There are three address ranges designated as private as per RFC 1918:

* 10.0.0.0 - 10.255.255.255 (10/8 prefix) - (Class A networks that start with 10.)
* 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) - (Class B networks that start with 172.16.)
* 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) - (Class C networks that start with 192.168.1.)

== External links ==

* [[w:Private network]]
* [[http://www.pantz.org/software/tcpip/subnetchart.html|Subnetting chart]]

[[Category:Networking]]

Unrouteable private ip address

2008-06-02T13:16:25Z

Mrjcleaver: Discovered from RFC that 192.168.3.* is indeed unroutable.

DHCP

2008-06-01T15:00:25Z

Mrjcleaver: /* External links */

User talk:Kir

2008-06-01T14:53:21Z

Mrjcleaver:

Hi Kir - thanks for your updates to the [[DHCP]] page. Do you use #openvz on freenode? [[User:Mrjcleaver|Mrjcleaver]] 10:53, 1 June 2008 (EDT)

User talk:Kir

2008-06-01T14:52:57Z

Mrjcleaver: New page: Hi Kir - thanks for your updates to the DHCPD page. Do you use #openvz on freenode? ~~~~

Hi Kir - thanks for your updates to the [[DHCPD]] page. Do you use #openvz on freenode? [[User:Mrjcleaver|Mrjcleaver]] 10:52, 1 June 2008 (EDT)

Talk:DHCP

2008-06-01T14:50:21Z

Mrjcleaver: New page: Note - these instructions are still a work in progress. Try them.

Note - these instructions are still a work in progress.

Try them.

DHCP

2008-06-01T14:48:52Z

Mrjcleaver: /* External links */

DHCP

2008-05-31T22:17:41Z

Mrjcleaver:

Assumes you have set up vzbr0, as described on [[Virtual Ethernet device]]

<pre>
402 vzctl create 144 --ostemplate centos-4-i386-minimal
404 vzctl start 144
405 vzyum 144 install dhcp
408 vzctl set 144 --netif_add eth0 --save
409 brctl show
412 brctl addif vzbr0 veth144.0
413 ifconfig vzbr0
414 cat /proc/sys/net/ipv4/conf/vzbr0/forwarding
415 cat /proc/sys/net/ipv4/conf/vzbr0/proxy_arp
417 echo 1 > /proc/sys/net/ipv4/conf/vzbr0/forwarding
418 echo 1 > /proc/sys/net/ipv4/conf/vzbr0/proxy_arp
</pre>

Instructions largely borrowed from http://oob.freeshell.org/nzwireless/dhcpd.html

== Sample DHCPD.conf ==
<pre>
# Sample /etc/dhcpd.conf

# Set DHCPD to answer requests on the wireless interface

DHCPDARGS=wlan0;

# Set some defaults for lease time and DNS update method
ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;

# Set the subnet mask for the wireless IP network
option subnet-mask 255.255.255.0;

# Set the Broadcast address. This will be 10.x.x.255,
# the "x.x" will depend upon the network assigned to you by NZWireless.
option broadcast-address 10.1.2.255;

# Set the router address, this will be 10.x.x.1, the address
# of your wireless interface WLAN0
option routers 10.1.2.1;

# Set the Name Server address. This will be the same as your WLAN0 address
# because we intend to run DNS on this machine.
option domain-name-servers 10.1.2.1;

# Set the default domain name for clients on this network.
# i.e. the DNS domain assigned to you by your wireless administrator.
option domain-name "simon.akld.nzwireless.org";

# Allocate a network range for dynamic IP addresses to hand out to clients.
# Again, this range will be in 10.x.x.x, depending upon the network allocated
# to you by your wireless administrator.
subnet 10.1.2.0 netmask 255.255.255.0 {
range 10.1.2.10 10.1.2.20;
}
</pre>

<pre>
Host$ cp /etc/sysconfig/network /vz/root/144/etc/sysconfig/network
</pre>

<pre>
vz144$ service dhcpd start
</pre>

References:
* http://www.cpqlinux.com/dhcpd.html - create static ips, debugging etc.
* http://mailman.vyatta.com/pipermail/vyatta-users/2007-September/001858.html - not configured to listen on any interfaces

2008-05-31T17:35:28Z

Mrjcleaver: /* Making a bridged veth-device persistent */

Talk:Virtual Ethernet device

2008-05-31T17:35:12Z

Mrjcleaver: /* Making a bridged veth-device persistent */

Under Common Configurations -> Simple configuration -> Configure devices in VE0, the example shows

<pre>
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
</pre>

being run on the host node, VE0. I don't think this can be correct, because eth0 exists in VE 101, not VE0. {{unsigned|Andrex|01:11, 15 July 2006}}

: This is correct, because we need to enable forwarding on both network interfaces in VE0 (host-node eth0 and veth101.0) to allow the network packets on one network interface (host-node eth0) to be forwarded to another network interface (veth101.0). The same thing with proxy ARP, we need to enable it on host-node eth0 and veth101.0 network interfaces. --[[User:Major|Major]] 08:42, 17 July 2006 (EDT)

==Multiple persistent Veth interfaces==
The script for making a persistent bridge get added to a particular host-bridge on startup VPS/VE, doesn't seem to account for having multiple bridges. I have a bridge to a private lan for administrative functions and a bridge to the public network for inbound connections for services. How might one ensure that the vethVEID.x's are hooked up to the bridges on the host every time the VE is started? --[[User:Btrotter|Btrotter]] 05:34, 17 March 2008 (EDT)

: Please take a look at [[Using private IPs for Hardware Nodes]] and http://vireso.blogspot.com/2008/02/2-veth-with-2-brindges-on-openvz-at.html. There you will find scripts which will help you to manage 2 bridges, and you can simply extend this script to use more then 2 bridges. --[[User:Major|Major]] 15:59, 27 March 2008 (MSK)

==Making a bridged veth-device persistent==

Is this also obsolete, like the section I just deleted [[User:Mrjcleaver|Mrjcleaver]] 13:35, 31 May 2008 (EDT)

2008-05-31T16:48:16Z

Mrjcleaver: Added where numbers come from on confusing example

'''Virtual ethernet device''' is an ethernet-like device which can be used inside a [[VE]]. Unlike
[[venet]] network device, veth device has a MAC address. Due to this, it can be used in configurations, when veth is bridged to ethX or other device and VE user fully sets up his networking himself,
including IPs, gateways etc.

Virtual ethernet device consist of two ethernet devices - one in [[CT0]] and another one
in VE. These devices are connected to each other, so if a packet goes to one
device it will come out from the other device.

== Virtual ethernet device usage ==

=== Kernel module ===
First of all, make sure the <code>vzethdev</code> module is loaded:
<pre>
# lsmod | grep vzeth
vzethdev 8224 0
vzmon 35164 5 vzethdev,vznetdev,vzrst,vzcpt
vzdev 3080 4 vzethdev,vznetdev,vzmon,vzdquota
</pre>

In case it is not loaded, load it:
<pre>
# modprobe vzethdev
</pre>

You might want to add the module to <code>/etc/init.d/vz script</code>, so it will be loaded during startup.

{{Note|since vzctl version 3.0.11, vzethdev is loaded by /etc/init.d/vz}}

=== MAC addresses ===
In the below commands, you should use random MAC addresses. Do not use MAC addresses of real eth devices, because this can lead to collisions.

MAC addresses must be entered in XX:XX:XX:XX:XX:XX format.

There is a utility script available for generating MAC addresses: http://www.easyvmx.com/software/easymac.sh. It is to be used like this:

chmod +x easymac.sh
./easymac.sh -R

=== Adding veth to a VE ===

==== syntax vzctl version < 3.0.14 ====

<pre>
vzctl set <VEID> --veth_add <dev_name>,<dev_addr>,<ve_dev_name>,<ve_dev_addr>
</pre>

Here
* <tt>dev_name</tt> is the ethernet device name that you are creating on the [[CT0|host system]]
* <tt>dev_addr</tt> is its MAC address
* <tt>ve_dev_name</tt> is the corresponding ethernet device name you are creating on the VE
* <tt>ve_dev_addr</tt> is its MAC address

{{Note| that this option is incremental, so devices are added to already existing ones.}}

NB there are no spaces after the commas

Example:

<pre>
vzctl set 101 --veth_add veth101.0,00:12:34:56:78:9A,eth0,00:12:34:56:78:9B --save
</pre>
After executing this command <tt>veth</tt> device will be created for VE 101 and veth configuration will be saved to a VE configuration file.
Host-side ethernet device will have <tt>veth101.0</tt> name and <tt>00:12:34:56:78:9A</tt> MAC address.
VE-side ethernet device will have <tt>eth0</tt> name and <tt>00:12:34:56:78:9B</tt> MAC address.

==== syntax vzctl version >= 3.0.14 ====

Read Update infos about [http://openvz.org/news/updates/vzctl-3.0.14-1 vzctl 3.0.14]

<pre>
vzctl set <VEID> --netif_add <ifname>[,<mac>,<host_ifname>,<host_mac]
</pre>

Here
* <tt>ifname</tt> is the ethernet device name in the VE
* <tt>mac</tt> is its MAC address in the VE
* <tt>host_ifname</tt> is the ethernet device name on the host ([[CT0]])
* <tt>host_mac</tt> is its MAC address on the host ([[CT0]])

{{Note|All parameters except ifname are optional and are automatically generated if not specified.}}

Example:

<pre>
vzctl set 101 --netif_add eth0,00:12:34:56:78:9A,veth101.0,00:12:34:56:78:9B --save
</pre>

=== Removing veth from a VE ===

==== syntax vzctl version < 3.0.14 ====

<pre>
vzctl set <VEID> --veth_del <dev_name>
</pre>
Here <tt>dev_name</tt> is the ethernet device name in the [[CT0|host system]].

Example:
<pre>
vzctl set 101 --veth_del veth101.0 --save
</pre>
After executing this command veth device with host-side ethernet name veth101.0 will be removed from VE 101 and veth configuration will be updated in VE config file.

==== syntax vzctl version >= 3.0.14 ====
<pre>
vzctl set <VEID> --netif_del <dev_name>|all
</pre>

Here
* <code>dev_name</code> is the ethernet device name in the [[VE]].

{{Note|If you want to remove all ethernet devices in VE, use <code>all</code>.}}

Example:

<pre>
vzctl set 101 --netif_del eth0 --save
</pre>

== Common configurations with virtual ethernet devices ==
Module <tt>vzethdev</tt> must be loaded to operate with veth devices.

=== Simple configuration with virtual ethernet device ===

==== Start a VE ====
<pre>
[host-node]# vzctl start 101
</pre>

==== Add veth device to VE ====
<pre>
[host-node] ifconfig eth0
...
HWaddress 00:12:34:56:78:9B
...
</pre>

<pre>
[host-node] easymac.sh -R
00:12:34:56:78:9A
</pre>

<pre>
[host-node]# vzctl set 101 --veth_add veth101.0,00:12:34:56:78:9A,eth0,00:12:34:56:78:9B --save
</pre>

==== Configure devices in CT0 ====
<pre>
[host-node]# ifconfig veth101.0 0
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/veth101.0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/veth101.0/proxy_arp
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
</pre>

==== Configure device in VE ====
<pre>
[host-node]# vzctl enter 101
[ve-101]# /sbin/ifconfig eth0 0
[ve-101]# /sbin/ip addr add 192.168.0.101 dev eth0
[ve-101]# /sbin/ip route add default dev eth0
</pre>

==== Add route in [[CT0]] ====
<pre>
[host-node]# ip route add 192.168.0.101 dev veth101.0
</pre>

=== Virtual ethernet device with IPv6 ===

==== Start [[VE]] ====
<pre>
[host-node]# vzctl start 101
</pre>

==== Add veth device to [[VE]] ====
<pre>
[host-node]# vzctl set 101 --veth_add veth101.0,00:12:34:56:78:9A,eth0,00:12:34:56:78:9B --save
</pre>

==== Configure devices in [[CT0]] ====
<pre>
[host-node]# ifconfig veth101.0 0
[host-node]# echo 1 > /proc/sys/net/ipv6/conf/veth101.0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv6/conf/eth0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
</pre>

==== Configure device in [[VE]] ====
<pre>
[host-node]# vzctl enter 101
[ve-101]# /sbin/ifconfig eth0 0
</pre>

==== Start router advertisement daemon (radvd) for IPv6 in CT0 ====
First you need to edit radvd configuration file. Here is a simple example of <tt>/etc/radv.conf</tt>:
<pre>
interface veth101.0
{
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvHomeAgentFlag off;

prefix 3ffe:2400:0:0::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
};

interface eth0
{
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvHomeAgentFlag off;

prefix 3ffe:0302:0011:0002::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
};
</pre>

Then, start radvd:
<pre>
[host-node]# /etc/init.d/radvd start
</pre>

==== Add IPv6 addresses to devices in [[CT0]] ====
<pre>
[host-node]# ip addr add dev veth101.0 3ffe:2400::212:34ff:fe56:789a/64
[host-node]# ip addr add dev eth0 3ffe:0302:0011:0002:211:22ff:fe33:4455/64
</pre>

=== Virtual ethernet devices can be joined in one bridge ===
Perform steps 1 - 4 from Simple configuration chapter for several containers and/or veth devices

==== Create bridge device ====
<pre>
[host-node]# brctl addbr vzbr0
</pre>

==== Add veth devices to bridge ====
<pre>
[host-node]# brctl addif vzbr0 veth101.0
...
[host-node]# brctl addif vzbr0 veth101.n
[host-node]# brctl addif vzbr0 veth102.0
...
...
[host-node]# brctl addif vzbr0 vethXXX.N
</pre>

==== Configure bridge device ====
<pre>
[host-node]# ifconfig vzbr0 0
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/vzbr0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/vzbr0/proxy_arp
</pre>

==== Add routes in [[CT0]] ====
<pre>
[host-node]# ip route add 192.168.101.1 dev vzbr0
...
[host-node]# ip route add 192.168.101.n dev vzbr0
[host-node]# ip route add 192.168.102.1 dev vzbr0
...
...
[host-node]# ip route add 192.168.XXX.N dev vzbr0
</pre>

Thus you'll have more convinient configuration, i.e. all routes to containers will be through this bridge and containers can communicate with each other even without these routes.

=== Making a veth-device persistent ===

At the moment, it is not possible to have the commands needed for a persistent veth being made automatically be vzctl. A bugreport ( http://bugzilla.openvz.org/show_bug.cgi?id=301 ) has already been made. Until then, here's a way to make the above steps persistent.

1. First, edit the VE's configuration to specify what the veth's IP address(es) should be, and to indicate that a custom script should be run when starting up a VE.
* Open up /etc/vz/conf/VEID.conf
* Comment out any IP_ADDRESS entries to prevent a VENET-device from being created in the VE
* Add or change the entry CONFIG_CUSTOMIZED="yes"
* Add an entry VETH_IP_ADDRESS="<VE IP>" The VE IP can have multiple IPs, separated by spaces

2. Now to create that "custom script". The following helper script will check the configuration file for IP addresses and for the veth interface, and configure the IP routing accordingly. Create the script /usr/sbin/vznetaddroute to have the following, and then <code>chmod 0500 /usr/sbin/vznetaddroute</code> to make it executable.

<pre>
#!/bin/bash
# /usr/sbin/vznetaddroute
# a script to bring up virtual network interfaces (veth's) in a VE

CONFIGFILE=/etc/vz/conf/$VEID.conf
. $CONFIGFILE
VZHOSTIF=`echo $NETIF |sed 's/^.*host_ifname=$.*$,.*$/\1/g'`

if [ ! -n "$VETH_IP_ADDRESS" ]; then
echo "According to $CONFIGFILE VE$VEID has no veth IPs configured."
exit 1
fi

if [ ! -n "$VZHOSTIF" ]; then
echo "According to $CONFIGFILE VE$VEID has no veth interface configured."
exit 1
fi

for IP in $VETH_IP_ADDRESS; do
echo "Adding interface $VZHOSTIF and route $IP for VE$VEID to CT0"
/sbin/ifconfig $VZHOSTIF 0
echo 1 > /proc/sys/net/ipv4/conf/$VZHOSTIF/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/$VZHOSTIF/forwarding
/sbin/ip route add $IP dev $VZHOSTIF
done

exit 0
</pre>

3. Now create /etc/vz/vznet.conf containing the following. This is what defines the "custom script" as being the vznetaddroute which you just created.

<pre>
#!/bin/bash
EXTERNAL_SCRIPT="/usr/sbin/vznetaddroute"
</pre>

4. Of course, the VE's operating system will need to be configured with those IP address(es) as well. Consult the manual for your VE's OS for details.

That's it! At this point, when you restart the VE you should see a new line in the output, indicating that the interface is being configured and a new route being added. And you should be able to ping the host, and to enter the VE and use the network.

=== Making a bridged veth-device persistent ===
Like the above example, here it is how to add the veth device to a bridge in a persistent way. vzctl doesn't offer an automatic function to do this.

1. First, edit the VE's configuration to specify what is the host bridge , and to indicate that a custom script should be run when starting up a VE.
* Open up /etc/vz/conf/VEID.conf
* Comment out any IP_ADDRESS entries to prevent a VENET-device from being created in the VE
* Add or change the entry CONFIG_CUSTOMIZED="yes"
* Add an entry VZHOSTBR="<bridge if>" which is the bridge interface (already configured and up), you want to extend.

2. Now to create that "custom script". The following helper script will check the configuration file for the bridge interface name and for the veth interface, and add the interface to the bridge. Create the script /usr/sbin/vznetaddbr to have the following, and then <code>chmod 0500 /usr/sbin/vznetaddbr</code> to make it executable.

<pre>
#!/bin/bash
# /usr/sbin/vznetaddbr
# a script to add virtual network interfaces (veth's) in a VE to a bridge on CT0

CONFIGFILE=/etc/vz/conf/$VEID.conf
. $CONFIGFILE
VZHOSTIF=`echo $NETIF |sed 's/^.*host_ifname=$.*$,.*$/\1/g'`

if [ ! -n "$VZHOSTIF" ]; then
echo "According to $CONFIGFILE VE$VEID has no veth interface configured."
exit 1
fi

if [ ! -n "$VZHOSTBR" ]; then
echo "According to $CONFIGFILE VE$VEID has no bridge interface configured."
exit 1
fi

echo "Adding interface $VZHOSTIF to bridge $VZHOSTBR on CT0 for VE$VEID"
/sbin/ifconfig $VZHOSTIF 0
echo 1 > /proc/sys/net/ipv4/conf/$VZHOSTIF/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/$VZHOSTIF/forwarding
/usr/sbin/brctl addif $VZHOSTBR $VZHOSTIF

exit 0
</pre>

3. Now create /etc/vz/vznet.conf containing the following. This is what defines the "custom script" as being the vznetaddbr which you just created.

<pre>
#!/bin/bash
EXTERNAL_SCRIPT="/usr/sbin/vznetaddbr"
</pre>

4. Of course, the VE's operating system will need to have . Consult the manual for your VE's OS for details.

When the VE is started, the veth specified in the NETIF value is added to the bridge specified. You can check this by doing <code>brctl show</code>

Inside the VE you can configure the interface statically or using dhcp, as a real interface attached to a switch on the lan.

=== Virtual ethernet devices + VLAN ===
This configuration can be done by adding vlan device to the previous configuration.

== See also ==
* [[Virtual network device]]
* [[Differences between venet and veth]]
* [[Using private IPs for Hardware Nodes]]
* Troubleshooting: [[Bridge doesn't forward packets]]

== External links ==
* [http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/hints-daemons-radvd.html Linux IPv6 HOWTO, a chapter about radvd]
* [http://vireso.blogspot.com/2008/02/2-veth-with-2-brindges-on-openvz-at.html 2 veth with 2 bridges setup]

[[Category: Networking]]
[[Category: HOWTO]]