Adding an IP address to a Bridge

OpenShift requires a load balancer for providing access to the hosted applications. Although I can run a three node cluster, I need a fourth location to provide a load balancer that can then provide access to the cluster.

For my home lab set up, this means I want to run one on my bastion host….but it is already running HTTP and (FreeIPA) Red Hat IdM. I don’t want to break that. So, I want to add a second IP address to the bastion host, and have all of the existing services make use of the existing IP address. Only the new HA Proxy instance will use the new IP address.

This would be trivial for a simple Ethernet port, but I am using a Bridge, which makes it a touch trickier, but not terribly so.

Adding an IP address can be done using the following command:

sudo ip addr add 192.168.123.6/24 dev br0

The IP Address comes from the same subnet as both the bastion host and the OpenShift cluster machines already use. The DHCP server does not allocate addresses below .100 So this is a safe static value to use. br0 already has the address 192.168.123.1.

In fact, that IP address is visible in the network scripts:

$ cat /etc/sysconfig/network-scripts/ifcfg-br0 
STP=yes
BRIDGING_OPTS=priority=32768
TYPE=Bridge
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=br0
UUID=4ca027d3-c472-4471-888b-12c295ad2cc1
DEVICE=br0
ONBOOT=yes
 
 
IPADDR=192.168.123.1
PREFIX=24

However, I want this to persist over a reboot. If I bring the br0 connection down and then back up again, it is gone.

Well, if I am dumb and I bring it down when I am logged on over it, I lock myself out, but fortunately the device also has a Wireless connection.

I can use the nmcli command to add the additional address like this:

sudo nmcli con mod br0 +ipv4.addresses "192.168.123.6/24"

Which does not make the change immediately, but rather requires that I bring the device down and back up.

And I freeze myself out of the Bastion host on that interface. What is wrong?

$ ping nuzleaf
PING nuzleaf.home.younglogic.net (192.168.123.1) 56(84) bytes of data.
From ayoungP40 (192.168.123.2) icmp_seq=8 Destination Host Unreachable

Looking at the routing table:

$ ip route
default via 10.0.0.1 dev wlp2s0 proto dhcp metric 600 
10.0.0.0/24 dev wlp2s0 proto kernel scope link src 10.0.0.240 metric 600 
10.88.0.0/16 dev cni-podman0 proto kernel scope link src 10.88.0.1 linkdown 
192.168.100.0/24 dev virbr0 proto kernel scope link src 192.168.100.1 linkdown 
192.168.123.0/24 dev br0 proto kernel scope link src 192.168.123.1 metric 425 
192.168.123.0/24 dev br0 proto kernel scope link src 192.168.123.6 metric 425 
192.168.130.0/24 dev virbr1 proto kernel scope link src 192.168.130.1 linkdown

We have two entries for the 192.168.123.0/24 network. I know that I want the .1 entry. If I delete both, and add back in one, I get ping responses:

sudo ip route del 192.168.123.0/24
sudo ip route del 192.168.123.0/24
sudo ip route add 192.168.123.0/24 via 192.168.123.1

Can I add this as a static route? I try

 sudo  nmcli connection modify br0 +ipv4.routes "192.168.123.0/24 192.168.123.1"

But Now I have 3 routes. I need to get rid of that DEFROUTE=yes value. I resist the urge to do this via a text editor and instead turn again to nmcli:

sudo  nmcli connection modify br0 ipv4.never-default yes

Bring the device down and back up again. It takes a moment for the route information to settle, but I start getting ping response again after a few seconds. But can I log in? ssh to the machine….yes. Eventually.

Going back to the routing table:

$ ip route
default via 10.0.0.1 dev wlp2s0 proto dhcp metric 600 
10.0.0.0/24 dev wlp2s0 proto kernel scope link src 10.0.0.240 metric 600 
10.88.0.0/16 dev cni-podman0 proto kernel scope link src 10.88.0.1 linkdown 
192.168.100.0/24 dev virbr0 proto kernel scope link src 192.168.100.1 linkdown 
192.168.123.0/24 dev br0 proto kernel scope link src 192.168.123.1 metric 425 
192.168.123.0/24 dev br0 proto kernel scope link src 192.168.123.6 metric 425 
192.168.123.0/24 via 192.168.123.1 dev br0 proto static metric 425 
192.168.130.0/24 dev virbr1 proto kernel scope link src 192.168.130.1 linkdown

Once I again, I delete all of the routes for the 192.168.123.0/24 network. I run the following command three times:

sudo ip route del 192.168.123.0/24

Then recycle the bridge interface:

$ sudo nmcli conn down br0
Connection 'br0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/19)
$ sudo nmcli conn up br0
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/21)

They are still there…but I can still connect over the wired interface. I think the static route takes precedence. I’m going to leave it as is for now.

EDIT: SSH is taking forever to connect, even though pings are returned. Not sure if it is the routing, or DNS. It is always DNS, isn’t it?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.