Configure multiple default gateways in Linux box

Assume that you have a Linux machine which has 3 network interface cards, named eth0, eth1, and eth2. eth0 is 221.237.x.253/24, eth1 is 221.237.x.251/24, and eth2 is 172.16.200.1/22. Because there can be only one default gateway in Linux, the default gateway is 221.237.x.1 via eth0. Although eth0 and eth1 seem to be in the same network, and sharing the same gateway, but actually each of these 2 ip addresses has its own speed rate limit: 10Mb/s. We get total 20Mb/s ideally, but we can’t reach the max speed rate with the only one default gateway, that’s the problem. Let me solve it.

eth0 : 221.237.x.253/24
eth1 : 221.237.x.251/24
eth2 : 172.16.200.1/22 (for intranet, as the router of the local LAN network)
default gateway : 221.237.x.1 via eth0

Here is the situation, this Linux server, as the gateway of the office, I want to use it to route the traffic to the 2 network interfaces.

If some people on the local network want to access a specific IP address (e.g. 61.135.255.144), all the traffic flow through the eth1, all the other situations, through eth0.

1) Linux box, Debian 7, no matter which distro, just use the distro you like. I like Debian most.

2) iproute2, a powerful network utility package. I don’t like the old tools like “route” or “netstat” or something. iproute2 has integrated all the above network tools together. iproute2 is the swiss army knife for System Administrator.

In order to use “ip rule”, you have to make sure that,  the kernel configuration item, “CONFIG_IP_MULTIPLE_TABLES” should be set.

CONFIG_IP_MULTIPLE_TABLES=y

If your kernel doesn’t support this feature, bad luck, you have to recompile the kernel to accomplish the requirement.

Debian 7 ( 3.2.0-4-amd64 ) already has the feature, let’s skip to next step.

First of all, you must understand a concept: routing table.

$ ip rule show
0: from all lookup local
32766: from all lookup main
32767: from all lookup default

There are 3 routing tables here, by default, we are in the table main ( remember, not the table default !), and the other 2 tables are empty.

$ ip r s
default via 221.237.x.1 dev eth0
172.16.200.0/22 dev eth2 proto kernel scope link src 172.16.200.1
221.237.x.0/24 dev eth0 proto kernel scope link src 221.237.x.253
221.237.x.0/24 dev eth1 proto kernel scope link src 221.237.x.251

is the same as

$ ip r s table main
default via 221.237.x.1 dev eth0
172.16.200.0/22 dev eth2 proto kernel scope link src 172.16.200.1
221.237.x.0/24 dev eth0 proto kernel scope link src 221.237.x.253
221.237.x.0/24 dev eth1 proto kernel scope link src 221.237.x.251

“ip r s” is short for “ip route show”.

Now, let me do the job.

ip route add 221.237.x.0/24 dev eth1 src 221.237.x.251 table 163
ip route add default via 221.237.x.1 dev eth1 table 163
ip rule add to 61.135.255.144 table 163

Let me explain the above commands.

The routing table 163 has been created when the first command is executed. 163 is the number I like, you can choose yours, 99, perhaps. The table main, and the table 163, they are totally unrelated to each other.

1)The first command is to provide the information about the subnet.

2)The second command is to define the default gateway of the table 163. This is our SECOND default gateway.

3)The third command is to specify a rule to tell the OS when to use the table 163. Without this command, the table 163 is useless.

 

Now, if someone of the subnet wants to access 61.135.255.144, he use the router’s eth1 to communicate with 61.135.255.144.

Let’s have a look at the “ip rule show” again.

0:	from all lookup local
32765:	from all to 61.135.255.144 lookup 163
32766:	from all lookup main
32767:	from all lookup default

If someone has the LAN ip : 172.16.200.55 also wants to use the SECOND default gateway, we can use the following command:

ip rule add from 172.16.200.55 table 163

It’s pretty easy to understand, right?

0:	from all lookup local
32764:	from 172.16.200.55 lookup 163
32765:	from all to 61.135.255.144 lookup 163
32766:	from all lookup main
32767:	from all lookup default

If you want to clear the record of a table, just run the command:

ip route flush table 163

And remember, never run the command ” ip rule flush” when you ssh to this machine, because it will clear all the route rules, you will lost your connection.

Comments

  1. luis says:

    Hello,

    Is it possible to have the default gateway installed on two interfaces? I could do it but only after forcing it with the command, and this is for a traveler system that gets the IP addresses on its 2 WAN interfaces from a DHCP server.

    Thanks,

    Luis

  2. You want to setup a default gateway without using the commands I used in my post?
    Your traveler system doesn’t have the command?

  3. luis says:

    Hello.
    thanks for the reply.

    My traveler system is an ubuntu 12.04 LTS so it should have the command right?

    How do you suggest to do it? but remember, each time the system goes to another place, the subnet will change and with it, the default gateway. Actually my problem is that the first interface that gets the IP address from the DHCP server is able to “install” the default gateway. But the second interface, receives the IP address and everything but it doesnt “install” the default gateway for that interface so it is useless. I know it is weird to want to have 2 default GW but both of them are going to connect to the same subnet so it is just to use both of them (aggregating the throughput).

    Hope you can understand what I want to say. Any idea?

    Thanks in advance.

    Luis

  4. Oh, I get your point, you want to double your throughput.
    I didn’t try it before, but I get some methods in my mind, and I can share it with you.

    First of all, I want to ensure that your linux has the “ip” command. “ip” belongs to the “iproute” package, if not, apt-get install iproute.
    Second, you can determine the default gateway using this command, “ip r | grep default | awk ‘{print $3}'” . Put it in my script, then every time you change the place, you will get the correct default gateway.
    Third, you must keep it in mind that, in the same route table, there is only one default gateway, no matter you have more than 1 interface. It is normal that your second interface doesn’t “install” the default gateway.

    OK, let’s talk about my method.
    We can setup 2 route table, and each one has its own default gateway. You can find how to setup in my post.
    Now, below is my route strategy:
    from all to 128.0.0.0/1 lookup table1
    from all to 0.0.0.0/1 lookup table2

    Hope I can help you.

  5. luis says:

    Hello,

    thanks for all your help. Much appreciated

    Couple of notes:

    1.- I can install the second default GW by entering it manually (with or without higher metric).

    example:

    linuxMachine~$ route -n
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    0.0.0.0 172.25.1.65 0.0.0.0 UG 0 0 0 eth3
    0.0.0.0 172.25.1.65 0.0.0.0 UG 100 0 0 eth2

    2.- With your method and creating to tables, half of “internet” will be routed thru one interface, and the other half will be routed over the other one, which is not exactly what I need.

    What I want is to get the IP address from the DHCP server and have the 2 gateways installed on the routing table.

    thanks for all!!!

    Luis

Submit a Comment