Nmcli: Unwanted Secondary Ip-address
Dear CentOS-Community,
we are facing the following issue:
A secondary ip address seems to be automatically added to a nic which causes several issues in our setup.
This server is equipped with four nics which are currently in use:
# nmcli con show NAME UUID TYPE DEVICE
eno2 cb6fcb54-be52-4ab6-8324-88091a0ea1a0 ethernet eno2
eno4 dbd95c24-1ed7-4292-8dba-3934bd1476a0 ethernet eno4
eno1 1e382037-fec9-493d-a4f2-ace7d73a1e7b ethernet eno1
eno3 bea2db0f-d366-4f1b-bec8-4fbfb3c0b6d2 ethernet eno3
enp5s0f0 23f56b9f-4625-471e-9ce4-6fe7b8832310 ethernet —
enp5s0f1 f25b9a10-1584-4233-89dd-2dda7c774f0d ethernet —
From time to time, a secondary ip-address is assigned to an interface as show below:
1: lo:
group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: eno1:
group default qlen 1000
link/ether 00:26:b9:78:87:d1 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.90/24 brd 192.168.1.255 scope global noprefixroute eno1
valid_lft forever preferred_lft forever
inet6 fe80::226:b9ff:fe78:87d1/64 scope link
valid_lft forever preferred_lft forever
4: eno2:
group default qlen 1000
link/ether 00:26:b9:78:87:d3 brd ff:ff:ff:ff:ff:ff
inet 10.10.100.205/24 brd 10.10.100.255 scope global noprefixroute eno2
valid_lft forever preferred_lft forever
inet 10.10.100.72/24 brd 10.10.100.255 scope global secondary dynamic eno2
valid_lft 56158sec preferred_lft 56158sec
inet6 fe80::226:b9ff:fe78:87d3/64 scope link
valid_lft forever preferred_lft forever
5: eno3:
group default qlen 1000
link/ether 00:26:b9:78:87:d5 brd ff:ff:ff:ff:ff:ff
inet 192.168.4.11/24 brd 192.168.4.255 scope global noprefixroute eno3
valid_lft forever preferred_lft forever
inet6 fe80::e98b:e064:50d2:535d/64 scope link noprefixroute
valid_lft forever preferred_lft forever
6: eno4:
group default qlen 1000
link/ether 00:26:b9:78:87:d7 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.98/24 brd 192.168.2.255 scope global noprefixroute eno4
valid_lft forever preferred_lft forever
inet *192.168.137.223/24* brd 192.168.137.255 scope global dynamic eno4 <<----- THIS IS UNWANTED
valid_lft 604778sec preferred_lft 604778sec
inet6 fe80::9257:5654:b211:8dea/64 scope link noprefixroute
valid_lft forever preferred_lft forever
7: enp5s0f0:
link/ether 00:15:17:59:96:44 brd ff:ff:ff:ff:ff:ff
8: enp5s0f1:
link/ether 00:15:17:59:96:45 brd ff:ff:ff:ff:ff:ff
11: wwp0s29f7u1i4:
link/none
Furthermore, systemctl status NetworkManager says:
systemctl status NetworkManager
● NetworkManager.service – Network Manager
Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service;
enabled; vendor preset: enabled)
Active: active (running) since Mon 2020-09-21 17:25:21 CEST; 17h ago
Docs: man:NetworkManager(8)
Main PID: 1752062 (NetworkManager)
Tasks: 3 (limit: 204496)
Memory: 8.2M
CGroup: /system.slice/NetworkManager.service
└─1752062 /usr/sbin/NetworkManager –no-daemon
NetworkManager[1752062]:
agent[0047d0145168a5f3,:1.4726/nmcli-connect/0]: agent registered NetworkManager[1752062]:
Activation: starting connection ‘eno4’
(dbd95c24-1ed7-4292-8dba-3934bd1476a0)
NetworkManager[1752062]:
op=”connection-activate” uuid=”dbd95c24-1ed7-4292-8dba-3934bd1476a0″
name=”eno4″ pid=31215>
NetworkManager[1752062]:
NetworkManager[1752062]:
NetworkManager[1752062]:
NetworkManager[1752062]:
NetworkManager[1752062]:
NetworkManager[1752062]:
NetworkManager[1752062]:
Activation: successful, device activated.
This behaviour is really! unwanted. What is the reason for this behavior. Packages like
keepalived or ctdb are not installed on this machine.
Any help is appreciated how to figure out the reason for this behavior.
Thanks in advance.
Felix
9 thoughts on - Nmcli: Unwanted Secondary Ip-address
Hi,
Can you show as the config of eno4?
And can you diff the config of eno1 and eno4. Looks like there is a difference somewhere.
Regards, Simon
Dear Simon,
# pwd
/etc/sysconfig/network-scripts
# diff -u ifcfg-eno1 ifcfg-eno4
— ifcfg-eno1 2020-09-21 17:23:25.576672703 +0200
+++ ifcfg-eno4 2020-09-22 07:18:43.160532532 +0200
@@ -3,15 +3,20 @@
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=no
-IPV4_FAILURE_FATAL=yes
-IPV6INIT=no
-IPV6_AUTOCONF=no
+IPV4_FAILURE_FATAL=no
+IPV6INIT=yes
+IPV6_AUTOCONF=yes
IPV6_DEFROUTE=no
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
-NAME=eno1
-UUID=1e382037-fec9-493d-a4f2-ace7d73a1e7b
-DEVICE=eno1
+NAME=eno4
+UUID=dbd95c24-1ed7-4292-8dba-3934bd1476a0
+DEVICE=eno4
ONBOOT=yes
-IPADDR=192.168.1.90
+IPADDR=192.168.2.98
PREFIX=24
+DNS1=10.10.100.1
+DNS2=10.10.100.2
+#DNS3=8.8.8.8
+PEERDNS=no
+PEERROUTES=no
# cat ifcfg-eno4
TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=no IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=no IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=eno4
UUID=dbd95c24-1ed7-4292-8dba-3934bd1476a0
DEVICE=eno4
ONBOOT=yes IPADDR=192.168.2.98
PREFIX=24
DNS1=10.10.100.1
DNS2=10.10.100.2
#DNS3=8.8.8.8
PEERDNS=no PEERROUTES=no
Regards,
Felix
Okay, nothing to find here.
What about eno2, you also have two IP addresses there and even in the same subnet, is this wanted or not? Can the second address of eno2 be found in the ifcfg file?
Both eno2 and eno4 have “scope global secondary dynamic” with the second address and it doesn’t seem to come from the base configuration.
Simon
Dear Simon,
every second IP-address is unwanted. We restarted eno4:
nmcli con down eno4; nmcli con up eno4
and the second address vanishes. Then after a few ours, the second ip address reappears.
This is the config-file of eno2:
# cat ifcfg-eno2
TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=yes IPV6INIT=no IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=eno2
UUID=cb6fcb54-be52-4ab6-8324-88091a0ea1a0
DEVICE=eno2
ONBOOT=yes IPV6_PRIVACY=no IPADDR=10.10.100.205
PREFIX=24
GATEWAY=10.10.100.254
DNS1=10.10.100.1
DNS2=10.10.100.2
DOMAIN=ourDomain
I am not aware of this setting:
scope global secondary dynamic
So maybe you are able to find it in the nmcli output:
# nmcli con edit eno2
===| nmcli interactive connection editor |===
Editing existing ‘802-3-ethernet’ connection: ‘eno2’
nmcli> p
===============================================================================
Connection profile details (eno2)
===============================================================================
connection.id: eno2
connection.uuid: cb6fcb54-be52-4ab6-8324-88091a0ea1a0
connection.stable-id:
Hi Felix
That’s really interesting. Doesn’t NetworkManager also store other settings in a different location, not the ifcfg files? I think it does so and you may have to check there.
Also, don’t forget that there could be other tools running on the host which fiddle with NetworkManager.
That said, I usually don’t use NetworkManager on my servers so I don’t really know much about it.
Hope some NM experts can help you more.
Regards, Simon
I’d just suspect some rogue dhclient running on the system. Check the process list for dhclient instances and their cmdlines. NetworkManager should not be running any dhclient for that interface with this config.
-yoctozepto
You failed to show the configuration of eno4’s profile in Network Manager (nmcli con show eno4). You can use ‘nmcli con edit’ (or nmtui)
to modify the profile to eliminate the assignment of the unwanted address — if it is in automatic mode (which seems to be the case) then you may need to fix your DHCP server instead. If there is no chance that Network Manager is assigning the extra address then you will have to hunt around your system for the program or script that is doing so.
/mark
Dear Mark,
thanks for the additional hints.
Yes, indeed, it was missing. The method is set to manual (additional marked), see below.
# nmcli con edit eno4
===| nmcli interactive connection editor |===
nmcli> p
===============================================================================
Connection profile details (eno4)
===============================================================================
connection.id: eno4
connection.uuid: dbd95c24-1ed7-4292-8dba-3934bd1476a0
connection.stable-id:
Why is there a dhcclient running at all if you have manual settings? What has started dhcclient?
Simon