We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

Attach Fail-over IP to main IP (if it's bridged, KVM)


dragon2611
22-01-2015, 22:20
For Vyos

Assuming I've not screwed up somewhere as I'm quite tired at the moment.

Code:
configure 
set interfaces ethernet eth0 address 'failoverip/32'
set interfaces eth1 address 10.0.0.1/24 
set interfaces eth1 firewall local protect-router
set protocol static interface-route xxx.xxx.xxx.254 next-hop-interface eth0
 (the xxx.xxx.xxx is the first 3 octets from your main server IP) e.g 96.123.255.254
set firewall name protect-router default-action drop
set service ssh port 22
set nat source rule 999 description "nat outbound to primary external IP"
set nat source rule 999 outbound-interface eth0
set nat source rule 999 protocol all
set nat source rule 999 translation address masquerade
commit
save
exit

Vyos does not like the way OVH use /32 masks so we have to inject our default route directly into the underlaying Linux OS
Code:
sudo bash
nano /config/scripts/vyatta-postconfig-bootup.script

add

ip route add 0.0.0.0/0 via xxx.xxx.xxx.254  



Save and exit nano
reboot (or run /config/scripts/vyatta-postconfig-bootup.script)

In theory if you then put a VM on vmbr1 and give it an Ip of 10.0.0.2 and a subnet of 255.255.255.0 gateway 10.0.0.1 (Change as approriate if you've choosen a different internal ip range) it should be able to pingout towards the internet, I'd suggest tryign to ping google's dns server 8.8.8.8 or some other ip.

dragon2611
22-01-2015, 22:03
I used Vyos http://www.vyos.net, mainly because I have a Ubiquiti EdgeOS based router elsewhere and since Vyos and EdgeOS were both forked from Vyatta the commandline/config layout is very simular which makes life easier for me.

You can use most router/firewall appliances depending on what your most confortable with e.g something like pfSense might be a bit more user friendly although I did find that seemed to use more CPU cycles when idle than vyos does (But it has the advantage of a webUI)

I assign private IP's to my other VM's and then just do NAT to the various external IP's depending on which services I need to make available.

Basically create a new network bridge in the proxmox gui (You will probably have to reboot the server to activate it) the bridge does NOT need to be attached to any external interfaces since it's simply to facilite internal communcation between your VM's and tghe router.

Then create a VM with 2 Networks cards, one on vmbr0 (Internet) one on VMbr1 (Internal)

Install your choice of router/firewall, setup the wan IP on the NIC connected to vmbr0 (You might have to resort to a bit of hackery to get it to accept OVH's /32 IP's)

Setup an internal IP range on the interface facing vmbr1, enable Nat as required.

Then when you create the rest of the VM's give them internal IP's from the range used on vmbr1 and make sure they're connected to vmbr1 and not vmbr0

Kamilleri
22-01-2015, 19:44
Quote Originally Posted by dragon2611
Rather than bridging the extra IP's to the host node what I did was assign them all to the same virtual mac and then run a router bridged to the actual NIC of the server.

Then I have a 2nd "internal" bridge connecting to VM's to the router.
Woah!
Could you suggest any software for routing stuff that you used in your case?

dragon2611
22-01-2015, 07:58
Rather than bridging the extra IP's to the host node what I did was assign them all to the same virtual mac and then run a router bridged to the actual NIC of the server.

Then I have a 2nd "internal" bridge connecting to VM's to the router.

Kamilleri
21-01-2015, 14:50
Quote Originally Posted by pechspilz
I don't recommend that bridge name since this is how KVM names its virtual bridges. Just use br0 instead. And if anything goes wrong, just boot rescue mode, mount the root partition and restore a backup file of the network config. No need to set up the entire server from scratch or renting a KVM. And as per recommendation STP should be on for KVM.
Woah, would try <3
Never touched "Netboot" button before, so didn't knew about that.

Thanks!

pechspilz
21-01-2015, 05:41
I don't recommend that bridge name since this is how KVM names its virtual bridges. Just use br0 instead. And if anything goes wrong, just boot rescue mode, mount the root partition and restore a backup file of the network config. No need to set up the entire server from scratch or renting a KVM. And as per recommendation STP should be on for KVM.

Kamilleri
20-01-2015, 23:13
Quote Originally Posted by pechspilz
Did you try this?

auto br0:1
iface br0:1 inet static
address 1.2.3.4
netmask 255.255.255.255
Thanks for answer!

My current part of /etc/network/interfaces:
Code:
auto vmbr0
iface vmbr0 inet static
        address 11.22.33.44
        netmask 255.255.255.0
        network 11.22.33.0
        broadcast 11.22.33.255
        gateway 11.22.33.254
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
eth0 - is hardware networking of host machine. It's don't have any config in /etc/network/interfaces here.

Do you think aliasing bridge as it is could work?
Just don't want to lose it by network again, as my previous error lead to full server reset (25 euro for KVM/day was too costly for repairing a little mistake).

pechspilz
20-01-2015, 21:57
Did you try this?

auto br0:1
iface br0:1 inet static
address 1.2.3.4
netmask 255.255.255.255

Kamilleri
20-01-2015, 16:59
Hi there,
Using Proxmox (KVM virtualization, Debian).

Is there any way to attach failover IP to main IP, so host machine would have 2 IPs?
I saw official docs about it, but they are attaching it to eth0. I have br0-interface, that took all configuration of eth0 to itself.

Any practice here?