Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Routing via several interfaces for hosted virtual machines
Operating Systems Linux Routing via several interfaces for hosted virtual machines Post 302441384 by bakunin on Friday 30th of July 2010 12:03:39 PM
Old 07-30-2010
Routing via several interfaces for hosted virtual machines
My setup consists of a hardware node, which hosts several virtual machines (OpenVZ, to be precise). The hardware node has two network interfaces (<ifA>, <ifB>) connected to different subnets (<networkA>, <networkB>). I want to route the traffic of certain VEs over <ifB> while routing the other VEs traffic (and the hardware node itself) through the other interface <ifA>.

Searching the internet i found some related explanation (see this thread) and tried to adapt it for my purposes, but failed. The idea was to create a second routing table and direct all packages to/from a certain group of VEs to it (and hence <ifB>) by marking them via iptables. My (not working) setup looks like:

local interfaces: ifA (in networkA) is routed via routerA, ifB (in networkB) is routed via routerB, ifA contains the default route for the system (to routerA) and is also used for some VEs. The part of ifA works, i failed in setting up proper routing for ifB and its dependent VEs.

Code:
echo "100 dsan" >> /etc/iproute2/rt_tables

ip route add <networkB> dev eth4 proto kernel src <ifB> table 100
ip route add via <routerB> dev eth4 proto kernel table 100

ip rule add fwmark 2 table 100

iptables -t mangle -A FORWARD -s <networkB> -j MARK --set-mark 2
iptables -t mangle -A FORWARD -d <networkB> -j MARK --set-mark 2

iptables -t mangle -A INPUT -s <networkB> -j MARK --set-mark 2
iptables -t mangle -A INPUT -d <networkB> -j MARK --set-mark 2

iptables -t mangle -A OUTPUT -s <networkB> -j MARK --set-mark 2
iptables -t mangle -A OUTPUT -d <networkB> -j MARK --set-mark 2

ip route flush cache

Any suggestions?

bakunin
 

9 More Discussions You Might Find Interesting

1. Solaris

Adding multiple virtual interfaces on a non global zone.

Hello All, I have a requirement to add multiple virtual interfaces on a non-global zone (Solaris 10). The global zone is a 2 node Veritas Cluster Server. So, my question is do we have to make any modifications to the cluster config (which I think should not be the case)? Can anyone help with me... (11 Replies)
Discussion started by: mahive
11 Replies

2. UNIX for Dummies Questions & Answers

Need help with finding info on pcode-interpreters-virtual machines

I'm trying to research interpreters and I can't find much info on Pcode or how or why it is used. Thanks in advance!:wall: (2 Replies)
Discussion started by: theKbStockpiler
2 Replies

3. Ubuntu

Ping between two virtual machines

Hello, I installed two virtual machines ubuntu10 on VM VirtualBox . Please, what are the steps to make a ping from one of these two machines on the other (the configurations )? Thank you. (4 Replies)
Discussion started by: chercheur111
4 Replies

4. Solaris

Interfaces and Virtual-interfaces queries

Hi Al, In course of understanding networking in Solaris, I have these doubts on Interfaces. Please clarify me. I have done fair research in this site and others but could not be clarified. 1. In the "ifconfig -a" command, I see many interfaces and their configurations. But I see many... (1 Reply)
Discussion started by: satish51392111
1 Replies

5. UNIX and Linux Applications

Help with Install KVM and Create Virtual Machines VMWare In PC

Help with Install KVM and Create Virtual Machines VMWare In PC. I want to lean KVM bios Logical Volume Management by KVM and other problem fix remotely.So,I want to practice on my PC.It,s Possible then how? Thank you (0 Replies)
Discussion started by: domaingood
0 Replies

6. IP Networking

Routing problem : two interfaces one gateway

hi folks, i have a horstbox-router with the following configuration. it has 4 ethernet ports from wich one (wan0) is configured as an external modem via dhcp. at this port/interface(wan0) it is connected with my home network (other switch). this configuration results in the following... (14 Replies)
Discussion started by: gencaslan
14 Replies

7. UNIX for Dummies Questions & Answers

Virtual etc interfaces??

So after getting a Nagios plugin up and running that checks certain things including network interfaces, I get an error off the one box I built (as opposed to all of the others that were built by a former employee). The error complains of the "NIC logical group" failing. All the boxes are HP... (7 Replies)
Discussion started by: xdawg
7 Replies

8. UNIX for Beginners Questions & Answers

Providing virtual machine priority in kvm based virtual machines

Hi All, Is there any way I can prioritize my VMs when there is resource crunch in host machine so that some VMs will be allocated more vcpu, more memory than other VMs in kvm/qemu hypervisor based virtual machines? Lets say in my cloud environment my Ubuntu 16 compute hosts are running some... (0 Replies)
Discussion started by: SanjayK
0 Replies

9. UNIX for Beginners Questions & Answers

Virtual Interfaces on Linux

Hi, I have RH Linux system on which we have a 10Gb nic card that we want to configure multiple Virtual interfaces that are all tagged on the switch side. Here is what I am trying to do, I want to have clients from different vlans that are truncked to be able to communicate with my RHEL... (1 Reply)
Discussion started by: new2prog
1 Replies

LEARN ABOUT FREEBSD

tc-fw

Firewall mark classifier in tc(8)				       Linux					 Firewall mark classifier in tc(8)

NAME

       fw - fwmark traffic control filter

SYNOPSIS

       tc filter ... fw [ classid CLASSID ] [ action ACTION_SPEC ]

DESCRIPTION

       the fw filter allows to classify packets based on a previously set fwmark by iptables.  If it is identical to the filter's handle, the fil-
       ter matches.  iptables allows to mark single packets with the MARK target, or whole connections using CONNMARK.	The benefit of using  this
       filter  instead of doing the heavy-lifting with tc itself is that on one hand it might be convenient to keep packet filtering and classifi-
       cation in one place, possibly having to match a packet just once, and on the other users familiar with iptables but not tc will have a less
       hard time adding QoS to their setups.

OPTIONS

       classid CLASSID
	      Push matching packets to the class identified by CLASSID.

       action ACTION_SPEC
	      Apply an action from the generic actions framework on matching packets.

EXAMPLES

       Take e.g. the following tc filter statement:

	      tc filter add ... handle 6 fw classid 1:1

       will match if the packet's fwmark value is 6.  This is a sample iptables statement marking packets coming in on eth0:

	      iptables -t mangle -A PREROUTING -i eth0 -j MARK --set-mark 6

SEE ALSO

       tc(8), iptables(8), iptables-extensions(8)

iproute2							    21 Oct 2015 				 Firewall mark classifier in tc(8)
All times are GMT -4. The time now is 10:17 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy