For more information, please see http://smartos.org/ For any questions that aren't answered there, please join the SmartOS discussion list: https://smartos.topicbox.com/groups/smartos-discuss
1.57k
stars
244
forks
source link
984 dockerinit should support link-local routes #986
Details of the situation this aims to correct are described in #984. A previous patch for native zones was proposed and merged through issue illumos-joyent#244. This change is not cstyle clean, though it doesn't appear to be a cstyle'd source file.
Synopsis of change:
add support for link-local routes (equivalent of using -interface flag to route add)
order creation of routes such that link-local routes are created before any default gateway or static routes
minor rearrangement of functions so that this behavior clear
Some testing notes:
I have a few nodes at OVH that use "failover" ip addresses. These addresses are handed out on a CIDR subnet different than the admin network. The default route, however, is that of the default network. So a link-local route needs to be created before the default route. That's the rationale for this change.
I've been using this patch on a number docker/lx zones across multiple hosts for the past year. These zones require the link local route to be created first as the default route is on the link-local network (that isn't the same as the IP address of the interface.) Without the patch, creating the default route fails with a "no route to host" error (and the zone provisioning fails after a time), but is successful with the patch.
I've also been running platform images with this fix on multiple systems that don't have static routes at all, and these all work as expected with the the patch.
Additionally, on a dummy test system, I created a simnet device and assigned a nic tag to that. I then created a series of lx/docker zones using vmadm with 2 nics each and the following combinations of routes. I used a random docker image that I already had available and used zlogin to examine the state of the routes:
static routes without a prefix component (ie host route)
static routes with a prefix component
link local routes without a prefix component (ie host route)
link local routes with a prefix component
varying the nic that the link local route was specified over
These all seemed to work just fine, in that:
no static routes (results in no errors)
link-local routes in combination with a default route (no errors and link local route created first)
ordering of non-link-local routes in combination with link-local routes (no errors and link-local route created before non-link-local route)
all the routes were created with correct net masks
the static routes were added as expected in the "non link-local" path.
the link local routes were created on the correct target nice
I'm happy to provide any additional details you think would be helpful. Looking forward to your feedback!
Hello-
Details of the situation this aims to correct are described in #984. A previous patch for native zones was proposed and merged through issue illumos-joyent#244. This change is not cstyle clean, though it doesn't appear to be a cstyle'd source file.
Synopsis of change:
Some testing notes:
I have a few nodes at OVH that use "failover" ip addresses. These addresses are handed out on a CIDR subnet different than the admin network. The default route, however, is that of the default network. So a link-local route needs to be created before the default route. That's the rationale for this change.
I've been using this patch on a number docker/lx zones across multiple hosts for the past year. These zones require the link local route to be created first as the default route is on the link-local network (that isn't the same as the IP address of the interface.) Without the patch, creating the default route fails with a "no route to host" error (and the zone provisioning fails after a time), but is successful with the patch.
I've also been running platform images with this fix on multiple systems that don't have static routes at all, and these all work as expected with the the patch.
Additionally, on a dummy test system, I created a simnet device and assigned a nic tag to that. I then created a series of lx/docker zones using vmadm with 2 nics each and the following combinations of routes. I used a random docker image that I already had available and used zlogin to examine the state of the routes:
These all seemed to work just fine, in that:
I'm happy to provide any additional details you think would be helpful. Looking forward to your feedback!