
icalvete
  • 141
  • 9
  • What are you trying to achieve with the default GW change? There may be a better way to do what you want to do than replacing default route. – MLu Apr 20 '20 at 21:55
  • 1
    FYI it's probably DHCP stepping in and replacing your default route. – MLu Apr 20 '20 at 21:56
  • FYI you can change network settings directly through cloud-init without the need for your additional script: https://cloudinit.readthedocs.io/en/latest/topics/network-config-format-v2.html – jordanm Apr 21 '20 at 16:38
  • @MLu , DHCP options in AWS VPC don't include config about routes. – icalvete Apr 23 '20 at 08:27
  • @icalvete DHCP daemon on your instance gets the default route from the VPC. Still not clear what you’re trying to do. IMO there is a better way. Also check out this: http://xyproblem.info – MLu Apr 23 '20 at 08:30
  • @jordanm, I'm not sure if this solve my problem. Mi aproach works fine for a while. Why your aproach will work better? The question is... who change the gateway? – icalvete Apr 23 '20 at 08:31
  • @MLu, I have a legacy VPC. With instances with and without EIP. The without ones have two kinds. Some are behind a ELB. If I change the default GW to a "Internet GW" in my VPC routes, the instances behind ELB lost access internet. I have to mantains this infra for a while. – icalvete Apr 23 '20 at 08:48
  • This is the answer I need. https://serverfault.com/questions/997477/override-default-gateway-when-using-netplan-dhcp – icalvete Apr 23 '20 at 09:46
  • @icalvete So what are you changing the GW to? What is 11.0.0.254? The correct solution is to create an additional “private” subnet in the VPC with a default route pointing to a NAT Gateway. – MLu Apr 23 '20 at 10:18
  • @Mlu, 11.0.0.254 is a instance who act as a NAT Gateway (mounted by me). – icalvete Apr 23 '20 at 10:21

1 Answers1

0

Create a new subnet in your VPC with a new Route Table that will have an entry for 0.0.0.0/0 pointing to 11.0.0.254 (being your NAT instance).

Then move your app instances to this subnet. They will have outside access through the NAT instance, Load Balancer will be able to reach them, and you won’t have to fight with DHCP daemon over the routes.

Subnets are free, there will be no extra cost to you.

Hope that helps :)

MLu
  • 23,798
  • 5
  • 54
  • 81