HA: [Users] strange network problem

Stanichenko Marat mstanichenko at openvz.org
Fri Jul 2 10:04:50 EDT 2010


Nirmal Guhan wrote on 25.06.2010 20:40:
> 2010/3/15 Marat Stanichenko <mstanichenko at parallels.com>:
>   
>> Hi,
>>
>> as far as I understand, your network configuration is based on simple venet0 interface.
>> Is that true? I suppose that you are faced with arp-problem but could you please elaborate
>> your network configuration a little bit so one can understand what the exact environment is.
>> It may be important if you are using several route tables.
>> "ip a l", "ip  route list table all", "ip rule list", "arp -n" would be enough I suppose.
>>
>> Let me give you a hint so that you will be able to cope with the problem by yourself.
>> venet0 is working according the following principle. If a remote machine is willing to communicate
>> with a VE it send "arp-who has" request. This type of request reaches a HN and the HN is sending
>> "arp reply" to the remote machine (that's why "arp -n" output should contain information about VE).
>> Then the remote machine sends network packets to the HN but because of the additional route
>> (see "ip route list" output) all packets are going inside VE through the HN. That's the principle of venet0
>> interface.
>>     
>
> Does this VE->HN happen within the driver/kernel or does each packet
> for VE go to some user level process in HN and then sent to the VE ?
> Kindly clarify.
>
> --Nirmal
>   
There is NO user level process on the HN that receives VE's packets.
Everything processed inside the kernel.

-- Stanichenko Marat
>> To catch the problem I recommend you using "tcpdump" utility.
>>
>> Stanichenko Marat
>> ________________________________________
>> От: users-bounces at openvz.org [users-bounces at openvz.org] от имени Dragomir Zhelev [drago at delta.bg]
>> Отправлено: 15 марта 2010 г. 18:39
>> Кому: users at openvz.org
>> Тема: [Users] strange network problem
>>
>> Hi all :) ,
>>
>>
>>  The problem is, that as containers are working, the network to someone
>> or more than one stops. it is not necessary that the container is one
>> and the same everytime. When I run ping to the container from the host
>> node, there is no reply.I can enter the container with "vzctl enter
>> XXX", but the problem stays.
>>  The problem is fixed when I execute ""/sbin/ifdown venet0 && /sbin/ifup
>> venet0".
>>  Sometimes this doesn't help, because in 1 min, another container could
>> stop. Sometimes it works normally for day or two without any problems,
>> but after that it could start happening every 5 mins.
>> I use the latest version of "centos" which is updated until the last
>> update available. The kernel is Linux ufo.myhost.com
>> 2.6.18-164.11.1.el5.028stab068.3 #1 SMP Wed Feb 17 15:22:30 MSK 2010
>> x86_64 x86_64 x86_64 GNU/Linux
>>
>>
>> I have iptables rules only in FORWARD filter table and this rules are -j
>> ACCEPT for traffic counting all other tables and rules are flush and
>> with -P ACCEPT
>>
>>
>>
>> Regards.
>> _______________________________________________
>> Users mailing list
>> Users at openvz.org
>> https://openvz.org/mailman/listinfo/users
>>
>> _______________________________________________
>> Users mailing list
>> Users at openvz.org
>> https://openvz.org/mailman/listinfo/users
>>
>>     
>
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://openvz.org/mailman/listinfo/users
>   




More information about the Users mailing list