Default route getting added for each new connection

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 7 and later
  • NetworkManager

Issue

  • Default route getting added to all connections post reboot if NetworkManager is enabled
  • Default route getting added for each new connection.

Resolution

Check the file /etc/sysconfig/network and if this files contains only GATEWAY= then remove the GATEWAY from the file, add the GATEWAY in ifcfg file and make networking off and on as shown below.

# nmcli networking off
# nmcli networking on

Or

Make the DEFROUTE=no with below nmcli command for which DEFROUTE is not required and make networking off and on.

# nmcli connection modify <con_name> ipv4.never-default yes
# nmcli connection up <con_name>

# nmcli networking off
# nmcli networking on

Root Cause

  • NetworkManager has the ability to handle multiple default gateways, and assigns a metric to each connection so that one gateway is preferred at a time. However, this is a change from the previous network initscripts which only supported a single gateway, and the idea of route metrics and multiple gateways might be an additional complexity which is not desirable. To simplify the configuration, NetworkManager can be configured to only allow a single connection to add the default gateway.

Diagnostic Steps

When NetworkManager is enabled

  1. Status of NetworkManager.
# systemctl status NetworkManager| grep Active
   Active: active (running) since Sun 2023-09-10 21:34:36 EDT; 19min ago
  1. Current config file without any GATEWAY in it.

enp1s0 with static IP address

# cat /etc/sysconfig/network-scripts/ifcfg-enp1s0 
NAME=enp1s0
DEVICE=enp1s0
ONBOOT=yes
USERCTL=no
IPADDR=10.0.0.161
PEERDNS=no
DEFROUTE=yes
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
IPV4_FAILURE_FATAL=no
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
BOOTPROTO=none
IPV6INIT=no
PREFIX=24

enp8s0 with dhcp ip address

# cat /etc/sysconfig/network-scripts/ifcfg-enp8s0 
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp8s0
UUID=78b5dc32-797a-4627-8641-44b51e2fd1a1
DEVICE=enp8s0
ONBOOT=yes
  1. IP address assigned to servers.
# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 129.12.21.79/32 scope global lo:ldap
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:93:bf:b1 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.161/24 brd 10.0.0.255 scope global noprefixroute enp1s0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe93:bfb1/64 scope link 
       valid_lft forever preferred_lft forever
3: enp8s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:59:75:3f brd ff:ff:ff:ff:ff:ff
    inet 192.0.2.196/24 brd 192.0.2.255 scope global dynamic noprefixroute enp8s0
       valid_lft 3536sec preferred_lft 3536sec
    inet6 fe80::2733:9bbe:29e1:cc48/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
  1. ipv4 method for both interface.
# nmcli connection show id enp1s0 | grep ipv4.method
ipv4.method:                            manual

# nmcli connection show id enp8s0 | grep ipv4.method
ipv4.method:                            auto
  1. Route shows default gateway assigned to both the interfaces even if one interface is static and another one is dynamic i.e. DHCP and having different IP range.
# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.0.2.1       0.0.0.0         UG    100    0        0 enp1s0
0.0.0.0         192.0.2.1       0.0.0.0         UG    101    0        0 enp8s0
10.10.5.0       0.0.0.0         255.255.255.0   U     100    0        0 enp1s0
192.0.2.0       0.0.0.0         255.255.255.0   U     101    0        0 enp8s0
192.0.2.1       0.0.0.0         255.255.255.255 UH    100    0        0 enp1s0
  1. If Default route is set to no
# cat /etc/sysconfig/network-scripts/ifcfg-enp1s0 
NAME=enp1s0
DEVICE=enp1s0
ONBOOT=yes
USERCTL=no
IPADDR=10.0.0.161
PEERDNS=no
DEFROUTE=no
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
IPV4_FAILURE_FATAL=no
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
BOOTPROTO=none
IPV6INIT=no
PREFIX=24

Then route will not get assign to all interface.

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.0.2.1       0.0.0.0         UG    101    0        0 enp8s0
10.10.5.0       0.0.0.0         255.255.255.0   U     100    0        0 enp1s0
192.0.2.0       0.0.0.0         255.255.255.0   U     101    0        0 enp8s0

When NetworkManager is disabled

  1. NetworkManager is stopped and disabled.
# systemctl status NetworkManager
● NetworkManager.service - Network Manager
   Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:NetworkManager(8)
  1. /etc/sysconfig/network file have GATEWAY
# cat /etc/sysconfig/network
# Created by anaconda
GATEWAY=192.0.2.1
  1. Both enp1s0 and enp7s0 interface configuration file have DEFROUTE=yes and one is static and one is dynamic
# cat /etc/sysconfig/network-scripts/ifcfg-enp1s0 
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp1s0
UUID=9c4f93a8-328a-409a-a746-7b172918b5a8
DEVICE=enp1s0
ONBOOT=yes


# cat /etc/sysconfig/network-scripts/ifcfg-enp7s0 
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=10.0.0.180
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp7s0
UUID=4e3e7582-e10d-4972-ac90-67d35e86336b
DEVICE=enp7s0
ONBOOT=yes
  1. Even the GATEWAY is configured in network file and DEFROUTE=yes is present in both interface ifcfg file still gateway is assigned to only one interface and not all interface if NetworkManager is stop and disable.
# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.0.2.1       0.0.0.0         UG    0      0        0 enp1s0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 enp7s0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 enp1s0
169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 enp7s0
192.0.2.0       0.0.0.0         255.255.255.0   U     0      0        0 enp1s0

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments