[Users] Re: vlan routing on venet

Dmitrijs Jerihovs DmitrijsJ at headoffice.balticom.lv
Mon Jul 19 09:36:37 EDT 2010


I have the same problem, very interesting thing what in CentOS everything works with different Vlans and Subnets.

-----Original Message-----
From: users-bounces at openvz.org [mailto:users-bounces at openvz.org] On Behalf Of Jehan PROCACCIA
Sent: Friday, July 16, 2010 17:41
To: users at openvz.org
Cc: Eric DOUTRELEAU
Subject: [Users] Re: vlan routing on venet

After all, I am wondering if it possible to run multiple vlan with venet ?
should I consider using veth instead of venet ?
I wanted to run it on venet because it prevent me to find a Mac address 
for each of my VEs , but if it's impossible, I might consider using 
veth. Any pros and cons  between veth/venet for vlan use ?

for documentation  on this subject I only found one based on veth:

http://wiki.openvz.org/VLAN
http://ckdake.com/content/2008/vlans-in-openvz.html
http://en.gentoo-wiki.com/wiki/OpenVZ_VLAN

any others ?

Thanks .


Le 15/07/2010 18:15, Jehan PROCACCIA a écrit :
> hello
>
> I created 2 VEs on HN that are on different vlans
> HN is on "native" vlan 22, VE1 is on vlan 10 and VE2 on vlan 21
>
> [root at cuzco ~]# vzlist -a
>       CTID      NPROC STATUS    IP_ADDR         HOSTNAME
>        101         16 running   -               -
>      10222         12 running   157.159.10.222  moodle2010.it-sudparis.eu
>      21233         12 running   157.159.21.233  monitor.it-sudparis.eu
>
> my problem is that VEs cannot get out of their own vlan :-(
> Example,  from VE1 on vlan10 I cannot ping Vlan21 addresses (21.1 and 
> 10.1 is the cisco switch/router that routes ip between vlans)
>
>
> [root at cuzco ~]# vzctl enter 10222
> entered into CT 10222
> [root at moodle2010 /]
> $ ping 157.159.10.1
> PING 157.159.10.1 (157.159.10.1) 56(84) bytes of data.
> 64 bytes from 157.159.10.1: icmp_seq=1 ttl=254 time=0.290 ms
> 64 bytes from 157.159.10.1: icmp_seq=2 ttl=254 time=0.278 ms
> 64 bytes from 157.159.10.1: icmp_seq=3 ttl=254 time=0.294 ms
>
> --- 157.159.10.1 ping statistics ---
> 3 packets transmitted, 3 received, 0% packet loss, time 2000ms
> rtt min/avg/max/mdev = 0.278/0.287/0.294/0.015 ms
>
> ping OK on it's own vlan, but not on the other one:
>
> [root at moodle2010 /]
> $ ping 157.159.21.1
> PING 157.159.21.1 (157.159.21.1) 56(84) bytes of data.
>
> --- 157.159.21.1 ping statistics ---
> 3 packets transmitted, 0 received, 100% packet loss, time 1999ms
>
> did I missed somthing ?
>
> here's some more information about network parameters:
>
> [root at cuzco ~]# cat /proc/net/vlan/config
> VLAN Dev name     | VLAN ID
> Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
> eth0.10        | 10  | eth0
> eth0.21        | 21  | eth0
>
> [root at cuzco ~]# cat /proc/sys/net/ipv4/ip_forward
> 1
>
>
> [root at cuzco ~]# ifconfig
> eth0      Link encap:Ethernet  HWaddr B8:AC:6F:83:CC:9E
>           inet adr:157.159.22.65  Bcast:157.159.22.255  
> Masque:255.255.255.0
> eth0.10   Link encap:Ethernet  HWaddr B8:AC:6F:83:CC:9E
>           inet adr:157.159.10.235  Bcast:157.159.10.255  
> Masque:255.255.255.0
> eth0.21   Link encap:Ethernet  HWaddr B8:AC:6F:83:CC:9E
>           inet adr:157.159.21.235  Bcast:157.159.21.255  
> Masque:255.255.255.0
> lo        Link encap:Boucle locale
>           inet adr:127.0.0.1  Masque:255.0.0.0
> venet0    Link encap:UNSPEC  HWaddr 
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>           UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
>
> [root at cuzco ~]# netstat -nr
> Table de routage IP du noyau
> Destination     Passerelle      Genmask         Indic   MSS Fenêtre 
> irtt Iface
> 157.159.10.222  0.0.0.0         255.255.255.255 UH        0 0          
> 0 venet0
> 157.159.21.233  0.0.0.0         255.255.255.255 UH        0 0          
> 0 venet0
> 157.159.10.0    0.0.0.0         255.255.255.0   U         0 0          
> 0 eth0.10
> 157.159.21.0    0.0.0.0         255.255.255.0   U         0 0          
> 0 eth0.21
> 157.159.22.0    0.0.0.0         255.255.255.0   U         0 0          
> 0 eth0
> 169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          
> 0 eth0.21
> 0.0.0.0         157.159.22.1    0.0.0.0         UG        0 0          
> 0 eth0
>
> [root at cuzco ~]# iptables -L -n
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain RH-Firewall-1-INPUT (2 references)
> target     prot opt source               destination
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 
> 255
> ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:631
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state 
> RELATED,ESTABLISHED
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW 
> tcp dpt:22
> ACCEPT     udp  --  157.159.21.10        0.0.0.0/0           udp 
> dpt:10080
> ACCEPT     tcp  --  157.159.0.0/16       0.0.0.0/0           state NEW 
> tcp dpt:1311
> ACCEPT     tcp  --  157.159.10.92        0.0.0.0/0           state NEW 
> tcp dpt:5666
> ACCEPT     tcp  --  157.159.21.33        0.0.0.0/0           state NEW 
> tcp dpt:5666
>
>


_______________________________________________
Users mailing list
Users at openvz.org
https://openvz.org/mailman/listinfo/users



More information about the Users mailing list