OpenVZ Forum: Support » Routing Class C subnet to VE

Home » General » Support » Routing Class C subnet to VE

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Routing Class C subnet to VE [message #25785]

Wed, 09 January 2008 04:48

zvnepo
Messages: 4
Registered: January 2008

Junior Member

Is there a way to route an entire Class C subnet to a VE, ie. by static route on host node? Subnet is arriving to the host, just not to the VE.

Any hints welcome or other suggestions.

[Updated on: Wed, 09 January 2008 04:48]

Report message to a moderator

Re: Routing Class C subnet to VE [message #25807 is a reply to message #25785]

Wed, 09 January 2008 09:35

vaverin
Messages: 708
Registered: September 2005

Senior Member

Are You use venet device? In this case just try to use veth interface.

thank you,
Vasily Averin

Report message to a moderator

Re: Routing Class C subnet to VE [message #25913 is a reply to message #25785]

Thu, 10 January 2008 20:51

zvnepo
Messages: 4
Registered: January 2008

Junior Member

K, so considering this a "untrusted" environment, is veth a safe route to go? Would the veth device on the host need bridged to eth0 on the host to have the class C routed correctly, or is there some method of routing the block w/o bridging the devices?

Report message to a moderator

Re: Routing Class C subnet to VE [message #25920 is a reply to message #25913]

Fri, 11 January 2008 07:05

vaverin
Messages: 708
Registered: September 2005

Senior Member

I'm not sure that I understand your question correctly. Waht do you mean under "safe" routing?

With veth interface you will need to bridge it to eth0 interface -- in this case all eth0 traffic will be visible inside VE and you do not need to tune some routing on hardware system.

thank you,
Vasily Averin

Report message to a moderator

Re: Routing Class C subnet to VE [message #25981 is a reply to message #25920]

Mon, 14 January 2008 04:02

zvnepo
Messages: 4
Registered: January 2008

Junior Member

K, let us re-phrase... if the VE should not be able to see all traffic on eth0, then veth is not a feasible option. So if venet is the only option, is there a way to route an entire subnet by static route to the VE via venet? Or must one bind each address via --ipadd option to the VE?

Report message to a moderator

Re: Routing Class C subnet to VE [message #25982 is a reply to message #25981]

Mon, 14 January 2008 05:05

vaverin
Messages: 708
Registered: September 2005

Senior Member

venet drops the packets to/from wrong IP, therefore You need assign all adresses to VE via --ipadd option.

Also you can try to use veth without any bridges and route the required packets to this interface directly. (and continue using of venet interface for usual communications)

thank you,
Vasily Averin

Report message to a moderator

Re: Routing Class C subnet to VE [message #25983 is a reply to message #25785]

Mon, 14 January 2008 05:09

zvnepo
Messages: 4
Registered: January 2008

Junior Member

OK, so if we understand correctly, using veth w/o bridging, a static route can be setup from eth0 on the host to the VE vethVEID.0 device? That would be a more secure solution. Now to just figure out the static route needed.

Report message to a moderator

Re: Routing Class C subnet to VE [message #25984 is a reply to message #25983]

Mon, 14 January 2008 05:20

vaverin
Messages: 708
Registered: September 2005

Senior Member

Yes.
I've not checked this configuration but I expect it should work.

thank you,
Vasily Averin

Report message to a moderator

Previous Topic:	RHEL5 template?
Next Topic:	process check

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Sun Aug 11 12:20:34 GMT 2024

Total time taken to generate the page: 0.02983 seconds