About this list Date view Thread view Subject view Author view Attachment view

From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Thu 30 Oct 2003 - 16:43:34 GMT

Yesterday I stepped on an old behavior of the kernel I was not aware of. I wonder
if other have experienced the problem it is causing to vservers. Here is what it

You create a bunch of vserver, all using an IP (or more) address of the same IP
network. This is fairly common (typical in fact). Say you have the following vservers

C: ...
D: ...

Then you start all those vservers in the above order. Then you stop vserver A (or
a restart). When you do stop a vserver, the corresponding IP aliases are removed. In
the above example, the vserver script does

        ifconfig eth0:A down

There is a catch here. eth0:A was the first IP aliases created by the kernel
for the network. It sets a flag telling this is the
"main" IP number of this network. All the other IP aliases (created for B, C and D
vservers) will have the opposite flag IFA_F_SECONDARY.

Whenever the kernel drop a "main" IP aliases, all the related (secondary) IP
aliases (same network) are also dropped.

Said differently, you start A,B,C and D and the ifconfig reports

        eth0:A, eth0:B, eth0:C and eth0:D

Then you do "vserver A stop" and the above IP aliases are gone. The vservers
are left not much functionnal. For sure, you can restore their functionnality simply
by doing

        vserver B exec ls
        vserver C exec ls
        vserver D exec ls

( or vserver B enter, then exit).


Now the behavior is not a bug in the kernel. It is a feature and has existed this
way for many years (I have seen post about this dating 2001). How should
we handle the problem. I know that for vserver 1.1 project, we may be using
a different strategy (virtual network device), but for upcoming vserver 1.0, we
need a solution as this behavior is quite unexpected by any sysadmin.

One solution for the vserver command would be to record the state of ifconfig,
perform the "ifconfig eth0:A down" operation and restore all the missing
IP aliases.

This solution is easy to implement, but weird at best. Further it is not atomic, meaning
that 2 admins may be stopping 2 vservers at the same time and having one
"resurecting the IP alias" of the second.


Another solution would be to change the kernel. For example, when we delete the
main IP alias of a network, instead of deleting the other, we remove the SECONDARY
flag from the first other IP alias in the list.

Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!
Vserver mailing list

About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Thu 30 Oct 2003 - 16:57:23 GMT by hypermail 2.1.3