1

Network Diagram

Network Diagram

I have 3 servers with two interfaces each, as shown in the diagram. The servers communicate with each other through the interface enp1 and to the world through the interface enp0. For some reason, the servers can not communicate over enp0. When I ping from server A to public.ip.238 I become Host unreachable.

How could I configure the routing so the internal traffic only goes through enp1? Say when server A wants to communicate to server B using the IP of enp0 the traffic goes only through enp1.

route -n :

  Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

  0.0.0.0       public.ip.193   0.0.0.0         UG    0      0        0 enp0
  0.0.0.0       public.ip.193   0.0.0.0         UG    101    0        0 enp0
  169.254.0.0   0.0.0.0         255.255.0.0     U     1002   0        0 enp0
  priv.ip.0     0.0.0.0         255.255.255.0   U     102    0        0 enp1
  public.ip.192 0.0.0.0         255.255.255.192 U     101    0        0 enp0
  public.ip.193 0.0.0.0         255.255.255.255 UH    0      0        0 enp0
Kevin K.
  • 383
  • 1
  • 7
alixander
  • 151
  • 6
  • Could you append the result of `ip route` from one of your hosts? I guess there are some routes missing. – Kevin K. Jul 18 '18 at 13:24
  • Done! i have noticed that a little bit later after commenting – alixander Jul 18 '18 at 13:50
  • So pinging between the `enp0` is intendet to work but does not? To me, it seems like it does not work and you try to get around by routing the traffic via `enp1` or am I getting something wrong here? – Kevin K. Jul 18 '18 at 14:13
  • the Servers should actually communicate internally using `enp1`. But i want to install Openshift (enhanced Kubernetes Cluster) so all the services should be reachable on `enp0` and i don't know how to tell the servers that internally they should use `enp1` to communicate – alixander Jul 18 '18 at 14:22
  • Ok so you want to route traffic between the public addresses via the private interfaces. Why do you want to do that, are you having security concerns? Usually one would make the services listen on the private IP as well as the public IP so you can use the private IPs for requesting the service internally. You could even use a private `DNS` server to let the `FQDN` point to the private IP. – Kevin K. Jul 19 '18 at 06:23

1 Answers1

0

The following has been tested on Ubuntu machines, I am not sure if it is going to work on RedHat related systems at (your) default settings.

In order to route the public IPs of the other hosts via the private interfaces, perform the following:

On server A

ip -4 route add public.ip.237 dev enp1
ip -4 route add public.ip.238 dev enp1

On server B

ip -4 route add public.ip.237 dev enp1
ip -4 route add public.ip.239 dev enp1

On server C

ip -4 route add public.ip.238 dev enp1
ip -4 route add public.ip.239 dev enp1

Note that this configuration is not persistent and will be flushed on reboot. Nevertheless, this gives you the opportunity to try out whether this is the setting you want to keep. If this is not wat you want you can simply reboot or run the same commands after replacing the add with del in order to remove routes.

Depending on what tool you use to make network configuration, you need to adapt the settings in order to have them permanent and survive reboots.

Kevin K.
  • 383
  • 1
  • 7