Christoph's 2 Cents

A Backup for My Brain!

CloudLinuxOracle Cloud InfrastructrureOracle LinuxUncategorized

OCI Instance: Secondary VNIC Routing

cruepprich

After adding a secondary VNIC to your compute instance, you’ll need to enable the OCID service which checks for changes in VNIC (and iSCSI) devices. It also makes sure that the network interface uses the secondary VNIC.

In instances based on Oracle-provided images, this OCI Utilities are already installed.

Adding a Static Route

You may want to add a different static route for the second VNIC. You can do this with

ip route add x.x.x.x/x via y.y.y.y dev ens5

Where x.x.x.x/16 is the CIDR block you want to route to, and x.x.x.x the gateway you wish to use.

The secondary VNIC on a standard OEL7 instance will be named ens5. To double check the name run:

ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP group default qlen 1000
    link/ether 02:00:17:07:d0:eb brd ff:ff:ff:ff:ff:ff
    inet 10.23.66.4/24 brd 10.23.66.255 scope global dynamic ens3
       valid_lft 61023sec preferred_lft 61023sec
3: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP group default qlen 1000
    link/ether 00:00:17:01:2b:56 brd ff:ff:ff:ff:ff:ff
    inet 123.456.32.4/24 scope global ens5
       valid_lft forever preferred_lft forever

Line 3 above shows the secondary VNIC with device name ens5.

To make the route persistent after startup, you can create a service like this (I use ens5 as the device name for the second VNIC):

if [ "$EUID" -ne 0 ]
  then echo "Please run as root"
  exit
fi

# Edit as neccessary
ROUTECIDR="x.x.x.x/x"
GATEWAYIP="y.y.y.y"

mkdir /opt/secondary_vnic

# Script that adds secondary route
cat > /opt/secondary_vnic/add_route.sh <<EOF
#!/bin/bash
ip route add $ROUTECIDR via $GATEWAYIP dev ens5
EOF

chmod +x /opt/secondary_vnic/add_route.sh


# Service to execute script on boot  
cat > /etc/systemd/system/secondary_vnic_route.service <<EOF
[Unit]
     Description=Add route to the secondary VNIC at boot
     Wants=network-online.target
     After=network.target network-online.target

     [Service]
     Type=oneshot
     ExecStart=/opt/secondary_vnic/add_route.sh

     [Install]
     WantedBy=default.target
EOF

systemctl enable secondary_vnic_route
systemctl start secondary_vnic_route

echo "Done"

Now make sure that the services is started, or else start it with.

systemclt start secondary_vnic_route

Validate the route with

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.23.66.1      0.0.0.0         UG    0      0        0 ens3
10.23.66.0      0.0.0.0         255.255.255.0   U     0      0        0 ens3
123.456.0.0     123.456.32.1    255.255.0.0     UG    0      0        0 ens5