New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Weird network setup
leapswitch
Patron Provider, Veteran
in Help
Hello,
We are setting up colo with our IPs with a new provider in Spain.
Our IPs are announced and they have assigned 1 IP from their network to our first server.
Now, they say,
we have routed traffic to your /23 to server main IP. If you are using CentOS, you have to route or IP Forward all packets from your network to server main IP.
I have not come across such a setup before. Our ranges are always setup with .1 gateway on their router and one of our IPs assigned to our servers.
I have asked the datacenter for help with this but they are not willing to, even as a paid job.
Any idea how to do this ?
Ishan
Comments
I had clients specifically asking to route all the traffic via an IP(single) from their allocation. Meaning it probably has some purpose*
Here they have routed it through their IP which is assigned as base IP for my server.
Although I have not used such a network setup on IPv4 but on IPv6, I'm aware that this type of setup does work. I've seen it more often on OpenVZ.
Essentially, your virtual machines will need to have the main IP as the gateway. Your host acts as a router and passes the packets between the VMs and GWs.
IP forwarding must be enabled on kernel for this to work.
If they would just route the entire /23 as connected network to the VLAN of your server, their router would have to do ARP for all the IPs, and someone scanning your entire network could create a mess. So for large networks it is better to have them routed to your server, so their router does not have to have the burden of maintaining the ARP tables.
I have tried this -
cat /etc/sysctl.conf
net.ipv4.ip_forward = 1
And in solusvm , used server main IP as gateway for the range.
Doesn't work
I understand why they are doing this, however it is not working for me and they are refusing to help even if I pay them.
So try to debug it. Do a traceroute from outside, does it get to your server?
Do a ping from outside, run tcpdump on the eth0 of your server - do you see the ping requests coming in?
If yes - do you seen them on the venet0 interface of the host?
If yes - do you see them on the venet0 interface of the container?
If yes - do you see ping replies on the venet0 interface of the container?
And so on... just try to see how far it is getting and you will figure it out.
Traceroute isn't reaching server -
$ mtr -rwc 2 188.241.61.2
Start: Sat Jun 4 16:19:53 2016
HOST: leapswitch1 Loss% Snt Last Avg Best Wrst StDev
1.|-- 192.168.0.1 0.0% 2 0.2 0.2 0.2 0.2 0.0
2.|-- 115.119.103.101.STATIC-Pune.vsnl.net.in 0.0% 2 35.6 19.8 4.0 35.6 22.4
3.|-- 121.240.2.57.static-Mumbai.vsnl.net.in 0.0% 2 3.8 3.8 3.8 3.8 0.0
4.|-- ix-ae-0-100.tcore1.MLV-Mumbai.as6453.net 0.0% 2 54.0 54.0 54.0 54.0 0.0
5.|-- if-ae-9-5.tcore1.WYN-Marseille.as6453.net 0.0% 2 105.9 106.6 105.9 107.3 0.0
6.|-- if-ae-8-1600.tcore1.PYE-Paris.as6453.net 0.0% 2 105.6 105.6 105.6 105.6 0.0
7.|-- 80.231.154.86 0.0% 2 108.7 108.7 108.6 108.7 0.0
8.|-- prs-bb2-link.telia.net 0.0% 2 125.1 115.6 106.1 125.1 13.5
9.|-- mad-b2-link.telia.net 0.0% 2 131.5 131.3 131.0 131.5 0.0
10.|-- cableuropa-ic-129488-mad-b2.c.telia.net 0.0% 2 129.1 129.5 129.1 129.9 0.0
11.|-- ??? 100.0 2 0.0 0.0 0.0 0.0 0.0
12.|-- ??? 100.0 2 0.0 0.0 0.0 0.0 0.0
13.|-- cr1-rt2.trueinter.net 0.0% 2 163.3 187.6 163.3 211.8 34.2
14.|-- ??? 100.0 2 0.0 0.0 0.0 0.0 0.0
i suppose you are setting up a colo, and do you have a router, now this looks like you will need a router to be setup , if not a machine to do such routing. as a basic step you can assign the main ip provided to the eth0 and one of your own subnet block to the eth1 of this machine, and then do ip forwarding , it should work, is the main IP reachable first of all
if not ask them to setup the two /24 on the interface with gateway as 1 , if they refuse this, then have to find other way.
We paid the provider to announce IPs on our behalf and route them to our server in order to not use an additional router.
They won't do this either.
They logged in to our server for 1-2 hours , rebooted it thrice and couldn't get it to work. This is on a plain CentOS installation.
Last message from their tech -
Sounds like they don't want your business. Find someone that does.
Also name and shame so that we can avoid this DC.
Yes once you have the block routed to you then you can handle it within your network as you see FIt, I usually try and get DC's to give me IP's as a routed block as I can then put them on a NAT device as /32's and use them all (Even the ones that are supposed to be the network/broadcast) ;-)
It's easy enough essentially the device that the IP is routed to needs to be able to handle IP forwarding and needs route entries in it's routing table so it knows what to do with the IPs.
In Some cases if the Provider is accommodating I've even used RFC1918 addresses for links between me and them as the only 2 devices that need to be able to communicate is my router and theirs.
@leapswitch that sounds like ovh's style setup besides the mac filtering which apparently don't apply, try to do it like ovh routing is but just skip the mac filtering part and you will be able to see internet coming to the subnet then.
to get an answer on your ping/traceroute to one of your IPs you need to add them in your network config at least, this should be done with
after that you may try the trace again (base IP has to be set up correctly too)
afair this should work for whole subnets too, but I haven't done this yet.
for the solusvm part I can't tell how it handles routing exactly, never used it.
but for virtualization purposes I probably would simply try to setup the base IP as point2point to have everything routed through the gateway for this base-ip and then add the .1 of your subnet to eth0 like above.
after that set up a bridge interface with the .1 as IP and adding a route for the rest of the subnet-IPs.
this way your guests may be able to use the .1 as gateway while being assigned a IP from the subnet... no guarantee and probably too late now though ;-)
Better to find someone else, the problem may be resolved for now, but what about when you have a problem in the future, unless this is a location that is worth this much of effort with no help