[Users] Suggestion for a new parameter: PRIMARY_IP

Marcin Owsiany marcin at owsiany.pl
Thu Jan 8 13:39:17 EST 2009 

On Thu, Jan 08, 2009 at 09:11:26AM +0100, Benoit Branciard wrote:
>
> Since the official behaviour of choosing the local bind address is 
> undefined, you can't simply trust the way it is currently accomplished in 
> linux kernel. It may change without notice, and that would not be portable.

My feeling is that it would break a lot of things if kernel developers
changed that behaviour. Moreover we don't change kernels that often over
here, and if we did have to change to an incompatible one, then I could
always consider using a different (possibly more resource-hungry and one
introducing more complexity) mechanism for controling this (like NAT or
proxy). To be honest I don't care much about portability in this
particular case either - OpenVZ is not that portable across OSes, is it?
:-)

> But in your case (internet access vs. private net access), can't you manage 
> to direct traffic with adequate routes ?

This was my first thought, but I couldn't find a way to do this.

> I believe your RFC1918 addresses only give access to private networks, 
> whereas the other(s) give access to internet. So you just need to have your 
> default route defined on the public address only, and a limited-reach route 
> (say 192.168.0.0/16) on the other addresses. Or if you have only one 
> private subnet, no route at all.
>
> Unless I missed something from your setup...

Well, this is inside a VE, which has only one network interface
(venet0), and the routing table is not particularily relevant to the
addresses which are configured on this interface, e.g.:

| $ ip a
| 1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue 
|     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
|     inet 127.0.0.1/8 scope host lo
|     inet6 ::1/128 scope host 
|        valid_lft forever preferred_lft forever
| 3: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,10000> mtu 1500 qdisc noqueue 
|     link/void 
|     inet 127.0.0.1/32 scope host venet0
|     inet 94.75.212.193/32 scope global venet0:0
|     inet 10.0.1.103/32 scope global venet0:1
| $ ip r
| 192.0.2.1 dev venet0  scope link 
| default via 192.0.2.1 dev venet0 
| $ 

I don't think it's possible to have more than one venet interface per VE (I
don't want to use veth mostly for security and ease-of-use reasons).

Please correct me if I'm wrong, but given that you have only one interface, I
don't think that routing can affect address binding (which happens waaay before
the kernel gets to routing any packets).

regards,
-- 
Marcin Owsiany <marcin at owsiany.pl>              http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216
 
"Every program in development at MIT expands until it can read mail."
                                                              -- Unknown

More information about the Users mailing list