how do I add multiple public NIC's with correct MAC-Adresses to UTM9 ?

Hi Guenther,

Is the public IP in the same subnet as the existing one?

That's very specific requirements they are asking for.

Emile

Well, this request come from one of Europes biggest hosting companies (Hetzner).
They give you one IP with every server you run with them, then you can buy additional IP's for this server.
Each IP has to be bound to their MAC-aderess that they give you, otherways they won't route you.

I have been able to get it working with UTM now:

- first I have added another NIC to the UTM guest within ESXi, assigning that specific MAC-address
- then I added this NIC within UTM

I then activated "uplink balancing" and added both public facing interfaces (in this case they have the same subnet and gw, but this is not always the case).

So now I have two public facing IP's within UTM, exactly what I wanted :)

I don't know if this is the state of the art how to do it, but it works.

Hi Guenther,

Linux really doesn't like having IPs in the same subnet across different interfaces, keep your eye out for the MAC address flip where you will see in an arp table MAC A for Interface A referencing Interface B for IP B instead breaking everything. Seen it happen a few times.

They are doing that to prevent IP spoofing and why will they not reference both IPs for the same MAC address, that is a grossly inefficient waste of hardware resources. Europes biggest hosting company or not.

Have you tried requesting an IP reassignment to the same existing MAC?

It's not recommended to have IPs in the same subnet existing on the same interface.

Emile

>It's not recommended to have IPs in the same subnet existing on the same interface.
I am having two interfaces, so it should be ok?

>Have you tried requesting an IP reassignment to the same existing MAC?
Yes I did, as for example Windows can't handle this correctly, all traffic will always go out from the first interface, so I have not been able to add multiple public Ip's to a Win2012 Esxi guest, as the second one will not be reachable.

Linux seems to handle it correctly.

Hello Guenther,

Sorry, long day, it should read:

You should not have two interfaces with IPs that exist on the same subnet.

It'll be fine initially, but over time you will run into problems, it just takez one bad arp broadcast. The method below can resolve/mitigate it but is classed as an unsupported solution and unless bridged, official recommendation is not to have two interfaces with IPs on the same subnet.

I would recommend you go back to the hosting provider and get them to assign the addressing so you can perform IP aliasing. Trust me, when it goes wrong, it goes wrong, bad.

Emile

He is right.   Everything you could ever want to do can be accomplished by putting multiple IP addresses on one NIC.

If you need more bandwidth, use NIC teaming / LAG groups.

Dome adjacent devices will block your teaffic in response to ARC flapping.

He is right.   Everything you could ever want to do can be accomplished by putting multiple IP addresses on one NIC.

If you need more bandwidth, use NIC teaming / LAG groups.

Dome adjacent devices will block your teaffic in response to ARC flapping.