Moving from two Openvz servers to one Proxmox - Setting up Networks

[Dolomike]

I've been managing two CentOS based OpenVZ servers for the past few years and I would like to consolidate the two physical servers into a single physical Proxmox managed server.

The setup is currently this:

-------- 192.168.120 subnet----- OpenVZ Server 1
Firewall ---<
-------- 192.168.121 subnet----- OpenVZ Server 2

The servers run on different subnets with their own gateway and access between the subnets is managed by an upstream firewall. The OpenVZ servers are managed with OVZ-Web-panel and configured with venet network devices.


What I would like is the same network setup but using one physical machine with two NIC's but I'm not sure exactly how to achieve this and ensure the setup is flexible and easily managed.

1. I assume that bridging will be required to achieve a two-nic, two subnet, two gateway configuration?
2. Will I need to change the CT's from venet's to veth's in order for them to be added to a bridge? I need to read up a bit more on this but form the few things I've read, it seems to be the case
3. Linux bridge or OVS?

The HN should be on the 192.168.121 subnet as well. I've read a number of posts regarding various network setups but I just seemed to have confused myself and not sure what I need to do to achieve this.

Thanks,
Mike

 

[mir]

Since both OVZ servers are on their own subnet which contains a default gateway I would simply create two bridges on the proxmox host and don't give this bridge an IP for the proxmox host. On the proxmox host create vlans to access each of the OVZ nets and the connect each vlan to the corresponding OVZ bridge. This implies changing from venet to veth since venet requires a subnet which is available to the proxmox host.

 

[Dolomike]

I'm new to advanced networking so please bear with me.

I believe you are saying I should do the following (based on what I've read on other posts):

/etc/networking/interfaces

#network interface settings
auto lo
iface lo inet loopback

#Bridge for testing vlan network - vlan123 created on Cisco firewall ethernet4 with IP 192.168.123.1
# Change to vlan121 and ethernet1 when going live
auto vmbr123
iface vmbr123 inet manual
  ovs_type OVSBridge
  ovs_ports eth0 vlan123

#Bridge for testing vlan network - vlan124 created on Cisco firewall ethernet4 with IP 192.168.124.1
# Change to vlan120 and ethernet2 when going live
auto vmbr124
iface vmbr124 inet manual
  ovs_type OVSBridge
  ovs_ports eth1 vlan124

#vlan123 definition
allow-vmbr123 vlan123
iface vlan123 inet static
  ovs_type OVSIntPort
  ovs_bridge vmbr123
  ovs_options tag=123
  ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
  mtu 1500

#vlan124 definition
allow-vmbr124 vlan124
iface vlan124 inet static
  ovs_type OVSIntPort
  ovs_bridge vmbr124
  ovs_options tag=124
  ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
  mtu 1500

Now you say not to assign the bridge an IP. Can I create a new ethernet device on the HN and connect it to the vlan then or better to use an additional NIC?

For containers, is the following correct for creating an eth0 device and connecting it to the vlan? Each CT would then require assigning IP, gateway etc correct?

[COLOR=#333333]vzctl set <VMID> --netif_add eth0,,,,vmbr123 --save[/COLOR]

Thanks for the help.