[Users] routing from external through HN to loopback on CT

Christopher McCrory chrismcc at gmail.com
Fri Jul 20 13:19:29 EDT 2012 

On Fri, 2012-07-20 at 21:02 +0400, CoolCold wrote:
> 
> 
> On Fri, Jul 20, 2012 at 8:25 PM, Christopher McCrory
> <chrismcc at gmail.com> wrote:
>         Hello...
>         
>         The setup:
>          x.y.1.1/24   Cisco router
>          x.y.1.2/24   OpenVZ Hardware Node on CentOS 5 with all
>         updates
>          x.y.1.3/24   OpenVZ container CT103 using veth
>          x.y.42.42/32 IP address on container's loopback interface
>          iptables off on all hosts, ip forwarding enabled everywhere
>          the router/external host has a route for x.y.42.42/32 via
>         x.y.1.3
>         
>          I cannot get packets from external hosts to route to the
>         loopback on
>         CT103.  packets leave the router, enter the HN, but never exit
>         any
>         interface.  This should be working but isn't and the same
>         setup not on a
>         container works.  What am I missing?
>         
>         
>         
>         in the openvz/103.conf file this works
>         IP_ADDRESS="x.y.1.3 x.y.42.42"
>         
>         but will not work as I need x.y.42.42 to be on several
>         containers
>         (anycast DNS) and advertised via BGP.  I also need to create
>         more CTs
>         that will have a hundreds of IP addresses on loopbacks and
>         putting them
>  
>         in the openvz config will not scale.
>         
>         Again, what am I missing?
> I think problem is in routing table on HN - as you have that x.y.42.42
> on loopback of VE, routing on HN has no idea what to do with them.
>  


Adding a route on the HN does not help (I tried that).  Nor should it be
required.  The packet should be bridged through the HN to CT103.  Then
CT103 knows that x.y.42.42 is on itself and can process the packets.
>From what I see using tcpdump the packet never leaves the bridge on the
HN.  ? ? ?




>         
>         thanks
>         
>         --
>         Christopher McCrory
>         To the optimist, the glass is half full.
>         To the pessimist, the glass is half empty.
>         To the engineer, the glass is twice as big as it needs to be.
>         
>         _______________________________________________
>         Users mailing list
>         Users at openvz.org
>         https://openvz.org/mailman/listinfo/users
> 
> 
> 
> -- 
> Best regards,
> [COOLCOLD-RIPN] 
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://openvz.org/mailman/listinfo/users


-- 
Christopher McCrory
To the optimist, the glass is half full.
To the pessimist, the glass is half empty.
To the engineer, the glass is twice as big as it needs to be.

More information about the Users mailing list