Re: [vserver] source IP messed up on multihomed guest with 2.6.38.6-vs2.3.0.37-rc15:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: [vserver] source IP messed up on multihomed guest with 2.6.38.6-vs2.3.0.37-rc15

From: Thomas Weber <l_vserver_at_mail2news.4t2.com>
Date: Fri 27 May 2011 - 17:20:16 BST
Message-ID: <1306513216.592.239.camel@morgoth.abyss.4t2.com>

Am Freitag, den 27.05.2011, 16:47 +0200 schrieb Adrian Reyer:
> On Fri, May 27, 2011 at 12:15:28AM +0200, Thomas Weber wrote:
> > Hmm nobody cares?
>
> I care, but not sure what to say here.
[...]

> In your previous post you stated 2 network interfaces, both of them
> having a default route. According to my experience this won't route a
> single packet via the other default route. If you want to make one
> host route via one default gateway and the other via the other one, you
> need to use multiple routing tables and set 'ip rule' stuff in suitable
> way.

those routes were mainly because i was setting up this box for a foreign
LAN in a test LAN. This is not about routing via gateways, this is about
the kernel using the wrong source IP for outgoing packets to a directly
connected subnet.
Packets sent out are generated with the wrong source.

> If 2 VServers on your host communicate with each other, no routing table
> is involved at all. No alternate routing table will get you out of this.
>
> None of these thinsg seem to be directly valid for your case, maybe they
> help in finden the real solution, though.

yes, i don't see how these things fit for me.

This all worked well with 2.6.37based kernels, 2.6.38based it's broken.

with 1 interface only and 2.6.38.6-vs2.3.0.37-rc15:
- put two subnets (A and B) on that interface on the host
- create a guest with interfaces in both of these subnets
<vserver>/interfaces/01/A <vserver>/interfaces/02/B (because ordering
matters)
- put another testbox on that LAN and put it only in either A or B
- you wont be able (*) to connect from the guest to this testbox if you
put it in subnet B because it will use outgoing source IP of subnet A

now for some more fun:
- remove subnet B's interface definition from the host (make sure
there's no address in subnet B on the host)
- start the vserver from above again
- same problem as above
- stop the vserver
- mv <vserver>/interfaces/01 <vserver>/interfaces/03 so that B comes
before A
- you will be able to connect to the testbox in if you put it in either
subnet

(*)without explicitly specifying outgoing source in the guest

maybe someone finds the time and reproduces this, since i think this is
a serious flaw (at least it makes most of my setups unusable)

  Tom
Received on Fri May 27 17:20:50 2011

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 27 May 2011 - 17:20:50 BST by hypermail 2.1.8