Hello.
I have 2 HNs (each have 2 uplinks and 3 IP address ranges) with multiple containers on them.
HN1 and HN2 can reach all containers.
Containers from the same address range can reach each other.
All containers can be reached from any external sources.
But containers from different HNs cannot reach each other, if they have their IP addressses are from different ranges.
Network structure:
Cont1 (5.yy.yy.171) - HN1 (5.yy.yy.162, 85.xx.xx.51) - switch - HN2 (5.yy.yy.163, 85.xx.xx.52) - Cont2 (85.xx.xx.54)
Routes from HN2 (they're the same on HN1, only difference is its IP addresses):
# ip ru l
0: from all lookup local
1: from all lookup main
32748: from 5.yy.yy.160/27 lookup 120
32749: from 85.xx.xx.18/28 lookup 130
32750: from 85.xx.xx.48/28 lookup 140
32766: from all lookup 130
32767: from all lookup default
# ip ro l table main:
5.yy.yy.189 dev venet0 scope link
5.yy.yy.175 dev venet0 scope link
85.xx.xx.54 dev venet0 scope link
85.xx.xx.55 dev venet0 scope link
85.xx.xx.48/28 dev eth0 proto kernel scope link src 85.xx.xx.52
85.xx.xx.16/28 dev eth0 proto kernel scope link src 85.xx.xx.22
5.yy.yy.160/27 dev eth1 proto kernel scope link src 5.yy.yy.163
169.254.0.0/16 dev eth0 scope link metric 1002
169.254.0.0/16 dev eth1 scope link metric 1003
169.254.0.0/16 dev eth2 scope link metric 1004
# ip ro l table 120:
5.yy.yy.160/27 dev eth1 scope link src 5.yy.yy.163
default via 5.yy.yy.161 dev eth1
# ip ro l table 130:
85.xx.xx.16/28 dev eth0 scope link src 85.xx.xx.22
default via 85.xx.xx.17 dev eth0
# ip ro l table 140:
85.xx.xx.48/28 dev eth0 scope link src 85.xx.xx.52
default via 85.xx.xx.49 dev eth0
Iptables is empty and defaulted to accept.
Any suggestions?
Solution:
It was pretty simple, my routing tables are good, all i needed was to set rp_filter=0.
[Updated on: Fri, 04 April 2014 08:22]
Report message to a moderator
OpenVZ Forum
Members
Search
Help
Register
Login
Home
