For ages(>7yr) my automation scripts were adding new external IPs to the servers in this way
ifconfig lo:0 11.22.99.44 netmask 255.255.255.255
ifconfig lo:1 11.22.33.44 netmask 255.255.255.255
...
This worked fine with all (>10) providers i worked with and i never had problems.
Now i realized, that i was adding ips to loopback and it might be wrong
and lo just left after playing in 127.0.0.0/8 sandbox
=)
A short investigation figured out, that necessary route adds automatically and packet arrived to these ips is routed correctly
lo route is visible in routel as
11.22.33.44 local 11.22.33.44 kernel host lo local
11.22.99.44 local 11.22.33.44 kernel host lo local
but not in ip route show
default via 99.88.22.1 dev eth0
99.88.22.0/24 dev eth0 proto kernel scope link src 99.88.22.123
Testing a route: sends via default route to server`s basic (added to eth0) ip gateway
#ip route get 5.5.5.5 from 11.22.33.44 iif lo
5.5.5.5 from 11.22.33.44 via 99.88.22.1 dev eth0
So, im sending packets from 11.22.33.44 to 192.168.1.1 instead of 11.22.33.1 and it works on MANY configurations with no questions asked by MANY providers.
Q1: Why is this working?
Q2: Which way of adding multiple gateways is better?(11.22.99.1 for source 11.22.99.44, 11.22.33.1 for source 11.22.33.44)
is adding multiple like below a good idea or src based routing is better?
auto eth0:0
iface eth0:0 inet static
address 11.22.33.44
netmask 255.255.255.0
broadcast 11.22.33.255
gateway 11.22.33.1
auto eth0:1
iface eth0:1 inet static
address 11.22.99.44
netmask 255.255.255.0
broadcast 11.22.99.255
gateway 11.22.99.1
Thanks for help!
Best Answer
This works due to the ARP protocol and the routing tables. When a server doesn't know where to to send a packet for an IP address in network block the interface is configured to route, it will send an ARP request and update its ARP table with the response. Your server will also respond to APR requests for all IP addresses it supports. For other addresses, the traffic will be routed to the configured routed for the smallest configured network block that supports the destination IP address.
If you only have one interface, all external traffic will be routed over that interface. The rest will be sent to the router which should have routes to all the devices. You really don't need to add routes beyond the default routes for the router, and the default route.
It gets more complicated when you have multiple interfaces. In that case, you may need to add routes for non-local network blocks that are routed via routers on an interface other than the one with the default route.
When you have IP addresses in multiple network blocks on the same interface, it is best to add them to the interface rather than the loopback interface. Normally when I work with servers that have addresses in multiple network blocks each network block is on a separate interface.
Having secondary IP addresses on the loopback interface may resolve port conflicts where an application must be configured to respond to traffic on an interface. This can cause issues to other application using the same port on secondary IP addresses.