Need help with OVZ networking implementation! [message #14686] |
Thu, 05 July 2007 18:45 |
joelee
Messages: 63 Registered: April 2006
|
Member |
|
|
Hi All,
I am looking to setup my OVZ environment in the following ways and would like to get some feedback if what I am looking to do is doable and if there's anything I should consider.
I'd like to configure my host machine physical network interface with sub-interfaces and assign different subnets to each sub-interface. Each sub-interface network would be used by one or more guess VPS either in bridge like mode or NAT.
Example:
Host Computer ETH0 with configured IP settings would be used only to access host machine.
ETH0:1 with configured IP would be used to map to one or more guess VPS (all on same subnet).
ETH0:2 - Same as above with different subnet configured.
etc, etc...
If above is doable, I am looking to find what's needed for guess VPSs to communicate to other guess VPS on the different subnets. I need to figure out the best way to get guess VPS to talk to each other that are on different subnets. Will that be done by the HOST or can the guess VPSs that are on different subnet be configured to talk to each other without HOST being involved.
A question in mind is: Should I use veth or venet solution - Which will be best.
Any comments/suggestions in regards to the best pratices to accomplish the above would be appreciated. Also would appreciate any sample configs or reference doc that would help me implement the above would be great!
Note: The host computer as well as the guess VM would all be private IP address. My host computer is behind my FW which is doing NAT from external public IPs to internal private IP addresses. I have several public IP's on the ext side of my FW (Same Subnets) and certain IPs would be mapped to the appropriate private IP on the inside. Also, as a preference, I would prefer to NOT have to NAT on the HOST machine as to avoid doing double NAT'g - Hope that makes sense!
Thanks!
joe
|
|
|
|
Re: Need help with OVZ networking implementation! [message #14791 is a reply to message #14739] |
Tue, 10 July 2007 19:38 |
joelee
Messages: 63 Registered: April 2006
|
Member |
|
|
Quote: | If you use the venet implementation you don't need to make all those aliases to the eth0 interface.
The venet0 interface behaves like an aliased interface all ready.
|
O.K, I did not realize this. It seems to me when I create basic VPS and look inside the /etc/network/interface file they all have the same default network/IP configuration - And, I assume they are bridged to the Host network. So, can I change the networking setup to different "subnets" AND not have to do anything on the host side? However, can you tell me if there would be a problem doing the sub-interfaces as well? (I will test this scenario anyway).
Quote: | The question is "Why do you want such a setup?".
Why do double nat (have a private ip address space IN a private ip address space) ?
|
You are right, I don't wish to do NAT between the HOST and VE... My external FW is already doing all the NAT. However, I do want a fw/iptable setup on HN just to do some filtering - But, no NATs.
Quote: | You can put the HN on the internet using a public ip on the eth0 interface and have the VE's in aprivate ip address space and do SNAT/DNAT for them.
|
Per above, my HN will not be directly on the internet. The HN will sit behind my external FW which is doing all NAT stuff and just MAPPING external public IP to Internal Host and just some general policies.
Based on my explanation above, would appreciate if you can further comment if I am on the same page.
The only thing I was not sure on if it would be o.k to change the networking setting to be on different subnets from the default network configs it generates.
Joe
[Updated on: Tue, 10 July 2007 19:40] Report message to a moderator
|
|
|
|