1. Introduction

As system administrators, we usually add multiple IP addresses on the network interface for various reasons such as improving redundancy, hosting multiple applications with DNS, avoiding firewalls, migration, and more.

In this tutorial, we’ll delve into the process of managing secondary IP addresses on Linux machines.

Now, let’s get into the nitty-gritty details of it.

2. Secondary IP Address

The Secondary IP Address is a bind address for the same hardware interface on the machine. It allows us to have two addresses in different subnets, ensuring that the interface is active on more than one subnet simultaneously. Furthermore, it can also facilitate easy and convenient migrations with the ability to grow the IP addressing of the infrastructure without re-numbering it. Sometimes, it’s also referred to as an IP alias:

server# ip addr show enp0s8
3: enp0s8:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:ef:c9:e7 brd ff:ff:ff:ff:ff:ff
    inet 192.168.56.110/24 brd 192.168.56.255 scope global dynamic noprefixroute enp0s8
       valid_lft 531sec preferred_lft 531sec
    inet6 fe80::8260:b99f:e8d8:8e7/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

2.1. Temporary IP Allocation

For the sake of demonstration, let’s take an Ubuntu Linux machine for allocating the secondary IP address. We’ll use the ip command to add the secondary address:

server# sudo ip addr add 192.168.56.200/24 dev enp0s8
[sudo] password for tools:
server#
server# ip addr show enp0s8
3: enp0s8:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:ef:c9:e7 brd ff:ff:ff:ff:ff:ff
    inet 192.168.56.111/24 brd 192.168.56.255 scope global dynamic noprefixroute enp0s8
       valid_lft 382sec preferred_lft 382sec
    inet 192.168.56.200/24 scope global secondary enp0s8
       valid_lft forever preferred_lft forever
    inet6 fe80::8260:b99f:e8d8:8e7/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

Both IP addresses are now reachable from their respective subnets. However, the newly allocated address will be removed once we reboot the machine. So, we’ve got to record the configuration into the network interfaces file for better persistence, which we’ll see in the next section.

2.2. Permanent IP Allocation

Let’s add the secondary interface configuration in the /etc/network/interfaces file:

server# cat /etc/network/interfaces
auto enp0s8
iface enp0s8 inet static
        address 192.168.56.111
        netmask 255.255.255.0
        network 192.168.56.0
        broadcast 192.168.56.255
        gateway 192.168.56.1

auto enp0s8
iface enp0s8 inet static
        address 192.168.56.201
        netmask 255.255.255.0

Next, we have to restart the networking services to activate the updated configuration:

server# sudo service networking restart
[sudo] password for tools:
server#
server# ip addr show enp0s8
3: enp0s8:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:ef:c9:e7 brd ff:ff:ff:ff:ff:ff
    inet 192.168.56.110/24 brd 192.168.56.255 scope global dynamic noprefixroute enp0s8
       valid_lft 382sec preferred_lft 382sec
    inet 192.168.56.200/24 scope global secondary enp0s8
       valid_lft forever preferred_lft forever
    inet6 fe80::8260:b99f:e8d8:8e7/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

At times, we can also clear the allocated interface addresses if addresses are not allocated properly.

Lastly, we need to restart the networking services on the machine:

server# sudo ip addr flush dev enp0s8
server#

3. Safe Removal of IP Address

During the process of migration, we can either use the ip addr del command for quick removal of the address from the interface, or the address configurations from the /etc/network/interfaces file for permanent removal:

server# sudo ip addr del 192.168.56.110/24 dev enp0s8
server#
server# ip addr show enp0s8
3: enp0s8:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:ef:c9:e7 brd ff:ff:ff:ff:ff:ff
    inet 192.168.56.200/24 brd 192.168.56.255 scope global noprefixroute enp0s8
       valid_lft forever preferred_lft forever
    inet6 fe80::8260:b99f:e8d8:8e7/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

Furthermore, we can check the network packet drop during this activity by enabling continuous ICMP ping from the client side:

C:\Users\client>ping -t 192.168.56.200
Pinging 192.168.56.200 with 32 bytes of data:
Reply from 192.168.56.200: bytes=32 time<1ms TTL=64
Reply from 192.168.56.200: bytes=32 time<1ms TTL=64
Reply from 192.168.56.200: bytes=32 time<1ms TTL=64

4. Conclusion

In summary, we’ve explored ways to add secondary IP addresses temporarily on a network interface and permanently on the file. We’ve also learned how to use the ip command to safely remove the active IP address from the server interface without any network packets being dropped.