Re: [Lxc-users] local routing

2011-05-11 Thread Daniel Lezcano 
On 05/10/2011 12:24 AM, Ulli Horlacher wrote:
 On Mon 2011-05-09 (22:52), Daniel Lezcano wrote:
 On 05/09/2011 03:10 PM, Ulli Horlacher wrote:

 I have a lxc host (zoo 129.69.1.68) with a container (vmtest8 129.69.8.6).

 I want all host/container communication to be internal without network
 traffic going via external router.
 Maybe I misunderstood but why don't you setup a bridge for the container
 only without attaching the physical interface and making sure
 /proc/sys/net/ipv4/ip_forward is not set ?
 Of course the containers shall be able to communicate with the internet,
 too.

 But I want the communication of host-container to be internal and not via
 external router.
If you create a bridge, attach the physical interface to it, give the 
bridge the ip address you usually give to eth0, (make sure ifconfig eth0 
0.0.0.0) and then give an IP address to the container on the same 
network than eth0, that will allow to have your container to communicate 
on the network and the host without passing through a gateway.

Is it what you want to achieve ?

--
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] local routing

2011-05-11 Thread Ulli Horlacher 
On Wed 2011-05-11 (11:29), Daniel Lezcano wrote:

 If you create a bridge, attach the physical interface to it, give the 
 bridge the ip address you usually give to eth0, (make sure ifconfig eth0 
 0.0.0.0) and then give an IP address to the container on the same 
 network than eth0, that will allow to have your container to communicate 
 on the network and the host without passing through a gateway.

This is already working. Example (vms2 is the host):

root@vms2:~# lxc -l
container  size (MB)   start-PIDstatus
flupp  332025251   running
ubuntu   490   0   stopped
vmtest8  4905664   running

root@vms2:~# host vms2
vms2.rus.uni-stuttgart.de has address 129.69.1.68

root@vms2:~# host flupp
flupp.rus.uni-stuttgart.de has address 129.69.1.219

root@vms2:~# traceroute flupp
traceroute to flupp (129.69.1.219), 30 hops max, 60 byte packets
 1  flupp.rus.uni-stuttgart.de (129.69.1.219)  16.533 ms  16.537 ms  16.538 ms


But I have other containers on other networks, too. Example:

root@vms2:~# host vmtest8
vmtest8.rus.uni-stuttgart.de has address 129.69.8.6

root@vms2:~# traceroute vmtest8
traceroute to vmtest8 (129.69.8.6), 30 hops max, 60 byte packets
 1  ar30a-y2g-rus-1.rus.uni-stuttgart.de (129.69.1.251)  0.674 ms  0.734 ms  
0.793 ms
 2  * * *

vmtest8 has no internet connection so far, because the VLAN setup is not
correct. But this is another problem :-}

Nevertheless the host vms2 should reach the container vmtest8 directly
(internaly) without using an external router.

I can obtain this by setting host routes on vms2 and vmtest8, as I have
described in my first mail. Then host and container can reach each other
directly. What I now want is some kind of automatism. I do not want to set
such host routes manually, every time I use lxc-start.





-- 
Ullrich Horlacher  Server- und Arbeitsplatzsysteme
Rechenzentrum  E-Mail: horlac...@rus.uni-stuttgart.de
Universitaet Stuttgart Tel:++49-711-685-65868
Allmandring 30 Fax:++49-711-682357
70550 Stuttgart (Germany)  WWW:http://www.rus.uni-stuttgart.de/

--
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] local routing

2011-05-11 Thread Ulli Horlacher 
On Tue 2011-05-10 (20:08), C Anthony Risinger wrote:

 I believe Daniel is saying you can pass each container two interfaces -- one
 is the public and one is a local only private network for your host and
 containers.

Then I have secondary addresses for each server and I have to decide
manually which one I have to use for internal communication.


 Though I'd think the host/bridge code would not actually ping pong the
 packets off an external device if the target IP resolves back to the host?

It does.

-- 
Ullrich Horlacher  Server- und Arbeitsplatzsysteme
Rechenzentrum  E-Mail: horlac...@rus.uni-stuttgart.de
Universitaet Stuttgart Tel:++49-711-685-65868
Allmandring 30 Fax:++49-711-682357
70550 Stuttgart (Germany)  WWW:http://www.rus.uni-stuttgart.de/

--
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] local routing

2011-05-11 Thread John Soros 
Hallo,
Maybe I misunderstand your question, please tell me so.
It seems to me you want to just script this routing stuff, this is
possible in lxc on the host (use lxc.network.script.up), then all you
need is configure properly the network interface in the guest os (in
debian /etc/network/interfaces)
hth
John

ps. I don't want to seem to be agressively advertising my site, but i
have a similar setup described on http://j.9souldier.org/trunk/lxc/net/

--
The Excuse: TCP/IP UDP alarm threshold is set too low.


On Wed, 11 May 2011 14:40:05 +0200
Ulli Horlacher frams...@rus.uni-stuttgart.de wrote:

 On Wed 2011-05-11 (11:29), Daniel Lezcano wrote:
 
  If you create a bridge, attach the physical interface to it, give
  the bridge the ip address you usually give to eth0, (make sure
  ifconfig eth0 0.0.0.0) and then give an IP address to the container
  on the same network than eth0, that will allow to have your
  container to communicate on the network and the host without
  passing through a gateway.
 
 This is already working. Example (vms2 is the host):
 
 root@vms2:~# lxc -l
 container  size (MB)   start-PIDstatus
 flupp  332025251   running
 ubuntu   490   0   stopped
 vmtest8  4905664   running
 
 root@vms2:~# host vms2
 vms2.rus.uni-stuttgart.de has address 129.69.1.68
 
 root@vms2:~# host flupp
 flupp.rus.uni-stuttgart.de has address 129.69.1.219
 
 root@vms2:~# traceroute flupp
 traceroute to flupp (129.69.1.219), 30 hops max, 60 byte packets
  1  flupp.rus.uni-stuttgart.de (129.69.1.219)  16.533 ms  16.537 ms
 16.538 ms
 
 
 But I have other containers on other networks, too. Example:
 
 root@vms2:~# host vmtest8
 vmtest8.rus.uni-stuttgart.de has address 129.69.8.6
 
 root@vms2:~# traceroute vmtest8
 traceroute to vmtest8 (129.69.8.6), 30 hops max, 60 byte packets
  1  ar30a-y2g-rus-1.rus.uni-stuttgart.de (129.69.1.251)  0.674 ms
 0.734 ms  0.793 ms 2  * * *
 
 vmtest8 has no internet connection so far, because the VLAN setup is
 not correct. But this is another problem :-}
 
 Nevertheless the host vms2 should reach the container vmtest8 directly
 (internaly) without using an external router.
 
 I can obtain this by setting host routes on vms2 and vmtest8, as I
 have described in my first mail. Then host and container can reach
 each other directly. What I now want is some kind of automatism. I do
 not want to set such host routes manually, every time I use lxc-start.
 
 
 
 
 


--
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] local routing

2011-05-09 Thread Daniel Lezcano 
On 05/09/2011 03:10 PM, Ulli Horlacher wrote:

 I have a lxc host (zoo 129.69.1.68) with a container (vmtest8 129.69.8.6).

 I want all host/container communication to be internal without network
 traffic going via external router.

Maybe I misunderstood but why don't you setup a bridge for the container 
only without attaching the physical interface and making sure 
/proc/sys/net/ipv4/ip_forward is not set ?

 I know I can setup host routes like:

 root@vms2:# route add -host 129.69.8.6 gw 129.69.1.68

 root@vms2:# route -n
 Kernel IP routing table
 Destination Gateway Genmask Flags Metric RefUse Iface
 129.69.8.6  129.69.1.68 255.255.255.255 UGH   0  00 br0
 129.69.1.0  0.0.0.0 255.255.255.0   U 0  00 br0
 0.0.0.0 129.69.1.2540.0.0.0 UG10000 br0

 root@vms2:# lxc -c vmtest8

 TypeCtrl+a q  to exit the console

 root@vmtest8:~# route add -host 129.69.1.68 gw 129.69.8.6

 root@vmtest8:~# route -n
 Kernel IP routing table
 Destination Gateway Genmask Flags Metric RefUse Iface
 129.69.1.68 129.69.8.6  255.255.255.255 UGH   0  00 eth0
 129.69.8.0  0.0.0.0 255.255.255.0   U 0  00 eth0
 0.0.0.0 129.69.8.2540.0.0.0 UG0  00 eth0


 root@vms2:# ping 129.69.8.6
 PING 129.69.8.6 (129.69.8.6) 56(84) bytes of data.
 64 bytes from 129.69.8.6: icmp_seq=1 ttl=64 time=9.54 ms
 64 bytes from 129.69.8.6: icmp_seq=2 ttl=64 time=0.015 ms
 64 bytes from 129.69.8.6: icmp_seq=3 ttl=64 time=0.014 ms
 64 bytes from 129.69.8.6: icmp_seq=4 ttl=64 time=0.013 ms
 64 bytes from 129.69.8.6: icmp_seq=5 ttl=64 time=0.015 ms
 64 bytes from 129.69.8.6: icmp_seq=6 ttl=64 time=0.013 ms
 ^C
 --- 129.69.8.6 ping statistics ---
 6 packets transmitted, 6 received, 0% packet loss, time 4998ms
 rtt min/avg/max/mdev = 0.013/1.602/9.547/3.553 ms

 But I do not want to set up such host routes manually, they should be
 created some kind of automatic.

 With only 1 host/container pair it is not much trouble. But later I want
 to have a dozen containers and they all should use internal routing.

 Modifying the host and each container VM routing table manually is nasty.




--
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] local routing

2011-05-09 Thread Ulli Horlacher 
On Mon 2011-05-09 (22:52), Daniel Lezcano wrote:
 On 05/09/2011 03:10 PM, Ulli Horlacher wrote:
 
 
  I have a lxc host (zoo 129.69.1.68) with a container (vmtest8 129.69.8.6).
 
  I want all host/container communication to be internal without network
  traffic going via external router.
 
 Maybe I misunderstood but why don't you setup a bridge for the container 
 only without attaching the physical interface and making sure 
 /proc/sys/net/ipv4/ip_forward is not set ?

Of course the containers shall be able to communicate with the internet,
too.

But I want the communication of host-container to be internal and not via
external router.

-- 
Ullrich Horlacher  Server- und Arbeitsplatzsysteme
Rechenzentrum  E-Mail: horlac...@rus.uni-stuttgart.de
Universitaet Stuttgart Tel:++49-711-685-65868
Allmandring 30 Fax:++49-711-682357
70550 Stuttgart (Germany)  WWW:http://www.rus.uni-stuttgart.de/

--
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users