Bug 1797204 - Assigning static IP Addresses to NICs makes a mess out of the default gateway
Summary: Assigning static IP Addresses to NICs makes a mess out of the default gateway
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora
Classification: Fedora
Component: NetworkManager
Version: 31
Hardware: All
OS: All
unspecified
high
Target Milestone: ---
Assignee: Lubomir Rintel
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-02-01 12:01 UTC by Greg Scott
Modified: 2020-11-24 17:40 UTC (History)
12 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2020-11-24 17:40:30 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Greg Scott 2020-02-01 12:01:24 UTC 
Description of problem:
I have a Fedora system with several NICs. I use it as a firewall and assign static IP Addresses to its NICs. When I ifup any of those NICs, NetworkManager assigns a bogus default gateway through the NIC I just ifup-ed. This is incorrect - there should be exactly one and only one default gateway, period. Assigning multiple default gateways to different NICs makes a mess out of routing.


Version-Release number of selected component (if applicable):
Fedora 31

How reproducible:
At will

Steps to Reproduce:
1. Install Fedora 31 and set up NICs with static IP Addresses in different networks.
2. Set up /etc/sysconfig/network the old-fashioned way with GATEWAY=nn.nn.nn.nn
3. ifup any NIC with a static IP Address
4. Do "ip route show" and observe the bogus default route assigned to the NIC above - even if it's not in the same network as the default gateway.

Actual results:
See above - a bogus default gateway points to the wrong NIC.


Expected results:
The default gateway shold ***only*** go with the NIC on the same network as the default gateway. And there should only be one default gateway assigned.


Additional info:

My NIC on enp5s7 is connected.
The future WAN side id enp2s0.
The future LAN side is enp3s0. The enp2s0 and enp3s0 NICs are not connected to anything right now.

Here is the IP Address for my connected NIC.

[root@infra2020-fw ~]# ip addr show dev enp5s7
6: enp5s7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:30:18:c3:c9:52 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.74/24 brd 10.10.10.255 scope global noprefixroute enp5s7
       valid_lft forever preferred_lft forever
    inet6 fe80::95f8:3f9:1e53:4b02/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
[root@infra2020-fw ~]#

ifdown the other NICs for a baseline.

[root@infra2020-fw ~]#
[root@infra2020-fw ~]# ifdown enp2s0
Connection 'enp2s0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
[root@infra2020-fw ~]# ifdown enp3s0
Connection 'enp3s0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
[root@infra2020-fw ~]#

And look at this already-ugly default route. Note the NIC it uses. At this point, I should not even have a default route because the NIC where the default route *should* point is down.

[root@infra2020-fw ~]# ip route show
default via 72.21.233.153 dev enp5s7 proto static metric 102
10.10.10.0/24 dev enp5s7 proto kernel scope link src 10.10.10.74 metric 102
72.21.233.153 dev enp5s7 proto static scope link metric 102

Now bring up the future WAN side, where the default route should point. Nothing is connected to it, so carrier should be down. Note the ugly default route, now both on my active NIC and the new one. It's already nonsense.

[root@infra2020-fw ~]#
[root@infra2020-fw ~]# ifup enp2s0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
[root@infra2020-fw ~]# ip addr show dev enp2s0
2: enp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether 00:30:18:c5:e3:b8 brd ff:ff:ff:ff:ff:ff
    inet 72.21.233.154/29 brd 72.21.233.159 scope global noprefixroute enp2s0
       valid_lft forever preferred_lft forever
    inet6 fe80::686e:f793:593:a28e/64 scope link tentative noprefixroute
       valid_lft forever preferred_lft forever
[root@infra2020-fw ~]#
[root@infra2020-fw ~]# ip route show
default via 72.21.233.153 dev enp5s7 proto static metric 102
default via 72.21.233.153 dev enp2s0 proto static metric 103 linkdown
10.10.10.0/24 dev enp5s7 proto kernel scope link src 10.10.10.74 metric 102
72.21.233.152/29 dev enp2s0 proto kernel scope link src 72.21.233.154 metric 103 linkdown
72.21.233.153 dev enp5s7 proto static scope link metric 102
[root@infra2020-fw ~]#

Repeat with the NIC on the future LAN side. The default route is even uglier.

[root@infra2020-fw ~]# ifup enp3s0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/7)
[root@infra2020-fw ~]# ip addr show dev enp3s0
3: enp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether 00:30:18:c5:e3:b9 brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.1/24 brd 172.16.0.255 scope global noprefixroute enp3s0
       valid_lft forever preferred_lft forever
    inet6 fe80::ca53:aae4:5120:fea0/64 scope link tentative noprefixroute
       valid_lft forever preferred_lft forever
[root@infra2020-fw ~]#
[root@infra2020-fw ~]# ip route show
default via 72.21.233.153 dev enp5s7 proto static metric 102
default via 72.21.233.153 dev enp2s0 proto static metric 103 linkdown
default via 72.21.233.153 dev enp3s0 proto static metric 104 linkdown
10.10.10.0/24 dev enp5s7 proto kernel scope link src 10.10.10.74 metric 102
72.21.233.152/29 dev enp2s0 proto kernel scope link src 72.21.233.154 metric 103 linkdown
72.21.233.153 dev enp5s7 proto static scope link metric 102
72.21.233.153 dev enp3s0 proto static scope link metric 104 linkdown
172.16.0.0/24 dev enp3s0 proto kernel scope link src 172.16.0.1 metric 104 linkdown
[root@infra2020-fw ~]#
[root@infra2020-fw ~]#

And finally...

[root@infra2020-fw ~]# cat /etc/sysconfig/network
# Created by anaconda
NETWORKING=yes
HOSTNAME=infra2020-fw
GATEWAY=72.21.233.153
[root@infra2020-fw ~]#


This ugly behavior might go away if I set the default route inside /etc/sysconfig/network-scripts/ifcfg-enp2s0, instead of doing it the old-fashioned way in /etc/sysconfig/network. But doing it the old-fashioned way should not make such a mess.
Comment 1 Ben Cotton 2020-11-03 16:56:29 UTC 
This message is a reminder that Fedora 31 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora 31 on 2020-11-24.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
Fedora 'version' of '31'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 31 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 2 Ben Cotton 2020-11-24 17:40:30 UTC 
Fedora 31 changed to end-of-life (EOL) status on 2020-11-24. Fedora 31 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.
Note You need to log in before you can comment on or make changes to this bug.