Join Log in
Score:0
Nicolas De Jay avatar Server

Make IP route and routing rules permanent using nmcli on RHEL 8 / Rocky 8

mx flag
Nicolas De Jay

I have a network interface for which I would like to configure routes.

# ip address show br_10G_V888
6: br_10G_V888: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 78:ac:44:09:9d:82 brd ff:ff:ff:ff:ff:ff
    inet 172.21.1.48/24 brd 172.21.1.255 scope global noprefixroute br_10G_V888
       valid_lft forever preferred_lft forever

I am able to set the rules using ip:

# ip route add default via 172.21.1.1 dev br_10G_V888 table dmz
# ip rule add from 172.21.1.0/24 lookup dmz
# ip route show table dmz
default via 172.21.1.1 dev br_10G_V888
# ip rule
0:      from all lookup local
32765:  from 172.21.1.0/24 lookup dmz
32766:  from all lookup main
32767:  from all lookup default

I would like to make these changes persistent using nmcli. However, I am unable to recreate the configuration.

# nmcli connection modify br_10G_V888 \
  ipv4.routes '0.0.0.0/0 172.21.1.1 table=1' \
  ipv4.routing-rules 'priority 32765 from 172.21.1.0/24 table 1'
# nmcli connection up br_10G_V888
# ip route show table dmz
default via 172.21.1.1 dev br_10G_V888 proto static
172.21.1.1 dev br_10G_V888 proto static scope link
# ip rule
0:      from all lookup local
32765:  from 172.21.1.0/24 lookup dmz
32766:  from all lookup main
32767:  from all lookup default

Any feedback would be greatly appreciated. Thank you!

1772
1 + 3
pt flag
larsks
I'm unclear on the problem: after making the changes with `nmcli` in your second example, `ip route show table dmz` shows the default route via `172.21.1.1` that you created, and `ip rule` shows the lookup rule with priority 32765. What's missing?
1
Reply
Nicolas De Jay avatar
mx flag
Nicolas De Jay
I'm pretty new to networking, so please bear with me! I'm seeing extra terms such as `proto static` on the first line and a new line with `172.21.1.1 dev br_10G_V888 proto static scope link`. Are these configurations the same?
0
Reply
pt flag
larsks
"proto static" just means "set statically" as opposed to set via dhcp (`proto dhcp`) or set implicitly by the kernel (`proto kernel`) or via some other routing protocol (`proto zebra`, etc)
1
Reply
Score:1
avatar Server
pt flag
larsks

I'm pretty new to networking, so please bear with me! I'm seeing extra terms such as proto static on the first line...

You see proto static because you have created a static route. Routes created by the kernel implicitly are marked proto kernel (e.g., if you create an interface with address 192.168.1.100/24, the kernel will create an implicit route to the 192.168.1.0/24 network via that interface). You'll see proto dhcp for routes set via dhcp, proto zebra for routes set via the Zebra routing daemon, etc (these are actually all stored as numbers, and the name/number mapping is in /etc/iproute2/rt_protos).

...and a new line with 172.21.1.1 dev br_10G_V888 proto static scope link.

If you add a default route to a routing table (as you have by setting ipv4.routes '0.0.0.0/0 172.21.1.1 table=1'), you need a route to that 172.21.1.1 address. In the usual case, your default route will share a network with one of your interfaces, so you will have an appropriate implicit kernel route (see the previous section).

In this case, you have added the default route to an empty routing table. That additional static route was added by nmcli to ensure that the specified gateway is reachable.

+ 1
Nicolas De Jay avatar
mx flag
Nicolas De Jay
This makes perfect sense, many thanks!
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.