Article ID: 120747, created on Mar 26, 2014, last review on Jun 17, 2016

  • Applies to:
  • Virtuozzo
  • Virtuozzo containers for Linux
  • Virtuozzo hypervisor
  • Virtual Automation 6.0


For environments with several different uplink connections, it might be useful to setup source-based routing for virtual environments to use certain uplink connection for network communication with remote hosts.

For example, there can be few network interfaces on a physical host with designated IP address ranges to use:

  • average speed with unlimited amount of traffic, available through eth0;
  • high-speed guaranteed connection with per-megabyte accounting via eth1;
  • unreliable low-cost connection for test subscriptions on eth2;
  • local-only network for internal use on eth3.

Basing on this, one can have 4 types of subscriptions for virtual environments, where one of those subscription types can create environments for internal use only, with access to the internal network.

There is no problem to setup this configuration in bridged mode via defining a virtual network attached to every physical interface, however, for routed mode, Parallels Virtuozzo Containers and Parallels Server products do not support such configuration.

Manual configuration is described below. Changes to scripts are to be applied on every product update.

Setting up routing

For virtual environments in routed mode, to be able to communicate directly with each other on the same host, their routes should be used before other rules, i.e. there should be a separate routing table with smaller precedence:

~# ip rule
0:      from all lookup local 
30000:  from all lookup routed_ves 
32766:  from all lookup main 
32767:  from all lookup default 

And the table routed_ves should contain routes to IP addresses of virtual environments running on this host:

~# ip route list table routed_ves dev venet0  scope link  metric 1000 dev venet0  scope link  metric 1000 dev venet0  scope link  metric 1000 dev venet0  scope link  metric 1000 

That is, to route external traffic from these virtual environments through the interface *eth3 (the internal network as per definition above), the additional rule with precedence in the range 30001-32765 should be set and routes added to the corresponding table:

~# ip rule add pref 30101 table 101 from
~# ip route add dev eth3 table 101
~# ip route add default via dev eth3 table 101

Other IP ranges and network interfaces can be configured in the same way, with defining routing tables, configuring precedence for tables, and setting routing rules.

Note: Do not define any additional table for subnetwork which matches the node's default connection.

Making it automatic

As noted, such customization is not supported by default, routes to virtual environments are added to the table main. To add routes to IP addresses assigned to containers automatically to some specific table, few changes should be done.

  1. A table should be defined, e.g. with the number "100":

    ~# echo "100 routed_ves" >> /etc/iproute2/rt_tables
  2. This table should be mentioned in the global configuration file:

    ~# echo -e "##For source-based routing\nROUTE_TABLE=routed_ves\nROUTE_PREF=30000" >> /etc/sysconfig/vz
  3. The start-up script of Virtuozzo and the file with helper functions should be modified to use the defined table (this should be reapplied on update's installation):

    ~# wget
    ~# patch -p1 -d/ < scripts.diff

    Note: The patch is to be reapplied after installing updates.

  4. The custom tables should be created (101 and others) and configured on the system start, e.g. in the script /etc/rc.local.

Search Words


vzkernel fwmark

a26b38f94253cdfbf1028d72cf3a498b 2897d76d56d2010f4e3a28f864d69223 e8e50b42231236b82df27684e7ec0beb d02f9caf3e11b191a38179103495106f 0dd5b9380c7d4884d77587f3eb0fa8ef 0889ab60fa6494de107aa7338c3c38b6 319940068c5fa20655215d590b7be29b

Email subscription for changes to this article
Save as PDF