Linux Network Interface Selection: Routing Logic and AWS VPC Interface Priority Control


2 views

When dealing with multiple network interfaces in Linux, the kernel follows a strict routing algorithm to determine interface selection:

# View the routing table that determines interface selection
$ ip route show
default via 10.0.100.1 dev eth0 proto static metric 100
default via 10.0.200.1 dev eth1 proto static static metric 101
10.0.100.0/24 dev eth0 proto kernel scope link src 10.0.100.5
10.0.200.0/24 dev eth1 proto kernel scope link src 10.0.200.5

For your scenario with two interfaces:

  • Request to 10.0.150.5: Linux will use the most specific route. Since neither 10.0.100.0/24 nor 10.0.200.0/24 covers this address, it will fall back to the default route with the lowest metric (eth0 in this case).
  • Request to 173.194.43.102: The system will again use the default route with the lowest metric value.

Since you can't access the appliance AMI, these AWS-native solutions can help:

# AWS CLI command to modify route table priorities
aws ec2 create-route --route-table-id rtb-1234567890abcdef0 \
--destination-cidr-block 0.0.0.0/0 \
--gateway-id igw-11223344556677889 \
--network-interface-id eni-1234567890abcdef0

Try these VPC-level approaches:

  1. Modify VPC route tables to prefer one interface's subnet over another
  2. Use Security Group rules to restrict traffic flow through specific interfaces
  3. Adjust Network ACLs to control which subnets can communicate

If you had shell access (for reference):

# Add explicit route for specific subnet
ip route add 10.0.150.0/24 via 10.0.200.1 dev eth1 metric 50

# Delete existing default route
ip route del default via 10.0.100.1

# Add new default route with higher metric
ip route add default via 10.0.100.1 dev eth0 metric 200

When a Linux system has multiple network interfaces on different subnets, the kernel uses a specific set of rules to determine which interface to use for outgoing traffic. This decision is based on the routing table and the destination IP address.


# View the routing table
$ ip route show
10.0.100.0/24 dev eth0 proto kernel scope link src 10.0.100.5 
10.0.200.0/24 dev eth1 proto kernel scope link src 10.0.200.5 
default via 10.0.100.1 dev eth0 metric 100
default via 10.0.200.1 dev eth1 metric 200

For your specific case with two interfaces:

  • 10.0.150.5: This falls outside both /24 subnets, so Linux will use the default route with the lowest metric (eth0 in this case)
  • 173.194.43.102: For internet traffic, the same default route selection applies

Since you can't access the appliance AMI, consider these AWS-level solutions:


# Example: Modify route tables in AWS CLI
aws ec2 create-route --route-table-id rtb-12345678 \
--destination-cidr-block 10.0.150.0/24 \
--network-interface-id eni-12345678

If you had shell access, you could implement policy-based routing:


# Create a new routing table
echo "200 custom" >> /etc/iproute2/rt_tables

# Add rules to direct specific traffic
ip rule add from 10.0.200.5 lookup custom
ip route add default via 10.0.200.1 dev eth1 table custom

Metric values influence interface selection when multiple default routes exist. Lower metrics have higher priority:


# Temporarily modify interface metric (requires root)
ip route change default via 10.0.200.1 dev eth1 metric 50

In your VPC environment, consider:

  • Adjusting VPC route table priorities
  • Using different security groups for each interface
  • Implementing NAT gateways strategically