Changes

This describes a method of setting up networking for a host and its VEssuch that the networking configuration for the VEs can be configuredexactly as if the VEs were standalone hosts of their own in the samesubnets or VLAN as the host. This method makes use of the VirtualEthernet device and bridges between the host and its containers. Thistechnique has the advantage of allowing IPv6 network configurations towork on both VEs and hosts as they normally would. In particular, both hostsand VEs can use IPv6 autoconfiguration. The network configuration of a VEcan be identical to that of a non-VE system.

In the following example the host has two physical interfaces and we aresetting up the network configuration for VE 100. The host IPconfiguration is moved out of the ethN interface configs and into thevzbrN interface config scripts (ifcfg-vzbr0 and ifcfg-vzbr1). Ie. thehost IP configuration will now reside on the vzbrN interfaces instead ofthe ethN interfaces.

1. (Optional) Verify that you can create a bridge interfaces for eachphysical interface on the host.

2. Make note of the existing IP configuration in the hosts ifcfg-ethNfiles. Then, modify the ifcfg-ethN files on the host so that they ONLYbridge to the corresponding vzbrN interface. /etc/sysconfig/network-scripts/ifcfg-eth0 should look like:

Note that the ifcfg-ethN files on the host do not contain any IPinformation anymore.

3. Create ifcfg-vzbrN files and copy the IP configuration that waspreviously in the ifcfg-ethN files into ifcfg-vzbrN. Here's whathost:/etc/sysconfig/network-scripts/ifcfg-vzbr0 would look like assumingthe IPv4 address is assigned statically and IPv6 auto-configuration(SLAAC) is used:

4. On the host, do a 'service network restart' and verify the host hasboth IPv4 and IPv6 connectivity to its vzbrN interfaces.

5. Create the VE as you normally would except do NOT specify any IPaddress, just the hostname. Specifying an IP address during VE creationcreates an unwanted venet interface which is not used in thisconfiguration.

However, if the VE already exists, remove any venet devices - they will not be used:

6. For each VE, create ethN devices (ignore warnings about "Containerdoes not have configured veth") on the host:

The above creates corresponding veth100.0 and veth100.1 devices on thehost and updates the host /etc/vz/conf/100.conf file with generated MACaddresses for the veth devices.

7. Next we add the host vethN interfaces to the host bridgedinterfaces (vzbrN).

To make the above take effect, either do another 'service network restart'on the host, or manually add each VE interface to its corresponding bridgeby running:

8. Verify each bridge includes the host interface and the veth interfaces for each VE:

9. In the container create the ifcfg network scripts for each interfaceeth0 and eth1. The scripts should look like standard ifcfg networkscripts for a host.

As noted above, the ifcfg-ethN files in the VE should be created to be identical tostandard ifcfg-eth* files containing any required IP configuration infofrom a non-virtualized host.

10. Initialize the interfaces and restart the network service on thecontainer.

11. Add FORWARD ACCEPT statements to the host iptables and ip6tables foreach VE IPv4 and IPv6 address. You do NOT need to enable any special network forwarding via sysctl.

12. Verify the host and VE have connectivity to each other as well as to the rest of the network.