From: Chuck (chuck_at_sbbsnet.net)
Date: Thu 22 Sep 2005 - 02:10:12 BST
On Wednesday 21 September 2005 08:55 pm, Chuck wrote:
> On Wednesday 21 September 2005 08:18 pm, Herbert Poetzl wrote:
> > On Wed, Sep 21, 2005 at 08:09:19PM -0400, Chuck wrote:
> > > i will have a need for 4 nics on 4 unique networks physically
> > > separated so no chance of combining them on one nic.
> > >
> > > will the guests work fine on this? i know i had trouble in the past
> > > running a dedicated machine on multiple networks.
> > >
> > > any given guest will be a member of a single network therefore will
> > > access only a single nic. my concern is the host routing. previously
> > > when i did this only members of the networks that were not assigned
> > > to eth0 could reach them. the outside could not.
> > >
> > > each network of course has its own unique gateway and netmask
> > >
> > > example..
> > >
> > > the 4 nics will be required to access
> > >
> > > 64.113.32.0/23 gw 32.1
> > > 64.113.34.0/24 gw 34.1
> > > 64.113.39.0/24 gw 39.1
> > > 172.30.x.x/24 pvt network gw 0.1
> > >
> > > the first 3 must be reachable via the outside..
> > >
> > > can this be accomplished properly?
> >
> > sure, but it's probably not the every day network
> > setup, so it might not be obvious for you ...
>
> no its not. i had this same problem with our news server when it was a
member
> of 4 networks.
>
> >
> > here is an example how to do source based routing
> > (that's what you want here) with two different
> > gateways (you just have to extend it to four :)
> >
> > http://archives.linux-vserver.org/200311/0470.html
> >
>
> will study it
>
> > it is listed on the 'More Documentation' wiki page
> > under (Archived) Knowledge, and you might want to
> > take a look at the Networking stuff there too ...
> >
>
> will study that too :)
>
> > > i personally cannot comprehend why the network/gateway limitations
> > > are there.
> >
> > there are no real networking/gateway limitation,
> > just routing tables and priorities ... you can
> > have a dozent different gateways and switch them
> > every second if you like :)
> >
> > > if each nic is on a separate network it should be able to have
> > > its own default gateway for that network regardless of other nics.
> >
> > default gateway means: if no other rule applies,
> > then send it there, of course, this does not make
> > too much sense with more than one defaults on a
> > single routing table ...
> >
>
> here is my current network config
>
> config_eth0=("64.113.34.5 netmask 255.255.255.0 broadcast 64.113.34.255")
> routes_eth0=("default gw 64.113.34.1")
>
> config_eth1=( "172.30.0.50 netmask 255.255.255.0 broadcast 172.30.0.255" )
> routes_eth1=( "-net 172.30.0.0/24 gw 172.30.0.1" )
>
> config_eth2=( "64.113.33.7 netmask 255.255.254.0 broadcast 64.113.33.255")
> routes_eth2=( "-net 64.113.32.0/23 gw 64.113.32.1" )
>
>
> and my routing table
>
> prometheus conf.d # route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
Iface
> 64.113.34.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 172.30.0.0 172.30.0.1 255.255.255.0 UG 0 0 0 eth1
> 172.30.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
> 64.113.32.0 64.113.32.1 255.255.254.0 UG 0 0 0 eth2
> 64.113.32.0 0.0.0.0 255.255.254.0 U 0 0 0 eth2
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
> 0.0.0.0 64.113.34.1 0.0.0.0 UG 0 0 0 eth0
>
>
> with every update to this year's gentoo latest i lose access to the pvt
> network on eth1 directly from my machines... im not too worried about that
> but it signalled the start of a problem with updating to this year's code..
> the way above behaves is if eth2 is down, then any machine can ping eth0 and
> ouside can ping it.. all members of pvtnet eth1 work fine.
>
> with eth2 up, eth1 still works ok, but now, members of eth2 32 network
cannot
> ping 34.5 on eth0 but they can ping eth2 at 33.7
>
> outside can ping 34.5 still but it cannot ping 33.7 at all. only members of
> the 32-33 net can ping that ip addy.
>
> i need to make it so all interfaces regardless of network are available to
> every machine internally and outside except eth1 pvtnet.
>
> hopefully these docs you pointed me to will make this clear.
>
>
oh one more thing... each interface must be plugged into certain switch ports.
different groups of ports are configured for different networks.. so switch
ports 1-6 may be for 32 net, 7-12 for 34 net, customer owned machines on 36
net ports 13-20 ... etc from there back to the routers they are configured as
vlans designed to be transparent to the servers as long as they are plugged
into the correct port group.. this was done so if there is an errant server
in say a customer owned machine, it would only affect its own network and
none of our others mostly concerning excessive network traffic. the border
routers take care of internally routing between networks for properly formed
requests and all requests from outside from the internet.
>
> > HTH,
> > Herbert
> >
> > > --
> > > Chuck
> > >
> > > "...and the hordes of M$*ft users descended upon me in their anger,
> > > and asked 'Why do you not get the viruses or the BlueScreensOfDeath
> > > or insecure system troubles and slowness or pay through the nose
> > > for an OS as *we* do?!!', and I answered...'I use Linux'. "
> > > The Book of John, chapter 1, page 1, and end of book
> > >
> > >
> > > _______________________________________________
> > > Vserver mailing list
> > > Vserver_at_list.linux-vserver.org
> > > http://list.linux-vserver.org/mailman/listinfo/vserver
> >
>
> --
>
> Chuck
>
> "...and the hordes of M$*ft users descended upon me in their anger,
> and asked 'Why do you not get the viruses or the BlueScreensOfDeath
> or insecure system troubles and slowness or pay through the nose
> for an OS as *we* do?!!', and I answered...'I use Linux'. "
> The Book of John, chapter 1, page 1, and end of book
>
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
>
--Chuck
"...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. " The Book of John, chapter 1, page 1, and end of book
_______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver