Network Bridging


Introduction

Bridged networking can be used to configure your virtual machines (VM). Some tweaking is necessary to make the network configuration work on our network.

Lines highlighted in blue in the configuration examples keywords in capital letters that you must change for your own values. For example, FAILOVER_IP which you must change for your failover IP.

FAILOVER_IP:The failover IP (FoIP) you want to configure.
HOST_IP:The main IP of your dedicated server, also called host.
INTERFACE:The name of the network interface you’re currently configuring. Will most probably be eth0 or ensXX.
GATEWAY_IP:The main IP of your server with the last octet replaced by 254.
NETWORK_IP:The main IP of your server with the last octet replaced by 0.
VIRTUAL_MAC:The virtual MAC address that you assigned for the FoIP in the Control Panel.

Requirements

  • A dedicated server with an hypervisor installed (Ex: VMware ESXi, Citrix Xen Server, Proxmox, etc.)
  • Have assigned a MAC address to your FoIP.
  • Knowledge about SSH

Setting a virtual MAC address (vMAC) for your FoIP

Configuring an IP in bridging will require you to configure a virtual MAC address for your IP address. In order to do that, go in your Control Panel. Click on the IP section on the left. In the IP section, click on the gear next to your IP. Then, select Add a virtual MAC.

Click on the gear then choose "Add a virtual MAC"

Setting a vMAC - Step #1

In the menu that appears, select the type of virtual MAC. If you install any version of VMWare ESXi, choose “vmware”. In any other case, choose “ovh”. Put a name for your virtual machine. It doesn’t have to be the same name as in your hypervisor. It can be any name.

Select "vmware" for ESXi or "ovh" for anything else

Setting a vMAC - Step #2

Once you’re done, click on Confirm. The creation of the vMAC will take a couple of minutes. Once it is completed, the vMAC will appear under “Virtual MAC”. You may have to refresh your browser to see the change.

The vMAC will appear in the IP section under "Virtual MAC"

Setting a vMAC - Step #3

Warning

Do not forget to assign the same virtual MAC address to the virtual network adapter inside your hypervisor.

Obtaining the IP address of the gateway

To bridge your VM, you need to know the gateway of your dedicated server. To do this, you must replace the last octet of the IP address assigned to your server with .254.

You can find the IP of your server in the OVH Manager.

For example:

  • IP of your server : 123.123.123.123
  • So the gateway IP is: 123.123.123.254

Please note that this is true only for dedicated servers, others services, such as Public Cloud or VPS, use different gateways to reach the public network.

Warning

The IP address of the gateway, indicated as GATEWAY_IP, will always be outside of the failover IP subnet. Thus, in some OS, it will be important to add at least one route in order to reach the internet.

Obtaining the name of the interface

Every network adapter, either physical or virtual, as a name assigned to it by the OS. In Linux, in order to get the name of the interface, simple do the command ip link. The interface that has the vMAC that you created in the Control Panel is the one you must be using to brige the VM.

1
2
3
4
5
6
$ ip link

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens60: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:50:56:12:34:56 brd ff:ff:ff:ff:ff:ff

Here, for example, the name of the interface containing the vMAC created for a ESXi VM is ens60. Any instance of the word INTERFACE, either in the configuration file itself or in its filename, must be replaced by that value.

Applying the configuration

Archlinux

Archlinux can be configured with multiple network managers. In this guide, we will look at two network managers, mainly netctl and networkd.

Netctl

Netctl is a network manager that comes pre-installed with Archlinux. If you are using it, in order to bridge your VM to the public network, please create the following files.

File: /etc/netctl/INTERFACE

1
2
3
4
5
Interface=INTERFACE
Connection=ethernet
IP=static
Address=('FAILOVER_IP/32')
DNS=('213.186.33.99')

File: /etc/netctl/interfaces/INTERFACE

1
2
3
#!/bin/bash
ExecUpPost="/sbin/ip route add GATEWAY_IP dev INTERFACE; /sbin/ip route add default via GATEWAY_IP"
ExecDownPre="/sbin/ip route delete GATEWAY_IP dev INTERFACE; /sbin/ip route delete default via GATEWAY_IP"

The first file is the interface configuration file. The second is a hook that is executed along with the interface when it is turned on or off. Regarding that last file, be sure to make that file executable with the command:

chmod +x /etc/netctl/interfaces/INTERFACE

To make sure that the interface will be brought up on the next reboot, enter the following command:

systemctl enable netctl-auto@INTEFACE.service

Networkd

Some users may prefer to use the networkd network manager, also installed by default. However, if you are using this, please make sure that you deactivated any other network manager as multiple ones running simultaneously will cause errors.

File: /etc/systemctl/network/PRIORITY-INTERFACE.network

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
[Match]
Name=INTERFACE

[Network]
Address=FAILOVER_IP/32
Peer=GATEWAY_IP/32

[Gateway]
Gateway=GATEWAY_IP
Destination=0.0.0.0/0

You can replace PRIORITY by any integer, but be sure that you are choosing a lower value than the other configuration files as they may interfere with one another. A lower numerical means a higher priority. By putting between 10 and 25, you should not have to worry interference.

Debian & derivatives (Ubuntu, CrunchBang, SteamOS...)

File: /etc/network/interfaces

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
auto lo
iface lo inet loopback

auto INTERFACE
iface INTERFACE inet static
    address FAILOVER_IP
    netmask 255.255.255.255
    broadcast FAILOVER_IP
    post-up /sbin/ip route add GATEWAY_IP dev INTERFACE
    post-up /sbin/ip route add default via GATEWAY_IP
    pre-down /sbin/ip route delete GATEWAY_IP dev INTERFACE
    pre-down /sbin/ip route delete default via GATEWAY_IP

File: /etc/resolv.conf

nameserver 213.186.33.99 # OVH DNS Server

Note

For Debian 6, dns server configuration is done directly in the file /etc/network/interfaces where you have to find this section:

# dns-* options are implemented by the resolvconf package, if installed (default)
dns-nameservers 213.186.33.99 # OVH DNS Server
dns-search ovh.net # For faster hosts resolution on the OVH network

Redhat & derivatives (CentOS 6, Scientific Linux, ClearOS...)

File: /etc/sysconfig/network-scripts/ifcfg-INTERFACE

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
DEVICE=INTERFACE #Please make sure that you enter the INTERFACE name her, and not just the word INTERFACE
BOOTPROTO=none
ONBOOT=yes
USERCTL=no
IPV6INIT=no
PEERDNS=yes
TYPE=Ethernet
NETMASK=255.255.255.255
IPADDR=FAILOVER_IP
GATEWAY=GATEWAY_IP
ARP=yes
HWADDR=VIRTUAL_MAC

File : /etc/sysconfig/network-scripts/route-INTERFACE

1
2
GATEWAY_IP dev INTERFACE
default via GATEWAY_IP dev INTERFACE

File : /etc/resolv.conf

1
nameserver 213.186.33.99 # OVH DNS Server

CentOS 7

File: /etc/sysconfig/network-scripts/ifcfg-INTERFACE

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
DEVICE=INTERFACE #Please make sure that you enter the INTERFACE name her, and not just the word INTERFACE
BOOTPROTO=none
ONBOOT=yes
USERCTL=no
IPV6INIT=no
PEERDNS=yes
TYPE=Ethernet
NETMASK=255.255.255.255
IPADDR=FAILOVER_IP
GATEWAY=GATEWAY_IP
ARP=yes
HWADDR=VIRTUAL_MAC

Note

If the file route-INTERFACE does not exist, you’ll have to create it.

File: /etc/sysconfig/network-scripts/route-INTERFACE

1
2
3
GATEWAY_IP - 255.255.255.255 INTERFACE #For example, 123.123.123.254 - 255.255.255.255 ens60
NETWORK_IP - 255.255.255.0 INTERFACE #For example, 123.123.123.0 - 255.255.255.0 ens60
default GATEWAY_IP

File: /etc/resolv.conf

nameserver 213.186.33.99

OpenSUSE

If the file for your interface does not exist, you’ll have to create it.

File : /etc/sysconfig/network/ifcfg-INTERFACE

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
DEVICE=INTERFACE #Please make sure that you enter the INTERFACE name her, and not just the word INTERFACE
BOOTPROTO=static
ONBOOT=yes
ARP=yes
USERCTL=no
IPV6INIT=no
TYPE=Ethernet
STARTMODE=auto
IPADDR=FAILOVER_IP
NETMASK=255.255.255.255
GATEWAY=GATEWAY_IP
HWADDR=VIRTUAL_MAC

If the file ifroute-INTERFACE does not exist, you’ll have to create it.

File : /etc/sysconfig/network/ifroute-INTERFACE

1
2
3
GATEWAY_IP - 255.255.255.255 INTERFACE
NETWORK_IP - 255.255.255.0 INTERFACE
default GATEWAY_IP

In /etc/sysconfig/network/config, you need to have:

1
NETCONFIG_DNS_STATIC_SERVERS=”213.186.33.99”

FreeBSD 8.0

File : /etc/rc.conf

1
2
3
4
ifconfig_em0="inet FAILOVER_IP netmask 255.255.255.255 broadcast FAILOVER_IP"
static_routes="net1 net2"
route_net1="-net GATEWAY_IP/32 FAILOVER_IP"
route_net2="default GATEWAY_IP"

File : /etc/resolv.conf

1
nameserver 213.186.33.99 # OVH DNS Server

Windows 2003

First, open the “Network Connections” panel (Start -> Control Panel -> Network Connections -> Local Area Connections)

Then, select Properties :

_images/network-bridging-windows-2003-1.jpg

Local Area Connections

Then, select Internet Protocol (TCP/IP):

_images/network-bridging-windows-2003-2.jpg

Local Area Connections

Finally, you will need your ip Failover in the field “IP Address”, the subnet mask 255.255.0.0, the gateway to your physical machine as default gateway and ip 213.186.33.99 as the preferred DNS server.

_images/network-bridging-windows-2003-3.jpg

Internet Protocol (TCP/IP)

For the second step, via the Start menu, click Run, then type regedit. Once in the application, you should find your ip-failover (Edit -> Search). Once the IP found, double-click the parameter SubnetMask? “and change 255.255.0.0 to 255.255.255.255, then you validate.

Close the registry editor

Finally, to validate the changes, you must restart the network interface (Start -> Control Panel -> Network Connections -> Connection LAN -> right click, then Disable)

Wait a few seconds and re-enable the network connection

Windows Server 2012 / Hyper-V

First you need to create Virtual Switch.

  1. On the command line of the host server run IPconfig /ALL

  2. Note the name of the network adapter that contains the IP address of the server’s assigned IP.

  3. In Hyper-V manager create the a new virtual switch.
    • Connection Type is External
    • Select the adapter with the server’s IP
    • Check Allow management OS to share this network adapter
_images/network-bridging-windows-2012-1.jpg

Virtual Switch Manager

Note

This step only is required once for a hyper-v server. For all VMs, a virtual switch is required to connect the VM’s virtual network adapters to the server’s physical adapter.

Then select the VM that you wish to add the Failover IP. Use the Hyper-V Manager to change the settings of the VM (it needs to be shutdown).

  1. Expand the Network Adapter and click on Advanced Features.
  2. Change the MAC address to Static and enter the Virtual MAC address for Failover IP.
  3. Press OK to apply changes.
_images/network-bridging-windows-2012-2.jpg

Hyper-V Manager

Start the VM and log in as an administrator.

  1. Control Panel > Network and Share Center
  2. Click on the Connections: Ethernet link
  3. Click on Properties Button to show Ethernet Properties
  4. Select Internet Protocol Version 4 (TCP/IPv4)
  5. Click on Properties Button to show IP V4 Properties
_images/network-bridging-windows-2012-3.jpg

Ethernet Properties

On the IPv4 Properties window:

  1. Select the Use the following IP address
  2. Enter the Failover IP into the IP Address
  3. Enter 255.255.255.255 into the Subnet Mask
  4. Enter your server’s gateway IP address into the Default Gateway (your server’s IP ending with 254)
  5. Enter 213.186.33.99 into the Preferred DNS Server.
  6. Press OK and ignore the warning message about the gateway IP and Assigned IP not being in the same subnet.
_images/network-bridging-windows-2012-4.jpg

Ethernet Properties

Finally, reboot server and the VM should be connected to the internet using the failover IP.

Proxmox

Proxmox added a guide specifically for the configuration of failover IPs inside the OVH network, that you can see here.

Other distributions

Here is the network configuration required in the Virtual Machine:

  • ip: FAILOVER_IP
  • netmask: 255.255.255.255

It is also required to add a default gateway to the Virtual Machine:

ip route add GATEWAY_IP dev INTERFACE
ip route add default via GATEWAY_IP

You will then need to configure the DNS of your machine so that it can make domain resolution. The IP of the OVH DNS server is 213.186.33.99.