Chapter 19. Managing the default gateway setting

The default gateway is a router that forwards network packets when no other route matches the destination of a packet. In a local network, the default gateway is typically the host that is one hop closer to the internet.

19.1. Setting the default gateway on an existing connection by using nmcli

In most situations, administrators set the default gateway when they create a connection as explained in, for example, Configuring an Ethernet connection by using nmcli.

In most situations, administrators set the default gateway when they create a connection. However, you can also set or update the default gateway setting on a previously created connection using the nmcli utility.

Prerequisites

  • At least one static IP address must be configured on the connection on which the default gateway will be set.
  • If the user is logged in on a physical console, user permissions are sufficient. Otherwise, user must have root permissions.

Procedure

  1. Set the IP address of the default gateway.

    For example, to set the IPv4 address of the default gateway on the example connection to 192.0.2.1: 

    # nmcli connection modify example ipv4.gateway "192.0.2.1"

    For example, to set the IPv6 address of the default gateway on the example connection to 2001:db8:1::1: 

    # nmcli connection modify example ipv6.gateway "2001:db8:1::1"

  2. Restart the network connection for changes to take effect. For example, to restart the example connection using the command line: 

    # nmcli connection up example
    Warning

    All connections currently using this network connection are temporarily interrupted during the restart.

  3. Optionally, verify that the route is active.

    To display the IPv4 default gateway: 

    # ip -4 route
default via 192.0.2.1 dev example proto static metric 100

    To display the IPv6 default gateway: 

    # ip -6 route
default via 2001:db8:1::1 dev example proto static metric 100 pref medium

19.2. Setting the default gateway on an existing connection by using the nmcli interactive mode

In most situations, administrators set the default gateway when they create a connection as explained in, for example, * Configuring an Ethernet connection by using the nmcli interactive editor

In most situations, administrators set the default gateway when they create a connection. However, you can also set or update the default gateway setting on a previously created connection using the interactive mode of the nmcli utility.

Prerequisites

  • At least one static IP address must be configured on the connection on which the default gateway will be set.
  • If the user is logged in on a physical console, user permissions are sufficient. Otherwise, the user must have root permissions.

Procedure

  1. Open the nmcli interactive mode for the required connection. For example, to open the nmcli interactive mode for the example connection: 

    # nmcli connection edit example

  2. Set the default gateway.

    For example, to set the IPv4 address of the default gateway on the example connection to 192.0.2.1: 

    nmcli> set ipv4.gateway 192.0.2.1

    For example, to set the IPv6 address of the default gateway on the example connection to 2001:db8:1::1: 

    nmcli> set ipv6.gateway 2001:db8:1::1

  3. Optionally, verify that the default gateway was set correctly: 

    nmcli> print
...
ipv4.gateway:                           192.0.2.1
...
ipv6.gateway:                           2001:db8:1::1
...

  4. Save the configuration: 

    nmcli> save persistent

  5. Restart the network connection for changes to take effect: 

    nmcli> activate example
    Warning

    All connections currently using this network connection are temporarily interrupted during the restart.

  6. Leave the nmcli interactive mode: 

    nmcli> quit

  7. Optionally, verify that the route is active.

    To display the IPv4 default gateway: 

    # ip -4 route
default via 192.0.2.1 dev example proto static metric 100

    To display the IPv6 default gateway: 

    # ip -6 route
default via 2001:db8:1::1 dev example proto static metric 100 pref medium

Additional resources

19.3. Setting the default gateway on an existing connection by using nm-connection-editor

In most situations, administrators set the default gateway when they create a connection. However, you can also set or update the default gateway setting on a previously created connection using the nm-connection-editor application.

Prerequisites

  • At least one static IP address must be configured on the connection on which the default gateway will be set.

Procedure

  1. Open a terminal, and enter nm-connection-editor: 

    # nm-connection-editor
  2. Select the connection to modify, and click the gear wheel icon to edit the existing connection.

  3. Set the IPv4 default gateway. For example, to set the IPv4 address of the default gateway on the connection to 192.0.2.1:

    1. Open the IPv4 Settings tab.

    2. Enter the address in the gateway field next to the IP range the gateway’s address is within:

      set default gw in nm connection editor ipv4

  4. Set the IPv6 default gateway. For example, to set the IPv6 address of the default gateway on the connection to 2001:db8:1::1:

    1. Open the IPv6 tab.

    2. Enter the address in the gateway field next to the IP range the gateway’s address is within:

      set default gw in nm connection editor ipv6

  5. Click OK.
  6. Click Save.

  7. Restart the network connection for changes to take effect. For example, to restart the example connection using the command line: 

    # nmcli connection up example
    Warning

    All connections currently using this network connection are temporarily interrupted during the restart.

  8. Optionally, verify that the route is active.

    To display the IPv4 default gateway: 

    # ip -4 route
default via 192.0.2.1 dev example proto static metric 100

    To display the IPv6 default gateway: 

    # ip -6 route
default via 2001:db8:1::1 dev example proto static metric 100 pref medium

Additional resources

19.4. Setting the default gateway on an existing connection by using control-center

In most situations, administrators set the default gateway when they create a connection. However, you can also set or update the default gateway setting on a previously created connection using the control-center application.

Prerequisites

  • At least one static IP address must be configured on the connection on which the default gateway will be set.
  • The network configuration of the connection is open in the control-center application.

Procedure

  1. Set the IPv4 default gateway. For example, to set the IPv4 address of the default gateway on the connection to 192.0.2.1:

    1. Open the IPv4 tab.

    2. Enter the address in the gateway field next to the IP range the gateway’s address is within:

      set default gw in control center ipv4

  2. Set the IPv6 default gateway. For example, to set the IPv6 address of the default gateway on the connection to 2001:db8:1::1:

    1. Open the IPv6 tab.

    2. Enter the address in the gateway field next to the IP range the gateway’s address is within:

      set default gw in control center ipv6

  3. Click Apply.

  4. Back in the Network window, disable and re-enable the connection by switching the button for the connection to Off and back to On for changes to take effect.

    Warning

    All connections currently using this network connection are temporarily interrupted during the restart.

  5. Optionally, verify that the route is active.

    To display the IPv4 default gateway: 

    $ ip -4 route
default via 192.0.2.1 dev example proto static metric 100

    To display the IPv6 default gateway: 

    $ ip -6 route
default via 2001:db8:1::1 dev example proto static metric 100 pref medium

Additional resources

19.5. Setting the default gateway on an existing connection by using nmstatectl

Use the nmstatectl utility to set the default gateway through the Nmstate API. The Nmstate API ensures that, after setting the configuration, the result matches the configuration file. If anything fails, nmstatectl automatically rolls back the changes to avoid leaving the system in an incorrect state.

Prerequisites

  • At least one static IP address must be configured on the connection on which the default gateway will be set.
  • The enp1s0 interface is configured, and the IP address of the default gateway is within the subnet of the IP configuration of this interface.
  • The nmstate package is installed.

Procedure

  1. Create a YAML file, for example ~/set-default-gateway.yml, with the following content: 

    ---
routes:
  config:
  - destination: 0.0.0.0/0
    next-hop-address: 192.0.2.1
    next-hop-interface: enp1s0

    These settings define 192.0.2.1 as the default gateway, and the default gateway is reachable through the enp1s0 interface.

  2. Apply the settings to the system: 

    # nmstatectl apply ~/set-default-gateway.yml

Additional resources

  • nmstatectl(8) man page
  • /usr/share/doc/nmstate/examples/ directory

19.6. Setting the default gateway on an existing connection by using the network RHEL System Role

You can use the network RHEL System Role to set the default gateway.

Important

When you run a play that uses the network RHEL System Role, the system role overrides an existing connection profile with the same name if the value of settings does not match the ones specified in the play. Therefore, always specify the whole configuration of the network connection profile in the play, even if, for example, the IP configuration already exists. Otherwise, the role resets these values to their defaults.

Depending on whether it already exists, the procedure creates or updates the enp1s0 connection profile with the following settings:

  • A static IPv4 address - 198.51.100.20 with a /24 subnet mask
  • A static IPv6 address - 2001:db8:1::1 with a /64 subnet mask
  • An IPv4 default gateway - 198.51.100.254
  • An IPv6 default gateway - 2001:db8:1::fffe
  • An IPv4 DNS server - 198.51.100.200
  • An IPv6 DNS server - 2001:db8:1::ffbb
  • A DNS search domain - example.com

Perform this procedure on the Ansible control node.

Prerequisites

  • You have prepared the control node and the managed nodes
  • You are logged in to the control node as a user who can run playbooks on the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions on them.
  • The managed nodes or groups of managed nodes on which you want to run this playbook are listed in the Ansible inventory file.

Procedure

  1. Create a playbook file, for example ~/ethernet-connection.yml, with the following content: 

    ---
- name: Configure the network
  hosts: managed-node-01.example.com
  tasks:
  - name: Configure an Ethernet connection with static IP and default gateway
    include_role:
      name: rhel-system-roles.network

    vars:
      network_connections:
        - name: enp1s0
          type: ethernet
          autoconnect: yes
          ip:
            address:
              - 198.51.100.20/24
              - 2001:db8:1::1/64
            gateway4: 198.51.100.254
            gateway6: 2001:db8:1::fffe
            dns:
              - 198.51.100.200
              - 2001:db8:1::ffbb
            dns_search:
              - example.com
          state: up

  2. Validate the playbook syntax: 

    # ansible-playbook ~/ethernet-connection.yml --syntax-check

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  3. Run the playbook: 

    # ansible-playbook ~/ethernet-connection.yml

Additional resources

  • /usr/share/ansible/roles/rhel-system-roles.network/README.md file

19.7. How NetworkManager manages multiple default gateways

In certain situations, for example for fallback reasons, you set multiple default gateways on a host. However, to avoid asynchronous routing issues, each default gateway of the same protocol requires a separate metric value. Note that RHEL only uses the connection to the default gateway that has the lowest metric set.

You can set the metric for both the IPv4 and IPv6 gateway of a connection using the following command: 

# nmcli connection modify connection-name ipv4.route-metric value ipv6.route-metric value
Important

Do not set the same metric value for the same protocol in multiple connection profiles to avoid routing issues.

If you set a default gateway without a metric value, NetworkManager automatically sets the metric value based on the interface type. For that, NetworkManager assigns the default value of this network type to the first connection that is activated, and sets an incremented value to each other connection of the same type in the order they are activated. For example, if two Ethernet connections with a default gateway exist, NetworkManager sets a metric of 100 on the route to the default gateway of the connection that you activate first. For the second connection, NetworkManager sets 101.

The following is an overview of frequently-used network types and their default metrics:

Connection typeDefault metric value

VPN

50

Ethernet

100

MACsec

125

InfiniBand

150

Bond

300

Team

350

VLAN

400

Bridge

425

TUN

450

Wi-Fi

600

IP tunnel

675

Additional resources

19.8. Configuring NetworkManager to avoid using a specific profile to provide a default gateway

You can configure that NetworkManager never uses a specific profile to provide the default gateway. Follow this procedure for connection profiles that are not connected to the default gateway.

Prerequisites

  • The NetworkManager connection profile for the connection that is not connected to the default gateway exists.

Procedure

  1. If the connection uses a dynamic IP configuration, configure that NetworkManager does not use the connection as the default route for IPv4 and IPv6 connections: 

    # nmcli connection modify connection_name ipv4.never-default yes ipv6.never-default yes

    Note that setting ipv4.never-default and ipv6.never-default to yes, automatically removes the default gateway’s IP address for the corresponding protocol from the connection profile.

  2. Activate the connection: 

    # nmcli connection up connection_name

Verification

  • Use the ip -4 route and ip -6 route commands to verify that RHEL does not use the network interface for the default route for the IPv4 and IPv6 protocol.

19.9. Fixing unexpected routing behavior due to multiple default gateways

There are only a few scenarios, such as when using multipath TCP, in which you require multiple default gateways on a host. In most cases, you configure only a single default gateway to avoid unexpected routing behavior or asynchronous routing issues.

Note

To route traffic to different internet providers, use policy-based routing instead of multiple default gateways.

Prerequisites

  • The host uses NetworkManager to manage network connections, which is the default.
  • The host has multiple network interfaces.
  • The host has multiple default gateways configured.

Procedure

  1. Display the routing table:

    • For IPv4, enter: 

      # ip -4 route
default via 192.0.2.1 dev enp1s0 proto static metric 101
default via 198.51.100.1 dev enp7s0 proto static metric 102
...

    • For IPv6, enter: 

      # ip -6 route
default via 2001:db8:1::1 dev enp1s0 proto static metric 101 pref medium
default via 2001:db8:2::1 dev enp7s0 proto static metric 102 pref medium
...

    Entries starting with default indicate a default route. Note the interface names of these entries displayed next to dev.

  2. Use the following commands to display the NetworkManager connections that use the interfaces you identified in the previous step: 

    # nmcli -f GENERAL.CONNECTION,IP4.GATEWAY,IP6.GATEWAY device show enp1s0
GENERAL.CONNECTION:      Corporate-LAN
IP4.GATEWAY:             192.0.2.1
IP6.GATEWAY:             2001:db8:1::1

# nmcli -f GENERAL.CONNECTION,IP4.GATEWAY,IP6.GATEWAY device show enp7s0
GENERAL.CONNECTION:      Internet-Provider
IP4.GATEWAY:             198.51.100.1
IP6.GATEWAY:             2001:db8:2::1

    In these examples, the profiles named Corporate-LAN and Internet-Provider have the default gateways set. Because, in a local network, the default gateway is typically the host that is one hop closer to the internet, the rest of this procedure assumes that the default gateways in the Corporate-LAN are incorrect.

  3. Configure that NetworkManager does not use the Corporate-LAN connection as the default route for IPv4 and IPv6 connections: 

    # nmcli connection modify Corporate-LAN ipv4.never-default yes ipv6.never-default yes

    Note that setting ipv4.never-default and ipv6.never-default to yes, automatically removes the default gateway’s IP address for the corresponding protocol from the connection profile.

  4. Activate the Corporate-LAN connection: 

    # nmcli connection up Corporate-LAN

Verification

  • Display the IPv4 and IPv6 routing tables and verify that only one default gateway is available for each protocol:

    • For IPv4, enter: 

      # ip -4 route
default via 192.0.2.1 dev enp1s0 proto static metric 101
...

    • For IPv6, enter: 

      # ip -6 route
default via 2001:db8:1::1 dev enp1s0 proto static metric 101 pref medium
...

Additional resources