When the VPC main network card has multiple intranet IP addresses, the server cannot access the network internally, but the server can be accessed externally. How to solve this problem

Reprint windows many IP Specify the outlet for traffic outbound visit IP

This document really helped me solve the problem

scene ：

early vpc I won't support it dhcp, Can only be manually configured with static IP, There is one like this vpc The machine has only one primary network card （ There is a primary intranet by default IP 172.19.16.114）, An auxiliary intranet is added to the console manually IP 172.19.16.2, Then add static... Inside the machine IP Put this auxiliary intranet IP add , Plus before , The server traffic is normal , And after , The remote server is normal , But the server can't access the Internet

0.0.0.0/0 The default route goes to the auxiliary intranet IP 172.19.16.2, The internal network of the server cannot be accessed

screening ： The firewall is closed 、IP The security policy is empty 、 The security group releases all ,netsh int ipv4 show dynamicport tcp It's normal , Nor is it banned , All in all , Other possibilities are ruled out , Find out 0.0.0.0/0 The default route goes to the auxiliary intranet IP 172.19.16.2, How to confirm that this is the reason ？

First , Auxiliary Intranet IP On the console, I am not bound to the Internet IP Of , So if you go out with it, you can't connect to the Internet

Next use ping -S $srcip $dstip It can be determined that this is the reason for

-S Specify primary Intranet IP You can go out , Specify the secondary intranet IP Couldn't go out

Next, how to solve ？

empiricism ：powershell perform （ Do not execute separately , Just hit enter once in a row to execute , Only once , Execution section 2 An error will be reported if it is executed for times or times , But it doesn't matter , It doesn't affect the result ）

route delete 0.0.0.0 mask 0.0.0.0 " Main network card gateway " ; route add 0.0.0.0 mask 0.0.0.0 " The intranet of the primary network card IP" ; route -p add 0.0.0.0 mask 0.0.0.0 " Main network card gateway "

perhaps

route delete 0.0.0.0/0 " Main network card gateway " ; route add 0.0.0.0/0 " The intranet of the primary network card IP" ; route -p add 0.0.0.0/0 " Main network card gateway "

for example

route delete 0.0.0.0 mask 0.0.0.0 172.19.16.1 ; route add 0.0.0.0 mask 0.0.0.0 172.19.16.114 ; route -p add 0.0.0.0 mask 0.0.0.0 172.19.16.1

or

route delete 0.0.0.0/0 172.19.16.1 ; route add 0.0.0.0/0 172.19.16.114 ; route -p add 0.0.0.0/0 172.19.16.1

After this, the machine can access the Internet , But to perform route print View routes , It is found that the default route has not changed , Or the auxiliary intranet IP 172.19.16.2

When you scratch your ears and cheeks in every way , See this document windows many IP Specify the outlet for traffic outbound visit IP

Found key parameters skipAsSource=true

Specific measures ：

1、 Delete the auxiliary intranet manually IP 172.19.16.2（ After deletion route print It is found that the default route has gone through the main intranet IP 了 ）

2、 adopt skipassource=true Parameter add auxiliary intranet IP 172.19.16.2

netsh int ipv4 add address " Ethernet " 172.19.16.2 255.255.255.0 skipassource=true

notes ： The command form is general ≥2008 System ;2012R2 The default for the Chinese version is “ Ethernet ”, If it's another name , You need to change the name in the command

3、 perform route print Check the default route or the main intranet IP That's right