[Users] Re: vlan routing on venet

jehan procaccia jehan.procaccia at it-sudparis.eu
Sat Jul 24 05:07:05 EDT 2010


Most of my problems comes from that I didn't had a bridge !
Now I create one on HN that bridges HN eth0.21 (vlan 21 interface) to 
veth21233 (VE eth0.21 interface) and things get better.

[root at cuzco ~]# brctl addbr vzbr0
[root at cuzco ~]# ifconfig vzbr0 up
[root at cuzco ~]# brctl addif vzbr0 eth0.21
[root at cuzco ~]# brctl addif vzbr0 veth21233.0
[root at cuzco ~]# brctl show
bridge name     bridge id               STP enabled     interfaces
vzbr0           8000.0018515796b5       no              veth21233.0
                                                        eth0.21

from my VE I now can go to the internet ;-)
[root at monitor /]# traceroute -I www.google.fr
traceroute to www.google.fr (66.249.92.104), 30 hops max, 40 byte packets
 1  157.159.21.1 (157.159.21.1)  0.317 ms  0.310 ms  0.382 ms
 2  r7206-01.int-evry.fr (157.159.8.1)  0.387 ms  0.384 ms  0.496 ms
...

I still have to find how to make that manual config permanent (at boot 
up) ...

and I also wonder if I will have to create a bridge for each and every 
vlan my HN will host, ie an other vzbr0.10 for bridge between HN eth0.10 
and my VEs on vlan10 , and others one vzbr0.X for VEs on vlan X ... or 
can I share a single vzbr0 bridge interface for each vlan ?

Thanks .


jehan procaccia a écrit :
> I still cannot run vlan on my VEs :-(
> as I cannot find a easy way with venet , I am now trying with veth.
> I follow docs:
> http://wiki.openvz.org/VLAN and 
> http://wiki.openvz.org/Virtual_Ethernet_device
>
> regarding 1st doc, I set from the HN a veth in vlan 21 for my VE (21233)
>
> [root at cuzco ~]# vzctl set 21233 --netif_add eth0.21 --save
> Configure veth devices: veth21233.0
> Saved parameters for CT 21233
>
> I also already do have a eth0.21 interface on the HN for vlan21
>
> [root at cuzco ~]# ifconfig eth0.21
> eth0.21   Link encap:Ethernet  HWaddr B8:AC:6F:83:CC:9E
>          adr inet6: fe80::baac:6fff:fe83:cc9e/64 Scope:Lien
>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>          RX packets:904736 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:23 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 lg file transmission:0
>          RX bytes:77972548 (74.3 MiB)  TX bytes:3820 (3.7 KiB)
>
> I hope/supose there's no conflict name between eth0.21 on HN an 
> eth0.21 on VE !?
>
> anyway, on the HN I correctly ping vlan21 router
> [root at cuzco ~]# ping 157.159.21.1
> PING 157.159.21.1 (157.159.21.1) 56(84) bytes of data.
> 64 bytes from 157.159.21.1: icmp_seq=1 ttl=255 time=0.771 ms
>
> On VE I manually configure network:
>
> [root at monitor /]# ifconfig eth0.21 0
> [root at monitor /]# ip addr add 157.159.21.233/24 dev eth0.21
> [root at monitor /]# ip route add default dev eth0.21
>
> it ping itself:
> [root at monitor /]# ping 157.159.21.233
> PING 157.159.21.233 (157.159.21.233) 56(84) bytes of data.
> 64 bytes from 157.159.21.233: icmp_seq=1 ttl=64 time=0.020 ms
>
> but not the router on vlan 21 :-( :
>
> [root at monitor /]# ping 157.159.21.1
> PING 157.159.21.1 (157.159.21.1) 56(84) bytes of data.
> From 157.159.21.233 icmp_seq=2 Destination Host Unreachable
>
> Did I miss something ?
> is there a need to add a route for the VE on the HN ? I tried without 
> success
> # ip route add 157.159.21.233 dev veth21233.0
> RTNETLINK answers: No such device
> although there is a veth21233.0 device !
> [root at cuzco network-scripts]# ifconfig veth21233.0
> veth21233.0 Link encap:Ethernet  HWaddr 00:18:51:AA:E8:49
>          adr inet6: fe80::218:51ff:feaa:e849/64 Scope:Lien
>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>          RX packets:13 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:0 errors:0 dropped:13 overruns:0 carrier:0
>          collisions:0 lg file transmission:0
>          RX bytes:564 (564.0 b)  TX bytes:0 (0.0 b)
>
> I saw lot of post about creating bridges ... do I need a bridge 
> something somewhere ?
> please help .
>
> Thanks .
>
>
> Jehan PROCACCIA a écrit :
>> After all, I am wondering if it possible to run multiple vlan with 
>> venet ?
>> should I consider using veth instead of venet ?
>> I wanted to run it on venet because it prevent me to find a Mac 
>> address for each of my VEs , but if it's impossible, I might consider 
>> using veth. Any pros and cons  between veth/venet for vlan use ?
>>
>> for documentation  on this subject I only found one based on veth:
>>
>> http://wiki.openvz.org/VLAN
>> http://ckdake.com/content/2008/vlans-in-openvz.html
>> http://en.gentoo-wiki.com/wiki/OpenVZ_VLAN
>>
>> any others ?
>>
>> Thanks .
>>
>>
>> Le 15/07/2010 18:15, Jehan PROCACCIA a écrit :
>>> hello
>>>
>>> I created 2 VEs on HN that are on different vlans
>>> HN is on "native" vlan 22, VE1 is on vlan 10 and VE2 on vlan 21
>>>
>>> [root at cuzco ~]# vzlist -a
>>>       CTID      NPROC STATUS    IP_ADDR         HOSTNAME
>>>        101         16 running   -               -
>>>      10222         12 running   157.159.10.222  
>>> moodle2010.it-sudparis.eu
>>>      21233         12 running   157.159.21.233  monitor.it-sudparis.eu
>>>
>>> my problem is that VEs cannot get out of their own vlan :-(
>>> Example,  from VE1 on vlan10 I cannot ping Vlan21 addresses (21.1 
>>> and 10.1 is the cisco switch/router that routes ip between vlans)
>>>
>>>
>>> [root at cuzco ~]# vzctl enter 10222
>>> entered into CT 10222
>>> [root at moodle2010 /]
>>> $ ping 157.159.10.1
>>> PING 157.159.10.1 (157.159.10.1) 56(84) bytes of data.
>>> 64 bytes from 157.159.10.1: icmp_seq=1 ttl=254 time=0.290 ms
>>> 64 bytes from 157.159.10.1: icmp_seq=2 ttl=254 time=0.278 ms
>>> 64 bytes from 157.159.10.1: icmp_seq=3 ttl=254 time=0.294 ms
>>>
>>> --- 157.159.10.1 ping statistics ---
>>> 3 packets transmitted, 3 received, 0% packet loss, time 2000ms
>>> rtt min/avg/max/mdev = 0.278/0.287/0.294/0.015 ms
>>>
>>> ping OK on it's own vlan, but not on the other one:
>>>
>>> [root at moodle2010 /]
>>> $ ping 157.159.21.1
>>> PING 157.159.21.1 (157.159.21.1) 56(84) bytes of data.
>>>
>>> --- 157.159.21.1 ping statistics ---
>>> 3 packets transmitted, 0 received, 100% packet loss, time 1999ms
>>>
>>> did I missed somthing ?
>>>
>>> here's some more information about network parameters:
>>>
>>> [root at cuzco ~]# cat /proc/net/vlan/config
>>> VLAN Dev name     | VLAN ID
>>> Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
>>> eth0.10        | 10  | eth0
>>> eth0.21        | 21  | eth0
>>>
>>> [root at cuzco ~]# cat /proc/sys/net/ipv4/ip_forward
>>> 1
>>>
>>>
>>> [root at cuzco ~]# ifconfig
>>> eth0      Link encap:Ethernet  HWaddr B8:AC:6F:83:CC:9E
>>>           inet adr:157.159.22.65  Bcast:157.159.22.255  
>>> Masque:255.255.255.0
>>> eth0.10   Link encap:Ethernet  HWaddr B8:AC:6F:83:CC:9E
>>>           inet adr:157.159.10.235  Bcast:157.159.10.255  
>>> Masque:255.255.255.0
>>> eth0.21   Link encap:Ethernet  HWaddr B8:AC:6F:83:CC:9E
>>>           inet adr:157.159.21.235  Bcast:157.159.21.255  
>>> Masque:255.255.255.0
>>> lo        Link encap:Boucle locale
>>>           inet adr:127.0.0.1  Masque:255.0.0.0
>>> venet0    Link encap:UNSPEC  HWaddr 
>>> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>>>           UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
>>>
>>> [root at cuzco ~]# netstat -nr
>>> Table de routage IP du noyau
>>> Destination     Passerelle      Genmask         Indic   MSS Fenêtre 
>>> irtt Iface
>>> 157.159.10.222  0.0.0.0         255.255.255.255 UH        0 
>>> 0          0 venet0
>>> 157.159.21.233  0.0.0.0         255.255.255.255 UH        0 
>>> 0          0 venet0
>>> 157.159.10.0    0.0.0.0         255.255.255.0   U         0 
>>> 0          0 eth0.10
>>> 157.159.21.0    0.0.0.0         255.255.255.0   U         0 
>>> 0          0 eth0.21
>>> 157.159.22.0    0.0.0.0         255.255.255.0   U         0 
>>> 0          0 eth0
>>> 169.254.0.0     0.0.0.0         255.255.0.0     U         0 
>>> 0          0 eth0.21
>>> 0.0.0.0         157.159.22.1    0.0.0.0         UG        0 
>>> 0          0 eth0
>>>
>>> [root at cuzco ~]# iptables -L -n
>>> Chain INPUT (policy ACCEPT)
>>> target     prot opt source               destination
>>> RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
>>>
>>> Chain FORWARD (policy ACCEPT)
>>> target     prot opt source               destination
>>> RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
>>>
>>> Chain OUTPUT (policy ACCEPT)
>>> target     prot opt source               destination
>>>
>>> Chain RH-Firewall-1-INPUT (2 references)
>>> target     prot opt source               destination
>>> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
>>> ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp 
>>> type 255
>>> ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
>>> ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
>>> ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp 
>>> dpt:5353
>>> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp 
>>> dpt:631
>>> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp 
>>> dpt:631
>>> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state 
>>> RELATED,ESTABLISHED
>>> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state 
>>> NEW tcp dpt:22
>>> ACCEPT     udp  --  157.159.21.10        0.0.0.0/0           udp 
>>> dpt:10080
>>> ACCEPT     tcp  --  157.159.0.0/16       0.0.0.0/0           state 
>>> NEW tcp dpt:1311
>>> ACCEPT     tcp  --  157.159.10.92        0.0.0.0/0           state 
>>> NEW tcp dpt:5666
>>> ACCEPT     tcp  --  157.159.21.33        0.0.0.0/0           state 
>>> NEW tcp dpt:5666
>>>
>>>
>>
>
>
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://openvz.org/mailman/listinfo/users




More information about the Users mailing list