[Users] vlan routing on venet
Jehan PROCACCIA
Jehan.Procaccia at it-sudparis.eu
Thu Jul 15 12:15:25 EDT 2010
hello
I created 2 VEs on HN that are on different vlans
HN is on "native" vlan 22, VE1 is on vlan 10 and VE2 on vlan 21
[root at cuzco ~]# vzlist -a
CTID NPROC STATUS IP_ADDR HOSTNAME
101 16 running - -
10222 12 running 157.159.10.222 moodle2010.it-sudparis.eu
21233 12 running 157.159.21.233 monitor.it-sudparis.eu
my problem is that VEs cannot get out of their own vlan :-(
Example, from VE1 on vlan10 I cannot ping Vlan21 addresses (21.1 and
10.1 is the cisco switch/router that routes ip between vlans)
[root at cuzco ~]# vzctl enter 10222
entered into CT 10222
[root at moodle2010 /]
$ ping 157.159.10.1
PING 157.159.10.1 (157.159.10.1) 56(84) bytes of data.
64 bytes from 157.159.10.1: icmp_seq=1 ttl=254 time=0.290 ms
64 bytes from 157.159.10.1: icmp_seq=2 ttl=254 time=0.278 ms
64 bytes from 157.159.10.1: icmp_seq=3 ttl=254 time=0.294 ms
--- 157.159.10.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.278/0.287/0.294/0.015 ms
ping OK on it's own vlan, but not on the other one:
[root at moodle2010 /]
$ ping 157.159.21.1
PING 157.159.21.1 (157.159.21.1) 56(84) bytes of data.
--- 157.159.21.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms
did I missed somthing ?
here's some more information about network parameters:
[root at cuzco ~]# cat /proc/net/vlan/config
VLAN Dev name | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
eth0.10 | 10 | eth0
eth0.21 | 21 | eth0
[root at cuzco ~]# cat /proc/sys/net/ipv4/ip_forward
1
[root at cuzco ~]# ifconfig
eth0 Link encap:Ethernet HWaddr B8:AC:6F:83:CC:9E
inet adr:157.159.22.65 Bcast:157.159.22.255
Masque:255.255.255.0
eth0.10 Link encap:Ethernet HWaddr B8:AC:6F:83:CC:9E
inet adr:157.159.10.235 Bcast:157.159.10.255
Masque:255.255.255.0
eth0.21 Link encap:Ethernet HWaddr B8:AC:6F:83:CC:9E
inet adr:157.159.21.235 Bcast:157.159.21.255
Masque:255.255.255.0
lo Link encap:Boucle locale
inet adr:127.0.0.1 Masque:255.0.0.0
venet0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
[root at cuzco ~]# netstat -nr
Table de routage IP du noyau
Destination Passerelle Genmask Indic MSS Fenêtre irtt
Iface
157.159.10.222 0.0.0.0 255.255.255.255 UH 0 0 0
venet0
157.159.21.233 0.0.0.0 255.255.255.255 UH 0 0 0
venet0
157.159.10.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0.10
157.159.21.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0.21
157.159.22.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
eth0.21
0.0.0.0 157.159.22.1 0.0.0.0 UG 0 0 0
eth0
[root at cuzco ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:22
ACCEPT udp -- 157.159.21.10 0.0.0.0/0 udp dpt:10080
ACCEPT tcp -- 157.159.0.0/16 0.0.0.0/0 state NEW
tcp dpt:1311
ACCEPT tcp -- 157.159.10.92 0.0.0.0/0 state NEW
tcp dpt:5666
ACCEPT tcp -- 157.159.21.33 0.0.0.0/0 state NEW
tcp dpt:5666
More information about the Users
mailing list