Solaris multihoming


Solaris like most UNIX type hosts can have multiple network cards on their system. It gets tricky when have 2 interfaces on different subnets since you can only have 1 default router.

Consider this example:

A Solaris server has 2 network interfaces, bge0 and bge2. bge0 has an IP of, the router on that network is bge2 has an IP of, the router on that network is The default route on the system in the /etc/defaultrouter is

When a packet comes in for, Solaris will process it and send the answer out to the default router. It knows nothing about the default router on the 2nd network. If you place the 2nd router in /etc/defaultrouter, then Solaris just round-robins the IPs. So a request comes in bge2 and goes out bge0 to the default router, from bge2′s IP. If the router is configured with anti-spoofing rules, then the router will ignore that packet. Thus, the answer never reaches the client.

In comes IPFilter. This is the Solaris firewall that’s built in. After exploring many different options to try to get it to route properly for that interface by checking the ‘route’ command I found this simple rule that allows it to work:

pass out quick on bge0 to bge2: from to any

This rule says that any traffic going out bge0 from the IP (bge2′s IP) should be changed to go out bge1 interface and be sent to (the default router on bge2).



There is a flag that can be set in the IP stack which is supposed to force routing to work the way you are expecting to.

# ndd -set /dev/ip ip_strict_dst_multihoming 1

You’ll also have to set this up as either a service or an rc style startup script. Otherwise, it’ll disappear on a reboot.

Here’s a link to information about a number of tunables including the above one:


Another possibility is to configure several default routers, different for each interface.

The command is like this:

# route add -interface hme1