Difference between revisions of "Virtual Ethernet device"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
(VE -> CT, container; ethernet->Ethernet; some formatting)
Line 1: Line 1:
'''Virtual ethernet device''' is an ethernet-like device which can be used inside a [[VE]]. Unlike
+
'''Virtual Ethernet device''' is an Ethernet-like device which can be used
[[venet]] network device, veth device has a MAC address. Due to this, it can be used in configurations, when veth is bridged to ethX or other device and VE user fully sets up his networking himself,  
+
inside a [[container]]. Unlike [[venet]] network device, veth device
including IPs, gateways etc.
+
has a MAC address, therefore it can be used in configurations, when veth
 +
is bridged to ethX or other device and container's user fully sets up
 +
his networking himself, including IPs, gateways etc.
  
Virtual ethernet device consist of two ethernet devices - one in [[CT0]] and another one  
+
Virtual Ethernet device consist of two Ethernet devices --
in VE. These devices are connected to each other, so if a packet goes to one
+
the one in [[CT0]] and another one in CT. These devices are connected
 +
to each other, so if a packet goes to one
 
device it will come out from the other device.
 
device it will come out from the other device.
  
== Virtual ethernet device usage ==
+
== Virtual Ethernet device usage ==
  
 
=== Kernel module ===
 
=== Kernel module ===
Line 23: Line 26:
 
</pre>
 
</pre>
  
You might want to add the module to <code>/etc/init.d/vz script</code>, so it will be loaded during startup.
+
{{Note|in vzctl < 3.0.11, vzethdev is not autoloaded by <code>/etc/init.d/vz</code> script, so you have to edit it to load this module.}}
 
 
{{Note|since vzctl version 3.0.11, vzethdev is loaded by /etc/init.d/vz}}
 
  
 
=== MAC addresses ===
 
=== MAC addresses ===
Line 32: Line 33:
 
MAC addresses must be entered in XX:XX:XX:XX:XX:XX format.
 
MAC addresses must be entered in XX:XX:XX:XX:XX:XX format.
  
YOU MAY NOT NEED TO GENERATE MAC ADDRESSES BY HAND BECAUSE vzctl --netif_add MAY GENERATE THEM AUTOMATICALLY AS NECESSARY.
+
YOU MAY NOT NEED TO GENERATE MAC ADDRESSES BY HAND BECAUSE vzctl --veth_add
 +
MAY GENERATE THEM AUTOMATICALLY AS NECESSARY.
  
 
Nevertheless, there is a utility script available for generating MAC addresses: http://www.easyvmx.com/software/easymac.sh. It is to be used like this:
 
Nevertheless, there is a utility script available for generating MAC addresses: http://www.easyvmx.com/software/easymac.sh. It is to be used like this:
Line 39: Line 41:
 
  ./easymac.sh -R
 
  ./easymac.sh -R
  
=== Adding veth to a VE ===
+
=== Adding veth to a CT ===
  
 
==== syntax vzctl version > 3.0.22 ====
 
==== syntax vzctl version > 3.0.22 ====
  
<pre>
+
vzctl set <CTID> --netif_add <ifname>[,<mac>,<host_ifname>,<host_mac>,<bridge>]
vzctl set <VEID> --netif_add <ifname>[,<mac>,<host_ifname>,<host_mac>,<bridge>]
 
</pre>
 
  
 
Here
 
Here
* <tt>ifname</tt> is the ethernet device name in the VE
+
* <tt>ifname</tt> is the Ethernet device name in the CT
* <tt>mac</tt> is its MAC address in the VE
+
* <tt>mac</tt> is its MAC address in the CT
* <tt>host_ifname</tt>  is the ethernet device name on the host ([[CT0]])
+
* <tt>host_ifname</tt>  is the Ethernet device name on the host ([[CT0]])
 
* <tt>host_mac</tt> is its MAC address on the host ([[CT0]])
 
* <tt>host_mac</tt> is its MAC address on the host ([[CT0]])
 
* <tt>bridge</tt> is an optional parameter which can be used in custom network start scripts to automatically add  the interface to a bridge.
 
* <tt>bridge</tt> is an optional parameter which can be used in custom network start scripts to automatically add  the interface to a bridge.
  
{{Note|All parameters except ifname are optional and are automatically generated if not specified.}}
+
{{Note|All parameters except <code>ifname</code> are optional and are automatically generated if not specified.}}
  
 
Example:
 
Example:
  
<pre>
+
vzctl set 101 --netif_add eth0 --save
vzctl set 101 --netif_add eth0 --save
 
</pre>
 
  
 
Or, if you want to specify everything:
 
Or, if you want to specify everything:
  
<pre>
+
vzctl set 101 --netif_add eth0,00:12:34:56:78:9A,veth101.0,00:12:34:56:78:9B --save
vzctl set 101 --netif_add eth0,00:12:34:56:78:9A,veth101.0,00:12:34:56:78:9B --save
 
</pre>
 
  
Or, if you want to specify the bridge (other values generated):
+
Or, if you want to specify the bridge and leave the other values autogenerated:
  
<pre>
+
vzctl set 101 --netif_add eth0,,,,vmbr1 --save
vzctl set 101 --netif_add eth0,,,,vmbr1 --save
 
</pre>
 
  
 
==== syntax vzctl version >= 3.0.14 ====
 
==== syntax vzctl version >= 3.0.14 ====
  
Read Update infos about [http://openvz.org/news/updates/vzctl-3.0.14-1 vzctl 3.0.14]
+
Syntax is the same as above, but without a <bridge> parameter.
  
Syntax is the same as above, but without <bridge> parameter.
+
==== syntax vzctl version < 3.0.14 ====
  
==== syntax vzctl version < 3.0.14 ====
+
vzctl set <CTID> --veth_add <dev_name>,<dev_addr>,<ve_dev_name>,<ve_dev_addr>
  
<pre>
 
vzctl set <VEID> --veth_add <dev_name>,<dev_addr>,<ve_dev_name>,<ve_dev_addr>
 
</pre>
 
  
 
Here  
 
Here  
* <tt>dev_name</tt> is the ethernet device name that you are creating on the [[CT0|host system]]
+
* <tt>dev_name</tt> is the Ethernet device name that you are creating on the [[CT0|host system]]
 
* <tt>dev_addr</tt> is its MAC address
 
* <tt>dev_addr</tt> is its MAC address
* <tt>ve_dev_name</tt> is the corresponding ethernet device name you are creating on the VE
+
* <tt>ve_dev_name</tt> is the corresponding Ethernet device name you are creating on the CT
 
* <tt>ve_dev_addr</tt> is its MAC address
 
* <tt>ve_dev_addr</tt> is its MAC address
  
{{Note| that this option is incremental, so devices are added to already existing ones.}}
+
{{Note|this option is incremental, so devices are added to already existing ones.}}
  
NB there are no spaces after the commas
+
NB there should no spaces after the commas.
  
 
Example:
 
Example:
Line 104: Line 95:
 
</pre>
 
</pre>
  
<pre>
+
[host-node] easymac.sh -R
[host-node] easymac.sh -R
+
00:12:34:56:78:9A
00:12:34:56:78:9A
+
 
</pre>
+
vzctl set 101 --veth_add veth101.0,00:12:34:56:78:9A,eth0,00:12:34:56:78:9B --save
  
<pre>
+
After executing this command <tt>veth</tt> device will be created for CT 101 and veth configuration will be saved to a CT configuration file.
vzctl set 101 --veth_add veth101.0,00:12:34:56:78:9A,eth0,00:12:34:56:78:9B --save
+
Host-side Ethernet device will have <tt>veth101.0</tt> name and <tt>00:12:34:56:78:9A</tt> MAC address.
</pre>
+
CT-side Ethernet device will have <tt>eth0</tt> name and <tt>00:12:34:56:78:9B</tt> MAC address.
After executing this command <tt>veth</tt> device will be created for VE 101 and veth configuration will be saved to a VE configuration file.
 
Host-side ethernet device will have <tt>veth101.0</tt> name and <tt>00:12:34:56:78:9A</tt> MAC address.
 
VE-side ethernet device will have <tt>eth0</tt> name and <tt>00:12:34:56:78:9B</tt> MAC address.
 
  
=== Removing veth from a VE ===
+
=== Removing veth from a CT ===
  
 
==== syntax vzctl version >= 3.0.14 ====
 
==== syntax vzctl version >= 3.0.14 ====
<pre>
+
 
vzctl set <VEID> --netif_del <dev_name>|all
+
vzctl set <CTID> --netif_del <dev_name>|all
</pre>
 
  
 
Here
 
Here
* <code>dev_name</code> is the ethernet device name in the [[VE]].
+
* <code>dev_name</code> is the Ethernet device name in the [[CT]].
  
{{Note|If you want to remove all ethernet devices in VE, use <code>all</code>.}}
+
{{Note|If you want to remove all Ethernet devices in CT, use <code>all</code>.}}
  
 
Example:
 
Example:
  
<pre>
+
vzctl set 101 --netif_del eth0 --save
vzctl set 101 --netif_del eth0 --save
 
</pre>
 
  
 +
==== syntax vzctl version < 3.0.14 ====
  
==== syntax vzctl version < 3.0.14 ====
+
vzctl set <CTID> --veth_del <dev_name>
  
<pre>
+
Here <tt>dev_name</tt> is the Ethernet device name in the [[CT0|host system]].
vzctl set <VEID> --veth_del <dev_name>
 
</pre>
 
Here <tt>dev_name</tt> is the ethernet device name in the [[CT0|host system]].
 
  
 
Example:
 
Example:
<pre>
 
vzctl set 101 --veth_del veth101.0 --save
 
</pre>
 
After executing this command veth device with host-side ethernet name veth101.0 will be removed from VE 101 and veth configuration will be updated in VE config file.
 
  
 +
vzctl set 101 --veth_del veth101.0 --save
 +
 +
After executing this command veth device with host-side Ethernet name
 +
<code>veth101.0</code> will be removed from CT101 and veth configuration
 +
will be updated in CT config file.
  
== Common configurations with virtual ethernet devices ==
+
== Common configurations with virtual Ethernet devices ==
 
Module <tt>vzethdev</tt> must be loaded to operate with veth devices.
 
Module <tt>vzethdev</tt> must be loaded to operate with veth devices.
  
=== Simple configuration with virtual ethernet device ===
+
=== Simple configuration with virtual Ethernet device ===
 +
 
 +
==== Start a CT ====
 +
 
 +
[host-node]# vzctl start 101
  
==== Start a VE ====
 
<pre>
 
[host-node]# vzctl start 101
 
</pre>
 
  
==== Add veth device to VE ====
+
==== Add veth device to CT ====
  
<pre>
+
[host-node]# vzctl set 101 --netif_add veth101 --save
[host-node]# vzctl set 101 --netif_add veth101 --save
 
</pre>
 
  
This allocates a mac address, and associates it with the host eth0 port
+
This allocates a MAC address and associates it with the host eth0 port.
  
 
==== Configure devices in CT0 ====
 
==== Configure devices in CT0 ====
Line 179: Line 161:
 
* These files did not exist for me when trying ([[User:Mrjcleaver|Mrjcleaver]] 14:04, 31 May 2008 (EDT))
 
* These files did not exist for me when trying ([[User:Mrjcleaver|Mrjcleaver]] 14:04, 31 May 2008 (EDT))
  
==== Configure device in VE ====
+
==== Configure device in CT ====
 
<pre>
 
<pre>
 
[host-node]# vzctl enter 101
 
[host-node]# vzctl enter 101
Line 195: Line 177:
  
 
==== Add route in [[CT0]] ====
 
==== Add route in [[CT0]] ====
<pre>
 
[host-node]# ip route add 192.168.0.101 dev veth101.0
 
</pre>
 
  
=== Virtual ethernet device with IPv6 ===
+
[host-node]# ip route add 192.168.0.101 dev veth101.0
 +
 
 +
 
 +
=== Virtual Ethernet device with IPv6 ===
 +
 
 +
==== Start a [[CT]] ====
 +
 
 +
[host-node]# vzctl start 101
 +
 
 +
==== Add veth device to the [[CT]] ====
 +
 
 +
[host-node]# vzctl set 101 --veth_add veth101.0,00:12:34:56:78:9A,eth0,00:12:34:56:78:9B --save
  
==== Start [[VE]] ====
+
==== Configure devices in the [[CT0]] ====
<pre>
 
[host-node]# vzctl start 101
 
</pre>
 
  
==== Add veth device to [[VE]] ====
+
[host-node]# ifconfig veth101.0 0
<pre>
+
[host-node]# echo 1 > /proc/sys/net/ipv6/conf/veth101.0/forwarding
[host-node]# vzctl set 101 --veth_add veth101.0,00:12:34:56:78:9A,eth0,00:12:34:56:78:9B --save
+
[host-node]# echo 1 > /proc/sys/net/ipv6/conf/eth0/forwarding
</pre>
+
[host-node]# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
  
==== Configure devices in [[CT0]] ====
+
==== Configure device in [[CT]] ====
<pre>
 
[host-node]# ifconfig veth101.0 0
 
[host-node]# echo 1 > /proc/sys/net/ipv6/conf/veth101.0/forwarding
 
[host-node]# echo 1 > /proc/sys/net/ipv6/conf/eth0/forwarding
 
[host-node]# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
 
</pre>
 
  
==== Configure device in [[VE]] ====
+
[host-node]# vzctl enter 101
<pre>
+
[ve-101]# /sbin/ifconfig eth0 0
[host-node]# vzctl enter 101
 
[ve-101]# /sbin/ifconfig eth0 0
 
</pre>
 
  
 
==== Start router advertisement daemon (radvd) for IPv6 in CT0 ====
 
==== Start router advertisement daemon (radvd) for IPv6 in CT0 ====
Line 260: Line 238:
  
 
Then, start radvd:
 
Then, start radvd:
<pre>
+
 
[host-node]# /etc/init.d/radvd start
+
[host-node]# /etc/init.d/radvd start
</pre>
+
 
  
 
==== Add IPv6 addresses to devices in [[CT0]] ====
 
==== Add IPv6 addresses to devices in [[CT0]] ====
Line 270: Line 248:
 
</pre>
 
</pre>
  
=== Virtual ethernet devices can be joined in one bridge ===
+
=== Virtual Ethernet devices can be joined in one bridge ===
 
Perform steps 1 - 4 from Simple configuration chapter for several containers and/or veth devices
 
Perform steps 1 - 4 from Simple configuration chapter for several containers and/or veth devices
  
Line 317: Line 295:
 
See http://wiki.openvz.org/w/index.php?title=Virtual_Ethernet_device&diff=5990&oldid=5989 for a workaround that used to be described in this section.
 
See http://wiki.openvz.org/w/index.php?title=Virtual_Ethernet_device&diff=5990&oldid=5989 for a workaround that used to be described in this section.
  
That's it! At this point, when you restart the VE you should see a new line in the output, indicating that the interface is being configured and a new route being added. And you should be able to ping the host, and to enter the VE and use the network.
+
That's it! At this point, when you restart the CT you should see a new line in the output, indicating that the interface is being configured and a new route being added. And you should be able to ping the host, and to enter the CT and use the network.
  
 
=== Making a bridged veth-device persistent ===
 
=== Making a bridged veth-device persistent ===
Line 340: Line 318:
 
older vzctl doesn't offer an automatic function to do this.
 
older vzctl doesn't offer an automatic function to do this.
  
1. First, edit the VE's configuration to specify what is the host bridge , and to indicate that a custom script should be run when starting up a VE.
+
1. First, edit the CT's configuration to specify what is the host bridge , and to indicate that a custom script should be run when starting up a CT.
* Open up /etc/vz/conf/VEID.conf
+
* Open up /etc/vz/conf/CTID.conf
* Comment out any IP_ADDRESS entries to prevent a VENET-device from being created in the VE
+
* Comment out any IP_ADDRESS entries to prevent a CTNET-device from being created in the CT
 
* Add or change the entry CONFIG_CUSTOMIZED="yes"
 
* Add or change the entry CONFIG_CUSTOMIZED="yes"
 
* Add an entry VZHOSTBR="<bridge if>" which is the bridge interface (already configured and up), you want to extend.
 
* Add an entry VZHOSTBR="<bridge if>" which is the bridge interface (already configured and up), you want to extend.
Line 351: Line 329:
 
#!/bin/bash
 
#!/bin/bash
 
# /usr/sbin/vznetaddbr
 
# /usr/sbin/vznetaddbr
# a script to add virtual network interfaces (veth's) in a VE to a bridge on CT0
+
# a script to add virtual network interfaces (veth's) in a CT to a bridge on CT0
  
CONFIGFILE=/etc/vz/conf/$VEID.conf
+
CONFIGFILE=/etc/vz/conf/$CTID.conf
 
. $CONFIGFILE
 
. $CONFIGFILE
 
VZHOSTIF=`echo $NETIF |sed 's/^.*host_ifname=\(.*\),.*$/\1/g'`
 
VZHOSTIF=`echo $NETIF |sed 's/^.*host_ifname=\(.*\),.*$/\1/g'`
  
 
if [ ! -n "$VZHOSTIF" ]; then
 
if [ ! -n "$VZHOSTIF" ]; then
   echo "According to $CONFIGFILE VE$VEID has no veth interface configured."
+
   echo "According to $CONFIGFILE CT$CTID has no veth interface configured."
 
   exit 1
 
   exit 1
 
fi
 
fi
  
 
if [ ! -n "$VZHOSTBR" ]; then
 
if [ ! -n "$VZHOSTBR" ]; then
   echo "According to $CONFIGFILE VE$VEID has no bridge interface configured."
+
   echo "According to $CONFIGFILE CT$CTID has no bridge interface configured."
 
   exit 1
 
   exit 1
 
fi
 
fi
  
echo "Adding interface $VZHOSTIF to bridge $VZHOSTBR on CT0 for VE$VEID"
+
echo "Adding interface $VZHOSTIF to bridge $VZHOSTBR on CT0 for CT$CTID"
 
/sbin/ifconfig $VZHOSTIF 0
 
/sbin/ifconfig $VZHOSTIF 0
 
echo 1 > /proc/sys/net/ipv4/conf/$VZHOSTIF/proxy_arp
 
echo 1 > /proc/sys/net/ipv4/conf/$VZHOSTIF/proxy_arp
Line 383: Line 361:
 
</pre>
 
</pre>
  
4. Of course, the VE's operating system will need to have . Consult the manual for your VE's OS for details.
+
4. Of course, the CT's operating system will need to have . Consult the manual for your CT's OS for details.
  
When the VE is started, the veth specified in the NETIF value is added to the bridge specified. You can check this by doing <code>brctl show</code>
+
When the CT is started, the veth specified in the NETIF value is added to the bridge specified. You can check this by doing <code>brctl show</code>
  
Inside the VE you can configure the interface statically or using dhcp, as a real interface attached to a switch on the lan.
+
Inside the CT you can configure the interface statically or using dhcp, as a real interface attached to a switch on the lan.
  
=== Virtual ethernet devices + VLAN ===
+
=== Virtual Ethernet devices + VLAN ===
 
This configuration can be done by adding vlan device to the previous configuration.
 
This configuration can be done by adding vlan device to the previous configuration.
  

Revision as of 16:39, 10 July 2008

Virtual Ethernet device is an Ethernet-like device which can be used inside a container. Unlike venet network device, veth device has a MAC address, therefore it can be used in configurations, when veth is bridged to ethX or other device and container's user fully sets up his networking himself, including IPs, gateways etc.

Virtual Ethernet device consist of two Ethernet devices -- the one in CT0 and another one in CT. These devices are connected to each other, so if a packet goes to one device it will come out from the other device.

Virtual Ethernet device usage

Kernel module

First of all, make sure the vzethdev module is loaded: 

# lsmod | grep vzeth
vzethdev                8224  0
vzmon                  35164  5 vzethdev,vznetdev,vzrst,vzcpt
vzdev                   3080  4 vzethdev,vznetdev,vzmon,vzdquota

In case it is not loaded, load it: 

# modprobe vzethdev
Yellowpin.svg Note: in vzctl < 3.0.11, vzethdev is not autoloaded by /etc/init.d/vz script, so you have to edit it to load this module.

MAC addresses

In the below commands, you should use random MAC addresses. Do not use MAC addresses of real eth devices, because this can lead to collisions.

MAC addresses must be entered in XX:XX:XX:XX:XX:XX format.

YOU MAY NOT NEED TO GENERATE MAC ADDRESSES BY HAND BECAUSE vzctl --veth_add MAY GENERATE THEM AUTOMATICALLY AS NECESSARY.

Nevertheless, there is a utility script available for generating MAC addresses: http://www.easyvmx.com/software/easymac.sh. It is to be used like this: 

chmod +x easymac.sh
./easymac.sh -R

Adding veth to a CT

syntax vzctl version > 3.0.22

vzctl set <CTID> --netif_add <ifname>[,<mac>,<host_ifname>,<host_mac>,<bridge>]

Here

  • ifname is the Ethernet device name in the CT
  • mac is its MAC address in the CT
  • host_ifname is the Ethernet device name on the host (CT0)
  • host_mac is its MAC address on the host (CT0)
  • bridge is an optional parameter which can be used in custom network start scripts to automatically add the interface to a bridge.
Yellowpin.svg Note: All parameters except ifname are optional and are automatically generated if not specified.

Example: 

vzctl set 101 --netif_add eth0 --save

Or, if you want to specify everything: 

vzctl set 101 --netif_add eth0,00:12:34:56:78:9A,veth101.0,00:12:34:56:78:9B --save

Or, if you want to specify the bridge and leave the other values autogenerated: 

vzctl set 101 --netif_add eth0,,,,vmbr1 --save

syntax vzctl version >= 3.0.14

Syntax is the same as above, but without a <bridge> parameter.

syntax vzctl version < 3.0.14

vzctl set <CTID> --veth_add <dev_name>,<dev_addr>,<ve_dev_name>,<ve_dev_addr>


Here

  • dev_name is the Ethernet device name that you are creating on the host system
  • dev_addr is its MAC address
  • ve_dev_name is the corresponding Ethernet device name you are creating on the CT
  • ve_dev_addr is its MAC address
Yellowpin.svg Note: this option is incremental, so devices are added to already existing ones.

NB there should no spaces after the commas.

Example: 

[host-node] ifconfig eth0
...
HWaddress 00:12:34:56:78:9B
...

[host-node] easymac.sh -R
00:12:34:56:78:9A

vzctl set 101 --veth_add veth101.0,00:12:34:56:78:9A,eth0,00:12:34:56:78:9B --save

After executing this command veth device will be created for CT 101 and veth configuration will be saved to a CT configuration file. Host-side Ethernet device will have veth101.0 name and 00:12:34:56:78:9A MAC address. CT-side Ethernet device will have eth0 name and 00:12:34:56:78:9B MAC address.

Removing veth from a CT

syntax vzctl version >= 3.0.14

vzctl set <CTID> --netif_del <dev_name>|all

Here

  • dev_name is the Ethernet device name in the CT.
Yellowpin.svg Note: If you want to remove all Ethernet devices in CT, use all.

Example: 

vzctl set 101 --netif_del eth0 --save

syntax vzctl version < 3.0.14

vzctl set <CTID> --veth_del <dev_name>

Here dev_name is the Ethernet device name in the host system.

Example: 

vzctl set 101 --veth_del veth101.0 --save

After executing this command veth device with host-side Ethernet name veth101.0 will be removed from CT101 and veth configuration will be updated in CT config file.

Common configurations with virtual Ethernet devices

Module vzethdev must be loaded to operate with veth devices.

Simple configuration with virtual Ethernet device

Start a CT

[host-node]# vzctl start 101


Add veth device to CT

[host-node]# vzctl set 101 --netif_add veth101 --save

This allocates a MAC address and associates it with the host eth0 port.

Configure devices in CT0

[host-node]# ifconfig veth101.0 0
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/veth101.0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/veth101.0/proxy_arp
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

Notes:

  • These files did not exist for me when trying (Mrjcleaver 14:04, 31 May 2008 (EDT))

Configure device in CT

[host-node]# vzctl enter 101
[ve-101]# /sbin/ifconfig eth0 0
[ve-101]# /sbin/ip addr add 192.168.0.101 dev eth0
[ve-101]# /sbin/ip route add default dev eth0

Notes:

Add route in CT0

[host-node]# ip route add 192.168.0.101 dev veth101.0


Virtual Ethernet device with IPv6

Start a CT

[host-node]# vzctl start 101

Add veth device to the CT

[host-node]# vzctl set 101 --veth_add veth101.0,00:12:34:56:78:9A,eth0,00:12:34:56:78:9B --save

Configure devices in the CT0

[host-node]# ifconfig veth101.0 0
[host-node]# echo 1 > /proc/sys/net/ipv6/conf/veth101.0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv6/conf/eth0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

Configure device in CT

[host-node]# vzctl enter 101
[ve-101]# /sbin/ifconfig eth0 0

Start router advertisement daemon (radvd) for IPv6 in CT0

First you need to edit radvd configuration file. Here is a simple example of /etc/radv.conf: 

interface veth101.0
{
        AdvSendAdvert on;
        MinRtrAdvInterval 3;
        MaxRtrAdvInterval 10;
        AdvHomeAgentFlag off;

        prefix 3ffe:2400:0:0::/64
        {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
        };
};

interface eth0
{
        AdvSendAdvert on;
        MinRtrAdvInterval 3;
        MaxRtrAdvInterval 10;
        AdvHomeAgentFlag off;

        prefix 3ffe:0302:0011:0002::/64
        {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
        };
};

Then, start radvd: 

[host-node]# /etc/init.d/radvd start


Add IPv6 addresses to devices in CT0

[host-node]# ip addr add dev veth101.0 3ffe:2400::212:34ff:fe56:789a/64
[host-node]# ip addr add dev eth0 3ffe:0302:0011:0002:211:22ff:fe33:4455/64

Virtual Ethernet devices can be joined in one bridge

Perform steps 1 - 4 from Simple configuration chapter for several containers and/or veth devices

Create bridge device

[host-node]# brctl addbr vzbr0

Add veth devices to bridge

[host-node]# brctl addif vzbr0 veth101.0
...
[host-node]# brctl addif vzbr0 veth101.n
[host-node]# brctl addif vzbr0 veth102.0
...
...
[host-node]# brctl addif vzbr0 vethXXX.N

Configure bridge device

[host-node]# ifconfig vzbr0 0
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/vzbr0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/vzbr0/proxy_arp

Add routes in CT0

[host-node]# ip route add 192.168.101.1 dev vzbr0
...
[host-node]# ip route add 192.168.101.n dev vzbr0
[host-node]# ip route add 192.168.102.1 dev vzbr0
...
...
[host-node]# ip route add 192.168.XXX.N dev vzbr0

Thus you'll have more convinient configuration, i.e. all routes to containers will be through this bridge and containers can communicate with each other even without these routes.



Making a veth-device persistent

According to http://bugzilla.openvz.org/show_bug.cgi?id=301 , a bug that stopped the veth device persistent was "Obsoleted now when --veth_add/--veth_del are introduced"

See http://wiki.openvz.org/w/index.php?title=Virtual_Ethernet_device&diff=5990&oldid=5989 for a workaround that used to be described in this section.

That's it! At this point, when you restart the CT you should see a new line in the output, indicating that the interface is being configured and a new route being added. And you should be able to ping the host, and to enter the CT and use the network.

Making a bridged veth-device persistent

Like the above example, here it is how to add the veth device to a bridge in a persistent way.

method for vzctl version > 3.0.22

Newer versions of vzctl includes a 'vznetaddbr' script, which makes use of the new <bridge> parameter of the --netif_add switch.

Just create /etc/vz/vznet.conf containing the following. 

#!/bin/bash
EXTERNAL_SCRIPT="/usr/sbin/vznetaddbr"

The script uses 'vmbr0' as default bridge name when no bridge is specified.

method for vzctl version <= 3.0.22

older vzctl doesn't offer an automatic function to do this.

1. First, edit the CT's configuration to specify what is the host bridge , and to indicate that a custom script should be run when starting up a CT.

  • Open up /etc/vz/conf/CTID.conf
  • Comment out any IP_ADDRESS entries to prevent a CTNET-device from being created in the CT
  • Add or change the entry CONFIG_CUSTOMIZED="yes"
  • Add an entry VZHOSTBR="<bridge if>" which is the bridge interface (already configured and up), you want to extend.

2. Now to create that "custom script". The following helper script will check the configuration file for the bridge interface name and for the veth interface, and add the interface to the bridge. Create the script /usr/sbin/vznetaddbr to have the following, and then chmod 0500 /usr/sbin/vznetaddbr to make it executable. 

#!/bin/bash
# /usr/sbin/vznetaddbr
# a script to add virtual network interfaces (veth's) in a CT to a bridge on CT0

CONFIGFILE=/etc/vz/conf/$CTID.conf
. $CONFIGFILE
VZHOSTIF=`echo $NETIF |sed 's/^.*host_ifname=\(.*\),.*$/\1/g'`

if [ ! -n "$VZHOSTIF" ]; then
   echo "According to $CONFIGFILE CT$CTID has no veth interface configured."
   exit 1
fi

if [ ! -n "$VZHOSTBR" ]; then
   echo "According to $CONFIGFILE CT$CTID has no bridge interface configured."
   exit 1
fi

echo "Adding interface $VZHOSTIF to bridge $VZHOSTBR on CT0 for CT$CTID"
/sbin/ifconfig $VZHOSTIF 0
echo 1 > /proc/sys/net/ipv4/conf/$VZHOSTIF/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/$VZHOSTIF/forwarding
/usr/sbin/brctl addif $VZHOSTBR $VZHOSTIF

exit 0

3. Now create /etc/vz/vznet.conf containing the following. This is what defines the "custom script" as being the vznetaddbr which you just created. 

#!/bin/bash
EXTERNAL_SCRIPT="/usr/sbin/vznetaddbr"

4. Of course, the CT's operating system will need to have . Consult the manual for your CT's OS for details.

When the CT is started, the veth specified in the NETIF value is added to the bridge specified. You can check this by doing brctl show

Inside the CT you can configure the interface statically or using dhcp, as a real interface attached to a switch on the lan.

Virtual Ethernet devices + VLAN

This configuration can be done by adding vlan device to the previous configuration.

See also

External links

Retrieved from "https://wiki.openvz.org/index.php?title=Virtual_Ethernet_device&oldid=6176"