Note:

• This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
• It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.

Assign an IP Address to a Second Interface on an Oracle Linux Instance

Introduction

This tutorial provides step-by-step instructions on how to assign an IP address to a secondary network interface on an Oracle Linux instance. Whether you are expanding your network configuration or setting up a specific routing policy, adding and configuring a second interface is a critical skill.

You will learn how to:

• Identify the available network interfaces.

• Configure the secondary interface with a static or dynamic IP address.

• Update network configuration files for persistence across reboots.

• Verify the configuration and ensure connectivity.

By the end of this tutorial, you will be able to extend the networking capabilities of your Oracle Linux instance, enable it to interact seamlessly across multiple subnets or networks.

Objectives

In this tutorial, we will learn how to assign an IP address to a second network interface on an Oracle Linux instance.

• Understand the configuration files involved in setting up a secondary network interface.

• Learn how to assign a static IP address to the second interface.

• Verify the connectivity and proper functionality of the newly configured interface.

  

Prerequisites

• Create a virtual cloud network (VCN) and 2 x subnets.

Task 1: Create an OCI Compute Instance

In this task, we will create a new instance in Oracle Cloud Infrastructure (OCI).

• Go to the OCI Console, navigate to Compute, Instances and click Create instance.

  

• In Create compute instance, enter the following information.

  1. Enter a Name for the instance. In this example, we will use sriov-test-01.
  2. Scroll down.

  

  1. Click Change shape.
  2. Select VM.Standard.E4.Flex, but you can use E5 also.
  3. Scroll down.

  

  1. Click Select existing virtual cloud network.
  2. Select the VCN. In this example, we are using the oke VCN.
  3. Select the existing subnet for the primary vNIC.
  4. Scroll down.

  

  1. For first VNIC interface IP address, in Private IPv4 address, select Automatically assign private IPv4 address.
  2. As we selected a public subnet for the primary interface, so in Public IPv4 address, select Automatically assign public IPv4 address.
  3. Scroll down.

  

  1. Click Upload public key files (.pub) to upload existing (previously generated) public and private SSH keys.
  2. Click Browse to select the existing public key.
  3. Verify if the existing public key is selected for upload.
  4. Click Create.

  

  1. If the instance is deployed successfully then the status shows RUNNING.
  2. Note that the Primary VNIC is configured and the IP addresses are assigned automatically.

  

Task 2: Add Second VNIC to the Instance

• Go to the Instance details page.

  1. Click Attached VNICs.
  2. Note that there in only one VNIC and we renamed this to sr-iov-test-01 (the default name that OCI provides is different).
  3. Click Create VNIC.

  

• In Create VNIC, enter the following information.

  1. Enter a Name for the second VNIC. In this example, we will use secondary-vnic.
  2. Select the VCN. In this example, we are using the oke VCN.
  3. Select the existing subnet for the secondary VNIC. This is a different subnet from the one which the Primary VNIC is attached to.
  4. Select Use network security groups to control traffic (optional).
  5. (Optional) Select allow-all to create a Network security group that allows all ingress and egress traffic.
  6. Scroll down.

  

  1. For second VNIC interface IP address, in Private IPv4 address, select Automatically assign private IPv4 address.
  2. Click Save changes.

  

• Note that the second VNIC is now created and attached to the instance and the other subnet.

  

  Note: Even though we have selected the option of automatically get an IP address for second VNIC from OCI, the Operating System (Oracle Linux) will not configure the IP address on the VNIC. The IP address is reserved by the OCI Console, but it is not configured yet.

Task 3: Configure IP Address on Second VNIC

The configuration of the IP address on the second VNIC can be done with multiple methods.

• Method 1: Use Oracle Cloud Infrastructure Command Line Interface (OCI CLI) (oci-utils package) to assign an IP address to the second interface of an OCI Compute instance using the oci-network-config command.

• Method 2: Use OCI CLI (oci-utils package) to assign an IP address to the second interface of an OCI Compute instance using the ocid daemon.

• Method 3: Use the OCI_Multi_VNIC_Setup script.

• Method 4: Create the interface config file manually for the new VNIC in the /etc/sysconfig/network-scripts/ folder.

Note: For a comprehensive and practical learning experience, start with Method 1 or Method 2, as these leverage OCI native tools and provide a straightforward setup. As you gain familiarity, explore Method 3 for scripting and automation, and finally, try Method 4 for advanced manual configurations.

Method 1: Use OCI CLI (oci-utils package) to Assign an IP Address to the Second Interface using the oci-network-config Command

In this method, create a new instance named sriov-test-04 and assign an IP address to the second interface using the oci-network-config command.

Prerequisites: Provisioned a new instance and added a second VNIC.

• Run the following commands.

  1. Run the ip a command to retrieve the IP address from all the interfaces.
  2. Note the ens3 interface.
  3. Note that the ens3 interface has an IP address configured.
  4. Note the ens5 interface.
  5. Note that the ens5 interface has no IP address configured.
  6. Run the route -n command to retrieve all the routes and default gateways for all interfaces.
  7. Note that there is only a gateway available for the ens3 interface.

  

• The following commands were used to test whether the oci-utils commands are working out-of-the-box.

  1. Run the sudo oci-compartmentid command to retrieve the OCID of the compartment to which the instance belongs.
  2. Run the sudo oci-instanceid command to retrieve the OCID of the instance.

  Here, we have proven that oci-utils commands are working out-of-the-box.

  

• Run the following commands.

  1. Run the sudo oci-network-config show command to retrieve all network configuration from the instance.
  2. Note the error: Cannot show information: Failed to get API session. The information regarding the VNICs of the instance will not be provided on Operating System level and not on OCI level.
  3. Note the Operating System level information on the ens3 interface.
  4. Note the Operating System level information on the ens5 interface.
  5. Note the ADD flag for the interface ens5.

  

  To configure the ens5 interface that is currently flagged with ADD, run the sudo oci-network-config configure command.

  This is not possible as we will get the same error when we run the oci-network-config show command that is Cannot show information: Failed to get API session.

  Question: Why are we getting this error?

  Solution: A VCN is not an object owned by an instance, which means the instance cannot directly access VCN information without proper authentication. To enable the instance to fetch VCN details from the API, you must create a dynamic group that includes the instance and assign a policy granting the necessary permissions.

• To enable an OCI Compute instance to fetch VCN details through API, follow the steps:

  1. Create a Dynamic Group: This dynamic group includes the instance(s) that require access to the API. You define the group using rules based on attributes like instance OCID or compartment.

  2. Assign Permissions with a Policy: You need to create an Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) policy that grants the dynamic group permission to read or manage VCN-related resources. For example:

     allow dynamic-group <dynamic-group-name> to read virtual-network-family in compartment <compartment-name>
     

  3. Use Instance Principals for Authentication: Instances in the dynamic group authenticate directly using their identity, allowing secure API access without embedding credentials in the application. This method simplifies security management while maintaining robust access control.

• Go to the OCI Console.

  1. Click the hamburger menu (≡), navigate to Compute, Instances and select the compute instance for which you want to run the following commands sudo oci-network-config show and sudo oci-network-config configure.
  2. Click Show to display the instance OCID value.
  3. Click Copy to copy the instance OCID value.

  

  1. Click the hamburger menu (≡), navigate to Identity, Domains, Default domain and click Dynamic groups.
  2. Click Create dynamic group.

  

  1. Enter a Name for the dynamic group. In this example, we will use sriov-test-04.
  2. Click Rule builder.

  

  1. Select Instance OCID in Match instances with.
  2. Enter value of instance OCID in Value.
  3. Click Add rule.

  

  1. Note that a new rule is added to the group.
  2. Click Create.

  

• Now that we have the group to which the instance belongs, we need to create a policy within the compartments containing the instance. This policy will allow instances in the group to perform operations on VCN objects, such as subnets.

  1. Click the hamburger menu (≡), navigate to Identity and click Compartments.
  2. Click the root compartment. In this example, it is oraseemeaocids4.

  

  1. Note that we are now in the child compartments.
  2. Click the next child compartment. In this example, it is NETWORK.

  

  1. Note that we are now in the next child compartment.
  2. Click the next child compartment. In this example, it is Iwan.

  

  1. Make sure the right compartment is selected.
  2. Click Policies.
  3. Click Create Policy.

  

• In Create Policy, enter the following information.

  1. Enter a Name for the policy. In this example, we will use allow-sriov-test-04-to-vcn.
  2. Enter a Description for the policy. In this example, we will use allow-sriov-test-04-to-vcn.
  3. Select Show manual editor.
  4. Enter the following policy: allow dynamic-group sriov-test-04 to manage all-resources in compartment Iwan.
  5. Click Create.

  

• Note the new policy statement inside the newly created policy.

  

• Now that we have allowed the instance to perform API calls through OCI CLI to the VCN.

  1. Run the ip a command to retrieve the IP address from all the interfaces.
  2. Note that the ens5 interface has no IP address configured.
  3. Run the sudo oci-network-config show command to retrieve all network configuration from the instance on OCI level. The error is now gone.
  4. Note the OCI level information on the ens5 interface and the ADD flag for the interface ens5.
  5. Note the Operating System level information on the ens3 and ens5 interfaces.

  

• Before we run the sudo oci-network-config configure command to configure the IP address of the second VNIC, we need to create a new directory named /etc/iproute2 and a new file named /etc/iproute2/rt_tables. This is required so that the system can correctly configure the routing and default gateway for this new interface.

  The /etc/iproute2/rt_tables file is used to define and manage multiple routing tables in Linux and to enable policy-based routing. It maps human-readable names to routing table numbers, allowing advanced setups like routing specific traffic through different gateways, interfaces, or ISPs.

  Run the sudo mkdir -p /etc/iproute2 command to create a directory named /etc/iproute2 and the sudo touch /etc/iproute2/rt_tables command to create file named rt_tables.

• Run the following commands.

  1. Run the sudo oci-network-config configure command to configure the IP address of the second VNIC.
  2. Note the Configured message.
  3. Run the sudo oci-network-config show command to retrieve all network configuration from the instance on OCI level.
  4. The OCI level information on the ens5 interface and the ADD flag for the interface ens5 is now gone.
  5. Run the ip a command to retrieve the IP address from all the interfaces.
  6. The ens5 interface now has an IP address configured.
  7. Run the route -n command to retrieve all the routes and default gateways for all interfaces.
  8. Note the gateway is now available for the ens5 interface.

  

  1. Run the more /etc/iproute2/rt_tables command to verify if a new entry was made.
  2. Note the 11 ort entry.
  3. Run the ip route show table 11 command to review the routing table for this mapping.
  4. Note that there is a default route for the interface ens5 the new second VNIC on the instance.

  

Method 2: Use OCI CLI (oci-utils package) to Assign an IP Address to the Second Interface using the ocid daemon

In this method, create a new instance named sriov-test-01 and assign an IP address to the second interface using ocid daemon.

Prerequisites: Provisioned a new instance and added a second VNIC.

• Run the following commands.

  1. Run the ip a command to retrieve the IP address from all the interfaces.
  2. Note that the ens5 interface has no IP address configured.

  

  1. Run the route -n command to retrieve all the routes and default gateways for all interfaces.
  2. Note that there is only a gateway available for the ens3 interface.

  

  1. Run the ip -f inet -o addr filtered command to show all configured IP addresses on all interfaces.
  2. Note that there is only configured interface and IP address is the ens3 interface.

  

  1. Run the systemctl list-unit-files ocid.service command to verify if the ocid daemon is enabled.
  2. Note that the ocid daemon is disabled.
  3. Run the sudo systemctl start ocid command to start the ocid daemon.
  4. Run the sudo systemctl status ocid command to verify the status of the the ocid daemon.
  5. Note that the ocid daemon is active and running.

  

  1. Run the ip -f inet -o addr filtered command to show all configured IP addresses on all interfaces.
  2. Note that ens5 interface is now configured and has an IP address.

  

  1. Run the ip a command to retrieve the IP address from all the interfaces.
  2. Note that the ens5 interface now has an IP address configured.

  

  1. Run the route -n command to retrieve all the routes and default gateways for all interfaces.
  2. Note that the gateway is now available for the ens5 interface.

  

• To ensure the OCID service is automatically starting after a reboot, run the sudo systemctl enable ocid command.

  

• Same as Method 1, we need to create a directory named /etc/iproute2 and a file named /etc/iproute2/rt_tables. This is required so that the system can correctly configure the routing and default gateway for this new interface.

  The /etc/iproute2/rt_tables file is used to define and manage multiple routing tables in Linux and to enable policy-based routing. It maps human-readable names to routing table numbers, allowing advanced setups like routing specific traffic through different gateways, interfaces, or ISPs.

  Run the sudo mkdir -p /etc/iproute2 command to create a directory named /etc/iproute2 and the sudo touch /etc/iproute2/rt_tables command to create file named rt_tables.

• Run the sudo reboot command.

  

  1. Run the more /etc/iproute2/rt_tables command to verify if a new entry was made.
  2. Note the 11 ort3 entry.
  3. Run the ip route show table 11 command to review the routing table for this mapping.
  4. Note that there is a default route for the interface ens5 the new second VNIC on the instance.

  

Method 3: Use the OCI_Multi_VNIC_Setup Script

In this method, create a new instance named sriov-test-02 and use the OCI_Multi_VNIC_Setup script to configure the IP address for the second VNIC.

Prerequisites: Provisioned a new instance and added a second VNIC.

• Run the following commands.

  1. Run the ip a command to retrieve the IP address from all the interfaces.
  2. Note that the ens5 interface has no IP address configured.
  3. Run the route -n command to retrieve all the routes and default gateways for all interfaces.
  4. Note that there is only a gateway available for the ens3 interface.

  

  1. Download the script with the following curl command.

     curl -o OCI_Multi_VNIC_Setup.sh https://raw.githubusercontent.com/Olygo/OCI_Multi_VNIC_Setup/refs/heads/main/OCI_Multi_VNIC_Setup.sh
     

  2. Run the ls -l command to list all the files.

  3. Note that the CI_Multi_VNIC_Setup.sh script is downloaded successfully.

  4. Run the chmod +x ./OCI_Multi_VNIC_Setup.sh command to make the downloaded script executable.

  5. Run the sudo ./OCI_Multi_VNIC_Setup.sh command to run the script.

  

• Gather some information from the OCI Console that we need to use as the input when we run the script.

  1. In the Instance details page, note down the Private IPv4 address of the primary interface.
  2. Scroll down.

  

  1. Click Attached VNICs.
  2. Click the second VNIC.

  

  1. Note down the MAC address of the second VNIC.
  2. Note down the IP address of the second VNIC.

  Note: Even though the IP address is not configured on the instance Operating System, the IP address is already reserved by the OCI Console management.

  

• Using the IP address and subnet information, determine the default gateway for the subnet, as the script will require this information.

  Note: The OCI Console does not provide details about the default gateway, but it is typically the first usable IP address in the subnet.

  We have the following information:

  	Primary interface (ens3)	Secondary interface (ens5)
  IPv4 subnet:	10.0.0.0/29	10.0.3.0/27
  IPv4 address:	10.0.0.4	10.0.3.5/27
  IPv4 gateway:	10.0.0.1	10.0.3.1
  MAC address:	Not required for script	02:00:17:00:61:01

• Enter the following information.

  1. Primary VNIC Interface Name: Enter ens3.
  2. Primary VNIC IP: Enter 10.0.0.4.
  3. Primary VNIC Gateway IP: Enter 10.0.0.1.
  4. Secondary VNIC Interface Name: Enter ens5.
  5. Secondary VNIC IP Address (CIDR Notation): Enter 10.0.3.5/27 with full CIDR notation.
  6. Secondary VNIC MAC Address: Enter 02:00:17:00:61:01.
  7. This interface will be part of a different subnet so enter y here.
  8. secondary VNIC Gateway: Enter 10.0.3.1.

  

  1. Verify the information and enter y to confirm.
  2. Enter y to confirm the settings again.
  3. Note that the script will start the interface configuration and will provide status updates while doing this.

  

• The complete output of the status messages is provided below:

  Summary of your configuration:
     - The primary Vnic name is:            ens3
     - The primary Vnic IP is:              10.0.0.4
     - The primary Vnic GW is:              10.0.0.1
     - The secondary Vnic name is:          ens5
     - The secondary Vnic IP with CIDR is:  10.0.3.5/27
     - The secondary Vnic MAC is:           02:00:17:00:61:01
     - The secondary Vnic GW is:            10.0.3.1
  
  Do you confirm these settings ? (y)es/(n)o/(q)uit: y
  
  User settings confirmed...
  
  
  Summary of your configuration:
     - The primary Vnic name is:            ens3
     - The primary Vnic IP is:              10.0.0.4
     - The primary Vnic GW is:              10.0.0.1
     - The secondary Vnic name is:          ens5
     - The secondary Vnic IP with CIDR is:  10.0.3.5/27
     - The secondary Vnic MAC is:           02:00:17:00:61:01
     - The secondary Vnic GW is:            10.0.3.1
  
  Do you confirm these settings ? (y)es/(n)o/(q)uit: y
  
  User settings confirmed...
  
  *** Checking if NetworkManager CLI (nmcli) is installed ***
  
  nmcli is already installed.
  
  *** Configuring NetworkManager ***
  NetworkManager is already enabled.
  NetworkManager is already running.
  NetworkManager is configured and running.
  
  *** Check and install iproute if not installed ***
  Package 'iproute' is already installed. Proceeding.
  
  *** Ensure /etc/iproute2 directory exists ***
  Directory '/etc/iproute2' does not exist. Creating it...
  Directory '/etc/iproute2' created successfully.
  
  *** Ensure /etc/iproute2/rt_tables file exists ***
  File '/etc/iproute2/rt_tables' does not exist. Creating it...
  File '/etc/iproute2/rt_tables' created successfully with a default header.
  
  *** Starting ens5 configuration and persistence setup ***
  
  *** Configure secondary VNIC with NetworkManager ***
  Connection 'ens5' (582dd2d7-3a3e-45b9-8289-ce3d474f4b74) successfully added.
  Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
  
  *** Enable IP forwarding and configure reverse path filtering ***
  # Enable IP forwarding
  net.ipv4.ip_forward=1
  
  # Configure reverse path filtering
  net.ipv4.conf.all.rp_filter=2
  net.ipv4.conf.default.rp_filter=2
  net.ipv4.conf.ens3.rp_filter=2
  net.ipv4.conf.ens5.rp_filter=2
  
  *** Apply sysctl settings immediately ***
  kernel.unknown_nmi_panic = 1
  net.ipv4.ip_forward = 1
  net.ipv4.conf.all.rp_filter = 2
  net.ipv4.conf.default.rp_filter = 2
  net.ipv4.conf.ens3.rp_filter = 2
  net.ipv4.conf.ens5.rp_filter = 2
  
  *** Adding custom routing tables ***
  100 vnic_1
  200 vnic_2
  
  *** Adding IP rules and routes ***
  
  *** Creating policy routing persistence script ***
  
  *** Creating systemd service for policy routing ***
  Created symlink /etc/systemd/system/multi-user.target.wants/policy-routing.service → /etc/systemd/system/policy-routing.service.
  
  *** Testing connectivity ***
  PING 10.0.0.4 (10.0.0.4) 56(84) bytes of data.
  64 bytes from 10.0.0.4: icmp_seq=1 ttl=64 time=0.059 ms
  64 bytes from 10.0.0.4: icmp_seq=2 ttl=64 time=0.037 ms
  64 bytes from 10.0.0.4: icmp_seq=3 ttl=64 time=0.031 ms
  64 bytes from 10.0.0.4: icmp_seq=4 ttl=64 time=0.027 ms
  
  --- 10.0.0.4 ping statistics ---
  4 packets transmitted, 4 received, 0% packet loss, time 3073ms
  rtt min/avg/max/mdev = 0.027/0.038/0.059/0.013 ms
  PING 10.0.3.5 (10.0.3.5) 56(84) bytes of data.
  64 bytes from 10.0.3.5: icmp_seq=1 ttl=64 time=0.026 ms
  64 bytes from 10.0.3.5: icmp_seq=2 ttl=64 time=0.022 ms
  64 bytes from 10.0.3.5: icmp_seq=3 ttl=64 time=0.023 ms
  64 bytes from 10.0.3.5: icmp_seq=4 ttl=64 time=0.035 ms
  
  --- 10.0.3.5 ping statistics ---
  4 packets transmitted, 4 received, 0% packet loss, time 3069ms
  rtt min/avg/max/mdev = 0.022/0.026/0.035/0.007 ms
  PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
  64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.098 ms
  64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.097 ms
  64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.067 ms
  64 bytes from 10.0.0.1: icmp_seq=4 ttl=64 time=0.060 ms
  
  --- 10.0.0.1 ping statistics ---
  4 packets transmitted, 4 received, 0% packet loss, time 3069ms
  rtt min/avg/max/mdev = 0.060/0.080/0.098/0.019 ms
  
  *** Network configuration completed ***
  
  IP rules:
  0:	from all lookup local
  32764:	from 10.0.3.5 lookup vnic_2
  32765:	from 10.0.0.4 lookup vnic_1
  32766:	from all lookup main
  32767:	from all lookup default
  
  $ nmcli device show ens5
  
  GENERAL.DEVICE:                         ens5
  GENERAL.TYPE:                           ethernet
  GENERAL.HWADDR:                         02:00:17:00:61:01
  GENERAL.MTU:                            9000
  GENERAL.STATE:                          100 (connected)
  GENERAL.CONNECTION:                     ens5
  GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/3
  WIRED-PROPERTIES.CARRIER:               on
  IP4.ADDRESS[1]:                         10.0.3.5/27
  IP4.GATEWAY:                            10.0.3.1
  IP4.ROUTE[1]:                           dst = 10.0.3.0/27, nh = 0.0.0.0, mt = 101
  IP4.ROUTE[2]:                           dst = 0.0.0.0/0, nh = 10.0.3.1, mt = 101
  IP4.ROUTE[3]:                           dst = 0.0.0.0/0, nh = 10.0.3.1, mt = 0, table=200
  IP6.ADDRESS[1]:                         fe80::70ba:d30f:3dac:6462/64
  IP6.GATEWAY:                            --
  IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 1024
  
  *** Configuration complete! ens5 is set up and all settings are persistent ***
  
  [opc@sriov-test-02 ~]$
  

  1. Run the ip a command to retrieve the IP address from all the interfaces.
  2. Note that the ens5 interface now has an IP address configured.
  3. Run the route -n command to retrieve all the routes and default gateways for all interfaces. Note that the gateway is now available for the ens5 interface.

  

  Note:

  • Configuring an IP address and making sure routing works correctly are two different things.
  • The script will also configure the routing part for us.
  • Pay attention to the specific outputs of the script.

• The following part of the script will create a directory named /etc/iproute2 directory and a file named rt_tables.

  *** Ensure /etc/iproute2 directory exists ***
  Directory '/etc/iproute2' does not exist. Creating it...
  Directory '/etc/iproute2' created successfully.
  
  *** Ensure /etc/iproute2/rt_tables file exists ***
  File '/etc/iproute2/rt_tables' does not exist. Creating it...
  File '/etc/iproute2/rt_tables' created successfully with a default header.
  

• The following part of the script will add the necessary entries into the rt_tables file.

  *** Adding custom routing tables ***
  100 vnic_1
  200 vnic_2
  

• The following part of the script will add the IP routing rules to allow policy based routing on the instance and will also enable the service for policy based routing which is required if you are have an instance with multiple VNICs.

  *** Adding IP rules and routes ***
  
  *** Creating policy routing persistence script ***
  
  *** Creating systemd service for policy routing ***
  Created symlink /etc/systemd/system/multi-user.target.wants/policy-routing.service → /etc/systemd/system/policy-routing.service.
  

• Run the following commands.

  1. Run the more /etc/iproute2/rt_tables command to verify if a new entry was made.
  2. Note that the 100 vnic_1 and 200 vnic_2 entries.
  3. Run the ip route show table 100 command to review the routing table for this mapping and notice that there is a default route for the interface ens3 the primary VNIC on the instance.
  4. Run the ip route show table 200 command to review the routing table for this mapping and notice that there is a default route for the interface ens5 the new second VNIC on the instance.

  

Method 4: Create the Interface Config File Manually

Create a new instance named sriov-test-03 and configure the IP address for the second VNIC by a definition for the new VNIC in the  /etc/sysconfig/network-scripts/ directory.

Note: In this method, we will configure almost all the steps, that was automatically done by the script in Method 3.

Prerequisites: Provisioned a new instance and added a second VNIC.

• Run the following command.

  1. Run the ip a command to retrieve the IP address from all the interfaces.
  2. Note that the ens5 interface has no IP address configured.
  3. Run the route -n command to retrieve all the routes and default gateways for all interfaces.
  4. Note that there is only a gateway available for the ens3 interface.

  

• Navigate to Instance, Attached VNICS and select the second VNIC to retrieve the IP address of the second VNIC. Note down the IP address.

  

• Go to the /network-scripts folder using the cd /etc/sysconfig/network-scripts/ command and create a new file in the same folder with the name ifcfg-ens5 using the sudo nano ifcfg-ens5 command.

  

• Configure the ens5 interface with the following parameters.

  NAME="ens5"  
  DEVICE="ens5"  
  IPADDR=10.0.3.19  
  NETMASK=255.255.255.224
  GATEWAY=10.0.3.1
  ONBOOT=yes
  

  • IP address is same as we retrieved from OCI Console.
  • The subnet is derived from the subnet within the VCN to which this interface is connected.
  • The gateway IP address is the first IP address in the subnet.

  

• Save the config file named ifcfg-ens5 with the nano editor.

  1. List the files in the /etc/sysconfig/network-scripts/ directory with the ls -l command.
  2. Note that there is an interface configuration file for ens3.
  3. Note that there is an interface configuration file for ens5.

  

  1. Verify the content of the ifcfg-ens5 file with the more ifcfg-ens5 command.
  2. Make sure the parameters are all correctly configured.

  

  1. Run the ip a command to retrieve the IP address from all the interfaces.
  2. Note that the ens5 interface still has no IP address configured.

  

• Reboot the instance with the sudo reboot command.

  

  1. Run the ip a command to retrieve the IP address from all the interfaces.
  2. Note that the ens5 interface now has an IP address configured.
  3. Run route -n command to retrieve all the routes and default gateways for all interfaces. Note that the gateway is now available for the ens5 interface.

  

  Note: Configure an IP address and making sure routing works correctly are two different things.

• Configure routing. The /etc/iproute2/rt_tables file is used to define and manage multiple routing tables in Linux and to enable policy-based routing. It maps human-readable names to routing table numbers, allowing advanced setups like routing specific traffic through different gateways, interfaces, or ISPs.

  Run the sudo mkdir -p /etc/iproute2 command to create directory named /etc/iproute2 and the sudo nano /etc/iproute2/rt_tables command to create file named rt_tables.

• Configure the following parameters in the rt_tables file.

  100 vnic_1
  200 vnic_2
  

• Create the policy routing persistence script with the sudo nano /usr/local/bin/setup_policy_routing.sh command.

  #!/bin/bash
  
  # Reapply IP rules
  ip rule add from 10.0.0.3 table vnic_1
  ip rule add from 10.0.3.19 table vnic_2
  
  # Reapply routing rules
  ip route add default via 10.0.0.1 dev ens3 table vnic_1
  ip route add default via 10.0.3.1 dev ens5 table vnic_2
  

• Run the sudo chmod +x /usr/local/bin/setup_policy_routing.sh command to make the policy routing persistence script executable.

• Create a systemd service for the policy routing script with the nano /etc/systemd/system/policy-routing.service command. This is required if you are have an instance with multiple VNICs with the command.

• Configure the following parameters in the policy-routing.service file.

  [Unit]
  Description=Setup Policy Routing for Multiple VNICs
  After=network-online.target
  Wants=network-online.target
  
  [Service]
  Type=oneshot
  ExecStart=/usr/local/bin/setup_policy_routing.sh
  RemainAfterExit=true
  
  [Install]
  WantedBy=multi-user.target
  

• Run the sudo chmod +x /etc/systemd/system/policy-routing.service command to make the service file for policy based routing executable.

• Run the sudo systemctl start policy-routing.service command to start the service for policy based routing.

• Run the sudo systemctl status policy-routing command to make sure the service for policy based routing is loaded and active.

  [opc@sriov-test-03 ~]$ sudo systemctl status policy-routing
  ● policy-routing.service - Setup Policy Routing for Multiple VNICs
     Loaded: loaded (/etc/systemd/system/policy-routing.service; enabled; vendor preset: disabled)
     Active: active (exited) since Wed 2024-12-11 09:07:16 GMT; 4 weeks 1 days ago
  Process: 2415 ExecStart=/usr/local/bin/setup_policy_routing.sh (code=exited, status=0/SUCCESS)
  Main PID: 2415 (code=exited, status=0/SUCCESS)
     Tasks: 0 (limit: 99891)
     Memory: 0B
     CGroup: /system.slice/policy-routing.service
  
  Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
  [opc@sriov-test-03 ~]$
  

• Run the sudo systemctl enable policy-routing.service command to make sure the service for policy based routing will be starting when the instance is (re)starting.

• Reboot the instance with the sudo reboot command.

• After the reboot, run the following commands.

  1. Run the more /etc/iproute2/rt_tables command to verify if a new entry was made.
  2. Note the 100 vnic_1 and 200 vnic_2 entries which we configured manually.
  3. Run the ip route show table 100 command to review the routing table for this mapping and notice that there is a default route for the interface ens3 the primary VNIC on the instance.
  4. Run the ip route show table 200 command to review the routing table for this mapping and notice that there is a default route for the interface ens5 the new second VNIC on the instance.

  

Next Steps

Selecting the right method to configure a second interface on an OCI Linux instance depends on your requirements, technical expertise, and desired level of control. If you are looking for a straightforward and efficient setup, Methods 1 and Method 2, which use the oci-utils package and Oracle-native tools, are highly recommended. These methods are ideal for users who want to leverage OCI’s built-in functionality without diving into manual configuration or external scripts.

And, where automation and scalability are critical, Method 3, utilizing the OCI_Multi_VNIC_Setup script, provides a flexible solution. It is especially useful when managing multiple interfaces across different instances, offering time savings and consistency in configuration.

Meanwhile, Method 4, the manual configuration approach, provides the highest level of customization. This method is best suited for advanced users or specific environments where automation tools are either unavailable or not preferred. It also serves as an excellent way to understand the inner workings of networking on Oracle Linux instances.

By understanding these methods, you gain the flexibility to configure secondary interfaces in a variety of scenarios, from basic setup to complex multi-cloud architectures. With the right approach, you can ensure reliable and efficient network configurations tailored to your OCI workloads.

Acknowledgments

• Author - Iwan Hoogendoorn (OCI Network Specialist)

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Assign an IP Address to a Second Interface on an Oracle Linux Instance

G25179-01

January 2025

Copyright ©2025,

Oracle and/or its affiliates.