OpenVZ Forum


Home » General » Support » How does openvz decide on the source address for an outbound packet?
How does openvz decide on the source address for an outbound packet? [message #30381] Thu, 22 May 2008 17:09 Go to next message
Zirafarafa is currently offline  Zirafarafa
Messages: 13
Registered: April 2008
Junior Member
I have a HN with 2 NICs, on different ranges (10.200.3.0/24 and 10.200.4.0/24).

I have added two IPs to a VE (it is using venet0) - 10.200.4.100 and 10.200.3.100

When I ping from the VE to an IP on the 10.200.4.0/24 range, all is fine.

When I ping from the VE to an IP on the 10.200.3.0/24 range, the packet goes out the correct device on the HN, but is sourced from the wrong VE IP (a tcpdump shows the packet coming from 10.200.4.100 going to 10.200.3.1)

Obviously, the icmp-reply will not reach the VE, as the source address on the original packet is the wrong address.

So, how does the VE decide on the source address for a packet? If it just took the primary IP of venet0, it would use 127.0.0.1, which it obviously does not do.

I can 'fix' the above problem, by running the following on the VE:

ip rule add to 10.200.3.0/24 lookup 200
ip route add default via 192.0.2.1 src 10.200.3.100 table 200


However, these rules and routes do not persist over a vz migrate, or a VE reboot, and also I would have to add routes on the VE to all ranges which are behind the 103 network, even though the HN already has these routes.

Is there any way to tell the VE that any packet which will be routed out the HN 10.200.3.0/24 network must use src addres 10.200.3.100?

Report message to a moderator

Re: How does openvz decide on the source address for an outbound packet? [message #30395 is a reply to message #30381] Fri, 23 May 2008 10:31 Go to previous messageGo to next message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Hi,

only source based routing can help you.
Instead of making new rules you can do it by adding appropriate routes:

ip ro add 10.200.3.0/24 dev venet0 src 10.200.3.100
ip ro add 10.200.4.0/24 dev venet0 src 10.200.4.100


Then if you want you can add this command inside appropriate init script (for example /etc/rc.local) to add routes automatically.

Report message to a moderator

Re: How does openvz decide on the source address for an outbound packet? [message #30397 is a reply to message #30395] Fri, 23 May 2008 10:53 Go to previous messageGo to next message
Zirafarafa is currently offline  Zirafarafa
Messages: 13
Registered: April 2008
Junior Member
Thanks, that is an easier option.

Can I put these routes into /etc/sysconfig/network-scripts/route-venet0?

Does this file get overwritten by any scripts?

Report message to a moderator

Re: How does openvz decide on the source address for an outbound packet? [message #30400 is a reply to message #30397] Fri, 23 May 2008 12:27 Go to previous message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Hi,


per-distr script *add_ip.sh (for example /etc/vz/dists/scripts/redhat-add_ip.sh) adds some
"fake" routes to this file but it saves the previous records. (my vzctl's version is 3.0.22)
So, I think you can add what you want to this file but
everything depends on vzctl. If vzctl's logic will change we can lose our settings.

Report message to a moderator

Previous Topic: vzmigrate % complete
Next Topic: openvz on xen guest
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Thu Oct 17 10:14:57 GMT 2024

Total time taken to generate the page: 0.07012 seconds
Powered by FUDforum Powered by Virtuozzo Containers