Difference between revisions of "OVH"
(Update NDP notes and link tot he firewall page.)
(Add link to help.ovh.com)
|Line 91:||Line 91:|
Revision as of 09:44, 6 October 2016
This article describes the OVH specific network settings for Proxmox VE 4.x.
OVH is one of the main Proxmox VE hosting partners and provides ready-to-use Proxmox VE images which allows you to start immediately with the installation and configuration of your virtual machines and containers.
In the OVH network the gateway is usually outside the IP subnet. Therefore routes to the gateways have to be added in order for them to be accessible from within containers or VMs.
Proxmox VE host
If you use the OVH Proxmox VE template the network is preconfigured in a working condition.
The IPv6 network is configured in a similar fashion as described in this article's LXC Container section, and the IPv4 network is configured the way you'd expect, with a /24 subnet. Note, that you should not copy this kind of configuration into a container. OVH suggests using a single addresses with a netmask of 255.255.255.255.
In order to enable IPv6 networking if the firewall is enabled you need to make sure the the neighbor discovery protocol is allowed. For this there's an option in the firewall's options tab. Additionally there's a firewall macro called NeighborDiscovery available in case you wish to move the NDP rules to 'below' some other custom rules.
See the Firewall notes about IPv6 for more information.
If you have a block of IPv4 addresses you can add the IPv4 address just via GUI. But first you need to use the OVH manager to create a virtual OVH mac address for the IPv4 address you want to assign. As soon as the OVH virtual mac is created, you can add this virtual OVH mac and the IPv4 address via the Proxmox VE GUI.
The GUI will add the required route to make the gateway reachable.
Let's for instance assume you have the IPv4 block 22.214.171.124/30. Then your addresses range from 126.96.36.199 to 188.8.131.52. In the OVH network your gateway will always end with an octet of 254, so if your Proxmox VE host main IPv4 is 184.108.40.206, the gateway is 220.127.116.11
Assume we want to assign address 18.104.22.168 to a container, you will get the following. Please note, this is shown in the screenshot.
Inside a Debian container, this creates automatically the following /etc/network/interfaces file:
auto lo iface lo inet loopback
auto eth0 iface eth0 inet static address 22.214.171.124 netmask 255.255.255.255 post-up ip route add 126.96.36.199 dev eth0 post-up ip route add default via 188.8.131.52 pre-down ip route del default via 184.108.40.206 pre-down ip route del 220.127.116.11 dev eth0
Some background info. This is because Debian would refuse to use a gateway that is not part of the network, and with the above configuration the network is assumed to be 18.104.22.168/32, consisting of only this one address. Therefore we need to use post-up commands to first add a route to the gateway via the same interface we're configuring (eth0), then we add the gateway (default route).
With IPv6 the situation is similar, but you cannot assign virtual mac addresses via the OVH GUI to IPv6 addresses. The easiest setup is to just also assign an IPv4 address to the container with a valid MAC, then the configuration works the same as with IPv4. You can use the regular prefix length of 64 (iow. you do not need to use the ipv6 equivalent of a 255.255.255.255 netmask). Other options include using a routed setup with the host as gateway, this is also possible with IPv4 when configured correctly. Or a routed setup with the normal gateway with proxy-ndp. For this you configure the network like you normally would if you had a valid vMAC, but enable proxy_ndp on the two bridges and add the ipv6 gateway to the neighbor proxy table of the routing bridge (vmbr1 in the default OVH proxmox template), and the container's IPv6 address to the neighbor proxy table on the outer bridge (vmbr0 in the default setup).
Assuming the regular setup with a vMAC available, we get a similar result with IPv4, for instance on debian we get the following entry in /etc/network/interfaces:
iface vmbr0 inet6 static address 2001:1234:1234:0123::1 netmask 64 post-up /sbin/ip -f inet6 route add 2001:1234:1234:01ff:ff:ff:ff:ff dev vmbr0 post-up /sbin/ip -f inet6 route add default via 2001:1234:1234:01ff:ff:ff:ff:ff pre-down /sbin/ip -f inet6 route del default via 2001:1234:1234:01ff:ff:ff:ff:ff pre-down /sbin/ip -f inet6 route del 2001:1234:1234:01ff:ff:ff:ff:ff dev vmbr0
The IPv6 gateway address on OVH consists of the first 54 bits of your server's IP address filled it up with "XXff:ff:ff:ff:ff", with XX being the upper byte of the 4th group. (Note that this means that in the case of a number with fewer than 4 digits, for instance 1ab, you need to treat it as if it was padded with zeroes to 4 digits, in this case 01ab, so the XX would be 01.)
Virtual machines (QEMU)
If you have a block of IPv4 addresses you can use them for your virtual machines.
First you need to use the OVH manager to create a virtual mac address for the address you want to assign. Then you can create the virtual machine in the Proxmox VE GUI and assign the generated mac address to your virtual network card.
The network configuration files inside your virtual machine (ie. /etc/network/interfaces on Debian/Ubuntu) are the same as in the above container examples.
The same as for containers.