[Vserver] advanced routing per vps

From: Rik Bobbaers <Rik.Bobbaers_at_cc.kuleuven.be>
Date: Fri 15 Sep 2006 - 10:35:26 BST
Message-ID: <450A73DE.2090703@cc.kuleuven.be>

heya all,

since yesterday , i found it necessary to do my routing per vserver.
so what did i do: (i put everything in /usr/local btw ;))

gandalf:~# cat /usr/local/etc/vservers/.defaults/scripts/pre-start


IF=`cat /usr/local/etc/vservers/${HOSTNAME}/interfaces/0/dev`
IP=`cat /usr/local/etc/vservers/${HOSTNAME}/interfaces/0/ip`
NETMASK=`cat /usr/local/etc/vservers/${HOSTNAME}/interfaces/0/prefix`
# this is the case on all our networks... might not work for you ;)
GW=`ipcalc -n $IP $NETMASK |grep "HostMax:"| awk '{print $2}'`
NETWORK=`ipcalc -n $IP $NETMASK |grep "Network:"| awk '{print $2}'`

ip route add $NETWORK dev $IF table $IF-net
ip route add default via $GW dev $IF table $IF-net
ip rule add from $IP/32 table $IF-net pref 1000

gandalf:~# cat /usr/local/etc/vservers/.defaults/scripts/post-stop


IF=`cat /usr/local/etc/vservers/${HOSTNAME}/interfaces/0/dev`
IP=`cat /usr/local/etc/vservers/${HOSTNAME}/interfaces/0/ip`

ip rule del from $IP/32 table $IF-net pref 1000

now... i NEED to have all the interfaces in /etc/iproute2/rt_tables to
make this work (no problem, a routing table per VLAN suits me fine ;))

i also have to make sure the interfaces are all up @ boot (no problem,
gandalf:~# cat /etc/network/interfaces
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)

auto lo
iface lo inet loopback

auto eth0.49
iface eth0.49 inet manual
         pre-up ifconfig eth0 hw ether 00:15:BA:DC:0D:ED
         up ifconfig eth0.49 up
auto eth0.164
iface eth0.164 inet manual
         pre-up ifconfig eth0 hw ether 00:15:BA:DC:0D:ED
         up ifconfig eth0.164 up

auto eth1
iface eth1 inet static
         post-up route add -net netmask gw
         pre-down route del -net netmask gw

auto eth2.94
iface eth2.94 inet static
auto eth2.95
iface eth2.95 inet manual
         up ifconfig eth2.95 up

(the static ip on eth2.94 is for allowing nfs in a vps... it seems
impossible to make the "source address" for nfs the same as the vps
address... but that's another problem ;))

i use vlans, so i have to set every vlan UP @ boottime and all guests

now my questions:
1. the device i have to use for my hosts is: eth2.94, so i put that in
dev. if i boot my machine, i don't have eth2 up, because the host itself
doesn't need to have an ip address on that network. if i want to start a
  vps on eth2.94, and let vserver create the vlan for me, it doesn't
work if eth2 isn't up... why is that? can't vserver check if eth2 is up,
and if it's not, then set it up? what's the reason for that?

sollution: bring up eth2 at boottime without an address and all works
fine. but this gets us to the next problem...

2. the vps sets up the vlan nicely, sets up networking, scripts make
sure routing is done fine. but when i set up 2 hosts on the same vlan,
and i shut down 1 of those vps'es, it REMOVES the vlan dev, and the
other vps lose their network, while it's still in use!!!

sollution: put a novlandev in each hosts config. BUT (here we go again)
that means i have to do the vlan config myself again. (not that it's a
problem, since you can see my interfaces file now).

3. how hard is it to implement a "use count" or so for those kind of
things? just check if there are other vps'es using the vlan dev. if
noone uses it, THEN bring it down. if there are vps'es using the vlan:
leave it alone. that way, the last vps using the vlan will disable it,
the first one needing it, will start it.
for ip addresses, we have net.ipv4.conf.all.promote_secondaries=1
something alike for vlan devs would be nice ;)

4. totally different now... the way i start my advanced routing, it
allways says (except the first time off course):
RTNETLINK answers: File exists
RTNETLINK answers: File exists
(normal, the route to that network exists)
That's the reason i can't delete the routing for the network when i stop
the vps... others may still need it. and if it allready exists, it's ok
by me, so that "error" is just fine.
does anyone have a clean sollution for that?

that's about it for the moment, i think...

just to be clear: it all works fine now... so there is not really a
problem, just some practical questions!


aka Rik Bobbaers
K.U.Leuven - LUDIT          -=- Tel: +32 485 52 71 50
Rik.Bobbaers_at_cc.kuleuven.be -=- http://harry.ulyssis.org
"Work hard and do your best, it'll make it easier for the rest"
-- Garfield
Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
Vserver mailing list
Received on Fri Sep 15 10:36:40 2006
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 15 Sep 2006 - 10:36:46 BST by hypermail 2.1.8