New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
SolusVM/KVM and Hetzner
A client of mine bought a Hetzner dedicated server and wants to set up KVM/SolusVM.
They have a /28 routed subnet with Hetzner's routing configuration.
So far, I have set up eth0:0 on the host with one IP from the subnet, and used that for br0. I then continued as normal. Unfortunately I have no connectivity within the VPS.
There isn't a whole lot of documentation on this, but I know some people have this working, so I thought I'd ask here.
Comments
Already taken a look at pointopoint?
By the way, there is a lot of documentation, you just need to know where to look
... http://wiki.hetzner.de/index.php/KVM_mit_Nutzung_aller_IPs_-_the_easy_way (yes, it's German, but the configs are the same anyway)
And http://wiki.hetzner.de/index.php/KVM_mit_Nutzung_aller_IPs_aus_Subnetz
http://wiki.hetzner.de/index.php/KVM/en
That helped me when I was a hetzner customer.
it's German, but the configs are the same anyway)
Only until you click "English", Tada!
You need to give them credits for that, their translations are pretty good. (Atleast much better than OVH)
Thanks, everyone. I've tried to emulate the guides in a CentOS environment (not bothered about losing 2 IPs). Here is what I have so far:
Host node ifcfg-eth0:
DEVICE=eth0 BOOTPROTO=none ONBOOT=yes HWADDR=d4:3d:7e:d6:c7:6d BRIDGE=br0
Host node ifcfg-br0:
DEVICE="br0" TYPE=Bridge ONBOOT="yes" BOOTPROTO="static" IPADDR=144.XX.XX.240 NETMASK=255.255.255.255 SCOPE="peer 144.XX.XX.225"
VM ifcfg-eth0:
DEVICE=eth0 BOOTPROTO=static ONBOOT=yes IPADDR="78.XX.XX.174" GATEWAY="144.XX.XX.240" NETMASK=255.255.255.255 SCOPE="peer 144.XX.XX.240"
And not working.. Can anyone suggest improvements?
ip forwarding enabled?
also are you able to ping the host?
tried to setup the bridge with some private addresses just to see if it works?
Yes
No
Not yet. I'll give it a go in a moment but I'm sure this is a config issue.
brctl show
the vm is on the right bridge?
iptables disabled? selinux too?
[root@CentOS-64-64-minimal network-scripts]# brctl show bridge name bridge id STP enabled interfaces br0 8000.d43d7ed6c76d no eth0 kvm101.0 virbr0 8000.525400519e06 yes virbr0-nic
Yes, it's on the right bridge. Iptables is disabled and so is selinux.
so if you add a private alias to the br0 (host) and the eth0 (vm) you should be able to ping both side
And while you are at it check also ebtables...
bridge's don't work with Hetzer (By looking at WHT)
http://www.lowendbox.com/blog/primahost-7-monthly-512mb-kvm-in-falkenstein-germany/
Mmm, I guess they must do.
I manage hetzner dedi with /29 subnet, KVM also.
Don't know if it helps but.. here's how it works in Debian for me.
A.B.C.D = your eth0 IPv4 address
1.2.3.4 = your eth0 netmask
B.C.D.E = your IPv4 address for new guest
host node:
auto br0 iface br0 inet static address A.B.C.D netmask 1.2.3.4 bridge_ports none bridge_stp off bridge_fd 0 bridge_maxwait 0 up route add -host B.C.D.E dev br0
debian guest:
auto eth0 iface eth0 inet static address B.C.D.E netmask 255.255.255.255 gateway A.B.C.D pointopoint A.B.C.D
I have this config for CentOS guests in my private Wiki, not sure if it works, havent tried:
DEVICE=eth0 ONBOOT=yes BOOTPROTO="static" IPADDR=<Addon IP> NETMASK=255.255.255.255 GATEWAY=<Main IP> SCOPE="peer <Main IP>"
EDIT: Maybe you need a route to guest? Last line of my host node config. Just a guess.
I'm use hetzner dedi with SolusVM/KVM.
I have 3 configs:
ifcfg-br0
ifcfg-br0:1
ifcfg-eth0
route-br0
ifcfg-br0
DEVICE=br0
TYPE=Bridge
BOOTPROTO=none
IPADDR=176.91.138.210 - main IP
NETMASK=255.255.255.255
SCOPE="peer 176.91.138.193" - gateway IP
ONBOOT=yes
DELAY=0
IPV6INIT=yes
IPV6ADDR=2a01:41f8:1510:44c4::2/64 - main IPv6
IPV6_DEFAULTGW=fe80::1
IPV6_DEFAULTDEV=br0
ifcfg-br0:1
DEVICE=br0:1
TYPE=Bridge
BOOTPROTO=static
IPADDR=78.147.61.97 - second IP from /28 network
NETMASK=255.255.255.224
ONBOOT=yes
DELAY=0
STP=off
ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
HWADDR=14:DB:E9:EF:67:77 - MAC for main IP
BRIDGE=br0
ETHTOOL_OPTS="speed 100 duplex full autoneg off"
route-br0
ADDRESS0=0.0.0.0
NETMASK0=0.0.0.0
GATEWAY0=176.9.38.193
And you shoul place file 10-no-icmp-redirects.conf in /etc/sysctl.d
10-no-icmp-redirects.conf
net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.default.send_redirects=0
net.ipv4.conf.br0.send_redirects=0
net.ipv4.conf.virbr0.send_redirects=0
Hi,
Thanks for the above info, I was able to get BR0 running but for some reason I keep getting this error when I try and add the second one.
Shutting down interface br0: [ OK ]
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: [ OK ]
Bringing up interface br0: error in ifcfg-br0:2: invalid alias number
Thanks,
Danny
Hi, remember that Hetzner uses a brouter approach, it's a routed subnet instead of a bridged subnet as commonly are configured for SolusVM on other networks.
Their routers must see your main interface's mac address come with your subnet traffic, otherwise
it is discarded.
About the ifcfg-br0:2 error check that the file name and the DEVICE= configuration (in CentOS/RH) are the same.
Good luck !
I dont know if they use a VLAN setup or Route all ips to the server ip.
If they route the ip's to the server ip then you have to run a brouted configuration for xen/kvm
Routed (brouter)
In this type of configuration, the packets are routed. This requires the setting up of an additional bridge with almost the same configuration (without gateway) as "eth0".
Host:
/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=
IPV6INIT=yes
IPV6ADDR=2a01:4f8:XXX:YYYY::2/128
IPV6_DEFAULTGW=fe80::1
IPV6_DEFAULTDEV=eth0
NETMASK=255.255.255.255
SCOPE="peer "
/etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
ONBOOT=yes
TYPE="Bridge"
BOOTPROTO=static
IPADDR=
NETMASK=255.255.255.255
IPV6INIT=yes
IPV6ADDR=2a01:4f8:XXX:YYYY::2/64
STP=off
DELAY=0
The "eth0" configuration remains for IPv4 unchanged. The prefix for IPv6 is reduced from /64 to /128. Setup for the host route for the additional IPv4 addresses takes place via an additional configuration file:
/etc/sysconfig/network-scripts/routes-br0
ADDRESS0=
NETMASK0=255.255.255.255
as per there wiki
I had a similer issue recently not with a /28 though. With the fail over ip's you have to generate a virtual Mac address and add it to your kvm config.
ngstargate is a hero! He managed to get this working, the actual issue I posted above was because I did not use Putty to amend the BR0:2 file. Now working a charm!
Thanks !!! Its working now,
ngstargate or any other let me know the to configure a subnet /28 in the hetzner DC. We just route the subnet IP's via bridge interface.
Just a quick skim, this thread has been revived in 2013, 2015, and 2016 ...
I have configured a bridge br0 from eth0 and routed the subnet /28 via br0.
Do we need to configure another bridge for it like br0:1 for routing the IP in subnet /28.
We are receiving abuse report from hetzner for using unassigned mac when having the above setup. Is there any way to resolve it.
make sure to have your correct MAC address set with HWADDR= and don't copy'n'paste thingswithout adapting. best way probably is to get someone setting things up for you even if that cost you a few bucks.
we didn't change the mac id which is assigned for the eth. As we are using KVM virtulization each vps must use mac. They are mentioning mac which is not allowed to use on there network.
we didn't change the mac id which is assigned for the eth. As we are using KVM virtulization each vps must use mac. They are mentioning mac which is not allowed to use on there network.
I was referring to you talking about
which includes something like:
so if you simply copied those settings you might have copied the whole line HWADDR= which may give a MAC address for eth0 and if you haven't changed that accordingly to your real MAC it may result in your network trying to use a wrong one which hetzner routers filter for sure.
I am not that much into centos so can't help a lot with that, but there is a hetzner wiki explaining how to simply add additional IPs or a whole subnet to your server:
https://wiki.hetzner.de/index.php/Netzkonfiguration_CentOS/en
I recommend using ProxMox.
I have configured the bridge in the server successfully and It is working. But we are facing mac issue with the secondary range 148.xx.xx.xx / 29..
Please have a check our below configuration.
======================
ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
HWADDR=00:1E:67:00:1E:67
BOOTPROTO=none
IPADDR=148.xx.xx.14
NETMASK=255.255.255.255
IPV6INIT=yes
#IPV6_DEFAULTGW=fe80::1
#IPV6_DEFAULTDEV=eth0
NM_CONTROLLED=yes
BROADCAST=148.xx.xx.31
BRIDGE=br0
ifcfg-br0
DEVICE=br0
TYPE=Bridge
ONBOOT=yes
#HWADDR=00:1E:67:00:1E:67
BOOTPROTO=none
IPADDR=148.xxx.xxx.14
NETMASK=255.255.255.255
SCOPE="peer 148.xxx.xxx.1"
DELAY=0
=========================
I also moved route-eth0 to route-br0.
secondary IP range details,
================
Gateway:148.xxx.xxx.14
Netmask: 255.255.255.248
Broadcast:148.xxx.xxx.23
`
And routed the subnet via br0 using below command.
route add -host 148.xxx.xxx.xx dev br0
It is working fine for me.
Now the issue is with the MAC the hetzner is say that we are using unauthorized mac in our servers. As we are using solusvm+kvm so the vps need mac. Please any one help on it.