[CentOS-virt] IP aliases from a QEMU/KVM guest
ad+lists at uni-x.org
Fri Aug 13 10:06:00 EDT 2010
> I'm trying to set up IP aliases within a QEMU/KVM guest on CentOS 5.5
> x86_64, going through a bridged virtualized interface.
> The virtualized interface in the guest is configured as follow:
> # ifcfg-eth1
> # route-eth1
> IP.OF.HOST.GATEWAY dev eth1
> default via IP.OF.HOST.GATEWAY dev eth1
> This is the configuration recommended by the provider (OVH) after a
> virtual MAC address has been allocated for IP.OF.GUEST.ETH1:
> It works fine for virtual interfaces added via libvirt/QEMU.
On first reading I thought eth1 would have been your second interface
within the guest, besides eth0. Meanwhile I think you just skipped eth0.
That is because you can have just 1 default route. The OVH document does
not describe a setup for a 2nd interface.
Well, even for the 1st interface some settings are strange / unnecessary.
Especially when dealing with more than 1 interface, do NOT set the GATEWAY
in ifcfg-ethX. By principle always set GATEWAY (in your case
GATEWAY=x.y.z.254) in /etc/sysconfig/network. Thus you do not need the
route-ethX configuration file, defining a network and a default route. All
that is done automatically.
If you would have more than 1 interface (the OVH doc does not indicate to
be written for such a case, neither notes explicitly to give problems in
that case), then following the OVH doc gives you trouble.
> But when I try to configure an IP alias on another IP address aliasing
> a virtualized interface, as per the instructions from
> http://help.ovh.co.uk/IpAlias (and after assigning it a virtual mac
> just like for eth1) :
> # ifcfg-eth1:1
An aliases interface does not have an own MAC, it is physically the same
MAC as the primary interface.
> I get the following error when restarting the network:
> SIOCADDRT: Network is unreachable
You created a route-eth1:1 file?
> and IP.OF.GUEST.ETH1:1 is:
> - pingable from the same guest
> - not pingable from other guests by the same provider
> - not pingable from outside
The network infrastructure of the hoster must permit the IP address used
to come from MAC of your system.
> or commenting out
> or setting:
> (the IP block was a /30, but I don't think that has something to do here)
> did not change the behavior.
The netmask of 255.255.255.255 is given by intention because of the
network layout of your hoster.
> I'll be interested to hear from experiences with setting IP alias from
> within a guest.
> Maybe my problem is due to the configuration of the provider network
> and it is actually impossible to use IP aliases on virtualized
Yes, as said, the security design of the hoster must permit the use of
defined IPs bound with a dedicated MAC. Ask you hoster.
You can add additional IPs to virtualized interfaces - either by
definining aliased devices or by adding IPs with the help of "ip addr add"
- but that does not mean they are usable automatically. It is a matter of
security in a hosting / virtualized hosting environment.
> Any opinion/idea welcome!
More information about the CentOS-virt