Re: multihomed server with ipv6
oneman@onemanifest.net a écrit :
> - Since this server will be used for running openvz containers, I'll probably have to create explicit routes for each (virtual) network to the subnets the NICs are connected to and define an explicit gateway for each subnet?
If the server does routing for the containers, you'll run into the same
problem as above. You'll have to use advanced routing and setup multiple
routing tables based on source address or inbound interface, containing
each a different default route.
> However, while doing some more research on this matter, it occurred to me that I can make life a lot easier on myself by using bridges. (Sorry if I sound very n00b-isch here) I think I could do the following:
> - configure only the LAN NIC on the host, so I get admin access to the host from the LAN
> - create a bridge on each NIC
> - connect the containers to the appropriate bridge for either LAN or DMZ, setting up networking on each container independently.
When adding interfaces to a bridge, you must configure IP only on the
bridge, not on the bridged interfaces. There are exceptions, but only
used in very special cases such as "brouters" (bridge-routers) when you
know exactly what you are doing.
> This way the host is neatly isolated from the DMZ and the containers and the setup is far simpler.
Yes, the server does not have to do routing for the containers.
> Then I did a ping6 to a host in LAN subnet, from the DMZ NIC on the server.
What exact command did you use ? ping6 -I <interface> ?
I don't think you can do that and override the routing table. All you
can do is force the source address.
> I saw that the ping command reported using the LAN ip6 (2001:xxxx:xxxx:3::20/64) as a source ip, instead of the DMZ one (2001:xxxx:xxxx:2::20/64) as I expected it to do.
It probably sent the packets on the LAN interface.
I know there are different versions of ping6, but mine (from
iputils-ping) just seems to ignore the interface passed with -I.
Reply to: