Why is Linux choosing the wrong source ip address

Question

and what to do to let it choose the right one?

This all happens inside an OpenVZ container:

The Host is Debian/Wheezy with Redhat/OpenVZ Kernel:

root@mycl2:~# uname -a
Linux mycl2 2.6.32-openvz-042stab081.5-amd64 #1 SMP Mon Sep 30 16:40:27 MSK 2013 x86_64 GNU/Linux

The container has two (virtual) network interfaces. One in public and one in private address-space:

root@mycl2:~# ifconfig
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:127.0.0.2  P-t-P:127.0.0.2  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:475 errors:0 dropped:0 overruns:0 frame:0
          TX packets:775 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:32059 (31.3 KiB)  TX bytes:56309 (54.9 KiB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:80.123.123.29  P-t-P:80.123.123.29  Bcast:80.123.123.29  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

venet0:1  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.0.1.29  P-t-P:10.0.1.29  Bcast:10.0.1.29  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

The route to the private network is set manually:

root@mycl2:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 venet0
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 venet0

Tring to ping others on the private network leads to the wrong source address been choosen:

root@mycl2:~# ip route get 10.0.1.26
10.0.1.26 dev venet0  src 80.123.123.29 
    cache  mtu 1500 advmss 1460 hoplimit 64

Why is this and what can I do about it?

EDIT:

If I create the route with (thanks to Joshua)

ip route add 10.0.0.0/8 dev venet0 src 10.0.1.29

it is working. But according to man ip-route the src parameter should only set the source-ip if this route is chosen. But if this route is chosen then the source-ip would be that anyway.

score 6 · Accepted Answer · edited Oct 25 '13 at 08:25

6

It sounds like you want to specify for traffic to be routed out a particular alias interface and with the source IP associated with that alias. Your route table doesn't currently reflect that requirement. Perhaps you can use this to fix it up:

ip route add <NET> dev <ALIAS_DEV> src <SRC_IP>

edited Oct 25 '13 at 08:25

Scheintod

361
1
4
15

answered Oct 24 '13 at 19:06

Joshua Miller

1,368
2
11
14

1

I still dont understand why not the matching route is chosen but the other one. – Scheintod Oct 24 '13 at 21:03
You have two routes, but both specify to use the same interface - the non alias interface. The system should decide which source IP to use based on the outbound interface, but your routes don't differentiate. I'm guessing it just selects the first non-local network available on that interface. – Joshua Miller Oct 24 '13 at 21:29
It's working. Kind of. It makes no differens if I specify `venet0` or `venet0:1` as device. Both work. But I still have no idea why. If I read the manpage for `ip-route` correctly the `src` parameter should only tell which source ip to use *if* this route is chosen. But if this route is chosen than the source ip would be correct anyway. – Scheintod Oct 25 '13 at 07:52

Why is Linux choosing the wrong source ip address

1 Answers1

Linked