dual nic and dual external IP, second ip doesn't get through.

[Dan Denson]

I created a new instance with 2 nics. Running Mikrotik's CHR.  The first nic got a private IP automatically by setting the interface 'ether1' to dhcp which is a un-subnetted IP and the network address is the gateway.

for example, 10.10.0.5 network 10.10.0.1 gateway 10.10.0.1.

The second interface gets an IP, but gets a 169.x.x.x network.  I created a network for this like 10.1.254.0/24, dhcp gives me 10.1.254.2, the gce console says that's right and that the gateway is 10.1.254.1 but I don't get a gateway via DHCP.

I can't get anything to work out of that interface.  force my gateway to 10.1.254.1 and nothing happens.  DHCP isn't giving me a gateway at all.  Pinging the public IP and I get that inbound forwarded to my IP, but I have no where to send the response.  Again, I've tried sending it out 10.1.254.1, just shoving it out the interface, nothing gets out.

I feel like I'm missing something in the gce network config but in VPC network/external ip the wan address says it's going to my VM and in compute engine/instance the second nic shows the primary internal IP the same and shows the public IP attached. 

[Nur]

The 169.X.X.X address range is usually self assigned by the device when it fails to receive a DHCP address. So, it seems like this VM is not getting IP from DHCP, thus indicates misconfiguration while creating VM with multiple NICs. For creating VM with multiple NICs follow this GCP documentation[1]. VMs with multiple NICs has some requirements and limitations [2], for more details of VM with multiple NICs review this GCP documentation [3].

In addition to that, you will require to configure policy based routing. As per GCP documentation "When you need a secondary network interface (an interface other than nic0) to communicate with any IP address not local to the primary subnet range of that secondary interface's associated subnet, you need to configure policy routing to ensure that egress packets will leave through the correct interface. In such cases, you must configure a separate routing table for each network interface using policy routing."[4] However, source based policy routing is not supported by Windows OS.

[1]Creating Instances with Multiple Network Interfaces: https://cloud.google.com/vpc/docs/create-use-multiple-interfaces#gc-wrapper 

[2]Requirements and Limitations: https://cloud.google.com/vpc/docs/create-use-multiple-interfaces#requirements

[3]Multiple Network Interfaces Overview and Examples: https://cloud.google.com/vpc/docs/multiple-interfaces-concepts#gc-wrapper

[4]Configuring Policy Routing: https://cloud.google.com/vpc/docs/create-use-multiple-interfaces#configuring_policy_routing

[dan]

I did follow the guide, and I am getting an IP via DHCP.

I am doing policy based routing, I've created a secondary routing
table and that's where I'm setting the route out either the supposed
gateway or the interface. I'm using connection marks to identify
traffic inbound on ethernet 2 and routing those out ethernet 2. I can
see the bits leave the interface.

In the network configuration I've added the subnet to the secondary
network and in routes both networks for default gateway look
identical.

> --
> © 2018 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
>
> Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
> ---
> You received this message because you are subscribed to the Google Groups "gce-discussion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
> To post to this group, send email to gce-dis...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/de64ddd7-a81e-49e9-9f06-cf506cfa2cad%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Germán (Google Cloud Support)]

As CHR uses its custom router image to run on GCE, it is recommended to directly seek assistance from the CHR team via their support channel [1] [2] or to stack exchange.

[1]https://mikrotik.com/support
[2]https://forum.mikrotik.com/

> Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.

> ---
> You received this message because you are subscribed to the Google Groups "gce-discussion" group.

> To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussion+unsubscribe@googlegroups.com.
> To post to this group, send email to gce-discussion@googlegroups.com.