From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Thu 30 Oct 2003 - 19:44:28 GMT
On Thu, Oct 30, 2003 at 11:43:34AM -0500, Jacques Gelinas wrote:
> Yesterday I stepped on an old behavior of the kernel I was not aware of. I wonder
> if other have experienced the problem it is causing to vservers. Here is what it
> does.
>
> You create a bunch of vserver, all using an IP (or more) address of the same IP
> network. This is fairly common (typical in fact). Say you have the following vservers
>
> A: 192.168.0.1/255.255.255.0
> B: 192.168.0.2/255.255.255.0
> C: ...
> D: ...
>
> Then you start all those vservers in the above order. Then you stop vserver A (or
> a restart). When you do stop a vserver, the corresponding IP aliases are removed. In
> the above example, the vserver script does
>
> ifconfig eth0:A down
>
> There is a catch here. eth0:A was the first IP aliases created by the kernel
> for the 192.168.0.0/255.255.255.0 network. It sets a flag telling this is the
> "main" IP number of this network. All the other IP aliases (created for B, C and D
> vservers) will have the opposite flag IFA_F_SECONDARY.
can be easily circumvented if you setup eth0 on the host
for some (maybe a dummy) address ...
> Whenever the kernel drop a "main" IP aliases, all the related (secondary) IP
> aliases (same network) are also dropped.
>
> Said differently, you start A,B,C and D and the ifconfig reports
>
> eth0:A, eth0:B, eth0:C and eth0:D
>
> Then you do "vserver A stop" and the above IP aliases are gone. The vservers
> are left not much functionnal. For sure, you can restore their functionnality simply
> by doing
>
> vserver B exec ls
> vserver C exec ls
> vserver D exec ls
>
> ( or vserver B enter, then exit).
>
> ------------
>
> Now the behavior is not a bug in the kernel. It is a feature and has existed this
> way for many years (I have seen post about this dating 2001). How should
> we handle the problem. I know that for vserver 1.1 project, we may be using
> a different strategy (virtual network device), but for upcoming vserver 1.0, we
> need a solution as this behavior is quite unexpected by any sysadmin.
>
> One solution for the vserver command would be to record the state of ifconfig,
> perform the "ifconfig eth0:A down" operation and restore all the missing
> IP aliases.
>
> This solution is easy to implement, but weird at best. Further it is not atomic, meaning
> that 2 admins may be stopping 2 vservers at the same time and having one
> "resurecting the IP alias" of the second.
>
> --------------------
>
> Another solution would be to change the kernel. For example, when we delete the
> main IP alias of a network, instead of deleting the other, we remove the SECONDARY
> flag from the first other IP alias in the list.
IMHO the best solution would be to use iproute2's ip
utility to setup addr and link info, this way much
more can be done, and after all it's the default interface
for 2.4 kernels, although not many use it ...
best,
Herbert
> ---------------------------------------------------------
> Jacques Gelinas <jack_at_solucorp.qc.ca>
> vserver: run general purpose virtual servers on one box, full speed!
> http://www.solucorp.qc.ca/miscprj/s_context.hc
> _______________________________________________
> Vserver mailing list
> Vserver_at_www.solucorp.qc.ca
> http://www.solucorp.qc.ca/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_www.solucorp.qc.ca
http://www.solucorp.qc.ca/mailman/listinfo/vserver