Networking problem VE - How to start [message #33504] |
Sat, 18 October 2008 09:53 |
thibautm
Messages: 5 Registered: October 2008
|
Junior Member |
|
|
Hello,
I installed Openvz on a debian lenny 64bit and created my first ve (debian 4 i386 minimal), but it's impossible to have network available on it
On my HN, I have 2 network interfaces on different subnet
My kernel version is: 2.6.24-6-fza-amd64
I would like for the moment just create a VE using my ethernet interface (eth0 or eth1), in order to install webmin and virtualmin on it.
That's why when I created my VE, I added as ip the ip of my eth1 and as hostname the hostname of this interface.
But not work, so I trying to find documention but I m lost to configuring VETH and more over don't know If I have to use VETH or VENET
I need something really simple for the moment, just install a new ve using one of my public ip to install a web panel and my websites.
More about my configuration below:
HN rule list:
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Sysctl.com:
# On Hardware Node we generally need
# packet forwarding enabled and proxy arp disabled
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.ip_forward=1
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
# Enables the magic-sysrq key
kernel.sysrq = 1
# TCP Explict Congestion Notification
#net.ipv4.tcp_ecn = 0
# we do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.eth0.proxy_arp=1
net.ipv4.conf.eth1.proxy_arp=1
net.ipv4.icmp_echo_ignore_broadcasts=1
Problem when I start the VE:
VE is unmounted
Starting VE ...
VE is mounted
Adding IP address(es): 88.191.91.**
arpsend: 88.191.91.** is detected on another computer : 00:21:55:c6:56:7f
vps-net_add WARNING: arpsend -c 1 -w 1 -D -e 88.191.91.** eth0 FAILED
Setting CPU units: 1000
Configure meminfo: 65536
Set hostname: server1.dreamond.net
Configure veth devices: veth101.1
VE start in progress...
Thank you very much for your help and your advices, cause I don't know where to begin, thx
[Updated on: Sun, 19 October 2008 09:50] Report message to a moderator
|
|
|
|
Re: Networking problem VE - How to start [message #33521 is a reply to message #33514] |
Mon, 20 October 2008 03:58 |
thibautm
Messages: 5 Registered: October 2008
|
Junior Member |
|
|
Hello,
thank you for your answer, but I have two network interfaces each with one public ip adress (total of 2 public ip adress on different subnet)
So, when I create a CT and assign one of these ip to a container, I don't have network on it, it not works and a message saying the ip is already used appears when I start the CT.
arpsend: 88.191.91.** is detected on another computer : 00:21:55:c6:56:7f
I would like that my first CT in which I want to set up a web panel, can use one or two of the interface as the HN, and for the HN just need the ssh connection (port 22) to manage CTs
So, I need something like that:
HN: just for SSH and management of CTs (with WEBvz)
CT101: web panel (dtc-panel or virtualmin)---> so need to use my public ips and hostname
CT10*: other services as mysql (interact in local with CT101)so no need a public ip, just a private ip in order can interact with CT101
How can I get this type of configuration, need bridge? use VENET? use VETH?
Thx,
Thibaut
|
|
|
Re: Networking problem VE - How to start [message #33545 is a reply to message #33521] |
Mon, 20 October 2008 21:24 |
locutius
Messages: 125 Registered: August 2007
|
Senior Member |
|
|
you are not understanding that no two network devices can share an IP (regardless of whether they are virtual or not)
your 2xNIC each have an IP assigned on the HN, that is good and correct. when you install openvz those devices are renamed but keep their IP assignment
when you create a CT it needs a unique IP. every CT needs a unique IP. no IP can be shared with another device
ask your host for a list of IPs you can use. there is nothing more to configure. take an IP from the list and create a CT using that IP. take another IP from the list and create another CT with that IP
vz will automatically configure the network and your IP's will be able to communicate with each other as if they are genuine independent network devices
the NICs of the HN act as routers to the IPs of the CTs
EDIT: remember to set your host's nameserver IP in all the CT config. it is the nameserver that resolves the addresses of the network devices
when i first installed openvz i made the same mistake as you. i took 20 IP's from the host and assigned them all to the NIC. it seemed the logical thing to do BUT IT IS WRONG. the IP for the CT must be unassigned and the NIC has its own unique IP
the good news is that openvz is much much simpler than you think when you first see it. i advise everyone to read the pdf documentation because then it all becomes easy
[Updated on: Mon, 20 October 2008 21:34] Report message to a moderator
|
|
|
|
Re: Networking problem VE - How to start [message #33554 is a reply to message #33547] |
Tue, 21 October 2008 23:10 |
locutius
Messages: 125 Registered: August 2007
|
Senior Member |
|
|
thibautm wrote on Tue, 21 October 2008 07:14 |
the problem "ask your host for a list of IPs you can use" means that I need more public ip, can use my public ip from the both NIC.
|
yes more public IPs. 1x public IP for 1x CT
thibautm wrote on Tue, 21 October 2008 07:14 | Or, I need to add a private ip to each CT, but in this case I will have to redirect all trafic to CT via NAT, because otherwise how can reach my CT from external: apache
|
correct
http://wiki.openvz.org/Common_Networking_HOWTOs
thibautm wrote on Tue, 21 October 2008 07:14 |
I wanted something simple:
HN: use only the port ssh to manage CT
CT101: used as panel: using public ip from NIC, accessible from internet and can communicate with other CT
CT102 and other: have privates ip and are used for services
|
http://wiki.openvz.org/VEs_and_HNs_in_different_subnets#An_O penVZ_Hardware_Node_has_two_Ethernet_interfaces
and i imagine you will also need this when you add a new HN:
http://vireso.blogspot.com/2008/02/2-veth-with-2-brindges-on -openvz-at.html
------------------
general resource page for you (this site is organic, it is not at all clear how to find this page):
http://wiki.openvz.org/Category:HOWTO
|
|
|
Re: Networking problem VE - How to start [message #33607 is a reply to message #33554] |
Fri, 24 October 2008 19:29 |
thibautm
Messages: 5 Registered: October 2008
|
Junior Member |
|
|
Thank you,
and I'm reading all the tutorial but still have problem to get network on my CTs
First, I know that all will be more easy if I have a lot of public ips on same subnet, but it's not my case.
I have a dedicated server with 2 network interface (eth0 and eth1) each with One public ip.
So not have no more ip, that's why can't assign new ip to CT, it's my problem.
The HN just need access to Internet to get some update (download) but accept traffic only on one port for ssh and scp.
That's why, I think first of this schema:
HN: just for SSH and management of CTs (with WEBvz)
CT101: web panel (dtc-panel or virtualmin)---> so need to use my public ip and hostname (eth0 and eth1) + local ip to communicate with other CT in Local
CT10*: other services as mysql (interact in local with CT101)so no need a public ip, just a private ip in order can interact with CT101
But, I have noted two problems:
1. Create a local network
all adress like 168.0.1.* are already assigned, maybe because I'm on a public network, so need to find an available subnet, for the moment not find the way to can have available subnet for my local network (each time get message like: arpsend: 168.0.1.** is detected on another computer : 00:21:55:c6:56:7f, is not my computer)
2. I tried after read the open vz user guide to Moving Network Adapter to Virtual Private Server
So, I moved eth1:
vzctl set 101 --netdev_add eth1 --save
the change are done and restart the CT all seem ok (new hostname detect....), but still not network so can't understand:
not possible to ping, to apt-get update
This can be a problem with my kernel? with iptable?
In all guide, all seem really easy two command line and work but for me nothing
if anyone can help , it will be great
Regards
|
|
|