Environment
Advanced Authentication v6.3.4.1
Situation
Second network interface causing AAF accessibility issues.
It is not possible to access Admin/Helpdesk and other AAF Web Portals.
Also second interface causing cluster issues.
Resolution
Adding second network interface might lead to default routing change. To improve that it should be switched back to first interface, eth0:
--
ip route replace default via <eth0_gateway_IP> dev eth0
Additional Information
Here is some example with additional explanation.
Default network interface eth0 with IP 10.204.128.110.
With one NIC routes are:
--
With two NIC routes are:
ip route listSecond NIC added as eth1 with IP 10.204.133.84
default via 10.204.128.1 dev eth0
10.204.128.0/22 dev eth0 proto kernel scope link src 10.204.128.110
172.18.0.0/16 dev br-1ec6ac015767 proto kernel scope link src 172.18.0.1
172.19.0.0/24 dev docker0 proto kernel scope link src 172.19.0.1
With two NIC routes are:
--
ip route listAt this state it might be not possible to connect to the portals through 10.204.128.110. But through 10.204.133.84 portal works fine. Cluster tab might shown errors, “server was online x minutes ago.” This is because of default route via 10.204.132.1.
default via 10.204.132.1 dev eth1 proto dhcp
10.204.128.0/22 dev eth0 proto kernel scope link src 10.204.128.110
10.204.132.0/22 dev eth1 proto kernel scope link src 10.204.133.84
172.18.0.0/16 dev br-1ec6ac015767 proto kernel scope link src 172.18.0.1
172.19.0.0/24 dev docker0 proto kernel scope link src 172.19.0.1
Change default route to eth0:
--
After default route was changed:
--
ip route replace default via 10.204.128.1 dev eth0
After default route was changed:
--
ip route list
default via 10.204.128.1 dev eth0
10.204.128.0/22 dev eth0 proto kernel scope link src 10.204.128.110
10.204.132.0/22 dev eth1 proto kernel scope link src 10.204.133.84
172.18.0.0/16 dev br-1ec6ac015767 proto kernel scope link src 172.18.0.1
172.19.0.0/24 dev docker0 proto kernel scope link src 172.19.0.1
After default route was changed, it is possible to access portals through 10.204.128.1 gateway.
Through gateway 10.204.132.1 portals working fine at 10.204.133.84. Cluster tab have no errors, server pulse successfully updates heartbeat at server with two NIC.