OpenVZ Forum


Home » General » Discussions » Globally connected VE containers (How to do it,the REDHAT way)
Globally connected VE containers [message #39608] Sun, 16 May 2010 16:03 Go to next message
lars.bailey is currently offline  lars.bailey
Messages: 38
Registered: April 2010
Member
From: *dsl.wotnoh.sbcglobal.net
I have seen many threads on various forums,from OVZ users wanting
Internet connectivity for a VE.
I thought I would pass my method on here,and place this HOWTO on WIKI at a later time.
This is mainly FYI.


0.0 My assumptions

You have a globally connected network interface (eth0),a
internal network interface(eth1),you use static network configurations for both Node and VE,and you use REDHAT based
OS for the Node and VE.


1.0 VE containers that use the VENET adapter interface

On the Node server,make sure you have the following kernel
keys enabled in "/etc/sysctl,conf".

net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0

In a terminal shell,type;

setup

From the text based menu,select "Firewall configuration" and hit "Enter".
If you disabled the firewall during OpenVZ setup,select "enabled".
Disable "SElinux" and choose "Customize".
You should see a listing of known network devices on the Node.
From the list of "trusted" devices,select "VENET0".
Select the "VENET0" for "Masquerade".
Hit "OK".
Exit "setuptool".
Enter into the VE.
Type;

lynx www.openvz.org

and in a few seconds,you should be brought to the OVZ wiki.


2.0 VE containers that use non-bridged VETH adapters

To review how to setup non-bridged VE containers,you must use IP subnetting,and the VETH adapter interface,must be configured as the VE container's gateway.
On the Node server,make sure you have the following kernel
keys enabled in "/etc/sysctl,conf".

net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0

Create a static network configuration for the VETH adapter.
As example for VE 101;

DEVICE=veth101.0
TYPE=Ethernet
IPADDR=192.168.101.254
PREFIXLEN=24
ONBOOT=yes

Use "ifconfig",to comfirm that the VETH adapter has an IP address.
If not,use "ifdown vethXXX.0",then "ifup vethXXX.0".
This should give the VETH adapter its IP address.
From a terminal shell,type;

setup

From the text based menu,select "Firewall configuration" and hit "Enter".
If you disabled the firewall during OpenVZ setup,select "enabled".
Disable "SElinux",and choose "Customize".
You should see a list of known network devices.
Select the VETH adapter for the VE,as a "trusted" device.
Select the VETH adapter for "Masquerade".
Hit "OK".
Exit "setuptool".
Create a static network configuration for the VE.
A sample configuration;

DEVICE=eth0
TYPE=Ethernet
IPADDR=192.168.101.2
PREFIXLEN=24
GATEWAY=192.168.101.254
ONBOOT=yes

As a note,do not add any gateway directive in a VE's
"/etc/sysconfig/network" file,such as.

GATEWAY=A.B.C.D

Enter into the VE.
Type;

service network restart

Type;

ip route list

You should see the gateway address of the VETH adapter.
If you see "default eth0",check your network configurations.
This was taken directly from VE 101 on my Node server.

[root@moe /]# ip route show
192.168.101.0/24 dev eth0 proto kernel scope link src 192.168.101.1
169.254.0.0/16 dev eth0 scope link
default via 192.168.101.254 dev eth0
[root@moe /]#

Once you see the VE's gateway as the VETH adapter's IP,you should be able to "ping" the Node server's "default" gateway.
This is the "ping" results for "moe".

[root@moe /]# ping -c 3 192.168.1.254
PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
64 bytes from 192.168.1.254: icmp_seq=1 ttl=254 time=1.72 ms
64 bytes from 192.168.1.254: icmp_seq=2 ttl=254 time=0.787 ms
64 bytes from 192.168.1.254: icmp_seq=3 ttl=254 time=0.855 ms

--- 192.168.1.254 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.787/1.121/1.722/0.426 ms
[root@moe /]#

If you have successful pings to the Node server's gateway,type;

lynx www.openvz.org

and you should be brought up to the OVZ WIKI.


3.0 VE containers that use bridged Ethernet

Create a static Ethernet bridge,and give the bridge an IP address.
The rest of this section,I assume bridge ID "vzbr1".

DEVICE=vzbr1
TYPE=Bridge
IPADDR=192.168.99.254
PREFIXLEN=24
ONBOOT=yes

Check to make sure,you see a listing for the bridge in the
"/proc/sys/net/ipv4/conf" directory.
The Ethernet bridge,must exist here.
On the Node server,make sure you have the following kernel
keys enabled in "/etc/sysctl,conf".

net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.vzbr1.proxy_arp = 1

Type;

setup

From the text based menu,select "Firewall configuration" and hit "Enter".
If you disabled the firewall during OpenVZ setup,select "enabled".
Disable "SElinux",and choose "Customize".
You should see a list of known network devices.
Select the Ethernet bridge,as a "trusted" device.
Select the Ethernet bridge for "Masquerade".
Hit "OK".
Exit "setuptool".
Add a route to the VE.

ip route add 192.168.101.1 via 192.168.99.254

Ping VE.
If you get a sucessful ping,save this in the Node server's
"/etc/rc.d/rc.local".

ip -4 ro flush scope global type unicast
ip -4 ro -s -s flush arp cache
ip route add 192.168.101.1 via 192.168.99.254

Enter into the VE.
Add a route to the Node server's default gateway.

ip route add 192.168.1.254 via 192.168.101.1

Ping the gateway IP address.
If you get a sucessful ping,type;

lynx www.openvz.org

in a few seconds,you should be brought up to the OVZ wiki.
If you get the OVZ webpage in LYNX,add this to the VE's
"/etc/rc.d/rc.local".

ip -4 ro flush scope global type unicast
ip -4 ro -s -s flush arp cache
ip route add 192.168.1.99 via 192.168.101.1

As a final note,the procedures will work for either a globally
connected Node,or a Node that has a next-hop router.
Re: Globally connected VE containers [message #39625 is a reply to message #39608] Fri, 21 May 2010 15:18 Go to previous messageGo to next message
kir is currently offline  kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia
Senior Member

From: *sw.ru
Makes more sense to put it to wiki.openvz.org!

Kir Kolyshkin
http://static.openvz.org/userbars/openvz-developer.png
Re: Globally connected VE containers [message #39626 is a reply to message #39608] Fri, 21 May 2010 18:16 Go to previous message
lars.bailey is currently offline  lars.bailey
Messages: 38
Registered: April 2010
Member
From: *dsl.wotnoh.sbcglobal.net
Actually it does.
I am in process of doing so,as I now have a login on the WIKI.
This thread,and my "Quagga in VE,will be posted there.

Lars Bailey
Previous Topic: Quagga in VE,Part Deux
Next Topic: Kernel 2.6.27-briullov with CAOS 2.0
Goto Forum:
  


Current Time: Fri Nov 16 20:52:32 GMT 2018