From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Tue 03 Dec 2002 - 20:32:04 GMT
On Tue, 3 Dec 2002 14:37:04 -0500, John Goerzen wrote
> In article <Pine.LNX.4.21.0212030924190.9048-100000_at_starsky.19inch.net>, Paul Sladen
> wrote:
> > On Tue, 3 Dec 2002, Ola Lundqvist wrote:
> >> On Mon, Dec 02, 2002 at 04:13:21PM -0600, John Goerzen wrote:
> >> > it does not allow the second and subsequent interfaces to have a netmask or
> >> > broadcast address different from the first.
> >
> > It was originally designed for just hooking the all-ones broadcast address
> > (for running dhcpd) and that was just an extension of the set_ipv4root()
> > interface only allowing a single address at the time
> 2. Run several vservers on a single machine, and use the Linux "dummy"
> driver to give them a way to communicate with each other without
> using the system's Ethernet interface -- but still give some of them an IP
> address on that Ethernet.
>
> I have tried to set up #2 so far. I can get things working when each
> vserver has a single IP address. However, when I set them up with multiple
> IP addresses, I get a lot of problems:
>
> 1. The interfaces all have the broadcast and netmask of the first one.
>
> I have gone in with ifconfig to fix this, to no avail.
This will be fixed in 0.22 as explained in another message.
> 2. All packets going out of the vserver have the source IP address
> set to the first IPROOT address specified, regardless of which interface
> they're going to.
Yes, this is how it works. The vserver is forced to use the first IP in IPROOT
to communicate. It is allowed to bind before connecting, but it must select
one IP in its list.
It would be possible for the kernel to select on IP in the IPROOT based on
netmask and find the closest to the target address, so if you kind of bind
a internal network say 192.168.1.0 with one vserver A using 192.168.1.1
and another B using 192.168.1.2, when A talks to B (192.168.1.2), it will
use 192.168.1.1 as its source address even if its first IPROOT address is
something else.
On a non-vserver box, if one talks to 192.168.1.2, then the request comes
from 192.168.1.2, but the vserver A is not allowed to use this address. It must
uses only address in its own IPROOT.
This sounds like a valid enhancement. This would also solved the case where
one vserver has two public IP and talks to different places using the two
interface. Currently, it always uses the first IP unless told otherwise.
I am fighting with ctx-15 (still crashing on me), but will look at this issue a
little later.
---------------------------------------------------------
Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!
http://www.solucorp.qc.ca/miscprj/s_context.hc