OpenVZ Forum: Support » HN can not ping VE

Home » General » Support » HN can not ping VE

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

HN can not ping VE [message #36488]

Tue, 23 June 2009 14:00

molliver
Messages: 30
Registered: May 2006

Member

I have just installed a new jaunty 64bit HN and transferred over my original 32bit VE's to it.

Each VE has two ip addresses, A private one and a public one. The private one seems to work correctly and VE's on other hosts can talk to that fine. The public one however does not. It cant talk to VE's on other hosts or to the HN, it can however talk ok to the internet and to other VE's on the same HN.
The HN can also not ping the VE's on the public ip for some reason.

My network rules are the same as i had before on my older centos boxes so i am unsure of the problem.

My HN network looks like this.
vlan eth0.1 192.168.203.101/24
vlan eth0.2 172.0.0.3/8

My VE would have the following ips:
public 89.xxx.xxx.30
private 10.202.xxx.30

If i ping the VE from the HN i can see from the dumps that the packet leaves the HN goes via venet0 to the VE and returns to venet0 where it gots lost. At the same time venet0 is sending out arp requests to find out who has 89.xxx.xxx.30. Where as if i ping the private ip it returns correctly.

Ideas would be appreciated.

Report message to a moderator

Re: HN can not ping VE [message #36521 is a reply to message #36488]

Mon, 29 June 2009 06:38

maratrus
Messages: 1495
Registered: August 2007
Location: Moscow

Senior Member

Could you please show "ip a l", "ip r l" output from HN and from inside the VE. Please, show also "arp -n" output from the HN and check iptables rules. Then show the exact tcpdump output. Thank you.

Report message to a moderator

Re: HN can not ping VE [message #36529 is a reply to message #36521]

Mon, 29 June 2009 08:27

molliver
Messages: 30
Registered: May 2006

Member

I resolved the issue by firstly allowing rp_filter to be turned off and then by changing the default route in the VE by setting its source address. It appears that where the VE had to IP's it did not have the correct one set as its default where as in the past it did have the other ip as its default.

I needed to change the rp_filter option, as the first arp request would come from the correct ip and on the correct interface however after about 9 pings, the host would then do an arp request for the ip as well but over the wrong interface and thus was not being answered. As the host it really the one transfering the network this then caused it to invalidate it's arp entry as it got no reply and thus the ping stopped.

I did not used to get this on older setups, so may be it is something new within the kernel enforcing the filters correctly.

Mark

Report message to a moderator

Previous Topic:	How to convert KVM image to openvz
Next Topic:	Additional partition in container?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Wed Aug 07 13:24:07 GMT 2024

Total time taken to generate the page: 0.02865 seconds