Seems like the package show go to this route: 172.16.10.200 0.0.0.0 255.255.255.248 U 0 0 0 br100
Which is br100 presents eth0. *Best Regards!* *Chao Yan--------------**My twitter:Andy Yan @yanchao727 <https://twitter.com/yanchao727>* *My Weibo:http://weibo.com/herewearenow <http://weibo.com/herewearenow>--------------* 2014-09-23 15:51 GMT+08:00 Sam Lee <[email protected]>: > I think routing is in step 4。 The packet shoule be processed by eth1 > based on routing table. in fact eth0 process it. this is what I am puzzled > > 2014-09-23 15:47 GMT+08:00 Sam Lee <[email protected]>: > >> Can you explain it more detail? when the routing table is used? >> >> 2014-09-23 15:39 GMT+08:00 严超 <[email protected]>: >> >>> I think that path should depends on your route table. You can modify >>> route table to take some tests. >>> >>> *Best Regards!* >>> >>> >>> *Chao Yan--------------**My twitter:Andy Yan @yanchao727 >>> <https://twitter.com/yanchao727>* >>> >>> >>> *My Weibo:http://weibo.com/herewearenow >>> <http://weibo.com/herewearenow>--------------* >>> >>> 2014-09-23 15:21 GMT+08:00 Sam Lee <[email protected]>: >>> >>>> I have tracked the packets using tcpdump, and it shows that the eth0 >>>> process the packets. When a floating ip is added on instance, eth1 process >>>> the packets. >>>> >>>> 2014-09-23 15:18 GMT+08:00 严超 <[email protected]>: >>>> >>>>> Yes, that's what I suggest. You can use tcpdump to track packages as >>>>> well. >>>>> >>>>> *Best Regards!* >>>>> >>>>> >>>>> *Chao Yan--------------**My twitter:Andy Yan @yanchao727 >>>>> <https://twitter.com/yanchao727>* >>>>> >>>>> >>>>> *My Weibo:http://weibo.com/herewearenow >>>>> <http://weibo.com/herewearenow>--------------* >>>>> >>>>> 2014-09-23 15:13 GMT+08:00 Sam Lee <[email protected]>: >>>>> >>>>>> I am not sure you are right or not. Bridge is a virtual switch, if >>>>>> we want to communicate outside world using bridge, we must attach a >>>>>> physical devices to bridge. eth0 is just the device. >>>>>> >>>>>> 2014-09-23 15:04 GMT+08:00 严超 <[email protected]>: >>>>>> >>>>>>> eth0 is virtualized as br100 , as your command show: >>>>>>> >>>>>>> 2: eth0: mtu 1500 qdisc pfifo_fast *master br100 state UP* qlen 1000 >>>>>>> link/ether 00:1e:67:6a:8b:c9 brd ff:ff:ff:ff:ff:ff >>>>>>> inet6 fe80::21e:67ff:fe6a:8bc9/64 scope link >>>>>>> valid_lft forever preferred_lft forever >>>>>>> >>>>>>> So I think packages would be handled by eth0. Right? >>>>>>> >>>>>>> >>>>>>> *Best Regards!* >>>>>>> >>>>>>> >>>>>>> *Chao Yan--------------**My twitter:Andy Yan @yanchao727 >>>>>>> <https://twitter.com/yanchao727>* >>>>>>> >>>>>>> >>>>>>> *My Weibo:http://weibo.com/herewearenow >>>>>>> <http://weibo.com/herewearenow>--------------* >>>>>>> >>>>>>> 2014-09-23 14:33 GMT+08:00 Sam Lee <[email protected]>: >>>>>>> >>>>>>>> I set up an openstack environment using nova-network with >>>>>>>> multi_host mode. >>>>>>>> >>>>>>>> created network info as below, >>>>>>>> >>>>>>>> root@ubuntu:~# nova network-show e77b754d-5a89-41fd-8c82-69051e69c4ed >>>>>>>> +---------------------+--------------------------------------+ >>>>>>>> | Property | Value | >>>>>>>> +---------------------+--------------------------------------+ >>>>>>>> | bridge | br100 | >>>>>>>> | vpn_public_port | None | >>>>>>>> | dhcp_start | 172.16.10.202 | >>>>>>>> | bridge_interface | eth0 | >>>>>>>> | updated_at | None | >>>>>>>> | id | e77b754d-5a89-41fd-8c82-69051e69c4ed | >>>>>>>> | cidr_v6 | None | >>>>>>>> | deleted_at | None | >>>>>>>> | gateway | 172.16.10.1 | >>>>>>>> | rxtx_base | None | >>>>>>>> | label | private | >>>>>>>> | priority | None | >>>>>>>> | project_id | None | >>>>>>>> | vpn_private_address | None | >>>>>>>> | deleted | 0 | >>>>>>>> | vlan | None | >>>>>>>> | broadcast | 172.16.10.207 | >>>>>>>> | netmask | 255.255.255.248 | >>>>>>>> | injected | False | >>>>>>>> | cidr | 172.16.10.200/29 | >>>>>>>> | vpn_public_address | None | >>>>>>>> | multi_host | True | >>>>>>>> | dns2 | None | >>>>>>>> | created_at | 2014-09-11T07:58:13.000000 | >>>>>>>> | host | None | >>>>>>>> | gateway_v6 | None | >>>>>>>> | netmask_v6 | None | >>>>>>>> | dns1 | 8.8.4.4 | >>>>>>>> +---------------------+--------------------------------------+ >>>>>>>> Note: 172.16.10.1 is the physical gateway >>>>>>>> >>>>>>>> route info of the host as below: >>>>>>>> >>>>>>>> Kernel IP routing table >>>>>>>> Destination Gateway Genmask Flags Metric Ref >>>>>>>> Use Iface >>>>>>>> 0.0.0.0 172.16.10.1 0.0.0.0 UG 100 0 >>>>>>>> 0 eth1 >>>>>>>> 10.10.100.0 0.0.0.0 255.255.255.0 U 0 0 >>>>>>>> 0 br100 >>>>>>>> 172.16.10.0 0.0.0.0 255.255.255.0 U 0 0 >>>>>>>> 0 eth1 >>>>>>>> 172.16.10.200 0.0.0.0 255.255.255.248 U 0 0 >>>>>>>> 0 br100 >>>>>>>> >>>>>>>> three instances has been created as below, >>>>>>>> >>>>>>>> root@ubuntu:~# nova list >>>>>>>> +--------------------------------------+-------+--------+-----------------------+ >>>>>>>> | ID | Name | Status | Networks >>>>>>>> | >>>>>>>> +--------------------------------------+-------+--------+-----------------------+ >>>>>>>> | 5867fa88-de5c-4656-9811-5c86128b786b | test3 | ACTIVE | >>>>>>>> private=172.16.10.202 | >>>>>>>> | 272f8d4f-f924-488b-855f-7f53a2372708 | test4 | ACTIVE | >>>>>>>> private=172.16.10.204 | >>>>>>>> | aec01738-996f-42dc-a921-1c859c79ffed | test5 | ACTIVE | >>>>>>>> private=172.16.10.205 | >>>>>>>> +--------------------------------------+-------+--------+-----------------------+ >>>>>>>> >>>>>>>> ip info of host: >>>>>>>> >>>>>>>> root@ubuntu:~# ip a >>>>>>>> 1: lo: mtu 16436 qdisc noqueue state UNKNOWN >>>>>>>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >>>>>>>> inet 127.0.0.1/8 scope host lo >>>>>>>> inet 169.254.169.254/32 scope link lo >>>>>>>> inet6 ::1/128 scope host >>>>>>>> valid_lft forever preferred_lft forever >>>>>>>> 2: eth0: mtu 1500 qdisc pfifo_fast master br100 state UP qlen 1000 >>>>>>>> link/ether 00:1e:67:6a:8b:c9 brd ff:ff:ff:ff:ff:ff >>>>>>>> inet6 fe80::21e:67ff:fe6a:8bc9/64 scope link >>>>>>>> valid_lft forever preferred_lft forever >>>>>>>> 3: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000 >>>>>>>> link/ether 00:1e:67:6a:8b:c8 brd ff:ff:ff:ff:ff:ff >>>>>>>> inet 172.16.10.16/24 brd 172.16.10.255 scope global eth1 >>>>>>>> inet6 fe80::21e:67ff:fe6a:8bc8/64 scope link >>>>>>>> valid_lft forever preferred_lft forever >>>>>>>> 5: br100: mtu 1500 qdisc noqueue state UP >>>>>>>> link/ether 00:1e:67:6a:8b:c9 brd ff:ff:ff:ff:ff:ff >>>>>>>> inet 172.16.10.203/29 brd 172.16.10.207 scope global br100 >>>>>>>> inet 10.10.100.52/24 brd 10.10.100.255 scope global br100 >>>>>>>> inet6 fe80::44c7:b4ff:fe0c:3f/64 scope link >>>>>>>> valid_lft forever preferred_lft forever >>>>>>>> 6: vnet0: mtu 1500 qdisc pfifo_fast master br100 state UNKNOWN qlen >>>>>>>> 500 >>>>>>>> link/ether fe:16:3e:0f:03:49 brd ff:ff:ff:ff:ff:ff >>>>>>>> inet6 fe80::fc16:3eff:fe0f:349/64 scope link >>>>>>>> valid_lft forever preferred_lft forever >>>>>>>> 7: vnet1: mtu 1500 qdisc pfifo_fast master br100 state UNKNOWN qlen >>>>>>>> 500 >>>>>>>> link/ether fe:16:3e:b3:d8:a1 brd ff:ff:ff:ff:ff:ff >>>>>>>> inet6 fe80::fc16:3eff:feb3:d8a1/64 scope link >>>>>>>> valid_lft forever preferred_lft forever >>>>>>>> 8: vnet2: mtu 1500 qdisc pfifo_fast master br100 state UNKNOWN qlen >>>>>>>> 500 >>>>>>>> link/ether fe:16:3e:0e:7a:0d brd ff:ff:ff:ff:ff:ff >>>>>>>> inet6 fe80::fc16:3eff:fe0e:7a0d/64 scope link >>>>>>>> valid_lft forever preferred_lft forever >>>>>>>> >>>>>>>> mac table of br100: >>>>>>>> >>>>>>>> root@ubuntu:~# brctl showmacs br100 >>>>>>>> port no mac addr is local? ageing timer >>>>>>>> 1 00:0c:29:27:9d:7e no 16.79 >>>>>>>> 1 00:0c:29:27:9d:88 no 5.49 >>>>>>>> 1 00:0c:29:58:9a:64 no 31.86 >>>>>>>> 1 00:0c:29:f3:cf:7b no 21.28 >>>>>>>> 1 00:12:7f:7d:37:a1 no 35.54 >>>>>>>> 1 00:14:5e:ac:7c:b5 no 26.20 >>>>>>>> 1 00:14:5e:e8:03:d1 no 13.31 >>>>>>>> 1 00:14:f2:a8:00:81 no 1.11 >>>>>>>> 1 00:1e:67:45:85:ad no 14.02 >>>>>>>> 1 00:1e:67:64:ed:c9 no 10.10 >>>>>>>> 1 00:1e:67:64:ee:a5 no 9.38 >>>>>>>> 1 00:1e:67:6a:8b:c9 yes 0.00 >>>>>>>> 1 00:1e:67:97:17:ee no 52.97 >>>>>>>> 1 52:54:00:01:40:23 no 10.72 >>>>>>>> 1 52:54:00:1c:71:3d no 5.50 >>>>>>>> 1 52:54:00:47:9c:ee no 8.70 >>>>>>>> 1 52:54:00:b8:aa:45 no 9.79 >>>>>>>> 1 52:54:00:ee:60:44 no 7.61 >>>>>>>> 1 5c:f3:fc:00:0e:da no 56.27 >>>>>>>> 1 5c:f3:fc:00:ad:02 no 1.13 >>>>>>>> 1 6c:ae:8b:51:49:12 no 0.64 >>>>>>>> 1 8a:62:65:05:8d:02 no 5.38 >>>>>>>> 1 ae:2a:9d:74:11:03 no 155.47 >>>>>>>> 1 e4:1f:13:75:47:e0 no 8.24 >>>>>>>> 1 e4:1f:13:fc:a8:21 no 176.11 >>>>>>>> 1 fa:16:3e:00:c8:ce no 0.38 >>>>>>>> 1 fa:16:3e:05:61:a3 no 4.29 >>>>>>>> 4 fa:16:3e:0e:7a:0d no 11.35 >>>>>>>> 2 fa:16:3e:0f:03:49 no 9.90 >>>>>>>> 1 fa:16:3e:2c:6c:55 no 24.90 >>>>>>>> 1 fa:16:3e:2d:f0:f0 no 7.40 >>>>>>>> 1 fa:16:3e:3b:35:e1 no 27.88 >>>>>>>> 1 fa:16:3e:3f:1a:0c no 9.18 >>>>>>>> 1 fa:16:3e:49:d6:54 no 10.57 >>>>>>>> 1 fa:16:3e:4a:47:6e no 13.07 >>>>>>>> 1 fa:16:3e:61:d5:0c no 24.14 >>>>>>>> 1 fa:16:3e:6b:89:c1 no 25.96 >>>>>>>> 1 fa:16:3e:85:80:df no 3.74 >>>>>>>> 1 fa:16:3e:8d:a4:da no 28.20 >>>>>>>> 1 fa:16:3e:9f:bb:0c no 13.65 >>>>>>>> 1 fa:16:3e:a6:88:1d no 24.17 >>>>>>>> 3 fa:16:3e:b3:d8:a1 no 6.07 >>>>>>>> 1 fa:16:3e:c8:42:0d no 27.80 >>>>>>>> 1 fa:16:3e:ca:a8:8e no 4.70 >>>>>>>> 1 fa:16:3e:e8:a7:9b no 27.31 >>>>>>>> 4 fe:16:3e:0e:7a:0d yes 0.00 >>>>>>>> 2 fe:16:3e:0f:03:49 yes 0.00 >>>>>>>> 3 fe:16:3e:b3:d8:a1 yes 0.00 >>>>>>>> >>>>>>>> arp table of instance test5: >>>>>>>> >>>>>>>> [root@test5 ~]# arp -a >>>>>>>> ? (172.16.10.203) at 00:1e:67:6a:8b:c9 [ether] on eth0 >>>>>>>> ? (172.16.10.1) at 00:12:7f:7d:37:a1 [ether] on eth0 >>>>>>>> >>>>>>>> route info of instance test5 >>>>>>>> >>>>>>>> [root@test5 ~]# route -n >>>>>>>> Kernel IP routing table >>>>>>>> Destination Gateway Genmask Flags Metric Ref >>>>>>>> Use Iface >>>>>>>> 172.16.10.1 0.0.0.0 255.255.255.255 UH 0 0 >>>>>>>> 0 eth0 >>>>>>>> 172.16.10.200 0.0.0.0 255.255.255.248 U 1 0 >>>>>>>> 0 eth0 >>>>>>>> 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 >>>>>>>> 0 virbr0 >>>>>>>> 0.0.0.0 172.16.10.1 0.0.0.0 UG 0 0 >>>>>>>> 0 eth0 >>>>>>>> >>>>>>>> I ping www.sina.com.cn in instances test5(172.16.10.205) >>>>>>>> >>>>>>>> [root@test5 ~]# ping www.sina.com.cn >>>>>>>> PING ara.sina.com.cn (58.63.236.35) 56(84) bytes of data. >>>>>>>> 64 bytes from 58.63.236.35: icmp_seq=1 ttl=49 time=38.4 ms >>>>>>>> 64 bytes from 58.63.236.35: icmp_seq=2 ttl=49 time=38.5 ms >>>>>>>> 64 bytes from 58.63.236.35: icmp_seq=3 ttl=49 time=38.2 ms >>>>>>>> ^C >>>>>>>> --- ara.sina.com.cn ping statistics --- >>>>>>>> 3 packets transmitted, 3 received, 0% packet loss, time 2436ms >>>>>>>> rtt min/avg/max/mdev = 38.259/38.427/38.536/0.256 ms >>>>>>>> >>>>>>>> In my option, the packet will go through as follow, >>>>>>>> 1. vm eth0 >>>>>>>> 2. br100 >>>>>>>> 3. according the mac table of switch br100, the packet will go >>>>>>>> through to port 1 >>>>>>>> >>>>>>>> the next step has always puzzled me >>>>>>>> 4. the packet arrived at host eth0. Once the packet arrived eth0, >>>>>>>> it will be processed by iptables chains, INPUT, PREROUTING, kernel >>>>>>>> routing, >>>>>>>> OUTPUT and so on. the destination address is 58.63.236.35, based on the >>>>>>>> kernel routing table, the packet will be processed by eth1. *In >>>>>>>> fact, eth0 processes it.*can anyone explain why?? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Thanks in advance. >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Mailing list: >>>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>>>>>>> Post to : [email protected] >>>>>>>> Unsubscribe : >>>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
