OpenVZ Forum: Support » how to talk with...

Home » General » Support » how to talk with...

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

how to talk with... [message #39472]

Thu, 29 April 2010 11:14

teekien
Messages: 11
Registered: April 2010

Junior Member

two subnetworks in a container on a physical machine with two network interfaces (eth0 192 network, default gateway on eth0 192 and eth1 172 network)?

Report message to a moderator

Re: how to talk with... [message #39477 is a reply to message #39472]

Fri, 30 April 2010 12:15

maratrus
Messages: 1495
Registered: August 2007
Location: Moscow

Senior Member

Some ideas might be picked up from

http://wiki.openvz.org/VEs_in_different_subnets#.283.29_Putt ing_VEs_to_different_subnetworks
http://wiki.openvz.org/VEs_and_HNs_in_same_subnets

Report message to a moderator

Re: how to talk with... [message #39483 is a reply to message #39477]

Fri, 30 April 2010 14:20

teekien
Messages: 11
Registered: April 2010

Junior Member

Problem is, I can't talk with 172 subnetwork on the physical host machine, nevermind OpenVZ containers.

I can communicate with hosts through eth0 (ie: ping -I eth0 192.168.1.any_host is successful), but not communicate with hosts in subnet 172 on through eth1.

I don't want to route packets between these two subnets. All traffic should go to 192 (external through 192 default gateway) except when the destination is a 172 network.

eth0      Link encap:Ethernet  HWaddr 00:22:a7:2b:fc:f0  
          inet addr:192.168.1.50  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::217:a4ff:fe3b:fcf0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:33873975 errors:0 dropped:0 overruns:0 frame:0
          TX packets:26973121 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3267024423 (21.1 GiB)  TX bytes:3234716554 (19.5 GiB)
          Interrupt:25 


eth1      Link encap:Ethernet  HWaddr 00:22:a7:1b:fa:e0  
          inet addr:172.168.1.40  Bcast:172.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::217:a4ff:fe3b:fcef/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:492 (492.0 B)
          Interrupt:26 

venet0 etc...

I added static route:

ip route add 172.168.1.0/24 dev eth1 proto kernel scope link src 172.168.1.40

Here is relevant part of routing table:


172.168.1.0      *               255.255.255.0   U     0      0        0 eth1
192.168.1.0    *               255.255.255.0   U     0      0        0 eth0
default         host.example.ca 0.0.0.0         UG    0      0        0 eth0

172.168.1.0/24 dev eth1  proto kernel  scope link  src 172.168.1.40 
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.50
default via 192.168.1.50 dev eth0

I can't ping any host connected to the 172 subnet.

Here is my /etc/network/interfaces:

#loopback
auto lo eth0 eth1
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
allow-hotplug eth1

iface eth0 inet static
	address 192.168.1.50
	netmask 255.255.255.0
	network 192.168.1.0
	gateway 192.168.1.1
	broadcast 192.168.1.255

iface eth1 inet static
	address 172.168.1.40
	netmask 255.255.255.0
	network 172.168.1.0
	broadcast 172.168.1.255


#no gateway for eth1 specified as I want all external traffic forwarded through eth0

restarted interface:

ifdown eth1
ifconfig eth1 172.168.1.40 netmask 255.255.255.0 up

The physical connection to the switch is fine. Before I can get to the containers I need to fix this problem.

I can ping the both local interfaces.

Any help please???

[Updated on: Fri, 30 April 2010 15:16]

Report message to a moderator

Re: how to talk with... [message #39486 is a reply to message #39483]

Fri, 30 April 2010 16:15

nuno
Messages: 43
Registered: January 2010

Member

This doesn't seem openvz related. Boot a regular kernel and try again to confirm.

Regards,

Report message to a moderator

Re: how to talk with... [message #39487 is a reply to message #39486]

Fri, 30 April 2010 16:50

teekien
Messages: 11
Registered: April 2010

Junior Member

I know that this works on a regular kernel.

I did not set up this OpenVZ host machine, I'm using a container id and need to set it up to route packets to both subnets.

But unless, from my limited understanding of OpenVZ (this is only my second time using it), how can I even setup a container for this purpose on virtual interfaces when from the actual server machine shell I'm unable to ping hosts on the 172 subnet through the eth1 interface?

Aren't physical eth0 and eth1 interfaces (in my case) supposed to be setup properly before the containers can use them?

Thank you for your replies so far, however, this has everything to do with OpenVZ.

[Updated on: Fri, 30 April 2010 17:37]

Report message to a moderator

Re: how to talk with... [message #39490 is a reply to message #39487]

Fri, 30 April 2010 18:03

maratrus
Messages: 1495
Registered: August 2007
Location: Moscow

Senior Member

At first glance there is no problem with set up.

Could you please use tcpdump utility.

Try to ping any host from 172.*.*.* subnet. At the same moment run tcpdump utility on the eth0, eth1 interfaces.

And what kernel do you use?

Report message to a moderator

Re: how to talk with... [message #39491 is a reply to message #39487]

Fri, 30 April 2010 18:38

nuno
Messages: 43
Registered: January 2010

Member

teekien wrote on Fri, 30 April 2010 17:50

how can I even setup a container for this purpose on virtual interfaces when from the actual server machine shell I'm unable to ping hosts on the 172 subnet through the eth1 interface?

You're correct. This won't work in the containers if it's not working with the real server.

Solve the problem in the real server first.

Quote:

however, this has everything to do with OpenVZ.

I still think it's not openvz related. Anyway, as I said, make it work in the hardware node first.

Regards,

Report message to a moderator

Re: how to talk with... [message #39492 is a reply to message #39490]

Fri, 30 April 2010 18:54

teekien
Messages: 11
Registered: April 2010

Junior Member

Quote:

And what kernel do you use?

Using Debian Lenny kernel 2.6.28.5 if I recall.

Quote:

Could you please use tcpdump utility.

Currently I don't have access to the machine (not even remotely), I will provide you with this output as soon as I can get a hold of it.

Thank you both for the reply.

Report message to a moderator

Re: how to talk with... [message #39494 is a reply to message #39490]

Sat, 01 May 2010 05:20

teekien
Messages: 11
Registered: April 2010

Junior Member

Hi,

Nevermind, fixed the issue on the host machine. Was a physical connection issue I somehow overlooked (why it was there in the first place is a mystery).

Onto the virtual interface now.

Thanks for the replies.

[Updated on: Sat, 01 May 2010 11:57]

Report message to a moderator

Re: how to talk with... [message #39495 is a reply to message #39490]

Sat, 01 May 2010 12:26

teekien
Messages: 11
Registered: April 2010

Junior Member

Using venet0:1 with assigned 172.168.1.29 ip on VE, if I add route on VE:

ip route add 172.168.1.0/24 dev venet0 src 172.168.1.29

I still cannot ping any host on the subnet.

I need to use venet and not veth, reason is that there are live systems running on eth0, and I cannot take down this interface (create bridges etc...)

[Updated on: Sat, 01 May 2010 12:28]

Report message to a moderator

Previous Topic:	Openvz froze on reboot after container migration
Next Topic:	What are the losses of using the .26 Kernel included in apt-lenny

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Tue Jun 25 23:13:07 GMT 2024

Total time taken to generate the page: 0.02996 seconds