Hello ,
Recently we rented 3 dedicated servers type SCALE 4 , installed Proxmox 8.03, and Ceph Hyperconverged
The idea is to host some servers and get firewall in front of them , got additional IP , now i discovered that for those type of servers there is no virtual MAC as used before , instead the refereed me to an article with several steps which is in fact routed trough interface as shown below ,
I did all requested steps but still not working for me ,i attached my server interfaces file , if someone can have a look on it maybe i missed something.
Please advice
!cloud-dedicated-proxmox-network-hg-scale-images-schema_route2022|675x500
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
auto lo
iface lo inet loopback
up echo "1" > /proc/sys/net/ipv4/ip_forward
up echo "1" > /proc/sys/net/ipv4/conf/bond0/proxy_arp
# Enable IP forwarding
# Enable proxy-arp only for public bond
auto ens3f0np0
iface ens3f0np0 inet manual
bond-master bond0
auto ens3f1np1
iface ens3f1np1 inet manual
bond-master bond0
iface enxe29f571e0fb2 inet manual
auto ens13f0np0
iface ens13f0np0 inet manual
auto ens13f1np1
iface ens13f1np1 inet manual
auto bond0
iface bond0 inet static
address 1x5.1xx.xx.xxx/32
gateway 1xx.xx.xx.1
bond-slaves ens3f0np0 ens3f1np1
bond-miimon 100
bond-mode 802.3ad
bond-xmit-hash-policy layer3+4
bond-downdelay 200
bond-updelay 200
bond-lacp-rate 1
hwaddress 0c:42:a1:74:4f:62
# Use the mac address of the first public interface
auto bond1
iface bond1 inet manual
bond-slaves ens13f0np0 ens13f1np1
bond-miimon 100
bond-mode 802.3ad
bond-xmit-hash-policy layer3+4
bond-downdelay 200
bond-updelay 200
bond-lacp-rate 1
hwaddress 0c:42:a1:ea:83:ec
# Use the mac address of the first private interface
auto vmbr0
iface vmbr0 inet static
address 172.16.39.10/24
bridge-ports none
bridge-stp off
bridge-fd 0
up ip route x7.9x.1xx.xx/32 dev vmbr0
auto vmbr1
iface vmbr1 inet static
address 172.16.38.10/24
bridge-ports bond1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
Same here, this article doesn't seem to work. Any idea ?
I got this working. Some context:
- I have an Advanced server (just the one) and I don't use bonding.
- I'm not using a vrack.
- The way OVH sends traffic to additional IP's is that when you associate the IP or range to your machine in the OVH dashboard, the L3/L2 device in front of your server just sends any traffic to those IP's to the physical interface (mac address) of your server. It does NOT do an ARP request for this. You can observe this with tcpdump and ping'ing those IP's. I assume it is the same device that is also the default gateway (100.64.0.1), but I'm not sure. Some OVH network stuff is going on that we can't see.
- At the end of the day the solution is layer 3 based, routed. You cannot have for instance a vmbr0 bridge with the physical interface in there and then add VM's in it. For this you would have to have virtual Mac addresses, which are not supported anymore.
I have created the diagram below to explain some stuff. This is my /etc/network/interfaces, I use two fake public IP's/ranges in the example:
auto enp10s0f0np0
iface enp10s0f0np0 inet static
address 46.1.2.3/32
gateway 100.64.0.1
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
auto vmbr0
iface vmbr0 inet static
address 1.2.3.1/30
bridge-ports none
bridge-stp off
bridge-fd 0
- Restart networking with: systemctl restart networking.service
- Restart all VM's/containers (won't work otherwise)
!ovh-proxmox|632x500