Difference between revisions of "Source based routing"

Sometimes you have more than one router in your network, and want different containers to use different routers. For that, you need to set up source-based routing on the host system. For example:

# /sbin/ip rule add from $IP table $TBL
# /sbin/ip route add default dev $ETH via $GW table $TBL
# /sbin/ip route add $NET dev $ETH table $TBL

where

• $IP is an IP address which should use non-default gateway. You can also use netmask here, e.g. 10.9.8.0/24 will mean that all containers with addresses like 10.9.8.x will be routed through the given gateway.
• $NET is an IP network which should be routed straight, that is, not through the gateway. E.g. 10.9.8.0/24.
• $ETH is the network interface to route to, e.g. eth0.
• $GW is a gateway for this IP address.
• $TBL is any free table number, I use numbers from 6 upwards. Note that tables 250-255 are usually reserved (see /etc/iproute2/rt_tables).

Note that every new non-standard gateway will require another table number.

It is likely that your hardware node uses same table to be accessible via both links, not just the link where it's default gateway points. In this case hardware node will not be able to communicate with container. To fix that one needs to add this route into table $TBL

# /sbin/ip route add table $TBL "$IP" dev venet0 scope link

The same routes are added into 'main' table by vzctl set <CTID> --ipadd <$IP>. Similar routes should be added for containers to communicate each other.

For more details on routing rules, see man ip.

See also

• Forum thread #268
• Forum thread #492