Configure static routes on dedicated servers
Static routing is a type of routing in which routes are specified explicitly when configuring a network interface on a server or router.
To configure static routing, write static routes on the server.
Examples of problems that can be solved using static routing:
- link dedicated servers and cloud server over a private network;
- route Internet traffic through the firewall;
- configure connectivity to the external infrastructure through the firewall.
Write static routes on the server
Ubuntu
Debian
CentOS
Windows
-
Open the network interfaces configuration file with the vi text editor:
vi /etc/netplan/01-netcfg.yaml -
At the end of the parameter block for the desired network interface, add a route:
routes:
- to: <ip_address>/<mask>
via: <gateway>Specify:
<ip_address>— subnet to which the route is needed;<mask>— mask of the subnet to which you want to route;<gateway>— gateway for the subnet of the current server, such as the gateway listed on the global router. The gateway address must be on the same subnet as the server.
-
If you need to prescribe multiple routes, add them sequentially in the same block, for example:
routes:
- to: 192.168.0.0/28
via: 172.16.0.1
- to: 192.168.1.0/28
via: 172.16.0.1 -
Exit the vi text editor with your changes saved:
:wq
-
Check the routing configuration:
sudo netplan try -
Apply the changes:
netplan apply
-
Open the network interfaces configuration file with the vi text editor:
vi /etc/network/interfaces
- Add the desired route at the end of the parameter block for the corresponding network interface:
up route add -net <ip_address> netmask <mask> gw <gateway>
down route del -net <ip_address> netmask <mask> gw <gateway>
Specify:
<ip_address>— the subnet to which you want to route, e.g.192.168.0.0;<mask>— mask of the subnet to which the route is to be routed, e.g.255.255.255.0;<gateway>— the gateway for the subnet of the current server, such as the gateway listed on the global router. The gateway address must be on the same subnet as the server
-
If you need to prescribe multiple routes, add them sequentially in the same block.
-
Exit the vi text editor with your changes saved:
:wq
- Restart the network:
sudo /etc/init.d/networking restart
-
Create and complete a file to configure static routes:
echo "<ip_address>/<mask> via <gateway>" >> /etc/sysconfig/network-scripts/route-<eth_name>
Specify:
<ip_address>— subnet to which the route is needed;<mask>— mask of the subnet to which you want to route;<gateway>— the gateway for the subnet of the current server, such as the gateway listed on the global router. The gateway address must be on the same subnet as the server;<eth_name>— the name of the corresponding LAN interface.
- If you need to add multiple routes, specify them in one command. Specify each route on a new line, for example:
echo "192.168.0.0/28 via 172.16.0.1
192.168.1.0/28 via 172.16.0.1" >> /etc/sysconfig/network-scripts/route-eno2
- Restart the network:
systemctl restart network
-
Add the required routes one at a time:
route -p ADD <ip_address> MASK <mask> <gateway> METRIC <x>
Specify:
<ip_address>— the subnet to which you want to route, e.g.192.168.0.0;<mask>— mask of the subnet to which the route is to be routed, e.g.255.255.255.0;<gateway>— the gateway for the subnet of the current server, such as the gateway listed on the global router. The gateway address must be on the same subnet as the server;<x>— parameter that defines the priority of the specified gateway, 1 being the highest priority.
Example of organizing static routes to connect dedicated servers and a cloud server over a private network
Purpose of customization
Connect the two dedicated servers in the SPB-2 pool and the cloud server in the ru-2 pool with a private network using a global router and configure routing in the network so that the devices see each other.
What you need to customize
In the example, we used two dedicated servers in the SPB-2 pool with access to the private network and a cloud server in the ru-2 pool for configuration.
Customization result
Private connectivity will be configured between the two dedicated servers in the SPB-2 pool and the cloud server in the ru-2 pool.
Customization steps
-
Connect the private subnets to the global router:
192.168.0.0/28to the VLAN that contains the dedicated servers in the SPB-2 pool;172.16.0.0/28for the cloud platform project in the ru-2 pool.
-
Assign IP addresses from the private subnets that you connected to the global router to the dedicated servers and the cloud server. For more information, see Assign IP addresses to servers.
-
Spell out the routes:
- on each dedicated server in the SPB-2 pool to subnet
172.16.0.0/28via gateway192.168.0.1; - on the cloud server in pool ru-2 — to subnet
192.168.0.0/28via gateway172.16.0.1.
- on each dedicated server in the SPB-2 pool to subnet
Example of organizing static routes to route Internet traffic through a firewall
Purpose of customization
Direct Internet traffic to a dedicated server through a firewall.
What you need to customize
In the example, we used a dedicated server with access to a private network and a firewall for the configuration.
Customization result
Once the routed networks are configured, Internet traffic to the dedicated server will pass through the firewall.
Customization steps
-
Write a static route on a dedicated server to the subnet
0.0.0.0/0through the gateway198.51.100.1. -
Write the default gateway
203.0.113.2on the firewall. -
To have Internet access on the dedicated server behind the firewall, create a ticket requesting that a static route be added to the Selectel router. In the ticket, specify:
- private subnet of the dedicated server that is behind the firewall, in the example,
198.51.100.0/28; - the public IP address of the firewall, in the example,
203.0.113.2.
- private subnet of the dedicated server that is behind the firewall, in the example,
-
Wait for a Selectel employee to respond that a static route is assigned to the router.
Example of organizing static routes for communication with external infrastructure through a firewall
Purpose of customization
Connect two dedicated servers in pools MSK-1 and SPB-2 to the external infrastructure with a private network. Using a global router, configure routing in the network so that devices see each other and route routed network traffic through the firewall in pool SPB-3.
What you need to customize
In the example, we used two dedicated servers in pools MSK-1 and SPB-2 with access to a private network, a firewall in pool SPB-3, and an external infrastructure for the configuration.
Customization result
Private connectivity will be configured between the external infrastructure and servers in pools MSK-1 and SPB-2, with routed network traffic passing through the firewall in pool SPB-3.
Customization steps
-
Connect the subnets to the global router:
192.168.11.0/24to the VLAN on which the dedicated server in the MSK-1 pool is located;192.168.22.0/24to the VLAN where the dedicated server in the SPB-2 pool is located;192.168.33.0/24to the VLAN that contains the firewall in the SPB-3 pool.
-
Assign IP addresses from the private subnets that you connected to the global router to the dedicated servers. For more information, see Assign IP addresses to servers.
-
Assign an IP address from the private subnet you connected to the global router to the firewall.
-
- in the MSK-1 pool — in subnets
192.168.22.0/24and192.168.33.0/24via gateway192.168.11.1; - in the SPB-2 pool — in subnets
192.168.11.0/24and192.168.33.0/24via gateway192.168.22.1;
- in the MSK-1 pool — in subnets
-
Write routes on the firewall — to subnets
192.168.11.0``.0/24and192.168.22.0/24through gateway192.168.33.1. -
Configure routing on the global router — Write a static route for outgoing traffic to the Internet. Specify:
- the destination subnet is
0.0.0.0/0;; - Next hop — The IP address of the firewall, in the example
192.168.33.2.
- the destination subnet is