[SOLVED] Proxmox VE 6 - OVH - IP failover

frmiqueias

New Member
Aug 5, 2021
8
1
1
35
Brazil
miqueiasfrancisco.com.br
I'm sharing the way what I used to bring a VM online using OVH's IP failover.

I hope it helps someone who is going through the same difficulties I encountered.

DEFINITIONS

ens3f0
= Main network interface in proxmox
51.xxx.xxx.xxx = Main IP PROXMOX server
51.xxx.xxx.254 = Your gateway, in OVH uses the server's main IP replacing the last digits by 254
158.xx.xxx.xx/29 = Your IP FAILOVER range at OVH
158.xx.xxx.23 = VM IP of the FAILOVER range above, the IP must not be the first or the last of the range

Before starting, create a virtual MAC address on the OVH panel, do not use the first and last IP of your FAILOVER IP range.
To create the virtual MAC use the following tutorial: https://docs.ovh.com/gb/en/dedicated/network-bridging/


Code:
# /etc/sysctl.conf

Change to:
Code:
net.ipv4.ip_forward=1

Code:
# sysctl -p

Code:
# cat /etc/network/interfaces

Your /etc/network/interfaces file should look like this:

Code:
auto lo
iface lo inet loopback

auto ens3f0
iface ens3f0 inet manual

iface ens13f0 inet manual

iface ens13f1 inet manual

iface ens3f1 inet manual

iface enp0s20f0u2u2c2 inet manual

auto vmbr0
iface vmbr0 inet manual
        bridge-ports ens3f0
        bridge-stp off
        bridge-fd 0
        address 51.xxx.xxx.xxx/24
        gateway 51.xxx.xxx.254

auto vmbr1
iface vmbr1 inet static
        address 158.xx.xxx.xx/29
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up echo 1 > /proc/sys/net/ipv4/conf/vmbr1/proxy_arp

IMPORTANT

For IP FAILOVER it is essential that bridge-ports has the value none, you must not set a bridge port, this way it is as if your VM were directly connected to the OVH network.

SETTING VM CENTOS 7

First step disable NetworkManager

Code:
# systemctl stop NetworkManager.service
Code:
# systemctl disable NetworkManager.service
Code:
# systemctl restart network.service
Code:
# systemctl enable network.service


Setting routes

File /etc/sysconfig/network-scripts/route-eth0 will only work if NetworkManger is disabled, make sure you have done the above step.

Code:
# nano /etc/sysconfig/network-scripts/route-eth0

Replace to:

Code:
51.xxx.xxx.254 dev eth0
default via 51.xxx.xxx.254 dev eth0


Setting network interface

Code:
# nano /etc/sysconfig/network-scripts/ifcfg-eth0

Must look like this:

Code:
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth0
UUID=e1641beb-1xxxxxxxxxxxx   #UUID generated automatically
DEVICE=eth0
ONBOOT=yes
USERCTL=no
PEERDNS=no
NETMASK=255.255.255.255
IPADDR=158.xx.xxx.23
GATEWAY=51.xxx.xxx.254
ARP=yes
HWADDR=02:00:XXXXXXXX   #VIRTUAL MAC ADDRESS obtained from OVH
#
NM_CONTROLLED=no


Code:
# nano /etc/resolv.conf

insert this

Code:
nameserver 213.186.33.99


https://docs.ovh.com/gb/en/dedicated/network-bridging/
https://pve.proxmox.com/wiki/Network_Configuration
https://pve.proxmox.com/pve-docs/images/default-network-setup-routed.svg
 
Last edited:
  • Like
Reactions: Shaaarnir
The thing is, why cant we use a private static ip that is assigned to the failover ip in centos 7? :(
example: 192.168.1.50
(with centos 8 it works...)
 
**Btw, this configuration is probably only for proxmox 6, cause with proxmox 7 it is not working mate.

To work on Proxmox 7 you need to remove this part from /etc/network/interfaces:

auto vmbr1
iface vmbr1 inet static
address 158.xx.xxx.xx/29
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/conf/vmbr1/proxy_arp

Then it will work...

Thanks anyway mate ;)
 
Last edited:
  • Like
Reactions: Shaaarnir
I'm glad you got it! :)

well, no.. xD
Cause the goal is configuring the vm with static ip (associated with a failover ip), and thats not the case.
So basically this only works for those who only use failover ip, not for those wo want to use a static ip + failover ip with iptables rules :(

With centos 8 vm it works with no problems, but with centos 7 is not working at all.. (at least not in Proxmox 7).
 
Last edited:
Sorry guys to enter here to disturb, but that configuration above screams vengeance! It's overly complicated and unnecessary. I'll show an alternative configuration I think is cleaner and makes to easier transition from one ovh server to another. Here it goes:

1. The proxmox server only needs 1 vmbr interface for it's own address:
Code:
auto vmbr0
iface vmbr0 inet manual
        bridge-ports ens3f0
        bridge-stp off
        bridge-fd 0
        address 51.xxx.xxx.xxx/24
        gateway 51.xxx.xxx.254
2. The proxmox VM will be connected to this vmbr0 interface, but using it's own MAC address you generated as per instructions.
3. No need for proxy-arp and routing on vmbr1. Actually no need for routing on vmbr0 too as you're using the bridge only.
4. The VM (centos in this case) will just configure it's own interface from inside and add the dreaded default route as you already show.

The advantage here is that the proxmox server does not need to know anything about the IP of the guest. The only change is inside the guest to add the default gateway the way ovh wants it (and I might say WTF!... there must be an easier way).

Hope this is useful
 
  • Like
Reactions: amstel
Sorry guys to enter here to disturb, but that configuration above screams vengeance! It's overly complicated and unnecessary. I'll show an alternative configuration I think is cleaner and makes to easier transition from one ovh server to another. Here it goes:

1. The proxmox server only needs 1 vmbr interface for it's own address:
Code:
auto vmbr0
iface vmbr0 inet manual
        bridge-ports ens3f0
        bridge-stp off
        bridge-fd 0
        address 51.xxx.xxx.xxx/24
        gateway 51.xxx.xxx.254
2. The proxmox VM will be connected to this vmbr0 interface, but using it's own MAC address you generated as per instructions.
3. No need for proxy-arp and routing on vmbr1. Actually no need for routing on vmbr0 too as you're using the bridge only.
4. The VM (centos in this case) will just configure it's own interface from inside and add the dreaded default route as you already show.

The advantage here is that the proxmox server does not need to know anything about the IP of the guest. The only change is inside the guest to add the default gateway the way ovh wants it (and I might say WTF!... there must be an easier way).

Hope this is useful
@jinjer thanks that's really interesting!

I've opened another thread for a specific configuration, with PFSENSE inside.

Any tips @jinjer how to find a solution to this problem please???

https://forum.proxmox.com/threads/proxmox-7-ipfo-ovh-with-pfsense.105539/
 

Attachments

  • test.jpg
    test.jpg
    50 KB · Views: 48
Last edited:
Sorry guys to enter here to disturb, but that configuration above screams vengeance! It's overly complicated and unnecessary. I'll show an alternative configuration I think is cleaner and makes to easier transition from one ovh server to another. Here it goes:

1. The proxmox server only needs 1 vmbr interface for it's own address:
Code:
auto vmbr0
iface vmbr0 inet manual
        bridge-ports ens3f0
        bridge-stp off
        bridge-fd 0
        address 51.xxx.xxx.xxx/24
        gateway 51.xxx.xxx.254
2. The proxmox VM will be connected to this vmbr0 interface, but using it's own MAC address you generated as per instructions.
3. No need for proxy-arp and routing on vmbr1. Actually no need for routing on vmbr0 too as you're using the bridge only.
4. The VM (centos in this case) will just configure it's own interface from inside and add the dreaded default route as you already show.

The advantage here is that the proxmox server does not need to know anything about the IP of the guest. The only change is inside the guest to add the default gateway the way ovh wants it (and I might say WTF!... there must be an easier way).

Hope this is useful
OVH has different type of servers.
The instruction in the topic for servers:
High Grade & SCALE ranges

The manual in your message for servers like Advance*

The difference is as follows:
Advance* can have a virtual MAC
High Grade & SCALE ranges - don't have a virtual MAC

Link to the official OVH documentation:
https://support.us.ovhcloud.com/hc/en-us/articles/4408052730387
https://support.us.ovhcloud.com/hc/...Connect-a-VM-to-the-Internet-Using-Proxmox-VE
 
I configured Proxmox VE 7 according to the OVH guide for High Grade & SCALE ranges

It's not much different from the first message, but has a nuance with the bridge.
And I'm using bond instead the bridge. I think, it's more reliable.
So my code is:
/etc/network/interfaces
Code:
auto bond0
iface bond0 inet static
    address 51.xxx.xxx.xxx/32    # dedicated server IP
    gateway 100.xxx.xxx.xxx    # gateway of the dedicated server
    bond-slaves enp193s0f0np0 enp193s0f1np1
    bond-miimon 100
    bond-mode 802.3ad
    post-up echo 1 > /proc/sys/net/ipv4/conf/bond0/proxy_arp
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
#WAN IP (not FO IP)

auto vmbr0
iface vmbr0 inet static
    address 192.168.0.1/32    # LAN for FO IP bridge
    bridge-ports none
    bridge-stp off
    bridge-fd 0
    post-up ip route add 158.xx.xxx.xx/29 dev vmbr0    # subnet of the FO IP
#bridge for FO IP subnet
FO IP - Failover IP
158.xx.xxx.xx/29 - subnet of the FO IP


Below settings for VM side (for example VyOS):
Code:
set interfaces ethernet eth0 address 158.xx.xxx.xx/32
set protocols static route 0.0.0.0/0 next-hop 192.168.0.1 interface eth0
eth0 - network interface connected to the bridge vmbr0 on Proxmox VE. MAC can be by default.
158.xx.xxx.xx/32 - Importantly! The correct subnet for VM is - 255.255.255.255
 
Last edited:
  • Like
Reactions: amstel