How to set default route with netplan, Ubuntu 18.04 server, 2 NIC

I have two NIC, both is controled over DHCP. One have public IP, second private.

Both interfaces have static IP reserved in DHCP and both interfaces get right IP, but somethimes when reboot server I can't access from public, because default route is from private NIC.

How can I set permanently this with netplan ?

Public NIC ens18 (IP: 213.133.xxx.xxx) Private NIC ens19 (IP: 10.10.10.xxx)

My netplan config is:

network:
  version: 2
  renderer: networkd
  ethernets:
    ens18:
      dhcp4: yes
      dhcp6: no
      nameservers:
        addresses: [8.8.8.8,8.8.4.4]
  ethernets:
    ens19:
      dhcp4: yes
      dhcp6: no

The issue is that networkd will bring up both networks, and both will have a default gateway set, and both will be at the same metric.

Netplan does not currently allow you to skip setting the route on one interface, but you can configure networkd separately to tell it to do this, by basing the config on what netplan has already generated.

I have copied the commands below. Here I am assuming that ens19 is the "secondary" interface for which you do not want a default gateway set -- note that to do this successfully, it also needs to happen before rebooting with the new interface (or you can copy part of the config, omit the MACAddress= line, etc. so that it's generic enough that a new interface will be matched).

sudo cp /run/systemd/network/10-netplan-ens19.network /etc/systemd/network
sudo vi /etc/systemd/network/10-netplan-ens19.network

Then add under [DHCP]:

UseRoutes=false            # if you don't want to apply any routes from DHCP

RouteMetric=200        # any number above 100 if you want the routes applied, but that they are less preferred.

If you don't have the file yet (ie. you have not attached the interface yet) then you could copy the contents of another interface set for DHCP, and remove MACAddress=.

In general, the file should look something like this:

[Match]
Name=interfacename

[Network]
DHCP=ipv4

[DHCP]
UseMTU=true
RouteMetric=200    # or UseRoutes=false, as you prefer.

For static interfaces just skipping gateway4 (or gateway6) config option causes netplan to NOT create default route for that interface. Then, if you need extra routing using routes element (array of dicts)

For DHCP interfaces you can do:

dhcp4-overrides:
    route-metric: 100

Just increase metric for subsequent interfaces and you should be good.

(See: https://netplan.io/examples)


To stop a dhcp interface in netplan from setting a default route, just set use-routes in dhcp4-overrides to false.

eth2:
    dhcp4: true
    dhcp4-overrides:
        use-routes: false

Also it may be better to not edit /etc/netplan/50-cloud-init.yaml directly but instead:

  • Change the source into /etc/cloud/cloud.cfg.d/50-curtin-networking.cfg.
  • Run cloud-init clean -r to reboot. (this propagates the changes in the cloud config to the netplan config)

Using two NIC is trick. I would prefer a static configuration and define the routing table here are some hints:

  • it is necessary to define the gateways of each NIC, unless, both share the same gateway
  • even with multiple gateways the for some systems (ie. Ubuntu) only ONE default default gateway is allowed (took some time to learn this), but there are some Linux distros that allowe multiple default gateways
  • always test inbound, outbound pings for/from each NIC (ping -I google.com)
  • if only some ranges are properly connect it is possible to have connection among those, but not to other networks (get and send pings across know addresses, but incapable to ping 8.8.8.8
  • ip r get 8.8.8.8 will help to understand how the system reach and outside address
  • set MAC address for each network, as the adapter name may change upon reboot

In the example below, notice that each NIC has its own gateway and eno2 has the default gateway of the system, if you want to have a failsafe behaviour, take a look in the interfaces bonding or manually via iproute2 (readmore)

# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      addresses: [ 88.88.24.26/29, "8888.ffff:1:20::c02/64"  ]
      routes:
          - to: 0.0.0.0/0
            via: 88.88.24.25
            metric: 40
            table: 400
      routing-policy:
          - from: 88.88.24.26/29
            table: 400
      match:
          macaddress: 0c:c4:7b:0b:7b:eb
      set-name: mainInf
      gateway6: "8888.ffff:1:20:0:0:0:1"
      nameservers:
          search: [ mydomain.com ]
          addresses:
              - 8.8.8.8
              - 1.1.1.1
              - "2606:4700:4700::1111"
    eno2:
      addresses: [ 88.88.51.44/29, "8888.ffff:1:20::fa02/64" ]
      gateway4: 88.88.51.41
      routes:
          - to: 0.0.0.0/0
            via: 88.88.51.41
            metric: 40
            table: 200
      routing-policy:
          - from: 88.88.51.41/29
            table: 200
      match:
          macaddress: 0c:c4:7b:0b:7b:bb
      set-name: support
      gateway6: "8888.ffff:1:20:0:0:0:1"
      nameservers:
          search: [ mydomain.com ]
          addresses:
              - 8.8.8.8
              - 1.1.1.1
              - "2606:4700:4700::1111"