[pve-devel] LXC with 2 and more NICs
Detlef Bracker
bracker at 1awww.com
Mon Feb 6 23:41:11 CET 2017
Dear Emmanuel,
I thing so, thats a bug! It can been make better, but I thing so the
developer has more expirience
about the networking and they must test it, is this a bug or not!
So I have make it in Promox 3 for bridges in this following form. This
work with all NICs via same bridge OR
with NICs on diferent bridges (expl. direct and vRack) and the gateway
can been outside of the
block or inside! When I use vRack, then the gateway is by me in the same
block, otherwise I use the gateway from the
host! About this then, I use the IP-Adress with the devisor of the vRack
block, expl. /27 - when I use via IPs in direct mode
over the standard bridge, then I use EVERYTIME /32, equal when the IPs
is one of a block and the host gateway!
(The IPs I have changed here for the example):
IP 0 = 221.12.43.221/32 from IP-Block 221.12.43.220/30 via vmbr0
- Host eth0 (MAC) Host-GW: 65.12.15.254
IP 1 = 218.90.12.136/32 from IP-Block 218.90.12.136/30 via vmbr0 -
Host eth0 (MAC) Host-GW: 65.12.15.254
IP 2 = 218.90.224.89/32 from IP-Block 218.90.224.88/29 via vmbr0 -
Host eth0 (MAC) Host-GW: 65.12.15.254
IP 3 = 98.90.214.206/27 from IP-Block 98.90.214.206/27 via vmbr2
(vRack) - Host eth1 (MAC) Host-IP: without
Script for creating Network-configuration (Script at the bottom):
./vRack_netconfig.sh 899 221.12.43.221 32 65.12.15.254 218.90.12.136 32
65.12.15.254 218.90.224.89 32 65.12.15.254 98.90.214.206 27 98.90.214.222
*------------------------------------*
* vRack - Container-Network-Config *
* Aufruf erfolgt von awos *
* (c) by Detlef Bracker 2015 *
*------------------------------------*
vRack_netconfig.sh CTID IP1 NET1 GW1 IP2 NET2 GW2 IP3 NET3 GW3 IP4 NET4 GW4
IPx = IPv4 oder IPv6
NETx = Net-Devisor
GWx = GWv4 oder GWv6
Beispiel vRack_netconfig.sh 199 146.105.83.57 27 146.105.83.62
create the start file in /etc/pve/openvz/899.start and then a ping from
INSIDE to OUTSIDE and OUTSIDE to INSIDE via all NICs works fine!
When use ping -I use the IP instead of the interface, why it´s works
better! I dont know why!
The routing, I have here created, can been use in diferented linux OS!
But I dont know, thats working in every OS !!!
ping -I 221.12.43.221 8.8.8.8 - ping ok from inside container and from
outside container!
ping -I 218.90.12.136 8.8.8.8 - ping ok from inside container and from
outside container!
ping -I 218.90.224.89 8.8.8.8 - ping ok from inside container and from
outside container!
ping -I 98.90.214.206 8.8.8.8 - ping ok from inside container and from
outside container!
Container - Network-Configuration for Container 199
(/etc/pve/openvz/199.start) - see the 1st parameter for the script!
ip link set eth0 up
ip addr add 221.12.43.221/32 dev eth0
route add 65.12.15.254 eth0
ip route add 221.12.43.221 dev eth0 table 1000
ip route add 0.0.0.0/0 via 65.12.15.254 dev eth0 table 1000
ip rule add from 221.12.43.221 table 1000
ip rule add to 221.12.43.221 table 1000
route add default gw 221.12.43.221 dev eth0
ip link set eth1 up
ip addr add 218.90.12.136/32 dev eth1
route add 65.12.15.254 eth1
ip route add 218.90.12.136 dev eth1 table 1001
ip route add 0.0.0.0/0 via 65.12.15.254 dev eth1 table 1001
ip rule add from 218.90.12.136 table 1001
ip rule add to 218.90.12.136 table 1001
route add default gw 218.90.12.136 dev eth1
ip link set eth2 up
ip addr add 218.90.224.89/32 dev eth2
route add 65.12.15.254 eth2
ip route add 218.90.224.89 dev eth2 table 1002
ip route add 0.0.0.0/0 via 65.12.15.254 dev eth2 table 1002
ip rule add from 218.90.224.89 table 1002
ip rule add to 218.90.224.89 table 1002
route add default gw 218.90.224.89 dev eth2
ip link set eth3 up
ip addr add 98.90.214.206/27 dev eth3
route add 98.90.214.222 eth3
ip route add 98.90.214.206 dev eth3 table 1003
ip route add 0.0.0.0/0 via 98.90.214.222 dev eth3 table 1003
ip rule add from 98.90.214.206 table 1003
ip rule add to 98.90.214.206 table 1003
route add default gw 98.90.214.206 dev eth3
The network interfaces created in GUI via MAC so as normal! eth3 -
Interface in our example via vRack (vmbr2)
ATTENTION:
Before using the script, enter in the container and delete all of
/etc/network/interfaces. The lo device can been in, exmpl:
iface lo inet loopback! Then the stop need long or stop the container
and delete the old configuration in the folder of the
container per default in proxmox 3. :
/etc/vz/private/.../etc/network/interfaces
Ok, here is the script for the host. Copy in a folger expl. /root/scripte
a) Create a temp-Script
b) copy the Temp-Script to the containers - start - script
#!/bin/sh
echo "*------------------------------------*"
echo "* vRack - Container-Network-Config *"
echo "* Aufruf erfolgt von awos *"
echo "* (c) by Detlef Bracker 2015 *"
echo "*------------------------------------*"
# $1 $2 $3 $4 $5 $6 $7 $8 $9 $10 $11
$12 E13
echo "vRack_netconfig.sh CTID IP1 NET1 GW1 IP2 NET2 GW2 IP3 NET3 GW3 IP4
NET4 GW4"
echo "IPx = IPv4 oder IPv6"
echo "NETx = Net-Devisor "
echo "GWx = GWv4 oder GWv6"
echo "Beispiel vRack_netconfig.sh 100 46.105.83.57 27 46.105.83.62"
if [ "$1" ]; then
if [ "$5" ]; then
# Format für mehr als 1 IP mit tables
echo "ip link set eth0 up" > /root/scripte/vRack_container.txt
echo "ip addr add $2/$3 dev eth0" >> /root/scripte/vRack_container.txt
echo "route add $4 eth0" >> /root/scripte/vRack_container.txt
echo "ip route add $2 dev eth0 table 1000" >>
/root/scripte/vRack_container.txt
echo "ip route add 0.0.0.0/0 via $4 dev eth0 table 1000" >>
/root/scripte/vRack_container.txt
echo "ip rule add from $2 table 1000" >>
/root/scripte/vRack_container.txt
echo "ip rule add to $2 table 1000" >>
/root/scripte/vRack_container.txt
echo "route add default gw $2 dev eth0" >>
/root/scripte/vRack_container.txt
echo " " >> /root/scripte/vRack_container.txt
echo "ip link set eth1 up" >> /root/scripte/vRack_container.txt
echo "ip addr add $5/$6 dev eth1" >> /root/scripte/vRack_container.txt
echo "route add $7 eth1" >> /root/scripte/vRack_container.txt
echo "ip route add $5 dev eth1 table 1001" >>
/root/scripte/vRack_container.txt
echo "ip route add 0.0.0.0/0 via $7 dev eth1 table 1001" >>
/root/scripte/vRack_container.txt
echo "ip rule add from $5 table 1001" >>
/root/scripte/vRack_container.txt
echo "ip rule add to $5 table 1001" >>
/root/scripte/vRack_container.txt
echo "route add default gw $5 dev eth1" >>
/root/scripte/vRack_container.txt
if [ "$8" ]; then
# wenn 3 IP vorhanden
echo " " >> /root/scripte/vRack_container.txt
echo "ip link set eth2 up" >> /root/scripte/vRack_container.txt
echo "ip addr add $8/$9 dev eth2" >>
/root/scripte/vRack_container.txt
echo "route add ${10} eth2" >> /root/scripte/vRack_container.txt
echo "ip route add $8 dev eth2 table 1002" >>
/root/scripte/vRack_container.txt
echo "ip route add 0.0.0.0/0 via ${10} dev eth2 table 1002" >>
/root/scripte/vRack_container.txt
echo "ip rule add from $8 table 1002" >>
/root/scripte/vRack_container.txt
echo "ip rule add to $8 table 1002" >>
/root/scripte/vRack_container.txt
echo "route add default gw $8 dev eth2" >>
/root/scripte/vRack_container.txt
fi
if [[ "${11}" ]]; then
# wenn 4 IP vorhanden
echo " " >> /root/scripte/vRack_container.txt
echo "ip link set eth3 up" >> /root/scripte/vRack_container.txt
echo "ip addr add ${11}/${12} dev eth3" >>
/root/scripte/vRack_container.txt
echo "route add ${13} eth3" >> /root/scripte/vRack_container.txt
echo "ip route add ${11} dev eth3 table 1003" >>
/root/scripte/vRack_container.txt
echo "ip route add 0.0.0.0/0 via ${13} dev eth3 table 1003" >>
/root/scripte/vRack_container.txt
echo "ip rule add from ${11} table 1003" >>
/root/scripte/vRack_container.txt
echo "ip rule add to ${11} table 1003" >>
/root/scripte/vRack_container.txt
echo "route add default gw ${11} dev eth3" >>
/root/scripte/vRack_container.txt
fi
else
# normales Format für nur eine IP ohne tables
echo "ip link set eth0 up" > /root/scripte/vRack_container.txt
echo "ip addr add $2/$3 dev eth0" >> /root/scripte/vRack_container.txt
echo "ip route add $2 dev eth0" >> /root/scripte/vRack_container.txt
echo "ip route add default via $4" >>
/root/scripte/vRack_container.txt
fi
cp /root/scripte/vRack_container.txt /etc/pve/openvz/$1.start
Regards
Detlef
Am 06.02.2017 um 18:43 schrieb Emmanuel Kasper:
> On 02/02/2017 10:03 PM, Detlef Bracker wrote:
>> Dear,
>>
>> I thing so, thats a bug!
>>
>> A ping from outside to the LXC-containers to all NICs works fine!
>>
>> A ping from console via the NICs 2-.... is not possible! So, this can
>> been a big problem, when a daemon will send from the NICs 2- ....
>>
>> ping 8.8.8.8 -I eth0 works fine
>> ping 8.8.8.8 -I eth1 Destination Host Unreachable
>> ping 8.8.8.8 -I eth2 Destination Host Unreachable
>> ping 8.8.8.8 -I eth3 Destination Host Unreachable
>>
>> I thing so, the routing is suboptimal! When is interessting, I have a
>> script for a better routing, I use on the old containers via MAC.
> Hi Detlef
> You make from time to time valuable questions or bug reports to this
> list, but it is necessary to end each sentence with a ! exclamation mark
> ? It makes you sound more rude than you probably want to be.
>
> Emmanuel
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20170206/e6007d01/attachment.sig>
More information about the pve-devel
mailing list