search cancel

API Gateway: Gateway 10 inconsistent interface naming inconsistent with two or more NICs

book

Article ID: 189742

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

While testing out the various Gateway 10 upgrade scenarios, we ran into a strange issue when we use the reimaging method (existing v9.4 VM, reimage with v10 ISO) that doesn't occur when we use a new Gateway v10 OVA. This seems to occur when the VM has more than 1 NIC when reimaging.


When we use the v10 image as base and add 2 NICs, they are named ssg_eth0, ssg_eth1 and ssg_eth2 as per the new v10 naming conventions. This is working as expected as it did with previous gateways.


However, when we upgrade the existing v9.4 with 3 NICs via the reimaging method, the NICs are named ssg_eth0, ens192 and ens224 (CentOS7 NIC naming conventions for the last 2). 

There is now also a file added in /etc/sysconfig/network-scripts called ifcfg-ens160  ens192  ens224 


So it seems like there might be something wrong with the script that enumerates the NICs that are available on the system but only for the reimaging version.

Environment

Release: 10.0

Component: API GATEWAY

Cause

This is not a bug: CentOS 7 has changed the way it handles the Network Interface Naming Scheme

Resolution

Unlike past versions of the API Gateway installed on older releases of CentOS/RHEL (i.e., 6.x or older), the traditional kernel-based network interface naming scheme (e.g., eth0, eth1, eth2) no longer applies as the default convention.

So there is a  difference between ISO (hardware) and virtual as there is indeed a difference now for centos7 since the traditional eth0 naming is no longer guaranteed. Centos7 now switches to this new hardware naming style where ens192 and ens 224 is a combination of the actual underlying network adapter's location.

As a result, ens192 (as an example) is tied to the network adapter is considered to be less random and more consistent. Whereas in the older RHEL 6 system, eth0 is a static network interface name, can be using different network adapter underneath the VM.

Because of this, and the usage of iptable/firewall, we had to do something to work around this change and create some form of consistency on the network name for our customers.

Hardware and ISO when imaged with centos7(v10), all network interfaces will be renamed, however, they will retain their ifcfg-enX names so that kernel will recognize the mapping between what they recognize and what we changed it to.

Hardware and ISO users are free to change the network device names back to ifcfg-ens192 and ens224, however, they need to also update the iptables file to make sure the rules for ssg_eth0 are switched over, or they will be locked out of the VM via sshd.


When upgrading an existing Gateway the first interface will be renamed, subsequent interfaces will have to be manually managed by the user. You don't need to rename ens192 or ens224 to ssg_eth1 ssg_eth2.  You can just use ens192 and ens 224 and modify the iptables.

Additional Information

For more information on these networking changes please review our gateway 10: Network Deployment Guide