4
edits
Changes
Added workaround for persistent veth-devices.
Thus you'll have more convinient configuration, i.e. all routes to VEs will be through this bridge and VEs can communicate with each other even without these routes.
=== Making a veth-device persistent ===
At the moment, it is not possible to have the commands needed for a persistent veth being made automatically be vzctl. A bugreport ( http://bugzilla.openvz.org/show_bug.cgi?id=301 ) has already been made. Until then, here's a way to make the above steps persistent (for a debian based system in this example).
==== Cleaning ${VEID}.conf ====
Open up /etc/vz/conf/VEID.conf and comment out any IP_ADDRESS-entries to prevent a VENET-device from being created in the VE. Add or change the entry CONFIG_CUSTOMIZED="yes".
==== Adding an external script to VE0 ====
Copy and paste the following code into /usr/sbin/vznetaddroute:
<code>
#!/bin/bash
#
# This script adds the appropriate VE0-route for veth-enabled VEs.
# See http://wiki.openvz.org/Virtual_Ethernet_device for more information.
#
# check the VEID
if [ "${VEID}" == 101 ]; then
echo "Adding interface veth101.0 and route 192.168.0.101 for VE101 to VE0"
/sbin/ifconfig veth101.0 0
echo 1 > /proc/sys/net/ipv4/conf/veth101.0/forwarding
echo 1 > /proc/sys/net/ipv4/conf/veth101.0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
/sbin/ip route add 192.168.0.101 dev veth101.0
elsif [ "${VEID}" == 102 ]; then
echo "Adding interface veth102.0 and route 192.168.0.102 for VE101 to VE0"
/sbin/ifconfig veth101.0 0
echo 1 > /proc/sys/net/ipv4/conf/veth102.0/forwarding
echo 1 > /proc/sys/net/ipv4/conf/veth102.0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
/sbin/ip route add 192.168.0.102 dev veth102.0
elsif [ "${VEID}" == YOUR_VE ]; then
# same as above with the vethYOUR_VE.0 device and the appropriate ip
fi
exit
</code>
Add one elsif-section for every veth-enabled VE you'd like to have automatically configured. Remember to run <pre>chmod +x /usr/sbin/vznetaddroute</pre> to make the script executable.
To make vzctl run the script, copy and paste the following line to /etc/vz/vznet.conf:
<code>
#!/bin/bash
EXTERNAL_SCRIPT="/usr/sbin/vznetaddroute"
</code>
The script will now run every time a veth-enabled VE is started.
==== Adding a script to VE ====
Now we're done with VE0, we still need to add a route to the VE itself. So we start up the VE with <pre>vzctl start 101</code>, get into it with <pre>vzctl enter 101</pre> and create a new file /etc/init.d/route-up in the VE with the following content:
<code>
#!/bin/bash
/sbin/ip route add default dev eth0
</code>
Make the script executable with <pre>chmod +x /etc/init.d/route-up</pre> and add it to the runlevels:
<code>
ve101:/# update-rc.d route-up defaults
Adding system startup for /etc/init.d/route-up ...
/etc/rc0.d/K20route-up -> ../init.d/route-up
[...]
</code>
==== Checking ====
Now to see if everything worked, leave the VE with <pre>exit</pre>, stop the VE via <pre>vzctl stop 101</pre> and restart it with <pre>vzctl start 101</pre>. Still in VE0, check the route for the VE:
<code>
ve0:/# ip route ls
192.168.0.101 dev veth101.0 scope link
[...]
ve0:/# ping 192.168.0.101 -c 4 -q
[...]
--- 192.168.0.101 ping statistics ---
4 packets transmitted, 4 recieved, 0% packet loss, time 0ms
</code>
If somethings not working, check the contents of the files we just created or changed. Now get into the VE via <pre>vzctl enter 101</pre> and check the routing there:
<code>
ve101:/# ifconfig
eth0 Link encap:Ethernet HWaddr 00:12:34:56:78:9B
inet addr:192.168.0.101 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:92 errors:0 dropped:0 overruns:0 frame:0
TX packets:94 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6757 (6.5 KiB) TX bytes:10396 (10.1 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ve101:/# ip route ls
default dev eth0 scope link
ve101:/# ping 192.168.0.101 -c 4 -q
[...]
--- 192.168.0.101 ping statistics ---
4 packets transmitted, 4 recieved, 0% packet loss, time 0ms
</code>
If you have problems getting it persistent, please comment.
=== Virtual ethernet devices + VLAN ===
