KVMHypervisor: implement instance policy routing

Until now we relied on traffic from instances being policy routed via a rule based on the instance network. With this change we can enforce it on the instance interfaces. Since the ip rules survive interface disappearing and reappearing, we need first to remove leftover rules, and then to apply the new one, when creating the interface. Signed-off-by: Guido Trotter <ultrotter@google.com> Reviewed-by: Michael Hanselmann <hansmi@google.com>

KVMHypervisor: implement instance policy routing
Until now we relied on traffic from instances being policy routed via a rule based on the instance network. With this change we can enforce it on the instance interfaces. Since the ip rules survive interface disappearing and reappearing, we need first to remove leftover rules, and then to apply the new one, when creating the interface. Signed-off-by: Guido Trotter <ultrotter@google.com> Reviewed-by: Michael Hanselmann <hansmi@google.com>
2c5afffb · Guido Trotter · b7b7cda6 · 2c5afffb
Commit 2c5afffb authored 15 years ago by Guido Trotter
--- a/lib/hypervisor/hv_kvm.py
+++ b/lib/hypervisor/hv_kvm.py
@@ -171,6 +171,8 @@ class KVMHypervisor(hv_base.BaseHypervisor):
    elif nic.nicparams[constants.NIC_MODE] == constants.NIC_MODE_ROUTED:
      script.write("  # Route traffic targeted at the IP to the interface\n")
      if nic.nicparams[constants.NIC_LINK]:
+        script.write("  while /sbin/ip rule del dev $INTERFACE; do :; done\n")
+        script.write("  /sbin/ip rule add dev $INTERFACE table $LINK\n")
        script.write("  /sbin/ip route replace $IP/32 table $LINK"
                     " dev $INTERFACE\n")
      else: