I recently upgraded my lab vCenter to the vCenter Server Appliance (VCSA) v6.5.
As I need a static route on my network, I went to add that in the same way that I’ve done for other VCSAs, only to find that the networking has changed.
VCSA 6.5 now uses systemd-networkd to control networking. Any attempt to use “service network restart” will generate a bunch of error messages about “exiting with error 6”. Editing files in /etc/sysconfig/network will have no discernable effect.
So how do you add a static route under the new networking regime?
Log on to your VCSA using ssh (or the console) and start a shell.
cd /etc/systemd/network
There you will find all the network config files.
Typically you will have just one, named “10-eth0.network”.
The contents of this file are relatively self explanatory:
[Match] Name=eth0 [Network] Gateway=192.168.1.254 Address=192.168.1.40/24 DHCP=no [DHCP] UseDNS=false
Add a new section at the bottom of the file using your favourite text editor:
[Route] Gateway=192.168.1.20 Destination=192.168.2.0/24
Again, the format for this is pretty obvious.
Once that’s saved, run:
systemctl restart systemd-networkd
Check that your route has taken using
root@vc01 [ ~ ]# ip route show default via 192.168.1.254 dev eth0 proto static 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.40 192.168.2.0/24 via 192.168.1.20 dev eth0 proto static
Hi there!
Thanks for this – I found out also that they’ve changed to systemd-netword.
Would you be able to provide guidance on how to add a permanent reject route?
Essentially the same as route add – host reject
I can’t figure out the syntax of it. 🙂
As far as I can tell there’s currently no way of doing this.
There appears to have been a commit to the systemd git to add “blackhole”, “prohibited” and “unreachable” as accepted keywords but I can’t see anywhere where this change is reflected in “live” systems and it doesn’t appear in the master as far as I can see.
https://github.com/systemd/systemd/commit/f37e03cac9c2c95a8479b6f672ed58218f827fa6
I don’t know whether there’s another way of handing it… maybe routing it to 127.0.0.1 ?