Second network interface causing AAF accessibility issues

  • Document ID:7025149
  • Creation Date:10-Jun-2021
  • Modified Date:10-Jun-2021
    • Micro Focus Products:
      Advanced Authentication

Environment

Advanced Authentication v6.3.4.1

Situation

Second network interface causing AAF accessibility issues.
It is not possible to access Admin/Helpdesk and other AAF Web Portals. 
Also second interface causing cluster issues.

Resolution

Adding second network interface might lead to default routing change. To improve that it should be switched back to first interface, eth0:
--
ip route replace default via <eth0_gateway_IP> dev eth0

Additional Information

Here is some example with additional explanation.
Default network interface eth0 with IP 10.204.128.110. 

With one NIC routes are:

--
ip route list
default via 10.204.128.1 dev eth0
10.204.128.0/22 dev eth0 proto kernel scope link src 10.204.128.110
172.18.0.0/16 dev br-1ec6ac015767 proto kernel scope link src 172.18.0.1
172.19.0.0/24 dev docker0 proto kernel scope link src 172.19.0.1

Second NIC added as eth1 with IP 10.204.133.84

With two NIC routes are:
--
ip route list
default via 10.204.132.1 dev eth1 proto dhcp
10.204.128.0/22 dev eth0 proto kernel scope link src 10.204.128.110
10.204.132.0/22 dev eth1 proto kernel scope link src 10.204.133.84
172.18.0.0/16 dev br-1ec6ac015767 proto kernel scope link src 172.18.0.1
172.19.0.0/24 dev docker0 proto kernel scope link src 172.19.0.1

At this state it might be not possible to connect to the portals through 10.204.128.110. But through 10.204.133.84 portal works fine. Cluster tab might shown errors, “server was online x minutes ago.” This is because of default route via 10.204.132.1.

Change default route to eth0:
--
ip route replace default via 10.204.128.1 dev eth0

After default route was changed:
--
ip route list
default via 10.204.128.1 dev eth0
10.204.128.0/22 dev eth0 proto kernel scope link src 10.204.128.110
10.204.132.0/22 dev eth1 proto kernel scope link src 10.204.133.84
172.18.0.0/16 dev br-1ec6ac015767 proto kernel scope link src 172.18.0.1
172.19.0.0/24 dev docker0 proto kernel scope link src 172.19.0.1

After default route was changed, it is possible to access portals through 10.204.128.1 gateway.
Through gateway 10.204.132.1 portals working fine at 10.204.133.84. Cluster tab have no errors, server pulse successfully updates heartbeat at server with two NIC.