For environments with several different uplink connections, it might be useful to setup source-based routing for virtual environments to use certain uplink connection for network communication with remote hosts.
For example, there can be few network interfaces on a physical host with designated IP address ranges to use:
- average speed with unlimited amount of traffic, available through
- high-speed guaranteed connection with per-megabyte accounting via
- unreliable low-cost connection for test subscriptions on
- local-only network for internal use on
Basing on this, one can have 4 types of subscriptions for virtual environments, where one of those subscription types can create environments for internal use only, with access to the internal network.
There is no problem to setup this configuration in bridged mode via defining a virtual network attached to every physical interface, however, for routed mode, Parallels Virtuozzo Containers and Parallels Server products do not support such configuration.
Manual configuration is described below. Changes to scripts are to be applied on every product update.
Setting up routing
For virtual environments in routed mode, to be able to communicate directly with each other on the same host, their routes should be used before other rules, i.e. there should be a separate routing table with smaller precedence:
~# ip rule 0: from all lookup local 30000: from all lookup routed_ves 32766: from all lookup main 32767: from all lookup default ~#
And the table
routed_ves should contain routes to IP addresses of virtual environments running on this host:
~# ip route list table routed_ves 172.26.0.66 dev venet0 scope link metric 1000 172.26.0.50 dev venet0 scope link metric 1000 172.26.0.70 dev venet0 scope link metric 1000 192.168.55.55 dev venet0 scope link metric 1000 ~#
That is, to route external traffic from these virtual environments through the interface *
eth3 (the internal network as per definition above), the additional rule with precedence in the range 30001-32765 should be set and routes added to the corresponding table:
~# ip rule add pref 30101 table 101 from 172.26.0.0/24 ~# ip route add 172.26.0.0/24 dev eth3 table 101 ~# ip route add default via 172.26.0.1 dev eth3 table 101
Other IP ranges and network interfaces can be configured in the same way, with defining routing tables, configuring precedence for tables, and setting routing rules.
Note: Do not define any additional table for subnetwork which matches the node's default connection.
Making it automatic
As noted, such customization is not supported by default, routes to virtual environments are added to the table
main. To add routes to IP addresses assigned to containers automatically to some specific table, few changes should be done.
A table should be defined, e.g. with the number "100":
~# echo "100 routed_ves" >> /etc/iproute2/rt_tables
This table should be mentioned in the global configuration file:
~# echo -e "##For source-based routing\nROUTE_TABLE=routed_ves\nROUTE_PREF=30000" >> /etc/sysconfig/vz
The start-up script of Virtuozzo and the file with helper functions should be modified to use the defined table (this should be reapplied on update's installation):
~# wget http://kb.plesk.com/Attachments/kcs-26837/scripts.diff ~# patch -p1 -d/ < scripts.diff
Note: The patch is to be reapplied after installing updates.
- The custom tables should be created (101 and others) and configured on the system start, e.g. in the script