OpenVZ Virtuozzo Containers Wiki - User contributions [en]

Virtual Ethernet device

2008-07-08T05:36:50Z

Dietmar:

'''Virtual ethernet device''' is an ethernet-like device which can be used inside a [[VE]]. Unlike
[[venet]] network device, veth device has a MAC address. Due to this, it can be used in configurations, when veth is bridged to ethX or other device and VE user fully sets up his networking himself,
including IPs, gateways etc.

Virtual ethernet device consist of two ethernet devices - one in [[CT0]] and another one
in VE. These devices are connected to each other, so if a packet goes to one
device it will come out from the other device.

== Virtual ethernet device usage ==

=== Kernel module ===
First of all, make sure the <code>vzethdev</code> module is loaded:
<pre>
# lsmod | grep vzeth
vzethdev 8224 0
vzmon 35164 5 vzethdev,vznetdev,vzrst,vzcpt
vzdev 3080 4 vzethdev,vznetdev,vzmon,vzdquota
</pre>

In case it is not loaded, load it:
<pre>
# modprobe vzethdev
</pre>

You might want to add the module to <code>/etc/init.d/vz script</code>, so it will be loaded during startup.

{{Note|since vzctl version 3.0.11, vzethdev is loaded by /etc/init.d/vz}}

=== MAC addresses ===
In the below commands, you should use random MAC addresses. Do not use MAC addresses of real eth devices, because this can lead to collisions.

MAC addresses must be entered in XX:XX:XX:XX:XX:XX format.

YOU MAY NOT NEED TO GENERATE MAC ADDRESSES BY HAND BECAUSE vzctl --netif_add MAY GENERATE THEM AUTOMATICALLY AS NECESSARY.

Nevertheless, there is a utility script available for generating MAC addresses: http://www.easyvmx.com/software/easymac.sh. It is to be used like this:

chmod +x easymac.sh
./easymac.sh -R

=== Adding veth to a VE ===

==== syntax vzctl version > 3.0.22 ====

<pre>
vzctl set <VEID> --netif_add <ifname>[,<mac>,<host_ifname>,<host_mac>,<bridge>]
</pre>

Here
* <tt>ifname</tt> is the ethernet device name in the VE
* <tt>mac</tt> is its MAC address in the VE
* <tt>host_ifname</tt> is the ethernet device name on the host ([[CT0]])
* <tt>host_mac</tt> is its MAC address on the host ([[CT0]])
* <tt>bridge</tt> is an optional parameter which can be used in custom network start scripts to automatically add the interface to a bridge.

{{Note|All parameters except ifname are optional and are automatically generated if not specified.}}

Example:

<pre>
vzctl set 101 --netif_add eth0 --save
</pre>

Or, if you want to specify everything:

<pre>
vzctl set 101 --netif_add eth0,00:12:34:56:78:9A,veth101.0,00:12:34:56:78:9B --save
</pre>

Or, if you want to specify the bridge (other values generated):

<pre>
vzctl set 101 --netif_add eth0,,,,vmbr1 --save
</pre>

==== syntax vzctl version >= 3.0.14 ====

Read Update infos about [http://openvz.org/news/updates/vzctl-3.0.14-1 vzctl 3.0.14]

Syntax is the same as above, but without <bridge> parameter.

==== syntax vzctl version < 3.0.14 ====

<pre>
vzctl set <VEID> --veth_add <dev_name>,<dev_addr>,<ve_dev_name>,<ve_dev_addr>
</pre>

Here
* <tt>dev_name</tt> is the ethernet device name that you are creating on the [[CT0|host system]]
* <tt>dev_addr</tt> is its MAC address
* <tt>ve_dev_name</tt> is the corresponding ethernet device name you are creating on the VE
* <tt>ve_dev_addr</tt> is its MAC address

{{Note| that this option is incremental, so devices are added to already existing ones.}}

NB there are no spaces after the commas

Example:
<pre>
[host-node] ifconfig eth0
...
HWaddress 00:12:34:56:78:9B
...
</pre>

<pre>
[host-node] easymac.sh -R
00:12:34:56:78:9A
</pre>

<pre>
vzctl set 101 --veth_add veth101.0,00:12:34:56:78:9A,eth0,00:12:34:56:78:9B --save
</pre>
After executing this command <tt>veth</tt> device will be created for VE 101 and veth configuration will be saved to a VE configuration file.
Host-side ethernet device will have <tt>veth101.0</tt> name and <tt>00:12:34:56:78:9A</tt> MAC address.
VE-side ethernet device will have <tt>eth0</tt> name and <tt>00:12:34:56:78:9B</tt> MAC address.

=== Removing veth from a VE ===

==== syntax vzctl version >= 3.0.14 ====
<pre>
vzctl set <VEID> --netif_del <dev_name>|all
</pre>

Here
* <code>dev_name</code> is the ethernet device name in the [[VE]].

{{Note|If you want to remove all ethernet devices in VE, use <code>all</code>.}}

Example:

<pre>
vzctl set 101 --netif_del eth0 --save
</pre>

==== syntax vzctl version < 3.0.14 ====

<pre>
vzctl set <VEID> --veth_del <dev_name>
</pre>
Here <tt>dev_name</tt> is the ethernet device name in the [[CT0|host system]].

Example:
<pre>
vzctl set 101 --veth_del veth101.0 --save
</pre>
After executing this command veth device with host-side ethernet name veth101.0 will be removed from VE 101 and veth configuration will be updated in VE config file.

== Common configurations with virtual ethernet devices ==
Module <tt>vzethdev</tt> must be loaded to operate with veth devices.

=== Simple configuration with virtual ethernet device ===

==== Start a VE ====
<pre>
[host-node]# vzctl start 101
</pre>

==== Add veth device to VE ====

<pre>
[host-node]# vzctl set 101 --netif_add veth101 --save
</pre>

This allocates a mac address, and associates it with the host eth0 port

==== Configure devices in CT0 ====
<pre>
[host-node]# ifconfig veth101.0 0
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/veth101.0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/veth101.0/proxy_arp
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
</pre>

Notes:
* These files did not exist for me when trying ([[User:Mrjcleaver|Mrjcleaver]] 14:04, 31 May 2008 (EDT))

==== Configure device in VE ====
<pre>
[host-node]# vzctl enter 101
[ve-101]# /sbin/ifconfig eth0 0
[ve-101]# /sbin/ip addr add 192.168.0.101 dev eth0
[ve-101]# /sbin/ip route add default dev eth0
</pre>

Notes:
* Until you ifconfig eth0 it won't appear. When you do it will use the mac address netif_add added earlier
* 192.168.0.101 is chosen to be an [[unrouteable private ip address]]. Where 101 reminds you that it is node 101.
* The "ip route" tells all traffic to head to "device eth0"
* In theory you could [[use dhcpd with OpenVZ]] and dhclient to pick up an DHCP address from your router instead of hardwiring it
** http://openvz.org/pipermail/users/2005-November/000020.html

==== Add route in [[CT0]] ====
<pre>
[host-node]# ip route add 192.168.0.101 dev veth101.0
</pre>

=== Virtual ethernet device with IPv6 ===

==== Start [[VE]] ====
<pre>
[host-node]# vzctl start 101
</pre>

==== Add veth device to [[VE]] ====
<pre>
[host-node]# vzctl set 101 --veth_add veth101.0,00:12:34:56:78:9A,eth0,00:12:34:56:78:9B --save
</pre>

==== Configure devices in [[CT0]] ====
<pre>
[host-node]# ifconfig veth101.0 0
[host-node]# echo 1 > /proc/sys/net/ipv6/conf/veth101.0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv6/conf/eth0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
</pre>

==== Configure device in [[VE]] ====
<pre>
[host-node]# vzctl enter 101
[ve-101]# /sbin/ifconfig eth0 0
</pre>

==== Start router advertisement daemon (radvd) for IPv6 in CT0 ====
First you need to edit radvd configuration file. Here is a simple example of <tt>/etc/radv.conf</tt>:
<pre>
interface veth101.0
{
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvHomeAgentFlag off;

prefix 3ffe:2400:0:0::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
};

interface eth0
{
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvHomeAgentFlag off;

prefix 3ffe:0302:0011:0002::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
};
</pre>

Then, start radvd:
<pre>
[host-node]# /etc/init.d/radvd start
</pre>

==== Add IPv6 addresses to devices in [[CT0]] ====
<pre>
[host-node]# ip addr add dev veth101.0 3ffe:2400::212:34ff:fe56:789a/64
[host-node]# ip addr add dev eth0 3ffe:0302:0011:0002:211:22ff:fe33:4455/64
</pre>

=== Virtual ethernet devices can be joined in one bridge ===
Perform steps 1 - 4 from Simple configuration chapter for several containers and/or veth devices

==== Create bridge device ====
<pre>
[host-node]# brctl addbr vzbr0
</pre>

==== Add veth devices to bridge ====
<pre>
[host-node]# brctl addif vzbr0 veth101.0
...
[host-node]# brctl addif vzbr0 veth101.n
[host-node]# brctl addif vzbr0 veth102.0
...
...
[host-node]# brctl addif vzbr0 vethXXX.N
</pre>

==== Configure bridge device ====
<pre>
[host-node]# ifconfig vzbr0 0
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/vzbr0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/vzbr0/proxy_arp
</pre>

==== Add routes in [[CT0]] ====
<pre>
[host-node]# ip route add 192.168.101.1 dev vzbr0
...
[host-node]# ip route add 192.168.101.n dev vzbr0
[host-node]# ip route add 192.168.102.1 dev vzbr0
...
...
[host-node]# ip route add 192.168.XXX.N dev vzbr0
</pre>

Thus you'll have more convinient configuration, i.e. all routes to containers will be through this bridge and containers can communicate with each other even without these routes.

=== Making a veth-device persistent ===
According to http://bugzilla.openvz.org/show_bug.cgi?id=301 , a bug that stopped the veth device persistent was "Obsoleted now when --veth_add/--veth_del are introduced"

See http://wiki.openvz.org/w/index.php?title=Virtual_Ethernet_device&diff=5990&oldid=5989 for a workaround that used to be described in this section.

That's it! At this point, when you restart the VE you should see a new line in the output, indicating that the interface is being configured and a new route being added. And you should be able to ping the host, and to enter the VE and use the network.

=== Making a bridged veth-device persistent ===

Like the above example, here it is how to add the veth device to a bridge in a persistent way.

==== method for vzctl version > 3.0.22 ====

Newer versions of vzctl includes a 'vznetaddbr' script, which makes use of the new <bridge> parameter of the --netif_add switch.

Just create /etc/vz/vznet.conf containing the following.

<pre>
#!/bin/bash
EXTERNAL_SCRIPT="/usr/sbin/vznetaddbr"
</pre>

The script uses 'vmbr0' as default bridge name when no bridge is specified.

==== method for vzctl version <= 3.0.22 ====

older vzctl doesn't offer an automatic function to do this.

1. First, edit the VE's configuration to specify what is the host bridge , and to indicate that a custom script should be run when starting up a VE.
* Open up /etc/vz/conf/VEID.conf
* Comment out any IP_ADDRESS entries to prevent a VENET-device from being created in the VE
* Add or change the entry CONFIG_CUSTOMIZED="yes"
* Add an entry VZHOSTBR="<bridge if>" which is the bridge interface (already configured and up), you want to extend.

2. Now to create that "custom script". The following helper script will check the configuration file for the bridge interface name and for the veth interface, and add the interface to the bridge. Create the script /usr/sbin/vznetaddbr to have the following, and then <code>chmod 0500 /usr/sbin/vznetaddbr</code> to make it executable.

<pre>
#!/bin/bash
# /usr/sbin/vznetaddbr
# a script to add virtual network interfaces (veth's) in a VE to a bridge on CT0

CONFIGFILE=/etc/vz/conf/$VEID.conf
. $CONFIGFILE
VZHOSTIF=`echo $NETIF |sed 's/^.*host_ifname=$.*$,.*$/\1/g'`

if [ ! -n "$VZHOSTIF" ]; then
echo "According to $CONFIGFILE VE$VEID has no veth interface configured."
exit 1
fi

if [ ! -n "$VZHOSTBR" ]; then
echo "According to $CONFIGFILE VE$VEID has no bridge interface configured."
exit 1
fi

echo "Adding interface $VZHOSTIF to bridge $VZHOSTBR on CT0 for VE$VEID"
/sbin/ifconfig $VZHOSTIF 0
echo 1 > /proc/sys/net/ipv4/conf/$VZHOSTIF/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/$VZHOSTIF/forwarding
/usr/sbin/brctl addif $VZHOSTBR $VZHOSTIF

exit 0
</pre>

3. Now create /etc/vz/vznet.conf containing the following. This is what defines the "custom script" as being the vznetaddbr which you just created.

<pre>
#!/bin/bash
EXTERNAL_SCRIPT="/usr/sbin/vznetaddbr"
</pre>

4. Of course, the VE's operating system will need to have . Consult the manual for your VE's OS for details.

When the VE is started, the veth specified in the NETIF value is added to the bridge specified. You can check this by doing <code>brctl show</code>

Inside the VE you can configure the interface statically or using dhcp, as a real interface attached to a switch on the lan.

=== Virtual ethernet devices + VLAN ===
This configuration can be done by adding vlan device to the previous configuration.

== See also ==
* [[Virtual network device]]
* [[Differences between venet and veth]]
* [[Using private IPs for Hardware Nodes]]
* Troubleshooting: [[Bridge doesn't forward packets]]

== External links ==
* [http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/hints-daemons-radvd.html Linux IPv6 HOWTO, a chapter about radvd]
* [http://vireso.blogspot.com/2008/02/2-veth-with-2-brindges-on-openvz-at.html 2 veth with 2 bridges setup]

[[Category: Networking]]
[[Category: HOWTO]]

Virtual Ethernet device

2008-07-08T05:17:35Z

Dietmar:

'''Virtual ethernet device''' is an ethernet-like device which can be used inside a [[VE]]. Unlike
[[venet]] network device, veth device has a MAC address. Due to this, it can be used in configurations, when veth is bridged to ethX or other device and VE user fully sets up his networking himself,
including IPs, gateways etc.

Virtual ethernet device consist of two ethernet devices - one in [[CT0]] and another one
in VE. These devices are connected to each other, so if a packet goes to one
device it will come out from the other device.

== Virtual ethernet device usage ==

=== Kernel module ===
First of all, make sure the <code>vzethdev</code> module is loaded:
<pre>
# lsmod | grep vzeth
vzethdev 8224 0
vzmon 35164 5 vzethdev,vznetdev,vzrst,vzcpt
vzdev 3080 4 vzethdev,vznetdev,vzmon,vzdquota
</pre>

In case it is not loaded, load it:
<pre>
# modprobe vzethdev
</pre>

You might want to add the module to <code>/etc/init.d/vz script</code>, so it will be loaded during startup.

{{Note|since vzctl version 3.0.11, vzethdev is loaded by /etc/init.d/vz}}

=== MAC addresses ===
In the below commands, you should use random MAC addresses. Do not use MAC addresses of real eth devices, because this can lead to collisions.

MAC addresses must be entered in XX:XX:XX:XX:XX:XX format.

YOU MAY NOT NEED TO GENERATE MAC ADDRESSES BY HAND BECAUSE vzctl --netif_add MAY GENERATE THEM AUTOMATICALLY AS NECESSARY.

Nevertheless, there is a utility script available for generating MAC addresses: http://www.easyvmx.com/software/easymac.sh. It is to be used like this:

chmod +x easymac.sh
./easymac.sh -R

=== Adding veth to a VE ===

==== syntax vzctl version > 3.0.22 ====

<pre>
vzctl set <VEID> --netif_add <ifname>[,<mac>,<host_ifname>,<host_mac>,<bridge>]
</pre>

Here
* <tt>ifname</tt> is the ethernet device name in the VE
* <tt>mac</tt> is its MAC address in the VE
* <tt>host_ifname</tt> is the ethernet device name on the host ([[CT0]])
* <tt>host_mac</tt> is its MAC address on the host ([[CT0]])
* <tt>bridge</tt> is an optional parameter which can be used in custom network start scripts to automatically add the interface to a bridge.

{{Note|All parameters except ifname are optional and are automatically generated if not specified.}}

Example:

<pre>
vzctl set 101 --netif_add eth0 --save
</pre>

Or, if you want to specify everything:

<pre>
vzctl set 101 --netif_add eth0,00:12:34:56:78:9A,veth101.0,00:12:34:56:78:9B --save
</pre>

Or, if you want to specify the bridge (other values generated):

<pre>
vzctl set 101 --netif_add eth0,,,,vmbr1 --save
</pre>

==== syntax vzctl version >= 3.0.14 ====

Read Update infos about [http://openvz.org/news/updates/vzctl-3.0.14-1 vzctl 3.0.14]

Syntax is the same as above, but without <bridge> parameter.

==== syntax vzctl version < 3.0.14 ====

<pre>
vzctl set <VEID> --veth_add <dev_name>,<dev_addr>,<ve_dev_name>,<ve_dev_addr>
</pre>

Here
* <tt>dev_name</tt> is the ethernet device name that you are creating on the [[CT0|host system]]
* <tt>dev_addr</tt> is its MAC address
* <tt>ve_dev_name</tt> is the corresponding ethernet device name you are creating on the VE
* <tt>ve_dev_addr</tt> is its MAC address

{{Note| that this option is incremental, so devices are added to already existing ones.}}

NB there are no spaces after the commas

Example:
<pre>
[host-node] ifconfig eth0
...
HWaddress 00:12:34:56:78:9B
...
</pre>

<pre>
[host-node] easymac.sh -R
00:12:34:56:78:9A
</pre>

<pre>
vzctl set 101 --veth_add veth101.0,00:12:34:56:78:9A,eth0,00:12:34:56:78:9B --save
</pre>
After executing this command <tt>veth</tt> device will be created for VE 101 and veth configuration will be saved to a VE configuration file.
Host-side ethernet device will have <tt>veth101.0</tt> name and <tt>00:12:34:56:78:9A</tt> MAC address.
VE-side ethernet device will have <tt>eth0</tt> name and <tt>00:12:34:56:78:9B</tt> MAC address.

=== Removing veth from a VE ===

==== syntax vzctl version >= 3.0.14 ====
<pre>
vzctl set <VEID> --netif_del <dev_name>|all
</pre>

Here
* <code>dev_name</code> is the ethernet device name in the [[VE]].

{{Note|If you want to remove all ethernet devices in VE, use <code>all</code>.}}

Example:

<pre>
vzctl set 101 --netif_del eth0 --save
</pre>

==== syntax vzctl version < 3.0.14 ====

<pre>
vzctl set <VEID> --veth_del <dev_name>
</pre>
Here <tt>dev_name</tt> is the ethernet device name in the [[CT0|host system]].

Example:
<pre>
vzctl set 101 --veth_del veth101.0 --save
</pre>
After executing this command veth device with host-side ethernet name veth101.0 will be removed from VE 101 and veth configuration will be updated in VE config file.

== Common configurations with virtual ethernet devices ==
Module <tt>vzethdev</tt> must be loaded to operate with veth devices.

=== Simple configuration with virtual ethernet device ===

==== Start a VE ====
<pre>
[host-node]# vzctl start 101
</pre>

==== Add veth device to VE ====

<pre>
[host-node]# vzctl set 101 --netif_add veth101 --save
</pre>

This allocates a mac address, and associates it with the host eth0 port

==== Configure devices in CT0 ====
<pre>
[host-node]# ifconfig veth101.0 0
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/veth101.0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/veth101.0/proxy_arp
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
</pre>

Notes:
* These files did not exist for me when trying ([[User:Mrjcleaver|Mrjcleaver]] 14:04, 31 May 2008 (EDT))

==== Configure device in VE ====
<pre>
[host-node]# vzctl enter 101
[ve-101]# /sbin/ifconfig eth0 0
[ve-101]# /sbin/ip addr add 192.168.0.101 dev eth0
[ve-101]# /sbin/ip route add default dev eth0
</pre>

Notes:
* Until you ifconfig eth0 it won't appear. When you do it will use the mac address netif_add added earlier
* 192.168.0.101 is chosen to be an [[unrouteable private ip address]]. Where 101 reminds you that it is node 101.
* The "ip route" tells all traffic to head to "device eth0"
* In theory you could [[use dhcpd with OpenVZ]] and dhclient to pick up an DHCP address from your router instead of hardwiring it
** http://openvz.org/pipermail/users/2005-November/000020.html

==== Add route in [[CT0]] ====
<pre>
[host-node]# ip route add 192.168.0.101 dev veth101.0
</pre>

=== Virtual ethernet device with IPv6 ===

==== Start [[VE]] ====
<pre>
[host-node]# vzctl start 101
</pre>

==== Add veth device to [[VE]] ====
<pre>
[host-node]# vzctl set 101 --veth_add veth101.0,00:12:34:56:78:9A,eth0,00:12:34:56:78:9B --save
</pre>

==== Configure devices in [[CT0]] ====
<pre>
[host-node]# ifconfig veth101.0 0
[host-node]# echo 1 > /proc/sys/net/ipv6/conf/veth101.0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv6/conf/eth0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
</pre>

==== Configure device in [[VE]] ====
<pre>
[host-node]# vzctl enter 101
[ve-101]# /sbin/ifconfig eth0 0
</pre>

==== Start router advertisement daemon (radvd) for IPv6 in CT0 ====
First you need to edit radvd configuration file. Here is a simple example of <tt>/etc/radv.conf</tt>:
<pre>
interface veth101.0
{
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvHomeAgentFlag off;

prefix 3ffe:2400:0:0::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
};

interface eth0
{
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvHomeAgentFlag off;

prefix 3ffe:0302:0011:0002::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
};
</pre>

Then, start radvd:
<pre>
[host-node]# /etc/init.d/radvd start
</pre>

==== Add IPv6 addresses to devices in [[CT0]] ====
<pre>
[host-node]# ip addr add dev veth101.0 3ffe:2400::212:34ff:fe56:789a/64
[host-node]# ip addr add dev eth0 3ffe:0302:0011:0002:211:22ff:fe33:4455/64
</pre>

=== Virtual ethernet devices can be joined in one bridge ===
Perform steps 1 - 4 from Simple configuration chapter for several containers and/or veth devices

==== Create bridge device ====
<pre>
[host-node]# brctl addbr vzbr0
</pre>

==== Add veth devices to bridge ====
<pre>
[host-node]# brctl addif vzbr0 veth101.0
...
[host-node]# brctl addif vzbr0 veth101.n
[host-node]# brctl addif vzbr0 veth102.0
...
...
[host-node]# brctl addif vzbr0 vethXXX.N
</pre>

==== Configure bridge device ====
<pre>
[host-node]# ifconfig vzbr0 0
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/vzbr0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/vzbr0/proxy_arp
</pre>

==== Add routes in [[CT0]] ====
<pre>
[host-node]# ip route add 192.168.101.1 dev vzbr0
...
[host-node]# ip route add 192.168.101.n dev vzbr0
[host-node]# ip route add 192.168.102.1 dev vzbr0
...
...
[host-node]# ip route add 192.168.XXX.N dev vzbr0
</pre>

Thus you'll have more convinient configuration, i.e. all routes to containers will be through this bridge and containers can communicate with each other even without these routes.

=== Making a veth-device persistent ===
According to http://bugzilla.openvz.org/show_bug.cgi?id=301 , a bug that stopped the veth device persistent was "Obsoleted now when --veth_add/--veth_del are introduced"

See http://wiki.openvz.org/w/index.php?title=Virtual_Ethernet_device&diff=5990&oldid=5989 for a workaround that used to be described in this section.

That's it! At this point, when you restart the VE you should see a new line in the output, indicating that the interface is being configured and a new route being added. And you should be able to ping the host, and to enter the VE and use the network.

=== Making a bridged veth-device persistent ===
Like the above example, here it is how to add the veth device to a bridge in a persistent way. vzctl doesn't offer an automatic function to do this.

1. First, edit the VE's configuration to specify what is the host bridge , and to indicate that a custom script should be run when starting up a VE.
* Open up /etc/vz/conf/VEID.conf
* Comment out any IP_ADDRESS entries to prevent a VENET-device from being created in the VE
* Add or change the entry CONFIG_CUSTOMIZED="yes"
* Add an entry VZHOSTBR="<bridge if>" which is the bridge interface (already configured and up), you want to extend.

2. Now to create that "custom script". The following helper script will check the configuration file for the bridge interface name and for the veth interface, and add the interface to the bridge. Create the script /usr/sbin/vznetaddbr to have the following, and then <code>chmod 0500 /usr/sbin/vznetaddbr</code> to make it executable.

<pre>
#!/bin/bash
# /usr/sbin/vznetaddbr
# a script to add virtual network interfaces (veth's) in a VE to a bridge on CT0

CONFIGFILE=/etc/vz/conf/$VEID.conf
. $CONFIGFILE
VZHOSTIF=`echo $NETIF |sed 's/^.*host_ifname=$.*$,.*$/\1/g'`

if [ ! -n "$VZHOSTIF" ]; then
echo "According to $CONFIGFILE VE$VEID has no veth interface configured."
exit 1
fi

if [ ! -n "$VZHOSTBR" ]; then
echo "According to $CONFIGFILE VE$VEID has no bridge interface configured."
exit 1
fi

echo "Adding interface $VZHOSTIF to bridge $VZHOSTBR on CT0 for VE$VEID"
/sbin/ifconfig $VZHOSTIF 0
echo 1 > /proc/sys/net/ipv4/conf/$VZHOSTIF/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/$VZHOSTIF/forwarding
/usr/sbin/brctl addif $VZHOSTBR $VZHOSTIF

exit 0
</pre>

3. Now create /etc/vz/vznet.conf containing the following. This is what defines the "custom script" as being the vznetaddbr which you just created.

<pre>
#!/bin/bash
EXTERNAL_SCRIPT="/usr/sbin/vznetaddbr"
</pre>

4. Of course, the VE's operating system will need to have . Consult the manual for your VE's OS for details.

When the VE is started, the veth specified in the NETIF value is added to the bridge specified. You can check this by doing <code>brctl show</code>

Inside the VE you can configure the interface statically or using dhcp, as a real interface attached to a switch on the lan.

=== Virtual ethernet devices + VLAN ===
This configuration can be done by adding vlan device to the previous configuration.

== See also ==
* [[Virtual network device]]
* [[Differences between venet and veth]]
* [[Using private IPs for Hardware Nodes]]
* Troubleshooting: [[Bridge doesn't forward packets]]

== External links ==
* [http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/hints-daemons-radvd.html Linux IPv6 HOWTO, a chapter about radvd]
* [http://vireso.blogspot.com/2008/02/2-veth-with-2-brindges-on-openvz-at.html 2 veth with 2 bridges setup]

[[Category: Networking]]
[[Category: HOWTO]]

Backup of a running container with vzdump

2007-07-09T07:30:31Z

Dietmar: /* Installation */

= Vzdump =
Vzdump is an utility to make consistent snapshots of running OpenVZ VEs. It basically creates a tar archive of the VE private area, which also includes the VE configuration files.

There are several ways to provide consistency:

- Stop the VE during backup (very long downtime)

- Use rsync and suspend/resume (minimal downtime)

- Use LVM2 (no downtime)

Vzdump stores the backup on the disk in a single file. This file should go to a tape backup for archiving.

== Download ==
Download vzdump rpm or deb packages from http://download.openvz.org/contrib/utils/vzdump/ or for newest version, check http://www.proxmox.com/cms_proxmox/en/technology/oss-software/openvz/

For rpm based systems:
<pre>wget http://www.proxmox.com/cms_proxmox/cms/upload/vzdump/vzdump-1.0-2.noarch.rpm</pre>

For Debian based systems:
<pre>wget http://www.proxmox.com/cms_proxmox/cms/upload/vzdump/vzdump_1.0-2_all.deb</pre>

== Installation ==
For rpm based systems:
<pre>rpm -i vzdump-1.0-2.noarch.rpm</pre>

For Debian based systems:
<pre>dpkg -i vzdump_1.0-2_all.deb</pre>

== Synopsis ==

<pre>vzdump OPTIONS [--all â <VEID>]

--compress compress dump file (gzip)

--dumpdir DIR store resulting files in DIR

--xdelta create a differential backup using xdelta

--mailto EMAIL send notification mail to EMAIL

--stop stop/start VPS if running

--suspend suspend/resume VPS when running

--snapshot use LVM snapshot when running

--restore FILENAME restore FILENAME
</pre>

= Examples =
Use a running VE, for example install this: http://wiki.openvz.org/Proxmox_Mail_Gateway_in_VE

== Backup ==

Simply dump VE 777 - no snapshot, just archive the VE private area and configuration files to the default dump directory (usually /vz/dump/).

<pre>vzdump 777</pre>

Use rsync and suspend/resume to create a snapshot (minimal downtime).

<pre>vzdump --suspend 777</pre>

Backup all VEs and send notification mails to root.

<pre>vzdump --suspend --all --mailto root</pre>

Use LVM2 to create snapshots (no downtime).

<pre>vzdump --dumpdir /space/backup --snapshot 777</pre>

== Restore ==

Restore above backup to VE 600

<pre>vzdump --restore /space/backup/vzdump-777.tar 600</pre>

[[Category: HOWTO]]

Backup of a running container with vzdump

2007-07-09T07:29:46Z

Dietmar: /* Download */

= Vzdump =
Vzdump is an utility to make consistent snapshots of running OpenVZ VEs. It basically creates a tar archive of the VE private area, which also includes the VE configuration files.

There are several ways to provide consistency:

- Stop the VE during backup (very long downtime)

- Use rsync and suspend/resume (minimal downtime)

- Use LVM2 (no downtime)

Vzdump stores the backup on the disk in a single file. This file should go to a tape backup for archiving.

== Download ==
Download vzdump rpm or deb packages from http://download.openvz.org/contrib/utils/vzdump/ or for newest version, check http://www.proxmox.com/cms_proxmox/en/technology/oss-software/openvz/

For rpm based systems:
<pre>wget http://www.proxmox.com/cms_proxmox/cms/upload/vzdump/vzdump-1.0-2.noarch.rpm</pre>

For Debian based systems:
<pre>wget http://www.proxmox.com/cms_proxmox/cms/upload/vzdump/vzdump_1.0-2_all.deb</pre>

== Installation ==
For rpm based systems:
<pre>rpm -i vzdump-0.4-1.noarch.rpm</pre>

For Debian based systems:
<pre>dpkg -i vzdump_0.4-1_all.deb</pre>

== Synopsis ==

<pre>vzdump OPTIONS [--all â <VEID>]

--compress compress dump file (gzip)

--dumpdir DIR store resulting files in DIR

--xdelta create a differential backup using xdelta

--mailto EMAIL send notification mail to EMAIL

--stop stop/start VPS if running

--suspend suspend/resume VPS when running

--snapshot use LVM snapshot when running

--restore FILENAME restore FILENAME
</pre>

= Examples =
Use a running VE, for example install this: http://wiki.openvz.org/Proxmox_Mail_Gateway_in_VE

== Backup ==

Simply dump VE 777 - no snapshot, just archive the VE private area and configuration files to the default dump directory (usually /vz/dump/).

<pre>vzdump 777</pre>

Use rsync and suspend/resume to create a snapshot (minimal downtime).

<pre>vzdump --suspend 777</pre>

Backup all VEs and send notification mails to root.

<pre>vzdump --suspend --all --mailto root</pre>

Use LVM2 to create snapshots (no downtime).

<pre>vzdump --dumpdir /space/backup --snapshot 777</pre>

== Restore ==

Restore above backup to VE 600

<pre>vzdump --restore /space/backup/vzdump-777.tar 600</pre>

[[Category: HOWTO]]