Learn how to configure the network in Proxmox VE.
On the High Grade & SCALE ranges, it is not possible to operate additional IPs in bridged mode (via virtual MACs). It is therefore necessary to configure additional IPs in routed mode or via the vRack.
Requirements
- an OVHcloud dedicated server
- access to the OVHcloud Manager
- an Additional IP
Instructions
Additional IP in routed mode on public network interfaces
Target configuration schema
Explanations
You need to:
- create an aggregate
- create a bridge
- allow forwarding and add routes.
Configure the hypervisor
The entire configuration is done in the /etc/network/interfaces
file:
vi /etc/network/interfaces
auto lo
iface lo inet loopback
# Enable IP forwarding
up echo "1" > /proc/sys/net/ipv4/ip_forward
# Enable proxy-arp only for public bond
up echo "1" > /proc/sys/net/ipv4/conf/bond0/proxy_arp
# public interface 1
auto ens33f0
iface ens33f0 inet manual
bond-master bond0
# public interface 2
auto ens33f1
iface ens33f1 inet manual
bond-master bond0
# private interface 1
auto ens35f0
iface ens35f0 inet manual
# private interface 2
auto ens35f1
iface ens35f1 inet manual
# LACP aggregate on public interfaces
# configured in static mode on this example
# Has the server's public IP
auto bond0
iface bond0 inet static
address PUB_IP_DEDICATED_SERVER/24
gateway PUB_GW
bond-slaves ens33f0 ens33f1
bond-mode 4
bond-miimon 100
bond-downdelay 200
bond-updelay 200
bond-lacp-rate 1
bond-xmit-hash-policy layer3+4
# Use the mac address of the first public interface
hwaddress AB:CD:EF:12:34:56
#Private
auto bond1
iface bond1 inet static
bond-slaves ens35f0 ens35f1
bond-mode 4
bond-miimon 100
bond-downdelay 200
bond-updelay 200
bond-lacp-rate 1
bond-xmit-hash-policy layer3+4
# Use the mac address of the first private interface
hwaddress GH:IJ:KL:12:34:56
# Configure the bridge with a private address and add route(s) to send the Additional IPs to it
# A.B.C.D/X => Subnet of Additional IPs assigned to the server, this can be a host with /32
# By default Proxmox creates vmbr0.
# You can use it or create another one
auto vmbr0
iface vmbr0 inet dhcp
# Define a private IP, it should not overlap your existing private networks on the vrack for example
address 192.168.0.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
# Add single additional
up ip route add A.B.C.D/32 dev vmbr0
# Add block IP
up ip route add A.B.C.D/28 dev vmbr0
# Bridge used for private networks on vRack
# The VLAN feature is enabled
auto vmbr1
iface vmbr1 inet manual
bridge-ports bond1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
At this point, restart the network services or restart the server.
systemctl restart networking.service
Configuration example of a client VM on Debian
File contents /etc/network/interfaces
:
auto lo ens18
iface lo inet loopback
iface ens18 inet static
address ADDITIONAL_IP
netmask 255.255.255.255
gateway 192.168.0.1
Test and validation
Now, your VMs should be able to reach a public service over the Internet. In addition, your VMs can also be reached directly over the internet through the Additional IP. The bandwidth available corresponds to the bandwidth available on the Public interfaces of your server and will not impact the private interfaces used for the vRack. This bandwidth is shared with other VMs on the same host that are using Additional IPs and the Proxmox host for public access.
To check your public IP, from the VM:
curl ifconfig.io
ADDITIONAL_IP # should return your additional ip
Additional IP via vRack
This configuration is more flexible, you don't have to associate an Additional IP to a server but rather to a vRack. This means that if a VM wants to use an Additional IP, it can claim it directly without any additional configuration and independently of the host it is hosted on.
Requirements
- a public block of IP addresses in your account, with a minimum of four addresses, pointed to the vRack
- your chosen private IP address range
- a vRack-compatible server
- a vRack service activated in your account
- access to the OVHcloud Manager
Target configuration schema
Explanations
You need to:
- create an aggregate
- create a bridge connected to the aggregate
First, add your public block of IP addresses to the vRack. To do so, go to the Bare Metal Cloud
section of your OVHcloud Control Panel and open the vRack
menu.
Select your vRack from the list to display the list of eligible services. Click on the IP block you want to add to the vRack and then click the Add
button.
Configure a usable IP address
For vRack, the first, penultimate, and last addresses in a given IP block are always reserved for the network address, network gateway, and network broadcast respectively. This means that the first usable address is the second address in the block, as shown below:
46.105.135.96 # Reserved: network address
46.105.135.97 # First usable IP
46.105.135.98
46.105.135.99
46.105.135.100
46.105.135.101
46.105.135.102
46.105.135.103
46.105.135.104
46.105.135.105
46.105.135.106
46.105.135.107
46.105.135.108
46.105.135.109 # Last usable IP
46.105.135.110 # Reserved: network gateway
46.105.135.111 # Reserved: network broadcast
To configure the first usable IP address, you must edit the network configuration file as shown below. In this example, we use a subnet mask of 255.255.255.240.
Configure the hypervisor
The entire configuration is done in the /etc/network/interfaces
file:
vi /etc/network/interfaces
What matters here is the bond1
and vmbr1
configuration:
auto lo
iface lo inet loopback
# public interface 1
auto ens33f0
iface ens33f0 inet manual
# public interface 2
auto ens33f1
iface ens33f1 inet manual
# private interface 1
auto ens35f0
iface ens35f0 inet manual
bond-master bond1
# private interface 2
auto ens35f1
iface ens35f1 inet manual
bond-master bond1
auto bond0
iface bond0 inet dhcp
bond-slaves ens33f0 ens33f1
bond-miimon 100
bond-mode 802.3ad
auto bond1
# LACP Aggregate on private interfaces
# No IPs on it
iface bond1 inet manual
bond-slaves ens35f0 ens35f1
bond-miimon 100
bond-mode 802.3ad
#Private
auto vmbr1
# Bridge connected to bond1 aggregate
# No need for IP
iface vmbr1 inet manual
bridge-ports bond1
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
At this point, restart the network services or restart the server.
Configuration example of a client VM on Debian
File contents /etc/network/interfaces
:
auto lo ens18
iface lo inet loopback
iface ens18 inet static
address 46.105.135.97
netmask 255.255.255.240
gateway 46.105.135.110
Go further
For more information and tutorials, please see our other Dedicated Servers support guides or explore the guides for other OVHcloud products and services.