[Users] How to configure a server to use multiple subnets/gateways
Kir Kolyshkin
kir at openvz.org
Sat Aug 24 21:40:50 EDT 2013
On 08/24/2013 11:50 AM, Rene C. wrote:
> I know I'm probably being a PITA, but I'm still stuck with this.
>
> The problem is very simple at this time - I'm following the guide
> that's referred, but at the second step I get an error, and I have no
> idea how to proceed from here.
>
> # ip rule add from xxx.13.31.0/24 table 6
> # ip route add default dev eth0 via xxx.13.31.129 table 6
> RTNETLINK answers: No such process
This could be because xxx.13.31.129 is unreachable, so you
have to add a route to it first, as I suggested before:
ip route add xxx.13.31.128/27 dev eth0 scope link
Generally, the problem is not OpenVZ specific in any way, so
you might have better luck asking on some linux networking
forums or lists.
>
> Help. Please.
>
>
> On Wed, Aug 21, 2013 at 12:39 AM, Rene C. <openvz at dokbua.com> wrote:
>> Hi Kir,
>>
>> Thanks for taking the time to reply!! I understand this is probably
>> tedious routine, but it's a blocking issue for me. Yes the provider
>> should probably have taken care of it, but I have the privilege of
>> bringing Internet to a third world country and we sometimes have to
>> live with what we get.
>>
>> I can ping the gateway fine from the hardware node:
>>
>> [root at server17 ~]# ping xxx.13.31.129
>> PING xxx.13.31.129 (xxx.13.31.129) 56(84) bytes of data.
>> 64 bytes from xxx.13.31.129: icmp_seq=1 ttl=255 time=0.337 ms
>> 64 bytes from xxx.13.31.129: icmp_seq=2 ttl=255 time=3.46 ms
>> 64 bytes from xxx.13.31.129: icmp_seq=3 ttl=255 time=2.68 ms
>> ...
>>
>> So if I understand you correct, the only thing to do next is to set up
>> source routing. I tried that before and already explained that it
>> stops with an error:
>>
>> # ip rule add from xxx.13.31.0/24 table 6
>> # ip route add default dev eth0 via xxx.13.31.129 table 6
>> RTNETLINK answers: No such process
>>
>> I've got my container and one of the allocated IP's bound to it, but I
>> can't ping either in or out from the container.
>>
>> // Rene
>>
>>
>> On Tue, Aug 20, 2013 at 11:48 PM, Kir Kolyshkin <kir at openvz.org> wrote:
>>> On 08/20/2013 09:13 AM, Rene C. wrote:
>>>> No takers!? Is it more complicated than I imagine? I have tried to
>>>> explain it as well as I can. Please let me know if there is anything
>>>> unclear and I'll try to clarify.
>>>
>>> As I explained earlier, you don't have to use bridging in this scenario.
>>>
>>> All you need to do is to add the proper static route to your system so
>>> that other network is reachable from your host, that is it.
>>>
>>> First, make sure that the gateway they specified is reachable from your
>>> host:
>>> ping xxx.13.31.129
>>>
>>> I am assuming it is not, and you only have one network card (eth0). So, you
>>> need
>>> to tell your host that this network is actually there:
>>>
>>> ip route add xxx.13.31.128/27 dev eth0 scope link
>>>
>>> After that, the above ping should work.
>>>
>>> Next, you should probably set up source routing for these IPs, so that
>>> containers in this range will use the gateway provided. Check
>>> http://openvz.org/Source_based_routing for details.
>>>
>>> Finally, you can set an IP for your container in a usual manner, using
>>> venet:
>>>
>>> vzctl set NNN --ipadd xxx.13.31.130/27 --save
>>>
>>> and then check that everything works (ping from inside container etc.).
>>>
>>> Kir.
>>>
>>> PS frankly speaking, this is what your hoster should've explained to you. If
>>> they do
>>> such extravagant setups, they should be able to help their customers setting
>>> those up.
>>>
>>>> // Rene
>>>>
>>>> On Sun, Aug 18, 2013 at 1:22 PM, Rene C. <openvz at dokbua.com> wrote:
>>>>> ... continued
>>>>>
>>>>>
>>>>> So going the simple/obvious way of bridging the CT0 interface I try
>>>>> the longer route:
>>>>>
>>>>> [root at server17 ~]# ifconfig veth1706.0 0
>>>>> [root at server17 ~]# echo 1 > /proc/sys/net/ipv4/conf/veth1706.0/forwarding
>>>>> [root at server17 ~]# echo 1 > /proc/sys/net/ipv4/conf/veth1706.0/proxy_arp
>>>>> [root at server17 ~]# echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
>>>>> [root at server17 ~]# echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
>>>>> [root at server17 ~]# vzctl enter 1706
>>>>> entered into CT 1706
>>>>> [root at vps1706 /]# ifconfig eth0 0
>>>>> [root at vps1706 /]# ip addr add xxx.13.31.131 dev eth0
>>>>> [root at vps1706 /]# route add default dev eth0
>>>>> [root at vps1706 /]# logout
>>>>> exited from CT 1706
>>>>> [root at server17 ~]# ip route add xxx dev veth1706.0
>>>>> RTNETLINK answers: File exists
>>>>>
>>>>>
>>>>> To recap the problem:
>>>>>
>>>>> I have this hardware node with IP xxx.22.181.158
>>>>>
>>>>> Node runs Centos 6, so does all containers.
>>>>>
>>>>> I already have 4 containers with IP addresses on the same subnet
>>>>> (xxx.22.181.*) running fine.
>>>>>
>>>>> Problem is, now my data center gave me 3 IP addresses in a new subnet
>>>>> with a separate gateway:
>>>>>
>>>>> IP add : xxx.13.31.130 - 132
>>>>> subnet : 255.255.255.224
>>>>> gateway : xxx.13.31.129
>>>>>
>>>>> How can I make this work. Please be specific. I don't mind reading and
>>>>> learning, but the learning curve at this stage is too high, I'm not
>>>>> getting anywhere. Thanks.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Sun, Aug 18, 2013 at 12:28 PM, Rene C. <openvz at dokbua.com> wrote:
>>>>>> I'm sorry but networking is obviously not one of my strong areas and
>>>>>> for all the good intentions, all the buzzwords confuse me more than
>>>>>> they help me.
>>>>>>
>>>>>> I had a look at http://openvz.org/Virtual_Ethernet_device, and it
>>>>>> gives detailed information about a number of scenarios, for example
>>>>>> "Simple configuration with virtual Ethernet devices" and then proceeds
>>>>>> with 50 steps to set it up. (Ok I exaggerate but you get my drift). I
>>>>>> think my requirement is very very simple, like I explained before, my
>>>>>> DC gave me a bunch of IP addresses on a new subnet requiring a
>>>>>> different gateway for it to work.
>>>>>>
>>>>>> I tried.
>>>>>>
>>>>>> Ok so I start at the "imple configuration with virtual Ethernet
>>>>>> device", with the vzctl start and set commands listed. Then it says
>>>>>> "The following steps are needed when the CT is not bridged to a CT0
>>>>>> network interface.". Ok, I guess I should make the "CT bridged to a
>>>>>> CT0 network inteface" then... but how? There's a section
>>>>>> "Independent Virtual Ethernet communication through the bridge". It
>>>>>> starts with "create bridge device", starting with "brctl addbr vzbr0".
>>>>>> Ok, I try that...
>>>>>>
>>>>>> # brctl addbr vzbr0
>>>>>> -bash: brctl: command not found
>>>>>>
>>>>>> Now what?
>>>>>>
>>>>>> I just need to set this up. Not how to enable a VPN tunnel or multiple
>>>>>> 192.168 networks. I'm sure someone in the know could tell me this is
>>>>>> a matter of two lines instead of this information overload.
>>>>>>
>>>>>> Thanks!
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Sun, Aug 18, 2013 at 3:36 AM, Jean-Marc Pigeon <jmp at safe.ca> wrote:
>>>>>>> Bonjour Rene C.
>>>>>>>
>>>>>>> My understanding you want to route VPS IP not related to host IP.
>>>>>>> Just to tell you we have such config.
>>>>>>> Using veth within the VPS and the host with Bridge interface.
>>>>>>> Our config is working IP double stack (IPV4 + IPV6).
>>>>>>>
>>>>>>> The VPS eth0 interface is a very straightforward one.
>>>>>>> VPS ifcfg-eth0
>>>>>>> DEVICE=eth0
>>>>>>> BOOTPROTO=static
>>>>>>> ONBOOT=yes
>>>>>>> IPADDR=X.Y.Z.T
>>>>>>> NETMASK=255.255.255.255
>>>>>>> IPV6INIT=yes
>>>>>>> IPV6ADDR=XX:YY.......ZZ:TT
>>>>>>>
>>>>>>> Keyword are veth, IPV4 Routing, Bridge.
>>>>>>> http://openvz.org/Virtual_Ethernet_device
>>>>>>> seems to me a good starting point.
>>>>>>>
>>>>>>>
>>>>>>> Quoting "Rene C." <openvz at dokbua.com>:
>>>>>>>
>>>>>>>> Thanks Jean-Marc, I don't think this is what I need though - I don't
>>>>>>>> have any bridge interfaces anywhere, and frankly don't quite see how
>>>>>>>> it fits into the server. There's only a ifcfg-eth0 file.
>>>>>>>>
>>>>>>>> I had a look at this page -
>>>>>>>> http://wiki.openvz.org/Source_based_routing - am I on the right track?
>>>>>>>>
>>>>>>>> I tried some of the commands but it threw an error early on so I have
>>>>>>>> a feeling I'm not.
>>>>>>>>
>>>>>>>> # ip rule add from xxx.13.31.0/24 table 6
>>>>>>>> # ip route add default dev eth0 via xxx.13.31.129 table 6
>>>>>>>> RTNETLINK answers: No such process
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Sat, Aug 17, 2013 at 10:28 PM, Jean-Marc Pigeon <jmp at safe.ca>
>>>>>>>> wrote:
>>>>>>>>> Bonjour Rene C,
>>>>>>>>>
>>>>>>>>> My config:
>>>>>>>>>
>>>>>>>>> ifcfg-br0
>>>>>>>>> #definition Bridge interface
>>>>>>>>> DEVICE=br0
>>>>>>>>> ONBOOT=yes
>>>>>>>>> TYPE=Bridge
>>>>>>>>> BOOTPROTO=static
>>>>>>>>> IPADDR=HOST IP number
>>>>>>>>> NETMASK=255.255.255.224 #(My HOST SUBNET MASK)
>>>>>>>>> IPV6INIT=yes
>>>>>>>>> IPV6ADDR=PP:XX:.....YY:ZZ
>>>>>>>>>
>>>>>>>>> ifcfg-br0:brgd
>>>>>>>>> DEVICE=br0:brgd
>>>>>>>>> ONBOOT=yes
>>>>>>>>> TYPE=Bridge
>>>>>>>>> BOOTPROTO=static
>>>>>>>>> IPADDR=192.0.2.1
>>>>>>>>> NETMASK=255.255.255.255
>>>>>>>>> #to avoid checking for already set IP
>>>>>>>>> ARPCHECK=no
>>>>>>>>>
>>>>>>>>> I am using Quagga(RIP) to transparently route (and displace) VPS IP
>>>>>>>>> among
>>>>>>>>> HOST
>>>>>>>>> such the VPS can be "somewhere" within Hardware cloud. (then VPS
>>>>>>>>> can be set with an IP unrelated to HOST).
>>>>>>>>>
>>>>>>>>> Hoping that help.
>>>>>>>>> Contact me privately if I can help.
>>>>>>>>>
>>>>>>>>> Quoting "Rene C." <openvz at dokbua.com>:
>>>>>>>>>
>>>>>>>>>> Kirill, do you know of a page where this procedure is documented?
>>>>>>>>>> Thanks!
>>>>>>>>>>
>>>>>>>>>> On Sat, Aug 17, 2013 at 4:54 PM, Kirill Korotaev <dev at parallels.com>
>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Rene, if I got your problem correct you need just create a routing
>>>>>>>>>>> rule
>>>>>>>>>>> in the host, so that it knew where to route your IPs.
>>>>>>>>>>>
>>>>>>>>>>> Or use bridged networking with veth interface instead.
>>>>>>>>>>>
>>>>>>>>>>> Sent from my iPhone
>>>>>>>>>>>
>>>>>>>>>>> On 17.08.2013, at 13:33, "Rene C." <openvz at dokbua.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> I have this hardware node with IP xxx.22.181.158
>>>>>>>>>>>>
>>>>>>>>>>>> Node runs Centos 6, so does all containers.
>>>>>>>>>>>>
>>>>>>>>>>>> I already have 4 containers with IP addreses on the same submit
>>>>>>>>>>>> (xxx.22.181.*) running fine.
>>>>>>>>>>>>
>>>>>>>>>>>> Problem is, now my data center gave me 3 IP addresses in a new
>>>>>>>>>>>> subnet
>>>>>>>>>>>> with a separate gateway:
>>>>>>>>>>>>
>>>>>>>>>>>> IP add : xxx.13.31.130 - 132
>>>>>>>>>>>> subnet : 255.255.255.224
>>>>>>>>>>>> gateway : xxx.13.31.129
>>>>>>>>>>>>
>>>>>>>>>>>> The only way I can make this work is by taking one of these IP
>>>>>>>>>>>> addresses and bind to the hardware node, then I can use the
>>>>>>>>>>>> remaining
>>>>>>>>>>>> IP addresses with containers - but this way I lose an IP address -
>>>>>>>>>>>> the
>>>>>>>>>>>> one bound to the hardware node, which seems no longer usable for
>>>>>>>>>>>> containers.
>>>>>>>>>>>>
>>>>>>>>>>>> This is a problem both because there's a limit to how many IP's
>>>>>>>>>>>> the DC
>>>>>>>>>>>> will allocate to a server, and because the IP addresses are quite
>>>>>>>>>>>> costly.
>>>>>>>>>>>>
>>>>>>>>>>>> Did I misunderstand something?
>>>>>>>>>>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at openvz.org
>>> https://lists.openvz.org/mailman/listinfo/users
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://lists.openvz.org/mailman/listinfo/users
More information about the Users
mailing list