RE: [Vserver] vserver + vlans

Thu, 18 Aug 2005 02:00:27 -0700 

On Thu, 2005-08-18 at 09:58 +0200, metaworx lists wrote:
> > On Tue, Aug 16, 2005 at 10:01:47AM +0200, Matvey Gladkikh wrote:
> > > I have small question. Can vserver guests be bind to vlan 
> > > interfaces eg. bond0.10 not phisical eth0 and eth1?
> > 
> > Yes
> 
> > I have not tested on recent versions so though.
> 
> we are running vlans on top of a bridged device and bind guests to this
> interfaces and everything seems to work as expected so far.
> 
> what we have not yet fully tested, whether different guests in different
> vlans can communicate to each other while running on the same host (Kernel).
> I suppose thy can, but this does normaly not match the intention sice you
> place them in different vlans ;-)
They probably can communicate with eachother, they all share the same
routing table as they are in the same box :)

> the reason is that it is the same kernal and therefore the packages do not
> pass the vlan part of the device driver. a solution could be iptables, the
> way we will try to separate the vservers.
Try iproute2 (I got this originally from the wiki, but I don't have the link 
handy at the moment).

Create a new routing table (I use the vlan ID as table ID, but anything
goes as long as it's less than 255 (AFAIK) )

The versions in use with my setup are:# vserver-info
Versions:
                   Kernel: 2.6.11.6-grsec-vs1.9.5
                   VS-API: 0x00010025
             util-vserver: 0.30.207; May 18 2005, 17:47:45


Here's an example:
${MYNET} == Server's network address
${SVRPFX} == Server's network prefix (CIDR notation)
${MYVLAN} == Vlan ID
${VLAN} == Vlan ID < 255

echo "10        VLAN10" > /etc/iproute2/rt_tables

ip rule add from ${MYNET}/${SVRPFX} table ${VLAN}
ip route add ${MYNET}/${SVRPFX} dev eth1.${MYVLAN} table ${VLAN}
ip route add default via ${MYGW} dev eth1.${MYVLAN} table ${VLAN}  

-- 
Regards,
Dennis Roos

Network Engineer @ InTouch N.V.
Middenweg 76
1097 BS Amsterdam
Tel: +31 (0)20 6752060
Fax: +31 (0)20 6758429

-=[Assumption is the mother of all f*ckups]=-


_______________________________________________
Vserver mailing list
[email protected]
http://list.linux-vserver.org/mailman/listinfo/vserver

Reply via email to