VServers in three different networks: veth, venet or mixture? [message #35617] |
Wed, 08 April 2009 14:13 |
divB
Messages: 79 Registered: April 2009
|
Member |
|
|
Hi,
I am going to virtualize servers which are in three different networks and - if possible - should not be able to communicate with each other (if I do not allow it explicitely).
In the server there is an Intel E1000 with three VLANs: vlan2 (private network), vlan3 (public network with public IP addresses (/29-network) ), vlan4 (semipublic network with RF1918 addresses). The VServer itself should only be connected to the vlan2 network, so it's the single device having an IP address. This is the Debian network configuration on the host:
auto lo vlan2 vlan3 vlan4
iface lo inet loopback
# private, LAN (192.168.200.0/24)
iface vlan2 inet static
vlan-raw-device eth0
address 192.168.200.1
netmask 255.255.255.0
gateway 192.168.200.120
# public
iface vlan3 inet manual
vlan-raw-device eth0
up ip link set vlan3 up
down ip link set vlan3 down
# semi-plublic (192.168.0.0/24)
iface vlan4 inet manual
vlan-raw-device eth0
up ip link set vlan4 up
down ip link set vlan4 down
So what's the best way to use OpenVZs network?
My thought would be: Forget about venet (swith it off completely if possible) and just use veth in each VServer.
On the host bridge all private VServers with vlan2, all public VServers with vlan3 and all semi-public VServers with vlan4.
Is this a good or a bad idea? Any hints or tips left?
Thank you,
divB
|
|
|
|
Re: VServers in three different networks: veth, venet or mixture? [message #35635 is a reply to message #35634] |
Thu, 09 April 2009 17:14 |
divB
Messages: 79 Registered: April 2009
|
Member |
|
|
Thank you for your answer!!
maratrus wrote on Thu, 09 April 2009 13:05 | Hi,
Quote: |
On the host bridge all private VServers with vlan2, all public VServers with vlan3 and all semi-public VServers with vlan4.
Is this a good or a bad idea? Any hints or tips left?
|
Sounds good. There was a topic about VLANs some time ago which led to the article. It might be helpful in your situation.
http://en.gentoo-wiki.com/wiki/OpenVZ_VLANs
|
Thank you, I will look at it.
What I mean: For every VE I will get another interface.
maratrus wrote on Thu, 09 April 2009 13:05 |
BTW, what does it mean "VServers"?
|
Sorry, I come from "Linux VServer". I mean VE. This means if I have 10 VEs I will have to bridge 10 interfaces together plus one vlan on the host (bridge with 11 interfaces = 12 interfaces for 10 VEs!). In my opinion, this is not scaling very well...
Regards,
divB
|
|
|
|
Re: VServers in three different networks: veth, venet or mixture? [message #35643 is a reply to message #35636] |
Thu, 09 April 2009 22:25 |
divB
Messages: 79 Registered: April 2009
|
Member |
|
|
maratrus wrote on Thu, 09 April 2009 13:27 |
Why not? What bothers you most?
|
Just the N interfaces for N vservers nothing more But when you say that this is a good concept I will keep it
maratrus wrote on Thu, 09 April 2009 13:27 |
Behind each virtual interface, veth101.0 for example, there is a subnet which only consists of single interface, eth0 inside VE for instance, so bridge will learn all VES' MACs and prevent flooding. Anyway, could you please let us know about results.
|
What results do you mean? I have implemented what I described and it works well.
So the other question on the other way: There is only one venet available? So this means I can use venet only when I have all VEs in the same subnet?
Is there a way to turn off the venet completely?
Regards,
divB
|
|
|
|
|
|