[PVE-User] Migration, venet and public IPs

Thu Oct 4 17:54:16 CEST 2012

On 02/10/12 18:32, Patrice Levesque wrote:
> Might be a naïve idea, but maybe a DHCP server acting as a gateway,
> segregating each hostile-VM to its own VLAN might do the trick.
>
> You'll get NATed VMs (they won't appear to the internet and you won't
> need public IPs); you'll have total control of which VLANs can each VLAN
> access, etc.

That sounds rather unpractical and quite a lot of config for each VM.

I've been playing around but haven't found a suitable solution yet.
This is what I have now:

vz0:
   routes
     default dev venet0 scope link
   interfaces
     venet0: 127.0.0.2
     venet0:0: 96.23.111.86 255.255.255.192 (/26)

host0:
   routes
     96.23.111.86 dev venet0  scope link
     172.18.0.0/24 dev vmbr100  proto kernel scope link src 172.18.0.123
     default via 172.18.0.1 dev vmbr100
   interfaces
     eth0: no ip address
     eth1: no ip address
     vmbr100: bridge containing eth1, ip address 172.18.0.123
     vmbr601: bridge containing eth0.601
     vmbr602: bridge containing eth0.602

host1:
   exactly the same, only another IP on vmbr100

(96.23.111.86 doesn't belong to me, it's an example)

The venet0:0 with IP 96.23.111.86 should be connected to VLAN601
(vmbr601). What I want is the network connection in vz0 to work. What I
don't want is to add an IP address on vmbr601 since that would mean
loosing two IP addresses, one on host0 and one on host1 and exposing
them to the internet.

Basically, I think it should be fixable provided that I can add a route
to 96.23.111.64/26 over eth0.601 on the host and set a default route to
96.23.111.65 for traffic coming from the venet0 interface.

I think I have seen something like this being done in a Virtuozzo
environment, does anyone have a clue what I need to look into?

Thanks,

Gerry.