[Users] Re: vlan routing on venet
Dmitrijs Jerihovs
DmitrijsJ at headoffice.balticom.lv
Mon Jul 19 09:36:37 EDT 2010
I have the same problem, very interesting thing what in CentOS everything works with different Vlans and Subnets.
-----Original Message-----
From: users-bounces at openvz.org [mailto:users-bounces at openvz.org] On Behalf Of Jehan PROCACCIA
Sent: Friday, July 16, 2010 17:41
To: users at openvz.org
Cc: Eric DOUTRELEAU
Subject: [Users] Re: vlan routing on venet
After all, I am wondering if it possible to run multiple vlan with venet ?
should I consider using veth instead of venet ?
I wanted to run it on venet because it prevent me to find a Mac address
for each of my VEs , but if it's impossible, I might consider using
veth. Any pros and cons between veth/venet for vlan use ?
for documentation on this subject I only found one based on veth:
http://wiki.openvz.org/VLAN
http://ckdake.com/content/2008/vlans-in-openvz.html
http://en.gentoo-wiki.com/wiki/OpenVZ_VLAN
any others ?
Thanks .
Le 15/07/2010 18:15, Jehan PROCACCIA a écrit :
> hello
>
> I created 2 VEs on HN that are on different vlans
> HN is on "native" vlan 22, VE1 is on vlan 10 and VE2 on vlan 21
>
> [root at cuzco ~]# vzlist -a
> CTID NPROC STATUS IP_ADDR HOSTNAME
> 101 16 running - -
> 10222 12 running 157.159.10.222 moodle2010.it-sudparis.eu
> 21233 12 running 157.159.21.233 monitor.it-sudparis.eu
>
> my problem is that VEs cannot get out of their own vlan :-(
> Example, from VE1 on vlan10 I cannot ping Vlan21 addresses (21.1 and
> 10.1 is the cisco switch/router that routes ip between vlans)
>
>
> [root at cuzco ~]# vzctl enter 10222
> entered into CT 10222
> [root at moodle2010 /]
> $ ping 157.159.10.1
> PING 157.159.10.1 (157.159.10.1) 56(84) bytes of data.
> 64 bytes from 157.159.10.1: icmp_seq=1 ttl=254 time=0.290 ms
> 64 bytes from 157.159.10.1: icmp_seq=2 ttl=254 time=0.278 ms
> 64 bytes from 157.159.10.1: icmp_seq=3 ttl=254 time=0.294 ms
>
> --- 157.159.10.1 ping statistics ---
> 3 packets transmitted, 3 received, 0% packet loss, time 2000ms
> rtt min/avg/max/mdev = 0.278/0.287/0.294/0.015 ms
>
> ping OK on it's own vlan, but not on the other one:
>
> [root at moodle2010 /]
> $ ping 157.159.21.1
> PING 157.159.21.1 (157.159.21.1) 56(84) bytes of data.
>
> --- 157.159.21.1 ping statistics ---
> 3 packets transmitted, 0 received, 100% packet loss, time 1999ms
>
> did I missed somthing ?
>
> here's some more information about network parameters:
>
> [root at cuzco ~]# cat /proc/net/vlan/config
> VLAN Dev name | VLAN ID
> Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
> eth0.10 | 10 | eth0
> eth0.21 | 21 | eth0
>
> [root at cuzco ~]# cat /proc/sys/net/ipv4/ip_forward
> 1
>
>
> [root at cuzco ~]# ifconfig
> eth0 Link encap:Ethernet HWaddr B8:AC:6F:83:CC:9E
> inet adr:157.159.22.65 Bcast:157.159.22.255
> Masque:255.255.255.0
> eth0.10 Link encap:Ethernet HWaddr B8:AC:6F:83:CC:9E
> inet adr:157.159.10.235 Bcast:157.159.10.255
> Masque:255.255.255.0
> eth0.21 Link encap:Ethernet HWaddr B8:AC:6F:83:CC:9E
> inet adr:157.159.21.235 Bcast:157.159.21.255
> Masque:255.255.255.0
> lo Link encap:Boucle locale
> inet adr:127.0.0.1 Masque:255.0.0.0
> venet0 Link encap:UNSPEC HWaddr
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
> UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
>
> [root at cuzco ~]# netstat -nr
> Table de routage IP du noyau
> Destination Passerelle Genmask Indic MSS Fenêtre
> irtt Iface
> 157.159.10.222 0.0.0.0 255.255.255.255 UH 0 0
> 0 venet0
> 157.159.21.233 0.0.0.0 255.255.255.255 UH 0 0
> 0 venet0
> 157.159.10.0 0.0.0.0 255.255.255.0 U 0 0
> 0 eth0.10
> 157.159.21.0 0.0.0.0 255.255.255.0 U 0 0
> 0 eth0.21
> 157.159.22.0 0.0.0.0 255.255.255.0 U 0 0
> 0 eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0
> 0 eth0.21
> 0.0.0.0 157.159.22.1 0.0.0.0 UG 0 0
> 0 eth0
>
> [root at cuzco ~]# iptables -L -n
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain RH-Firewall-1-INPUT (2 references)
> target prot opt source destination
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
> 255
> ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
> RELATED,ESTABLISHED
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
> tcp dpt:22
> ACCEPT udp -- 157.159.21.10 0.0.0.0/0 udp
> dpt:10080
> ACCEPT tcp -- 157.159.0.0/16 0.0.0.0/0 state NEW
> tcp dpt:1311
> ACCEPT tcp -- 157.159.10.92 0.0.0.0/0 state NEW
> tcp dpt:5666
> ACCEPT tcp -- 157.159.21.33 0.0.0.0/0 state NEW
> tcp dpt:5666
>
>
_______________________________________________
Users mailing list
Users at openvz.org
https://openvz.org/mailman/listinfo/users
More information about the Users
mailing list