37

Yesterday I did a quick reinstall of a (physical) server in the datacenter, and since I was short on time and with no easy access to our database I just assigned it an IP that I knew was available and would allow me later access to assign the correct address and continue provisioning from a warmer place.

Today I logged into the server (at 172.16.130.10/22) and did the following:

ip addr add 172.16.128.67/22 dev eth0

From a terminal on my local workstation I checked it responded to ping on the new address and logged in through it:

$ ping 172.16.128.67
PING 172.16.128.67 (172.16.128.67) 56(84) bytes of data.
64 bytes from 172.16.128.67: icmp_req=2 ttl=62 time=3.61 ms
64 bytes from 172.16.128.67: icmp_req=3 ttl=62 time=4.87 ms
^C
$ ssh 172.16.128.67

So far so good, I was connected through the new IP address and the old one was no longer necessary. I went ahead and removed it:

ip addr del 172.16.130.10/22 dev eth0

But as soon as I hit Enter my SSH session froze and I was no longer able to connect. I had to request an on-site operator to reboot the server for me.

Where did I go wrong? Why would removing that address kill my connection?

GnP
  • 955
  • 8
  • 15
  • 2
    In addition to Mathews excellent answer: In many Unix (and Unix-like) systems any change to the bound IP-address(es) will briefly disconnect all open sessions to that interface (even the ones using another address). So that would throw you out of your SSH session, but you can reconnect immediately in that case. – Tonny Aug 06 '15 at 10:39
  • I believe this problem only exists with IPv4. I don't think it would have happened if you were using IPv6. – kasperd Aug 06 '15 at 11:18

1 Answers1

54

In linux, IP addresses have a notion of 'primary' and 'secondary' addresses. The primary is typically the first address you add to the system. Removing the primary address has the implicit operation of flushing the entire list of secondary addresses also.

You can avoid this behaviour by setting the sysctl net.ipv4.conf.all.promote_secondaries to 1 like so:

sysctl -w net.ipv4.conf.all.promote_secondaries=1

This changes the behaviour such that when a primary IP is removed, it will not flush the remaining addresses and instead will promote a new IP address as the primary.

Matthew Ife
  • 22,927
  • 2
  • 54
  • 71
  • 6
    Thanks! I just came accross [this](http://www.policyrouting.org/iproute2.doc.html) as well: `An IP address becomes secondary if another address within the same prefix (network) already exists. The first address within the prefix is primary and is the tag address for the group of all the secondary addresses. When the primary address is deleted all of the secondaries are purged too. ` – GnP Aug 05 '15 at 16:55