Hetzner networking for old OpenVZ containers

[BigWeb]

Hi , i hope someone could help me .

I'm migrating lots of OpenVZ containers to ProxMox 4.4 (Hetzner)
On old setup i had one eth0 interface , and venet adapters inside of OpenVZ containers .

Now i cant even configure one test LXC container - as cant manage to make a network working.
Heres the list of IPs , where i made first one main IP in eth0 on main server, however i can't understand logic how i should add rest 4 IPs (x.x) and Subnetwork (y.y) . I Suppose this should be done adding bridges, but it looks quite compicated for me (I cant understand whether bridge should be done on HOST or in CT settings ? Also will i need setting up another interface INSIDE of the CT or maybe Proxmox somehow can handle this ?). ALso some VPSes should have 2 or 3 IPs - should they go to different bridges ? Or maybe i can avoid using bridges at all ?



Would be gratefull for any hint or good example of my case - what goes where . (Also - all virtual Machines wehre OpenVZ/linux, no windows or KVM )

Thanks

 

[Richard]

I'm migrating lots of OpenVZ containers to ProxMox 4.4 (Hetzner)

In the followin a few words about network in containers in principle - how far your hoster supports it (possible restrictions when occring unknown MAC addresses) you have to ask him directly.

On old setup i had one eth0 interface , and venet adapters inside of OpenVZ containers .

"venet0" was special solution of OpenVZ - in LXC nothing comparable exists.

Now i cant even configure one test LXC container - as cant manage to make a network working.
Heres the list of IPs , where i made first one main IP in eth0 on main server, however i can't understand logic how i should add rest 4 IPs (x.x) and Subnetwork (y.y) . I Suppose this should be done adding bridges, but it looks quite compicated for me (I cant understand whether bridge should be done on HOST or in CT settings ? Also will i need setting up another interface INSIDE of the CT or maybe Proxmox somehow can handle this ?). ALso some VPSes should have 2 or 3 IPs - should they go to different bridges ? Or maybe i can avoid using bridges at all ?

The concept of LXC network is clear and simple: each container acts as a separate machine, with it's own NICs having their own MAC addresses. They have to be connected with "rest of world" via bridge (which acts as a switch) to eth0 at the main server (assuming this is the only existing physical connection to network), usually the bridge's name is vmbr0. If the NICs in the container do not have public addresses but are only known by the main server connect them to a bridge without a physical connection (e.g. vmbr1); in this case you have possible to take care about routing and NATting in the main server. The Container IPs can be defined inside the container or predefined by configuration date via GUI (the effect is the same in both cases), that means you can assign more than one IP to one virtual NIC inside the container too.

As already mentioned: your hoster may restrict traffic to unknown MAC addresses - if it's the case you must try to work around this by packet forwarding in the main server.

 

[BigWeb]

Hi,
thanks for reply .
I took brand new server to play with, before going live , i managed to make additional IPs work, however i have no luck in connecting subnet . Maybe you'll see what am i doing wrong ?

Configs are done based on Hetzner reccommendations for "Network configuration host system KVM/Routed" taken here: https://wiki.hetzner.de/index.php/Proxmox_VE/en

I have enabled "net.ipv4.ip_forward=1" on the host, and below is my config :

auto lo
iface lo inet loopback
#
# device: eth0

auto eth0
iface eth0 inet static
      address  5.9.123.14
      netmask  255.255.255.255
      gateway  5.9.123.1
      pointopoint 5.9.123.1

auto vmbr0
iface vmbr0 inet static
      address  5.9.123.14
      netmask  255.255.255.255
      bridge_ports none
      bridge_stp off
      bridge_fd 0
      up ip route add 5.9.123.27/32 dev vmbr0

auto vmbr1
iface vmbr1 inet static
      address  5.9.189.48
      netmask  255.255.255.248
      bridge_ports none
      bridge_stp off
      bridge_fd 0
[/SIZE]

here vmbr0 - works for additional IPs
however vmbr1 - doesnt work for subnet IPs .
Configuration of CT container (VPS - CentoOS) is :

DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=5.9.189.49
NETMASK=255.255.255.248
GATEWAY=5.9.123.14 #with this gateway - node can see internet , but not reacheable from internet
#GATEWAY=5.9.189.48 #tried this gateway as supposed by hetzner - no connectivity at all[/SIZE]

My list of IPs :


I'm pretty muhc sure there is some kind of trivial error I'm making , but i cant find it out. Would appretiate your help here.

Thank you.

 

[Richard]

DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=5.9.189.49
NETMASK=255.255.255.248
GATEWAY=5.9.123.14 #with this gateway - node can see internet , but not reacheable from internet
#GATEWAY=5.9.159.48 #tried this gateway as supposed by hetzner - no connectivity at all[/SIZE]

AFAIU the hosters wiki the settings for container should be made inside it via /etc/network/interfaces - the above look rather like a OpenVZ configuration file.

However, whether the information in this wiki is correct is up to them .....

 

[BigWeb]

Sorry, the settings you mentioned are not of the NODE - they are form the VPS (CentOS). I corrected the post now. Node settings are listed before that

 

[Richard]

Sorry, the settings you mentioned are not of the NODE - they are form the VPS (CentOS). I corrected the post now. Node settings are listed before that

If it's the equivalent to settings as specified for /etc/network/interfaces it should work. Important also that "net0" has to be bridged to vmbr1, or maybe the gateway address
5.9.159.48 is simply wrong?

Don't know how the hoster implemented routing, but packet flow has to be (assumend container's ID is 123)

hoster's network == eth0(pvehost) == vmbr1(pvehost) == veth123i0(pvehost) == eth0(container)

Send packets (e.g.with ping) and follow them by tcpdump - maybe you can detect where they are lost.