| How does openvz decide on the source address for an outbound packet? [message #30381] |
Thu, 22 May 2008 17:09  |
Zirafarafa
Messages: 13
Registered: April 2008
|
Junior Member |
|
|
I have a HN with 2 NICs, on different ranges (10.200.3.0/24 and 10.200.4.0/24).
I have added two IPs to a VE (it is using venet0) - 10.200.4.100 and 10.200.3.100
When I ping from the VE to an IP on the 10.200.4.0/24 range, all is fine.
When I ping from the VE to an IP on the 10.200.3.0/24 range, the packet goes out the correct device on the HN, but is sourced from the wrong VE IP (a tcpdump shows the packet coming from 10.200.4.100 going to 10.200.3.1)
Obviously, the icmp-reply will not reach the VE, as the source address on the original packet is the wrong address.
So, how does the VE decide on the source address for a packet? If it just took the primary IP of venet0, it would use 127.0.0.1, which it obviously does not do.
I can 'fix' the above problem, by running the following on the VE:
ip rule add to 10.200.3.0/24 lookup 200
ip route add default via 192.0.2.1 src 10.200.3.100 table 200
However, these rules and routes do not persist over a vz migrate, or a VE reboot, and also I would have to add routes on the VE to all ranges which are behind the 103 network, even though the HN already has these routes.
Is there any way to tell the VE that any packet which will be routed out the HN 10.200.3.0/24 network must use src addres 10.200.3.100?
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
