Month: August 2011

Recent Posts

OpenVZ: VLAN with VEs that Works

So I setup OpenVZ a few months ago in an environment where my Host had two NICs, one on a local “office” network, and another hooked directly up to a WiFi AP that had VLAN’d SSIDs. That part’s not too important, but what is important is the VLANs. It seemed real easy when I did it back then.

However, having to re-do it again for various reasons without the source config, it was not so easy. In fact, I wasted nearly half a day until I figured out you need to add the veth device and the Host adapter to a bridge to even route the traffic properly. The key understanding is that the veth device for OpenVZ has absolutely no relation to any network adapter on the HN. Understand that and you’ll be OK. All it does is create an interface on the HN whose other side is on the VE.

So to save myself some hellish boot configuration, I modified vznetaddbr (below) to create the bridges and bring everything up real nice for me. The key bits are that you defined your veth device with a bridge parameter called ‘vlan###’ where ### is the vlan ID. You’ll also need to change the line near the top that says dev=eth1, unless eth1 is your VLAN’d NIC.

Really, hopefully this helps someone. Should be self-explanatory, but be sure you have brctl and vconfig installed.

# create this file somewhere, and add it to
# /etc/vz/vznet.conf as:
#
#!/bin/bash
#EXTERNAL_SCRIPT="/path/to/script"
#
# be sure to chmod +x both
 
CONFIGFILE=/etc/vz/conf/$VEID.conf
. $CONFIGFILE
 
NETIFLIST=$(printf %s "$NETIF" |tr ';' '\n')
dev="eth1"
ip link set dev "$dev" up
 
if [ -z "$NETIFLIST" ]; then
   echo >&2 "According to $CONFIGFILE, CT$VEID has no veth interface configured."
   exit 1
fi
 
for iface in $NETIFLIST; do
    bridge=
    host_ifname=
 
    for str in $(printf %s "$iface" |tr ',' '\n'); do
        case "$str" in
            bridge=*|host_ifname=*)
                eval "${str%%=*}=\${str#*=}" ;;
        esac
    done
 
#    [ "$host_ifname" = "$3" ] ||
#       continue
 
    [ -n "$bridge" ] ||
        bridge=vmbr0
 
    vlan=`echo "$bridge" | sed s/vlan//`
    target_if="eth1.$vlan"
 
    echo "Creating $bridge on CT0"
    brctl addbr "$bridge"
    echo "Adding interface $host_ifname to bridge $bridge on CT0 for CT$VEID"
    ip link set dev "$host_ifname" up
    brctl addif "$bridge" "$host_ifname"
    echo 1 >"/proc/sys/net/ipv4/conf/$host_ifname/proxy_arp"
    echo 1 >"/proc/sys/net/ipv4/conf/$host_ifname/forwarding"
 
    echo "Creating interface $target_if on CT0 for CT$VEID"
    vconfig add "$dev" "$vlan"
    echo "Adding interface $host_ifname to bridge $bridge on CT0 for CT$VEID"
    ip link set dev "$target_if" up
    brctl addif "$bridge" "$target_if"
    echo 1 >"/proc/sys/net/ipv4/conf/$target_if/proxy_arp"
    echo 1 >"/proc/sys/net/ipv4/conf/$target_if/forwarding"
 
    ip link set dev "$bridge" up
 
done
 
exit 0