In OVH, how to connect 2 VMs, each one in a ProxMoxServer, using vrack?

Gilberto Martins

3/18/23, 4:23 PM

Each of both PVE has 1 VM for firewall and several other VMs, organized in subnetworks, addressed with RFC1918, according to the this diagram

For better understanding, this is the networking addressing:

PVE01 - Net 01 - 172.1.10.0/27
PVE01 - Net 02 - 172.1.20.0/27
PVE01 - Net 03 - 172.1.30.0/27

PVE02 - Net 01 - 172.2.10.0/27
PVE02 - Net 02 - 172.2.20.0/27
PVE02 - Net 03 - 172.2.30.0/27

Actually, any server in the structure is able to communicate with any other server into the same PVE. The goal is having any VM of Server A communicating with any VM of Server B and vice-versa. Both PVEs are already connected to the same VRack in OVH Web Manager (this is the best I could do following OVH documentation)

I want both firewalls to communicate through VRack. Anybody did such a configuration? If so, is there any documentation that can help me on how to configure both interfaces?

101

0 + 0

iptables

proxmox

ovh

Score:1

Server

Dylan

3/18/23, 5:01 PM

Each VM can communicate with other VMs on the same host, even in different virtual networks, because the host has routes for each virtual networks managed by itself. You can use ip route on each host to see that.

You could solve that by adding static routes. On each host, you should manually add one route for each virtual networks on other hosts. If your infrastructure scales later with more hosts and virtual networks, it will not be convenient to maintain.

A better way would be a single router, physical or virtualized, and setup VLAN with openvswitch.

0 + 0

Gilberto Martins

3/18/23, 5:11 PM

I thought about the routes, thanks for your help. Buto you have any suggestion about how to setup these routes without installing openvswitch? I want to know whether this can be done out of extra software. BTW, it is unlikely that this infrastructure would increase in the # of subnetworks.

Gilberto Martins

3/18/23, 6:10 PM

You said "Each VM can communicate with other VMs on the same host, even in different virtual networks, because the host has routes for each virtual networks managed by itself". Not really. The firewall has one interface to each subnetwork, and each interface is connected to a bridge of ProxMox, except one that is linked to a bridge to the external interface. I have linked each of these bridges to dummies interfaces I've configured in PVE. So in the PVE you can sniff the whole traffic, but not in the VMs. The VMs only have routes to default gateway. ```

Dylan

3/19/23, 2:17 AM

Regarding your first comment: If you do not intend to increase the number of hosts or virtual networks, static routes is a good solution. Have a look at your distribution's manual or online guides. Setting static routes and make them persistent across reboots is an already covered topic. You may want to search for Debian, as Proxmox is based on this distribution.

Dylan

3/19/23, 2:23 AM

Reply to your second comment: I am not sure what you mean, the firewall is not responsible of routing. If one VM can reach another VM in the same PVE but a different subnet (as you stated in the initial question), this is because the VM uses the PVE as default gateway, and the PVE has a route to the other network through using the bridge as `dev`, and you will notice too that the PVE has an IP inside that virtual network. Have a look at `ip route` on the PVE. The PVE is a router between the different virtual networks, and the WAN.

Dylan

3/19/23, 2:31 AM

I forgot, but both your PVE must be in the same segment if you want your static routes to work because your virtual networks are not defined in OVH's routers. You will have to use the vRack, each PVE must get an IP inside the vRack in the same VLAN and in the same network (you will create another one). Let's say the vRack link is eth1 on each PVE, PVE01 gets 10.0.0.1/24 on eth1, and PVE02 gets 10.0.0.2/24 on eth1 too. Then, one route on PVE01 could look like `172.2.10.0/27 via 10.0.0.2 dev eth1`

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: In OVH, how to connect 2 VMs, each one in a ProxMoxServer, using vrack?

TH: ใน OVH วิธีเชื่อมต่อ 2 VM แต่ละอันใน ProxMoxServer โดยใช้ vrack

RO: În OVH, cum se conectează 2 VM-uri, fiecare într-un ProxMoxServer, folosind vrack?

RU: В OVH, как подключить 2 ВМ, каждую в ProxMoxServer, используя vrack?

VI: Trong OVH, làm cách nào để kết nối 2 máy ảo, mỗi máy ảo trong ProxMoxServer, sử dụng vrack?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.