Using the Same IP on Multiple Interfaces in Linux

linuxlinux-networking

Hello networking gurus,

I've got a Linux (kernel 3.14) server which acts as a TFTP, NFS and HTTP server for a farm of consumer electronics devices (set-top boxes – STBs). The devices use TFTP to boot their kernels from, then mount their root FSes from the NFS server on our machine, etc etc.

Now, for one esoteric technical reason I am not going to delve in here (just believe me:) , each STB has to be in its own, physically separate, LAN.
So the way networking is set up ATM is:

The server has 1 network card which is used to access the rest of the world.
It also has 1 network card for each STB it serves – and each of those is connected to a small router, to which the STB + some other devices are connected and form a LAN.

Currently there are 3 STBs connected, and the LANs are 172.16.50.0/24, 172.16.51.0/24 and 172.16.52.0/24. Its all working nicely.

However: the fact that we have 3 different LANs means the very same server has to be accessed as 172.16.50.1 from STB1, 172.16.51.1 from STB2 and 172.16.52.1 from STB3 – and that means that we have a little bit different environment on each STB and each time we – say – upload new RootFS to be used on the STBs, we need to manually edit some configuration file and put the correct IP the server has to be accessed from this particular STB. Not very convenient and error-prone!

That got me thinking: what if we simply configured those three LANs all to be the very same 172.16.50.0/24? From the STB (and rest of the devices in the LAN) point of view everything should be fine, but what about the server's point of view?

Can a Linux server have N different ethernet interfaces, all configured with the same static IP, but each connected to a physically separate LAN?

Best Answer

Yes this is possible, using a nice feature called network namespaces (see man ip-netns(8)). It basically gives you multiple distinct network stacks, each with its own set of interfaces, routes etc.

You would need to create a namespace for each of your STBs and could then run your required services separately in each namespace.

For the namespaces you would need to proceed as follows:

Create a namespace called net1:
```
ip netns add net1
```

Assign your interface ethX to the new namespace and configure your IP address 172.16.50.1:

ip link set dev ethX netns net1
ip netns exec net1 ip link set dev ethX up
ip netns exec net1 ip address add 172.16.50.1/24 dev ethX

The IP address 172.16.50.1 is now not visible from your default namespace. A simple ping 172.16.50.1 doesn't work, you first need to switch to the net1 namespace and execute the command there:

ip netns exec net1 <command>

In this way you can now run each service in each of your namespaces.

If you feel adventurous, you could even try to somehow redirect all requests from your STBs to a central service. For this you need a tunnel from each namespace to your default namespace (see ip link help veth) and quite some iptables magic...

Best Answer

Related Solutions

Iptables rule on INPUT between 2 ethernet cards on the same host

Linux + OpenVPN; bridge interface not responding to ARP

Related Topic