OpenVZ Forum


Home » General » Support » Host and VE's all have external IP addresses.
Host and VE's all have external IP addresses. [message #39118] Wed, 17 March 2010 05:35 Go to next message
RimBlock is currently offline  RimBlock
Messages: 3
Registered: March 2010
Junior Member
Hi,

I am looking to setup a CentOS 5.4 X86_64 / OpenVZ HN (Hardware Node) running one or more VE's.

For this example the VE is running CentOS 5.4 i386

I would like the VE's to have full ability over their network traffic (i.e. firewall settings, DHCP .....). The HN and VE's are on the same subnet.

After lots of reading I finally came to the Veth howto and tried it last night with limited success.

I have;

HN: eth0 (HN IP address), veth101.0
HN: routing;
default dev eth0
[VE Ip address] via [HN ip address]

VE: eth0 (VE IP address)
VE: routing;
[HN IP address] dev eth0
default via [HN IP address]

Both the VE and the HN have the iptables service stopped.

I can ssh from HN to VE.
I can ssh from the VE to the HN.
I can browse the internet from HN.
I can resolve DNS from the HN.
I cannot resolve DNS from the VE.
I cannot ping anything by ip address apart from the HN.

The guide I followed was 'Using a directly routed IPv4 with virtual Ethernet device' here.

Should I be able to do what I want with this setup and if so what is wrong, or if not should I be looking at the 'VEs and HNs in same subnets setup' here.

My concern with the second setup is this line 'Note that the ifcfg-ethN files on the host do not contain any IP information anymore.'. Does this mean that the ifcfg-bzbrN file would have the host ip address and the VE's ifcfg-ethN config files would have the VE's IP addresses.

Also the guide mentions the example setup as having two NIC's. Am I right in assuming you do not need two NIC for this technique to work.

Thanks for any advice / direction.

RB
Re: Host and VE's all have external IP addresses. [message #39146 is a reply to message #39118] Fri, 19 March 2010 14:12 Go to previous messageGo to next message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Hello,

if you are going to use DHCP you definitely have to use bridged way.

http:// wiki.openvz.org/Veth#Virtual_Ethernet_devices_can_be_joined_ in_one_bridge

Quote:

My concern with the second setup is this line 'Note that the ifcfg-ethN files on the host do not contain any IP information anymore.'. Does this mean that the ifcfg-bzbrN file would have the host ip address and the VE's ifcfg-ethN config files would have the VE's IP addresses.


If I'm not mistaken, in case of fresh RHEL5 based kernels you don't have to reconfigure your physical interface on the HN (let it be eth0 for simplicity). So leave it as is. In particular, with IP address assigned to it. Then create a bridge interface and unite it with eth0 on the HN. Then create veth interface and add it to the existing bridge on the HN. That's it. IP address inside VE can be assigned independently from inside the VE. Don't forget to modify /etc/resolv.conf to make DNS work properly.
Re: Host and VE's all have external IP addresses. [message #39147 is a reply to message #39118] Fri, 19 March 2010 14:13 Go to previous messageGo to next message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
BTW, in case of any network problem use tcpdump utility which might help you to trace the network packet's life cycle.
http://forum.openvz.org/index.php?t=msg&th=5501&star t=0&
Re: Host and VE's all have external IP addresses. [message #39170 is a reply to message #39147] Mon, 22 March 2010 02:36 Go to previous messageGo to next message
RimBlock is currently offline  RimBlock
Messages: 3
Registered: March 2010
Junior Member
Thanks for the reply Maratrus,

I followed the guide for setting up VE's on the same subnet as the HN and it did not work.

I then took the routing setup from the guide for setting VE's up on a different subnet to the HN and I now have it working.

I do have one issue though.

SSH to the VE's results in the putty (or other SSH client) hanging every few seconds for up to 30 seconds. I did get good speeds though when installing X86 and Gnome on the VE.

Now to add a little more complexity, for this 'proof of concept' testing the whole setup is running on a Virtual Box session on a Win7 host.

The VB Virtual server has 2 cores (2.66Ghz Intel QC), 3GB ram and 60GB HDD. The network connection is bridged. I have no issues with connectivity on the host node.

I am now setup with a new HDD to do a clean Linux install on my machine and so do away with Virtual Box just in case that is causing some issues, although I would have thought the HN would have also been affected.

Current setup.

HN:
eth0 - no ip
vzbr0 - HN IP
veth0 - No ip

eth0 - vzbr0 - veth0

Routing:
[VEs-IP] via dev veth0 (not 100% sure if it is veth0 or vzbr0 as I am doing this from memory. Will verify later tonight)
default via [gateway-ip] dev vzbr0

VE0:
eth0 - VEs-IP

Routing:
Default via [HN-IP] dev eth0

NH is CentOS 64bit with OpenVZ
VE is CentOS 32Bit

I will try TCPDump as suggested and see what that gives but any other suggestions would be most welcome. Maybe you/someone can see a setup flaw.

Many thanks
RB
Re: Host and VE's all have external IP addresses. [message #39381 is a reply to message #39170] Tue, 13 April 2010 05:16 Go to previous messageGo to next message
noahcampbell is currently offline  noahcampbell
Messages: 2
Registered: April 2010
Location: Bay Area, CA
Junior Member
I recently slogged through this experience on debian so maybe I can help with centos.

Firstly, I was able to do everything without setting any routes!

I created a vmbr0 interface and bound it to eth0. The interface uses dhcp to resolve it's ip, subnet, gateway etc. Make sure you remove eth0 from the configuration. This is configured (on debian) in /etc/network/interfaces so you'll need to translate.

Secondly, the best tool to diagnose your bridge is brctl. After you start a VE run brctl show. The output should look like the following:
vz-host-01:~# brctl show
bridge name	bridge id		STP enabled	interfaces
vmbr0		8000.000c299dd0f8	yes		eth0
							veth1000.0
							veth1001.0
							veth777.0


Note the interfaces that are attached to vmbr0. If you don't have this link, then you're not going to have any success within the VE.

After that, you enable DHCP inside your host template and you're set.

You'll need to also look at /etc/vz/vznet.conf (your config location may be different on centos). You'll want to auto add the veth$VMID.X to your bridge when you start the VE. Not sure how to remove it, but at least it comes up when the VE starts.
Re: Host and VE's all have external IP addresses. [message #39387 is a reply to message #39381] Wed, 14 April 2010 05:08 Go to previous messageGo to next message
RimBlock is currently offline  RimBlock
Messages: 3
Registered: March 2010
Junior Member
Thanks for the reply Noah,

I have moved to Debian as well but mainly as I am testing Proxmox which is based on it.

I still have not been able to get bridging working without setting routes but using the scripts in the Wiki link provided by Maratrus it is all more or less automatic.

I am also playing with the vps.mount/unmount scripts to set and disable iptables forwarding rules for each VPS as it starts and stops.

Regards
RB
Re: Host and VE's all have external IP addresses. [message #39392 is a reply to message #39387] Wed, 14 April 2010 15:22 Go to previous message
noahcampbell is currently offline  noahcampbell
Messages: 2
Registered: April 2010
Location: Bay Area, CA
Junior Member
I started with Proxmox as well. It's a good distro to model off of. Look at their /etc/vz/vznet.conf and /usr/sbin/vznetaddbr to see how they automatically add a VE interface to the bridge.
Previous Topic: [Resolved] Destroyed VE but still /proc/bc/$VEID
Next Topic: OpenVZ in ATOM with solusvm
Goto Forum:
  


Current Time: Fri Nov 08 01:09:14 GMT 2024

Total time taken to generate the page: 0.04818 seconds