NetworkManager with policy-based routing and static routes

wtchang · March 27, 2024, 3:26pm

I have setup a policy-based routing using nmcli, but I am having trouble to add a static route to the main routing table (254)

[connection]
id=idn
uuid=c14710d9-2ff8-4b3c-8478-e4c58b9867eb
type=ethernet
interface-name=ens192

[ethernet]

[ipv4]
address1=166.1.1.8/24,166.1.1.1
method=manual
route-table=100
routing-rule1=priority 10 from 0.0.0.0/0 iif ens192 table 100
routing-rule2=priority 10 from 166.1.1.8 table 100

route1=10.10.10.0/24,166.1.1.1
route1_options=table=254

[ipv6]
addr-gen-mode=default
method=auto

[proxy]

The policy-based routing works. But 10.10.10.0/24 is not installed to the main routing table.

jlehtone · March 27, 2024, 7:43pm

I would add a route with:

nmcli connection modify idn +ipv4.routes "10.10.10.0/24 166.1.1.1"

(if I wasn’t using rhel-system-roles.network Ansible role to do the config)

wtchang · March 27, 2024, 9:44pm

This command will add the route to route table 100, not the main routing table.

jlehtone · March 28, 2024, 7:38am

I do get rules to main with that and my main isn’t 254.

# ip ru
0:	from all lookup local
32766:	from all lookup main
32767:	from all lookup default

wtchang · March 28, 2024, 3:28pm

I believe 32766 is the priority, not the routing table number.

jlehtone · March 28, 2024, 3:54pm

You are correct on that.

$ cat /etc/iproute2/rt_tables
#
# reserved values
#
255	local
254	main
253	default
0	unspec
#
# local
#
#1	inr.ruhep

Nevertheless, on my systems ipv4.routes "10.10.10.0/24 166.1.1.1" does go to main.

man nm-settingswrites:

ipv4.routes
A list of IPv4 destination addresses, prefix length, optional IPv4 next hop addresses, optional route metric, optional attribute. The valid syntax is: “ip[/prefix] [next-hop] [metric] [attribute=val]...[,ip[/prefix]...]”. For example “192.0.2.0/24 10.1.1.1 77, 198.51.100.0/24”.

Various attributes are supported:
…

“table” - an unsigned 32 bit integer. The default depends on ipv4.route-table.

Therefore ipv4.routes "10.10.10.0/24 166.1.1.1 table=254" should do the trick.

What is the value of ipv4.route-table?
On my system:

$ nmcli -f ipv4.route-table c s bridge-brlan
ipv4.route-table:                       0 (unspec)

Oh, you have “100” there …

system · May 27, 2024, 3:54pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.