Second Default Gateway

mmport80 · October 4, 2022, 5:28pm

I can manually add routes and rules, and everything works:

But when I try add rules & routes in the configuration it does not work.

Any tips?

nixinator · October 4, 2022, 6:30pm

once you build the configutration,

whats ip link

netstat -r

ip route

just run a few diagnostic commands? Also is the VM, or bare metal?

are i see you are using funky route tables, this could be more tricky.

what exactly are you trying to achieve with these kool kid funky route tables.

mmport80 · October 5, 2022, 6:30am

Thanks!

This is the goal: Two Default Gateways on One System - Thomas-Krenn-Wiki-en

As I said, it works if I manually run the commands…

I am running on metal.

Here are the commands after reboot (i.e. just using the config above).

nixinator · October 6, 2022, 10:28pm

Ok.

Maybe a good idea to take this an a issue on github.

If you can give a list of imperative commands that your issuing on nixos, which makes this work, then please give them, and then the output of all the network diagnostic commands.

if you can the share the things you’ve tried in your configuration.nix.
and provide the same debug output.

It maybe that the module configures that network doesn’t have this capablity yet, or it’s just a misconfiguration of the modules somehow.

I’ll have a look if there is a nixos test that sets up a network like this as integration test.

if there isn’t one, as we can get this working, then i’d be up for writing an integration test.

nixos tests , are documentation at the end of the day.

interesting stuff, i wish i had a bit more time to take a look, i’m creating a startup at the moment, and i’m to the wall time wise… which is making me unhappy, because i like making nixers successful with nixos networking.

good luck!

mmport80 · October 7, 2022, 3:22pm

Thanks!

I added an issue here: Add a Second Gateway - Networking Configuration · Issue #194893 · NixOS/nixpkgs · GitHub

Basically two issues:

adding a default route to another table
adding rules doesn’t seem to work…

mmport80 · April 17, 2023, 12:11pm

I ended up doing a oneshot script. Not very elegant, but it works.

  # NTZ route through a physical tap and then out to AWS                                                                                                      networking = {
    iproute2 = {
      enable = true;
      rttablesExtraConfig =
        ''1 rt2'';
    };
  };

  systemd.services.secondGateway = {
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];
      description = "Upload files to cloud or MT ARCS etc.";
      path = [pkgs.bash pkgs.iproute];
      script = '' 
             ip route add default via 10.101.1.254 dev eno3 table rt2                                                                                                    
             ip route add 10.101.1.0/24 dev eno3 src 10.101.1.3 table rt2                                                                                                
             ip rule add to 10.10.190.32/18 table rt2                                                                                                                    
             ip rule add from 10.10.190.32/18 table rt2
             '';
      serviceConfig = {
        Type= "oneshot";
        User = "root";
        Restart = "no";
      };
   };