[Vserver] [RFC] Future Linux-Vserver Networking (Part 2):
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
About this list Date view Thread view Subject view Author view Attachment view

From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Mon 29 Mar 2004 - 20:24:51 BST

Hello Community!

as promised, here the second part, with some concepts about
routing (I'll save the netfilter stuff for the next part)

I did some examples last time with QEMU and I will use it
again to illustrate the internals (you can use UML or VMware
or a real network to do this).

------------

most people know 'ifconfig' and 'route', not only because
they are very old, but also because they are available on
many different unix systems. linux also support them, but
there are other, more kernel tailored tools, and I'm going
to show 'ip' (from iproute2), and compare it to the 'old'
tools, wherever possible ...

[+] will mark the 'old' version and [#] the 'ip'-tool one

first, a routing scenario:

    +----------+ +-------------+
    | Host A | 10.0.0.0/24 | Host B |
    | 10.0.0.1 +------------------------+ 10.0.0.2 |
    | | |-------------|
    +----------+ | 192.168.0.1 |
                                        +-------------+

I'll simulate this with the following setup:

  on the host:
  [+] ifconfig tun0 10.0.0.1/24
            route -n

      Kernel IP routing table
      Destination Gateway Genmask F M R Use Iface
      10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0

  [#] ip addr add 10.0.0.1/24 dev tun0
            ip link set tun0 up
            ip route show
  
      10.0.0.0/24 dev tun0 proto kernel scope link src 10.0.0.1

  and on the (QEMU) client:
  
  [+] ifconfig eth0 10.0.0.2/24
            ifconfig dummy0 192.168.0.1/24
            route -n

      Kernel IP routing table
      Destination Gateway Genmask F M R Use Iface
      10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
      192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 dummy0

  [#] ip addr add 10.0.0.2/24 dev eth0
            ip link set eth0 up
            ip addr add 192.168.0.1/24 dev dummy0
            ip link set dummy0 up
            ip route show

      10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.2
      192.168.0.0/24 dev dummy0 proto kernel scope link src 192.168.0.1

now we try to ping both IPs on the client, 10.0.0.2 and
192.168.0.1 from the host, and we see, that while the
former can be reached without any issues, the latter
gives 'Network is unreachable' or a timeout if you have
a default gateway set on the host ...

what we need is to add a specific route to reach the
second ip address (192.168.0.1) on the host, so we do:

  [+] route add -net 192.168.0.0/24 gw 10.0.0.2

  [#] ip route add 192.168.0.0/24 via 10.0.0.2

and from now on, the ping to 192.168.0.1 will succeed on
the host as the one to 10.0.0.2 did before ... now let us
take a look at the packet statistics:

    H# ping -c 10 10.0.0.2

   --- 10.0.0.2 ping statistics ---
   10 packets transmitted, 10 packets received, 0% packet loss
   round-trip min/avg/max/mdev = 0.134/1.132/8.557/2.480 ms

   tun0 Link encap:Ethernet HWaddr ...
          inet addr:10.0.0.1 Bcast: ... Mask:255.255.255.0
          RX packets:12 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          RX bytes:1100 (1.0 Kb) TX bytes:1064 (1.0 Kb)

   eth0 Link encap:Ethernet HWaddr ...
          inet addr:10.0.0.2 Bcast: ... Mask:255.255.255.0
          RX packets:12 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          RX bytes:1100 (1.0 KiB) TX bytes:1100 (1.0 KiB)

    H# ping -c 10 192.168.0.2
 
   --- 192.168.0.1 ping statistics ---
   10 packets transmitted, 10 packets received, 0% packet loss
   round-trip min/avg/max/mdev = 0.199/1.083/8.424/2.449 ms

   eth0 Link encap:Ethernet HWaddr ...
          inet addr:10.0.0.2 Bcast: ... Mask:255.255.255.0
          RX packets:12 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          RX bytes:1100 (1.0 KiB) TX bytes:1100 (1.0 KiB)

   dummy0 Link encap:Ethernet HWaddr ...
          inet addr:192.168.0.1 Bcast: ... Mask:255.255.255.0
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

interesting things to spend a second thought on:

  - why does the second ping require an additional route?
  - is there a difference in how the packets travel?
  - should dummy0 receive or send any packets?
  - what would be required to reach the client from
    any other box in a local lan of the host?

next part: netfilter

best,
Herbert

PS: let me know if the level is too low/high and if you are
    interested in this stuff ... because if not, I skip to
    the questions without any further explanations ...

_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 29 Mar 2004 - 20:25:52 BST by hypermail 2.1.3