By default OpenVZ is using VENET as network device. It does packet switching based on IP header, which makes it look like a point-to-point connection between VPS and the physical host. An alternative device is Virtual Ethernet device (a.k.a. VETH).
Veth is an Ethernet-like device, unlike venet network device, veth device has a MAC address, therefore it can be used in configurations. When veth is bridged to ethX or other device, the administrator is able to sets up his networking himself, including IPs, gateways etc.
VENet consists of two Ethernet devices — the one in physical server and another one in virtualized guest. These devices are connected to each other, so if a packet goes into one device it will come out from the other device.
In this post, we’ll share some tips on how to enable venet. The content is mainly from OpenVZ’s official guide.
The commands that we used are listed below with explanations.
Firstly, assuming that we’re in the physical server, We need to add a new device named eth0
vzctl set 150 --netif_add eth0,00:12:34:56:78:9A,veth101.0,00:12:34:56:78:9B --save
The second MAC address is from the mother side, and the first MAC address is self-generated. Click here if you’re not sure how to generate a MAC address.
Then enable forwarding and ARP proxy, and apply some changes in route table:
# cat veth150.sh ifconfig veth150.0 0 echo 1 > /proc/sys/net/ipv4/conf/veth150.0/forwarding echo 1 > /proc/sys/net/ipv4/conf/veth150.0/proxy_arp echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp ip route add 192.168.201.150 dev veth150.0
Warning: Before making these changes to your system, you’re suggested to verify what exactly you’re doing. For example, proxy_arp is problematic in a mixed network.
Secondly, in the VPS we need to config the new device eth0 like this:
/sbin/ifconfig venet0:0 0 /sbin/ifconfig eth0 0 /sbin/ip addr add 192.168.201.150 dev eth0 /sbin/ip route add default dev eth0
The IP address 192.168.201.150 can be in a different network from the physical side, you just need to make sure they are in the same VLAN.
When it’s tested OK, don’t forget to modify your network configuration files in /etc/sysconfig/network-scripts/ for a permanent change.