Details
-
Type: Bug
-
Status: Closed
-
Priority: Major
-
Resolution: Fixed
-
Fix Version/s: OpenVZ-legacy
-
Component/s: Containers::Userspace
-
Security Level: Public
-
Environment:Operating System: RHEL/CentOS 5
Platform: x86_64 (AMD64)
-
External issue URL:
-
External issue ID:1088
Description
My HN has eth0 with ISP's Private VLAN and eth1 with Public WAN. The server has 8 Public IPs (5 usable) and 8 Private IPs (5 usable).
If I create a VE and set a unique Public IP and a unique Private IP for the CT, within the VE, only the network for the first IP in the CT forwards to that network's gateway. If I reverse the order that the IP addresses are assigned, still only the first network goes through the gateway as defined on the HN.
So, if the first address added to the CT is the Public WAN IP, then the VE in the CT can see the internet (e.g., ping google.com) but cannot see the Private VLAN (e.g., ping 10.0.0.1).
Conversely, if the first address added to the CT is the Private VLAN IP, then the VE in the CT can see the Private VLAN (e.g., ping 10.0.0.1) but cannot see the Public WAN (e.g., ping google.com).
I assume there is a route missing but when I check the routes, they are the same on both the HN and in the VE regardless of the order that the Private and Public IPs were assigned in the VE.
Here are the routes in the VE:
[root@vps102p /]# ip route
192.0.2.0/24 dev venet0 scope host
169.254.0.0/16 dev venet0 scope link
default via 192.0.2.1 dev venet0
Here are the routes in the HN
[root@node1 ~]# ip route
63.248.94.19 dev venet0 scope link
63.248.94.21 dev venet0 scope link
63.248.94.20 dev venet0 scope link
10.0.15.52 dev venet0 scope link
10.0.15.51 dev venet0 scope link
63.248.94.16/29 dev eth1 proto kernel scope link src 63.248.94.18
10.0.15.48/29 dev eth0 proto kernel scope link src 10.0.15.50
10.0.0.0/16 via 10.0.15.49 dev eth0
169.254.0.0/16 dev eth1 scope link
default via 63.248.94.17 dev eth1
(I changed my public IPs above just to keep from posting them here).
If this isn't a bug, but a feature (only first IP in a VE routes through the gateway of the HN, then I think it probably should be implemented so that both networks are accessible.
This should be fairly common set up and everything is so close to working as if by magic with the venet0 interface. Maybe it is just me. I just downloaded OpenVZ and I am a bit of a newbie to all this networking stuff.
If I create a VE and set a unique Public IP and a unique Private IP for the CT, within the VE, only the network for the first IP in the CT forwards to that network's gateway. If I reverse the order that the IP addresses are assigned, still only the first network goes through the gateway as defined on the HN.
So, if the first address added to the CT is the Public WAN IP, then the VE in the CT can see the internet (e.g., ping google.com) but cannot see the Private VLAN (e.g., ping 10.0.0.1).
Conversely, if the first address added to the CT is the Private VLAN IP, then the VE in the CT can see the Private VLAN (e.g., ping 10.0.0.1) but cannot see the Public WAN (e.g., ping google.com).
I assume there is a route missing but when I check the routes, they are the same on both the HN and in the VE regardless of the order that the Private and Public IPs were assigned in the VE.
Here are the routes in the VE:
[root@vps102p /]# ip route
192.0.2.0/24 dev venet0 scope host
169.254.0.0/16 dev venet0 scope link
default via 192.0.2.1 dev venet0
Here are the routes in the HN
[root@node1 ~]# ip route
63.248.94.19 dev venet0 scope link
63.248.94.21 dev venet0 scope link
63.248.94.20 dev venet0 scope link
10.0.15.52 dev venet0 scope link
10.0.15.51 dev venet0 scope link
63.248.94.16/29 dev eth1 proto kernel scope link src 63.248.94.18
10.0.15.48/29 dev eth0 proto kernel scope link src 10.0.15.50
10.0.0.0/16 via 10.0.15.49 dev eth0
169.254.0.0/16 dev eth1 scope link
default via 63.248.94.17 dev eth1
(I changed my public IPs above just to keep from posting them here).
If this isn't a bug, but a feature (only first IP in a VE routes through the gateway of the HN, then I think it probably should be implemented so that both networks are accessible.
This should be fairly common set up and everything is so close to working as if by magic with the venet0 interface. Maybe it is just me. I just downloaded OpenVZ and I am a bit of a newbie to all this networking stuff.