OpenVZ Forum: Support » New to OpenVZ - seeking network configuration suggestions

Home » General » Support » New to OpenVZ - seeking network configuration suggestions

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

New to OpenVZ - seeking network configuration suggestions [message #34466]

Thu, 08 January 2009 06:19

atjensen11
Messages: 2
Registered: January 2009

Junior Member

Admittedly, I am coming to OpenVZ from the Xen platform that is running on an Ubuntu 8.40 LTS server.

I would like to set up several virtual machines in two different subnets. I typically use X.X.100.X for my publicly accessible machines and X.X.200.X for machines on my private LAN. I should note that all IP addresses on my machine are in the private address space. A router handles NAT from the real public to private addresses.

For example, I would want to create a virtual machine on the X.X.100.X subnet that is a publicly accessible webserver. On the X.X.200.X subnet, I would like to have a personal file server. I would like both virtual machines to be on the same host machine.

I don't want any traffic between the web server and the file server.

I have five network cards for the host machine. In Xen, I was pretty accustomed to hiding network cards on the PCI bus from the host machine and assigning them to the virtual machine. It appears that I can do the same in OpenVZ.

But is there a better way? I have tried to read up on venet and veth devices. After reading the Wiki, it appeared that I should use veth, but traffic sniffing is possible which would appear to violate my desire not to have traffice between the subnets.

I am looking for feedback on how users familiar with OpenVZ would go about creating this configuration.

I should note that the host machine would likely be on the X.X.100.X subnet.

Thanks.

[Updated on: Thu, 08 January 2009 06:27]

Report message to a moderator

Re: New to OpenVZ - seeking network configuration suggestions [message #34476 is a reply to message #34466]

Fri, 09 January 2009 11:18

maratrus
Messages: 1495
Registered: August 2007
Location: Moscow

Senior Member

Hello,

Quote:

I have five network cards for the host machine. In Xen, I was pretty accustomed to hiding network cards on the PCI bus from the host machine and assigning them to the virtual machine. It appears that I can do the same in OpenVZ.

Yes, --netdev_add option of vzctl utility.

Quote:

But is there a better way? I have tried to read up on venet and veth devices. After reading the Wiki, it appeared that I should use veth, but traffic sniffing is possible which would appear to violate my desire not to have traffice between the subnets.

What about the following scenario?
Let's assume that we have two VEs: VE1 and VE2.
Create veth interfaces inside VE1 (veth1--eth1) and inside VE2(veth2--eth2).
Then unite veth1 and eth1 into one bridge and veth2 and eth2 into another one on the HN.

Report message to a moderator

Re: New to OpenVZ - seeking network configuration suggestions [message #34480 is a reply to message #34476]

Fri, 09 January 2009 16:51

atjensen11
Messages: 2
Registered: January 2009

Junior Member

I have created bridges on the hardware node to the different network cards, one with an address on the public LAN and one on the private LAN.

However, it may be just my lack of understanding, but the comparison of veth to venet stated that veth interfaces allow traffic sniffing. Would this still be true in the bridging scenario that you are suggesting?

Report message to a moderator

Previous Topic:	Proxy webserver
Next Topic:	Lenny linux-image-2.6.26-1-openvz-amd64 2.6.26-12 does not boot on dual Quadcore

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Sat Sep 07 17:31:16 GMT 2024

Total time taken to generate the page: 0.05945 seconds