Switching from Xen-source to proxmox-kvm, couple of questions

  • Thread starter Thread starter rx55
  • Start date Start date
R

rx55

Guest
Hey everyone,

I've managed to find answer to many questions searching this board, however there still a few i can't find.

My host servers are based on 1x 1gbit nic, but i'd like to limit each kvm vm to 100mbit dedicated bandwidth to avoid host connection being congested. For this purpose i suppose i could add rtl8139 virtual-nic for every vm and each will be 100mbit limited then?

I also sometimes gives 10mbit unmetered bandwidth to some vm's, is there a 10mbit virtual-nic in proxmox that can be used for this?

I found some thread here about traffic accouting, and it refers to http://wiki.openvz.org/Traffic_accounting_with_iptables for traffic account using iptables, however this guide is for openvz, but is it also possible for kvm setup (meaning can you count bytes with iptables for kvm vm ip's the same way as with openvz vm ip's)?

Thanks.
 
Hi rx55,

I use the IPtables (quota) method to create a Internet Gateway Virtual Server A.
Then on Virtual Server B,C,D,E,F etc etc i point their default gateway to the IP
of Virtual Server A, and IPtables will keep track of the traffic and or block traffic
based on traffic (data) consumption .

It's independant of virtualization technology.

See http://www.linux-noob.com/forums/index.php?/topic/3036-bandwidth-quotas-using-iptables/

Regards

ronald
 
Last edited by a moderator:
Hey Ronald,

If i understand correctly what you've said, VM A is like virtual router here, and all other VM's traffic goes through VM A?

I suppose, in this setup private IP's are required, e.g. 192.168.0.x between VM A and other VM's?

I'm looking to assign public IP's directly to VM's, should that be possible or not if i go that way you explained?

When thinking on this setup with private ip's, it shouldn't be difficult to accomplish. But if routing of public ip's is case, i guess it's quite complicated, if that's even possible.

Thanks.
 
you should be able to do direct nat, or 1:1 nat meaning that each private IP, will have a matching public IP

i know pfsense can do 1:1 nat but cant remember about the accounting
 
rx55 said:
Hey Ronald,

If i understand correctly what you've said, VM A is like virtual router here, and all other VM's traffic goes through VM A?

I suppose, in this setup private IP's are required, e.g. 192.168.0.x between VM A and other VM's?

I'm looking to assign public IP's directly to VM's, should that be possible or not if i go that way you explained?

When thinking on this setup with private ip's, it shouldn't be difficult to accomplish. But if routing of public ip's is case, i guess it's quite complicated, if that's even possible.

Thanks.
Click to expand...

Not sure that I entirely follow the query.

Yes, Virtual Server A is the Gateway (Router) and all other Virtual Server traffic goes via Server A.

In my test environment I use live (public IP's) on the Virtual Servers, but saying that, it's our own Public IP's and they're all on the same subnet/vlan with the Virtual Gateway.

rH
 
basically you will assign your gateway/router/firewall all the public IP's on its "WAN" interface on its lan interface you will assign a private subnet.

on the router you setup direct nat/1:1 NAT so that for example vm1 with ip 192.168.1.2 gets ip 94.94.94.2 and vm2 with private ip 192.168.1.3 gets ip 94.94.94.3 etc

this means that for all outgoing connections from your VM's they appear to be coming from the correct public IP's then you setup forwarding of the public ip's to the correct internal ip's

the advantage of this is that you then only have to manage 1 firewall and can secure each server individually and then provide ip tables accounting.

1:1 NAT is easy to do with something like pfsense i am not sure about the accounting side though
 
Nice,

Thanks for the detailed response anthonysomerset, will keep it that in mind for our scenario as well :)
 
You must log in or register to reply here.
Top Bottom