[PVE-User] How-to : Vrack and RIPE ip range on an OVH proxmox 4 server

Guillaume proxmox at shadowprojects.org
Sat Jul 16 12:17:40 CEST 2016 

This how-to explains how to configure an OVH proxmox 4 server, and its 
lxc containers, using a RIPE ip range and a vrack.
You should have a vrack compatible server (with 2 network interfaces) 
and a RIPE ip range associated to it.

For this example, we have a proxmox server with ipv4 164.132.161.137, 
ipv6 range 2001:41d0:1510:1c89::/64  (gateway is 
2001:41d0:1510:1cff:ff:ff:ff:ff) and a ripe range of 51.234.231.80/28.
The RIPE range is like this and allow to use 13 ip :
     51.234.231.80 : network
     51.234.231.81 : usable
     51.234.231.82 : usable
     51.234.231.83 : usable
     51.234.231.84 : usable
     51.234.231.85 : usable
     51.234.231.86 : usable
     51.234.231.87 : usable
     51.234.231.88 : usable
     51.234.231.89 : usable
     51.234.231.90 : usable
     51.234.231.91 : usable
     51.234.231.92 : usable
     51.234.231.93 : usable
     51.234.231.94 : gateway
     51.234.231.95 : broadcast

Before you can use any of these ip in a container, you should associate 
it a virtual mac address from the ovh dedicated manager.

For the vrack, we will use the private range 192.168.0.0/24.

Add the server to your vrack, but not the ripe range.

Edit /etc/network/interfaces on your proxmox server and edit the bold 
lines (may begin with * - to remove - on your email client) so it will 
look like this :
(if you ever have an ipv6 gateway set, remove it)

auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

auto vmbr1
iface vmbr1 inet manual
     bridge_ports dummy0
     bridge_stp off
     bridge_fd 0
     post-up /etc/pve/kvm-networking.sh

auto vmbr0
iface vmbr0 inet static
     address  164.132.161.137
     netmask  255.255.255.0
     gateway  164.132.161.254
     broadcast  164.132.161.255
     bridge_ports eth0
     bridge_stp off
     bridge_fd 0
     network 164.132.161.0
*    # RIPE**
**    post-up /sbin/ip route add to 51.234.231.80/28 dev vmbr0**
**    post-up /sbin/ip route add to default via 51.234.231.94 dev vmbr0 
table 5**
**    post-up /sbin/ip rule add from 51.234.231.80/28 table 5**
**    pre-down /sbin/ip rule del from 51.234.231.80/28 table 5**
**    pre-down /sbin/ip route del to default via 51.234.231.94 dev vmbr0 
table 5**
**    pre-down /sbin/ip route del to 51.234.231.80/28 dev vmbr0*

iface vmbr0 inet6 static
     address  2001:41d0:1510:1c89::1
     netmask  64
     # You should not have a gateway here
     post-up /sbin/ip -f inet6 route add 2001:41d0:1510:1cff:ff:ff:ff:ff 
dev vmbr0
     post-up /sbin/ip -f inet6 route add default via 
2001:41d0:1510:1cff:ff:ff:ff:ff
     pre-down /sbin/ip -f inet6 route del default via 
2001:41d0:1510:1cff:ff:ff:ff:ff
     pre-down /sbin/ip -f inet6 route del 
2001:41d0:1510:1cff:ff:ff:ff:ff dev vmbr0

*auto vmbr2**
**iface vmbr2 inet static**
**    address  192.168.0.1**
**    netmask  255.255.255.0**
**    broadcast  192.168.0.255**
**    bridge_ports eth1**
**    bridge_stp off**
**    bridge_fd 0**
**    network 192.168.0.0**
**    # MULTICAST**
**    post-up /sbin/ip route add to 224.0.0.0/4 dev vmbr0**
**    pre-down /sbin/ip route del to 224.0.0.0/4 dev vmbr0*


Next, create your lxc container, with 2 network interfaces.
If you set the network interface at this time, it will be named eth0 by 
default. Otherwise, name it that way.
It should have its bridge set on vmbr0 and its v4 and v6 ip must be 
static (set "Static" in the window).

Give it the first vrack range available ip (with its prefix at the end), 
51.234.231.81/28, and its gateway 51.234.231.94.
Mac address should be the one generated for this ip in the ovh manager.
Set the ipv6 with one of your choice in your range (e.g.: 
2001:41d0:1510:1c89::100/64) and its gateway 
2001:41d0:1510:1cff:ff:ff:ff:ff.
Validate.

Next, create a second network interface for your container, which we 
will name eth1 and set on bridge vmbr2.
Give it a static ip in the private range (e.g.: 192.168.30.100/24) and 
validate.

Start your container.
Its /etc/network/interfaces file should look like this (nothing to edit) :

# interfaces(5) file used by ifup(8) and ifdown(8)
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto eth0
iface eth0 inet static
     address 51.234.231.81
     netmask 255.255.255.240
     gateway 51.234.231.94
     network 51.234.231.80

auto eth1
iface eth1 inet static
     address 192.168.30.100
     netmask 255.255.255.0

iface eth1 inet6 static

iface eth0 inet6 static
     address 2001:41d0:1510:1c89::100
     netmask 64
# --- BEGIN PVE ---
     post-up ip route add 2001:41d0:1510:1cff:ff:ff:ff:ff dev eth0
     post-up ip route add default via 2001:41d0:1510:1cff:ff:ff:ff:ff 
dev eth0
     pre-down ip route del default via 2001:41d0:1510:1cff:ff:ff:ff:ff 
dev eth0
     pre-down ip route del 2001:41d0:1510:1cff:ff:ff:ff:ff dev eth0
# --- END PVE ---

You should be able to access to the net and talk to other servers 
(virtual or physical ones) in your vrack.

More information about the pve-user mailing list