OpenVZ Forum: Users » routing from external through HN to loopback on CT

Home » Mailing lists » Users » routing from external through HN to loopback on CT

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: routing from external through HN to loopback on CT [message #47205 is a reply to message #47204]

Fri, 20 July 2012 17:19

Christopher McCrory is currently offline

Christopher McCrory
Messages: 3
Registered: July 2012

Junior Member

On Fri, 2012-07-20 at 21:02 +0400, CoolCold wrote:
>
>
> On Fri, Jul 20, 2012 at 8:25 PM, Christopher McCrory
> <chrismcc@gmail.com> wrote:
> Hello...
>
> The setup:
> x.y.1.1/24 Cisco router
> x.y.1.2/24 OpenVZ Hardware Node on CentOS 5 with all
> updates
> x.y.1.3/24 OpenVZ container CT103 using veth
> x.y.42.42/32 IP address on container's loopback interface
> iptables off on all hosts, ip forwarding enabled everywhere
> the router/external host has a route for x.y.42.42/32 via
> x.y.1.3
>
> I cannot get packets from external hosts to route to the
> loopback on
> CT103. packets leave the router, enter the HN, but never exit
> any
> interface. This should be working but isn't and the same
> setup not on a
> container works. What am I missing?
>
>
>
> in the openvz/103.conf file this works
> IP_ADDRESS="x.y.1.3 x.y.42.42"
>
> but will not work as I need x.y.42.42 to be on several
> containers
> (anycast DNS) and advertised via BGP. I also need to create
> more CTs
> that will have a hundreds of IP addresses on loopbacks and
> putting them
>
> in the openvz config will not scale.
>
> Again, what am I missing?
> I think problem is in routing table on HN - as you have that x.y.42.42
> on loopback of VE, routing on HN has no idea what to do with them.
>

Adding a route on the HN does not help (I tried that). Nor should it be
required. The packet should be bridged through the HN to CT103. Then
CT103 knows that x.y.42.42 is on itself and can process the packets.
>From what I see using tcpdump the packet never leaves the bridge on the
HN. ? ? ?

>
> thanks
>
> --
> Christopher McCrory
> To the optimist, the glass is half full.
> To the pessimist, the glass is half empty.
> To the engineer, the glass is twice as big as it needs to be.
>
> --
> Best regards,
> [COOLCOLD-RIPN]
--
Christopher McCrory
To the optimist, the glass is half full.
To the pessimist, the glass is half empty.
To the engineer, the glass is twice as big as it needs to be.

Report message to a moderator

[Message index]

		routing from external through HN to loopback on CT By: Christopher McCrory on Fri, 20 July 2012 16:25
		Re: routing from external through HN to loopback on CT By: coolcold on Fri, 20 July 2012 17:02
		Re: routing from external through HN to loopback on CT By: Christopher McCrory on Fri, 20 July 2012 17:19
		Re: routing from external through HN to loopback on CT [solved] By: Christopher McCrory on Mon, 23 July 2012 21:57

Previous Topic:	Kernel bug or hardware problem?
Next Topic:	nginx, inside openvz CT, worker_cpu_affinity

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Sat Aug 23 15:51:04 GMT 2025

Total time taken to generate the page: 0.11883 seconds