OpenVZ Forum


Home » Mailing lists » Users » Unable to talk to outside networks.
Unable to talk to outside networks. [message #24308] Mon, 03 December 2007 21:15 Go to next message
Aravind Gottipati is currently offline  Aravind Gottipati
Messages: 4
Registered: December 2007
Junior Member
From: openvz.org
Hi,

We have quite a few private networks and need VEs to talk to them.
The openvz HN has one bonded interface (bond0) and a bunch of virtual
interfaces (bond0.60, bond0.81 etc) on each of these networks (setup
as vlans).  I have a bunch of real servers sitting on the 10.2.81/24
and the 10.2.74/24 subnets.  These servers can talk to each other.
The HN itself has an ip of 10.2.81.92 and can talk to servers in the
10.2.74/24 subnets

I have a VE sitting in the 10.2.81/24 network with an ip of
10.2.81.101.  This server can ping and talk to other servers in the
10.2.81/24 network.  However, it is unable to talk to anything in the
10.2.74/24 network.  With tcpdump, I see the requests go out on the HN
and the responses coming in to the virtual interface (bond0.81) on the
HN.  However, it appears that none of these packets make it back to
the VE.  I have verified the the appropriate sysctl parameters are
setup.  Forwarding in enabled and there are no firewall rules (in
iptables).  I looked at some basic debugging (with help from the irc
chanel) and I see that the FORWARD policy packet count doesn't seem to
go up.

What information should I be looking at to figure this out or what can
I provide to help debug this.

Thank you,

Aravind.
Re: Unable to talk to outside networks. [message #24312 is a reply to message #24308] Mon, 03 December 2007 21:55 Go to previous messageGo to next message
Aravind Gottipati is currently offline  Aravind Gottipati
Messages: 4
Registered: December 2007
Junior Member
From: openvz.org
On Mon, Dec 03, 2007 at 01:15:56PM -0800, Aravind Gottipati wrote:
> What information should I be looking at to figure this out or what can
> I provide to help debug this.

I should have mentioned the specs on the machines.  The HN is running
rhel5 with the 2.6.18-8.1.15.el5.028stab049.1 kernel.  The VEs are
running rhel5 as well.  The network interfaces in the VE are all venet
devices.

Thank you,

Aravind.
Re: Unable to talk to outside networks. [message #24474 is a reply to message #24308] Wed, 05 December 2007 12:54 Go to previous messageGo to next message
vaverin is currently offline  vaverin
Messages: 692
Registered: September 2005
Senior Member
From: *sw.ru
Dear Aravind,
as far as I understand You see replies on external interface (bond0). But are you seen these packets on venet interface (I mean on HW-node side)?
Could You please give me acces to Your node (via PM)?

thank you,
Vasily Averin
Re: Unable to talk to outside networks. [message #24477 is a reply to message #24474] Wed, 05 December 2007 13:06 Go to previous messageGo to next message
vaverin is currently offline  vaverin
Messages: 692
Registered: September 2005
Senior Member
From: *sw.ru
If pakets are not visible on venet intarface -- it looks like routing issue. Could you please check your routing rules ?
could you please show output of the following command:
ip route get 10.2.81.101 from 10.2.74/24
Re: Re: Unable to talk to outside networks. [message #24501 is a reply to message #24477] Wed, 05 December 2007 16:50 Go to previous messageGo to next message
Aravind Gottipati is currently offline  Aravind Gottipati
Messages: 4
Registered: December 2007
Junior Member
From: openvz.org
On Dec 5, 2007 5:06 AM, vaverin <vvs@sw.ru> wrote:
> If pakets are not visible  on venet intarface -- it looks like routing issue. Could you please check your routing rules ?
> could you please show output of the following command:
> ip route get 10.2.81.101 from 10.2.74/24

The routing on the HN side seems to make sense.  I was able to get
stuff to work using an ugly bridge setup on the machine.  Since the
original machine is working, I didn't want to disturb it.  I
replicated the old setup on a different machine.   I can get you
access to this machine,  I will be logged on the freenode chanel as
aravind.  Please find me there and we can go from there.

Aravind.

Here is the output of the command.

>From the HN:
[root@dm-openvz01 ~]# ip route get 10.2.81.102 from 10.2.74/24
10.2.81.102 from 10.2.74.0 dev venet0
    cache  mtu 1500 advmss 1460 hoplimit 64
[root@dm-openvz01 ~]#


>From the VE:
[root@ml-app02 /]# ip route get 10.2.81.102 from 10.2.74/24
local 10.2.81.102 from 10.2.74.0 dev lo
    cache <local>  mtu 16436 advmss 16396 hoplimit 64
[root@ml-app02 /]#
Re: Re: Unable to talk to outside networks. [message #24504 is a reply to message #24474] Wed, 05 December 2007 17:05 Go to previous message
Aravind Gottipati is currently offline  Aravind Gottipati
Messages: 4
Registered: December 2007
Junior Member
From: openvz.org
On Dec 5, 2007 4:54 AM, vaverin <vvs@sw.ru> wrote:
> Dear Aravind,
> as far as I understand You see replies on external interface (bond0). But are you seen these packets on venet interface (I mean on HW-node side)?
> Could You please give me acces to Your node (via PM)?

I packets make their way back to bond0.81 (which is the right
interface), but I don't see anything on the venet0 interface.  So, for
some reason, they are not being forwarded from bond0.81 to venet0 (on
the HN).  There are no firewalling rules in between.

Aravind.
Previous Topic: Need to kill kernel thread migrate/xxx/0 ...
Next Topic: Ballpark resource requirement for debian apt-get
Goto Forum:
  


Current Time: Sun Sep 22 20:18:23 GMT 2019