Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Weird network setup
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Weird network setup

leapswitchleapswitch Patron Provider, Veteran

Hello,

We are setting up colo with our IPs with a new provider in Spain.

Our IPs are announced and they have assigned 1 IP from their network to our first server.

Now, they say,

we have routed traffic to your /23 to server main IP. If you are using CentOS, you have to route or IP Forward all packets from your network to server main IP.

I have not come across such a setup before. Our ranges are always setup with .1 gateway on their router and one of our IPs assigned to our servers.

I have asked the datacenter for help with this but they are not willing to, even as a paid job.

Any idea how to do this ?

Ishan

Comments

  • AlexBarakovAlexBarakov Patron Provider, Veteran
    edited June 2016

    I had clients specifically asking to route all the traffic via an IP(single) from their allocation. Meaning it probably has some purpose*

  • leapswitchleapswitch Patron Provider, Veteran

    @AlexBarakov said:
    I had clients specifically asking to route all the traffic via an IP(single) from their allocation. Meaning it probably has some purpose*

    Here they have routed it through their IP which is assigned as base IP for my server.

  • deployvmdeployvm Member, Host Rep

    Although I have not used such a network setup on IPv4 but on IPv6, I'm aware that this type of setup does work. I've seen it more often on OpenVZ.

    Essentially, your virtual machines will need to have the main IP as the gateway. Your host acts as a router and passes the packets between the VMs and GWs.

    IP forwarding must be enabled on kernel for this to work.

  • rds100rds100 Member

    If they would just route the entire /23 as connected network to the VLAN of your server, their router would have to do ARP for all the IPs, and someone scanning your entire network could create a mess. So for large networks it is better to have them routed to your server, so their router does not have to have the burden of maintaining the ARP tables.

  • leapswitchleapswitch Patron Provider, Veteran

    @deployvm said:
    Although I have not used such a network setup on IPv4 but on IPv6, I'm aware that this type of setup does work. I've seen it more often on OpenVZ.

    Essentially, your virtual machines will need to have the main IP as the gateway. Your host acts as a router and passes the packets between the VMs and GWs.

    IP forwarding must be enabled on kernel for this to work.

    I have tried this -

    cat /etc/sysctl.conf

    net.ipv4.ip_forward = 1

    And in solusvm , used server main IP as gateway for the range.

    Doesn't work :(

  • leapswitchleapswitch Patron Provider, Veteran

    @rds100 said:
    If they would just route the entire /23 as connected network to the VLAN of your server, their router would have to do ARP for all the IPs, and someone scanning your entire network could create a mess. So for large networks it is better to have them routed to your server, so their router does not have to have the burden of maintaining the ARP tables.

    I understand why they are doing this, however it is not working for me and they are refusing to help even if I pay them.

  • rds100rds100 Member

    So try to debug it. Do a traceroute from outside, does it get to your server?

    Do a ping from outside, run tcpdump on the eth0 of your server - do you see the ping requests coming in?
    If yes - do you seen them on the venet0 interface of the host?
    If yes - do you see them on the venet0 interface of the container?
    If yes - do you see ping replies on the venet0 interface of the container?
    And so on... just try to see how far it is getting and you will figure it out.

  • leapswitchleapswitch Patron Provider, Veteran
    edited June 2016

    Traceroute isn't reaching server -


    $ mtr -rwc 2 188.241.61.2
    Start: Sat Jun 4 16:19:53 2016
    HOST: leapswitch1 Loss% Snt Last Avg Best Wrst StDev
    1.|-- 192.168.0.1 0.0% 2 0.2 0.2 0.2 0.2 0.0
    2.|-- 115.119.103.101.STATIC-Pune.vsnl.net.in 0.0% 2 35.6 19.8 4.0 35.6 22.4
    3.|-- 121.240.2.57.static-Mumbai.vsnl.net.in 0.0% 2 3.8 3.8 3.8 3.8 0.0
    4.|-- ix-ae-0-100.tcore1.MLV-Mumbai.as6453.net 0.0% 2 54.0 54.0 54.0 54.0 0.0
    5.|-- if-ae-9-5.tcore1.WYN-Marseille.as6453.net 0.0% 2 105.9 106.6 105.9 107.3 0.0
    6.|-- if-ae-8-1600.tcore1.PYE-Paris.as6453.net 0.0% 2 105.6 105.6 105.6 105.6 0.0
    7.|-- 80.231.154.86 0.0% 2 108.7 108.7 108.6 108.7 0.0
    8.|-- prs-bb2-link.telia.net 0.0% 2 125.1 115.6 106.1 125.1 13.5
    9.|-- mad-b2-link.telia.net 0.0% 2 131.5 131.3 131.0 131.5 0.0
    10.|-- cableuropa-ic-129488-mad-b2.c.telia.net 0.0% 2 129.1 129.5 129.1 129.9 0.0
    11.|-- ??? 100.0 2 0.0 0.0 0.0 0.0 0.0
    12.|-- ??? 100.0 2 0.0 0.0 0.0 0.0 0.0
    13.|-- cr1-rt2.trueinter.net 0.0% 2 163.3 187.6 163.3 211.8 34.2
    14.|-- ??? 100.0 2 0.0 0.0 0.0 0.0 0.0

  • i suppose you are setting up a colo, and do you have a router, now this looks like you will need a router to be setup , if not a machine to do such routing. as a basic step you can assign the main ip provided to the eth0 and one of your own subnet block to the eth1 of this machine, and then do ip forwarding , it should work, is the main IP reachable first of all

  • if not ask them to setup the two /24 on the interface with gateway as 1 , if they refuse this, then have to find other way.

  • leapswitchleapswitch Patron Provider, Veteran
    edited June 2016

    @slicebox said:
    i suppose you are setting up a colo, and do you have a router, now this looks like you will need a router to be setup , if not a machine to do such routing. as a basic step you can assign the main ip provided to the eth0 and one of your own subnet block to the eth1 of this machine, and then do ip forwarding , it should work, is the main IP reachable first of all

    We paid the provider to announce IPs on our behalf and route them to our server in order to not use an additional router.

    @slicebox said:
    if not ask them to setup the two /24 on the interface with gateway as 1 , if they refuse this, then have to find other way.

    They won't do this either.

    They logged in to our server for 1-2 hours , rebooted it thrice and couldn't get it to work. This is on a plain CentOS installation.

    Last message from their tech -

    We have decided not to proceed with your Order. We are sorry, but we cannot continue.
    Please indicate a shipping address for your server.

  • CoreyCorey Member

    @leapswitch said:

    @slicebox said:
    i suppose you are setting up a colo, and do you have a router, now this looks like you will need a router to be setup , if not a machine to do such routing. as a basic step you can assign the main ip provided to the eth0 and one of your own subnet block to the eth1 of this machine, and then do ip forwarding , it should work, is the main IP reachable first of all

    We paid the provider to announce IPs on our behalf and route them to our server in order to not use an additional router.

    @slicebox said:
    if not ask them to setup the two /24 on the interface with gateway as 1 , if they refuse this, then have to find other way.

    They won't do this either.

    They logged in to our server for 1-2 hours , rebooted it thrice and couldn't get it to work. This is on a plain CentOS installation.

    Last message from their tech -

    We have decided not to proceed with your Order. We are sorry, but we cannot continue.
    Please indicate a shipping address for your server.

    Sounds like they don't want your business. Find someone that does.

  • zafouharzafouhar Veteran
    edited June 2016

    Last message from their tech -

    We have decided not to proceed with your Order. We are sorry, but we cannot continue.
    Please indicate a shipping address for your server.

    Also name and shame so that we can avoid this DC.

    Thanked by 2ATHK theroyalstudent
  • @AlexBarakov said:
    I had clients specifically asking to route all the traffic via an IP(single) from their allocation. Meaning it probably has some purpose*

    Yes once you have the block routed to you then you can handle it within your network as you see FIt, I usually try and get DC's to give me IP's as a routed block as I can then put them on a NAT device as /32's and use them all (Even the ones that are supposed to be the network/broadcast) ;-)

    It's easy enough essentially the device that the IP is routed to needs to be able to handle IP forwarding and needs route entries in it's routing table so it knows what to do with the IPs.

    In Some cases if the Provider is accommodating I've even used RFC1918 addresses for links between me and them as the only 2 devices that need to be able to communicate is my router and theirs.

  • @leapswitch that sounds like ovh's style setup besides the mac filtering which apparently don't apply, try to do it like ovh routing is but just skip the mac filtering part and you will be able to see internet coming to the subnet then.

    Thanked by 1leapswitch
  • FalzoFalzo Member

    to get an answer on your ping/traceroute to one of your IPs you need to add them in your network config at least, this should be done with

    ip addr add 1.2.3.4/32 dev eth0

    after that you may try the trace again (base IP has to be set up correctly too)

    afair this should work for whole subnets too, but I haven't done this yet.

    for the solusvm part I can't tell how it handles routing exactly, never used it.

    but for virtualization purposes I probably would simply try to setup the base IP as point2point to have everything routed through the gateway for this base-ip and then add the .1 of your subnet to eth0 like above.

    after that set up a bridge interface with the .1 as IP and adding a route for the rest of the subnet-IPs.

    this way your guests may be able to use the .1 as gateway while being assigned a IP from the subnet... no guarantee and probably too late now though ;-)

    Thanked by 1leapswitch
  • Better to find someone else, the problem may be resolved for now, but what about when you have a problem in the future, unless this is a location that is worth this much of effort with no help

Sign In or Register to comment.