If you do this often (i.e. bypassing networkd to configure extra addresses), then configure your default route with the "preferred source" parameter, [Route] PreferredSource= (equivalent to "ip route add default ... src ...") to give the kernel a stronger hint for the default source address selection.
Alternatively, add the "one-off" address with 'ip addr add ... preferred_lft 0' to prevent it from being chosen as a source address entirely (unless a program specifically binds to it). Normally an IPv6 parameter but I *think* it now also works for IPv4 addresses as well. And if it's a server which normally is supposed to have a permanent connection, then use IgnoreCarrierLoss=yes (as well as ConfigureWithoutCarrier) – that's literally the use case for that parameter. Honestly I don't think networkd is really going to care about IP address order when you're already going behind its back (and for that matter I'm not sure if there is an API to make some specific address primary in the first place, without removing all secondary addresses?). On Tue, Jan 27, 2026 at 12:17 PM Michael Tokarev <[email protected]> wrote: > Hi! > > I faced an interesting situation here with networkd, manually added > IP address, and momentary carrier loss on the interface. > > We had an ethernet interface with an IP address A, configured in > /etc/systemd/network/ as usual. > > For testing purposes, I've added another address, B, to the same > interface, using command `ip addr add B dev IFACE`. This address > has become "secondary" address on the interface: > > inet A scope global IFACE > valid_lft forever preferred_lft forever > inet B scope global secondary IFACE > > This temporary address, B, is not specified in networkd config, > only runtme-added. > > With this configuration, outgoing connections were using source address > A, expectedly, since this one is the primary address. > > Now, a momentary carrier loss occurred. During the loss, networkd > removed IP addresses it managed from the interface. So the only > address remains is the manually added B. > > Now, after carrier is back again, networkd added address A back. But > now, it has become *secondary* instead: > > inet B scope global IFACE > valid_lft forever preferred_lft forever > inet A scope global secondary IFACE > > (it is the same situation as before, but with A and B swapped). > > And now, nothing ever worked, since address B isn't supposed to be used > as source address, firewall rules prevented all outgoing connections. > > Yes I'm aware about IgnoreCarrierLoss and other related parameters. > > But I wonder if we can handle this situation better? > > Thanks, > > /mjt >
