*BUG REPORTED* Network issues inside of VE [message #25566] |
Mon, 31 December 2007 01:38 |
jbreck
Messages: 3 Registered: December 2007
|
Junior Member |
|
|
I'm using OpenVZ on a CentOS box with kernel:
2.6.18-8.1.8.el5.028stab039.1
(Also using lxlabs hypervm as a management interface)
I'm having a problem where VE's created with the default CentOS(And our custom templates) can ping the Hardware node, but cannot ping out. In addition, they don't show up in the the hardware nodes arp. This is very puzzling.
Here is an example of a working (Ubuntu, 66.103.230.228) VE:
root@ubuntufix:/# ping fark.com
PING fark.com (207.246.126.10) 56(84) bytes of data.
root@ubuntufix:/# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.0.2.1 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
0.0.0.0 192.0.2.1 0.0.0.0 UG 0 0 0 venet0
Non working node(66.103.230.240):
[root@btimberlake /]# ping fark.com
(hangs)
[root@btimberlake /]# ping 69.39.86.190 <--- Hardware node IP
PING 69.39.86.190 (69.39.86.190) 56(84) bytes of data.
64 bytes from 69.39.86.190: icmp_seq=1 ttl=64 time=0.059 ms
64 bytes from 69.39.86.190: icmp_seq=2 ttl=64 time=0.048 ms
[root@btimberlake /]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 venet0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 venet0
0.0.0.0 192.0.2.1 0.0.0.0 UG 0 0 0 venet0
Interesting, I see arps for all of the working VE's on the box, but not the non working one... I also notice the routes are different, but we are perplexed as to why this is... the box and images where all working a couple of weeks ago. We did update vzctl from 3.0.18 to 3.0.22 to fix a problem with debian and ubuntu images, which no work, but it appears CentOS is now broken (although I'm not sure that's the cause.)
Can anyone assist me in troubleshooting this? I can provide any information you need, I just don't know what to look for.
[Updated on: Sat, 05 January 2008 08:47] by Moderator Report message to a moderator
|
|
|
|
|
|
Re: Network issues inside of VE [message #25602 is a reply to message #25566] |
Thu, 03 January 2008 01:43 |
Avi Brender
Messages: 17 Registered: October 2006
|
Junior Member |
|
|
Hi There,
We're having this issue with CentOS as well (latest ovz kernel and utils).
The malfunctioning VPS ip is NOT listed in arp -a but it IS listed in 'ip ro l'
This is happening only when the main ip of the vps is on a different subnet from the HN main ip. If we change the IP to be one in the subnet of the HN then it works.
Our debugging with tcpdump indicates that if the VPS pings a foreign IP, the following happens:
1) Traffic goes from VPS to HN
2) Traffic goes from HN to destination foreign IP
3) Foreign IP returns traffic to network and the "ARP TELL" for the non-working IP hits the HN but the HN doesn't reply. Again, the entry is missing from 'arp -a' but is in 'ip ro l'
[Updated on: Thu, 03 January 2008 01:47] Report message to a moderator
|
|
|
|
|
|
|
|
Re: *BUG REPORTED* Network issues inside of VE [message #25836 is a reply to message #25566] |
Wed, 09 January 2008 15:32 |
|
If you want old (vzctl <= 3.0.18) behavior) which uses all interfaces, set NEIGHBOUR_DEVS=all in /etc/vz/vz.conf
Here is the description of this option, from vz.conf(8) man page:
Quote: | NEIGHBOUR_DEVS[="detect"]
Controls on which interfaces to add/remove ARP records for a VE IP, also which interfaces to use to query/announce ARP. If this is set to detect, the right network interface (the one which is in the same subnet as a VE IP) will be chosen automatically. Any other value restores old (as of vzctl 3.0.19 or older) behavior, when all the possible interfaces were used.
|
Kir Kolyshkin
|
|
|