How to: Configure Additional IP Addresses on Hypervisors

Configure additional IPs on SolusVM, Citrix XenServer, and VMware ESXi.

Introduction

All dedicated servers provided by Ubiquity include a base IP assignment (/29) at no additional cost. Any additional assignments allocated to the server are then statically routed to the first usable address of this base assignment. As the first usable address of this base assignment is not part of the additional assignment’s subnet, some additional configuration steps are necessary before they can be utilized within a hypervisor environment.

When these IPs are allocated to guest/virtual machines on the hypervisor, there are a minimum of two additional configuration steps that must be completed for these IP addresses to function. The first step being the setup and configuration of a network bridge or virtual switch, and the second step being adjustments to Linux kernel runtime parameter settings. By completing these additional steps, you will ensure that network communications are correctly forwarded in/out of the hypervisor and in/out of the guest/virtual machines.

NOTE:

The scope of this article is limited to the following hypervisor solutions:

SolusVM, Citrix XenServer, and VMware ESXi.

This tutorial is divided into sections for each Hypervisor solution, in which we will demonstrate how to configure additional IP assignments under each Hypervisors’ respective section. Additionally, all instructions provided in this tutorial assume that you are working with a fresh installation of your chosen solution.

SolusVM 1.17.0

The SolusVM software solution provides a way to manage and create guest/virtual machines for three different virtualization technologies: OpenVZ, KVM, and Xen. The steps necessary for utilizing additional IP assignments with each technology are detailed below in each of their respective sections.

OpenVZ Slave Node

If you opt to use the OpenVZ technology with your SolusVM installation, then no additional configuration is necessary outside of adding the IP addresses in the SolusVM admin control panel and making them available to the slave node. This being due to the installer script taking care of all necessary adjustments already.

KVM Slave Node

Once you have completed the installation of your KVM slave node, you will need to make some adjustments to its network configuration before you can begin utilizing your additional assignment.

First, let’s update our primary network interface’s (eth0) configuration to use the bridge we’ll be creating:

[root@localhost [~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0

Its contents should be updated to the following (removing any other configuration that may be set):

DEVICE=eth0
ONBOOT=yes
BRIDGE=br0

Save the file, and then let’s create the corresponding bridge device that we specified in ifcfg-eth0:

[root@localhost [~]# vi /etc/sysconfig/network-scripts/ifcfg-br0

Paste in the following content (replacing relevant variables with your base IP assignment’s information):

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
IPADDR=23.19.48.210
GATEWAY=23.19.48.209
NETMASK=255.255.255.248
NM_CONTROLLED=no
STP=yes

Again, save the file. All adjustments to our network configuration have been completed, so let’s make the changes we made take effect now:

[root@localhost [~]# /etc/init.d/network restart

Now that our network configuration changes are in effect, we can move onto the last step. The last adjustments we’ll need to make are the enabling and disabling of some kernel runtime parameters. One parameter, net.ipv4.ip_forward, should already be enabled, but let’s confirm that first:

[root@localhost [~]# cat /proc/sys/net/ipv4/ip_forward

The output of this command should return ‘1’ if it is enabled. Should it return ‘0’, then you’ll want update it accordingly in /etc/sysctl.conf to enable it. The remaining parameters that need to be appended to the end of the /etc/sysctl.conf configuration file are the following:

net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.br0.send_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.eth0.send_redirects = 0

So, let’s open up our /etc/sysctl.conf and make those changes now:

[root@localhost [~]# vi /etc/sysctl.conf

Save the file once you have made all necessary adjustments, and then enable the changes by executing the following command:

[root@localhost [~]# sysctl -p

At this point, all that remains for the usage of your additional IP assignment is adding them in the SolusVM admin control panel, and making them available to the slave node as you normally would.

Xen Slave Node

Once you have completed the installation of your Xen slave node, you will need to make some adjustments to its network configuration before you can begin utilizing your additional assignment.

First, let’s update our primary network interface’s (eth0) configuration to use the bridge we’ll be creating:

[root@localhost [~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0

Paste in the following information (removing any other configuration that may be set):

DEVICE=eth0
ONBOOT=yes
BRIDGE=xenbr0

Save the file, and then let’s create the corresponding bridge device that we specified in ifcfg-eth0:

[root@localhost [~]# vi /etc/sysconfig/network-scripts/ifcfg-xenbr0

Paste in the following (replacing relevant variables with your base IP assignment’s information):

DEVICE=xenbr0
TYPE=Bridge
NM_CONTROLLED=no
ONBOOT=yes
IPADDR=108.62.114.242
GATEWAY=108.62.114.241
NETMASK=255.255.255.248
STP=yes

Save the file, then let’s create an alias for the bridge device with an IP address from our additional assignment:

[root@localhost [~]# vi /etc/sysconfig/network-scripts/ifcfg-xenbr0:1

Paste in the following contents (replacing relevant variables with your additional IP assignment’s information):

DEVICE=xenbr0:1
NM_CONTROLLED=no
TYPE=Bridge
ONBOOT=yes
IPADDR=23.82.22.2
NETMASK=255.255.255.0

Save the file. All adjustments to our network configuration have been completed, so let’s make the changes we made take effect now:

[root@localhost [~]# /etc/init.d/network restart

Next, let’s update our /etc/xen/xl.conf configuration file to enable the bridge device we just created for use with our guest/virtual machines. This can be completed simply by removing the ‘#’ (comment) in front of the line with the following text:

#vif.default.bridge="xenbr0"

[root@localhost [~]# vi /etc/xen/xl.conf

After you have removed the ‘#’ from the aforementioned line, save the file. Now, let’s move onto the kernel runtime parameters that need to be adjusted. The net.ipv4.ip_forward parameter should already be enabled, but let’s confirm that first:

[root@localhost [~]# cat /proc/sys/net/ipv4/ip_forward

The output of this command should return ‘1’ if it is enabled. Should it return ‘0’, then you’ll want to update it accordingly in /etc/sysctl.conf to enable it. The remaining parameters that need to be appended to the end of the /etc/sysctl.conf configuration file are the following:

net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.eth0.send_redirects=0
net.ipv4.conf.xenbr0.send_redirects = 0
net.ipv4.conf.xenbr0:1.send_redirects = 0
net.ipv4.conf.default.send_redirects=0

Save the file once all parameters have been updated and enable the changes by running the following command:

[root@localhost [~]# sysctl -p

At this point, all that remains for the usage of your additional IP assignment is adding them in the SolusVM admin control panel, and making them available to the slave node. Just be sure that the gateway address for the IP assignment is set to the IP address of the xenbr0:1 alias you created.

Citrix XenServer 6.5 Utilizing Open vSwitch

A default bridge device, xenbr0, is created upon installation of Citrix XenServer. This device is a dummy network interface as you’ll notice that you won’t be able to locate a network configuration file for it. Citrix creates this dummy interface to use in conjunction with Open vSwitch, which we will be configuring so that the additional IPs will work with guest/virtual machines that are created on the hypervisor.

First, let’s begin by enabling Open vSwitch networking:

[root@localhost [~]# xe-switch-network-backend openvswitch

For the changes to take effect, we will now need to reboot the host node that we enabled Open vSwitch on:

[root@localhost [~]# reboot

Once the host node has completed rebooting, let’s create a network device that will act as our router for the additional IP assignment:

[root@localhost [~]# vi /etc/sysconfig/network-scripts/ifcfg-vmrouter

Paste in the following contents (replacing relevant variables with your additional IP assignment information):

DEVICE=vmrouter
IPADDR=23.81.162.2
NETMASK=255.255.255.0
ONBOOT=yes
NM_CONTROLLED=no

Save the file, and run the following command to add the device we just created to Open vSwitch:

[root@localhost ~]# ovs-vsctl add-port xenbr0 vmrouter -- set interface vmrouter type=internal

Then activate the network device we created:

[root@localhost ~]# ifup vmrouter

To retain the Open vSwitch configuration changes we made, we will need to remove a line from the /etc/init.d script for Open vSwitch that deletes the changes we made. The line that will need to be removed/commented out is:

set "$@" --delete-bridges

So, let’s edit the file by commenting out or removing the line referenced above:

[root@localhost ~]# vi /etc/init.d/openvswitch

HINT:

You can input ‘/’ to use the search function in vi to quickly find the exact line.

Once you’ve removed/commented out the line, save the file. Now, let’s move onto the kernel runtime parameters that need to be adjusted. The net.ipv4.ip_forward parameter should already exist in the file, so we’ll just want to update it to ‘1’ to enable it:

[root@localhost [~]# vi /etc/sysctl.conf

The remaining parameters that need to be appended to the end of the /etc/sysctl.conf configuration file are the following:

net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.vmrouter.send_redirects=0
net.ipv4.conf.xenbr0.send_redirects=0
net.ipv4.conf.default.send_redirects=0

Save the file once all parameters have been updated, and enable the changes by running the following command:

[root@localhost [~]# sysctl -p

We have now completed all necessary configuration changes for the utilization of the additional IPs. All that remains for their utilization is the configuration of any guest/virtual machine you create with them. Just ensure that you configure the IP assigned to the vmrouter device as the gateway address for all guest/virtual machines that use an IP address from this assignment.

VMware ESXi 6.0

VMware ESXi does not include necessary network routing features in its kernel, so we will need to create a CentOS 6.x based guest/virtual machine on the hypervisor to act as our router for the additional IP address assignment.

First, ensure that your installation of VMWare ESXi is not configured with the first usable IP address of your base assignment. Should it be configured with this address, you will need to update it to any other available IP address from the base assignment. The reason for this being that the first usable IP address must be used on the guest/virtual machine we’ll be creating as our router. After you have confirmed the first usable IP address is not in use, you’ll want to create a CentOS 6.x guest/virtual machine on the hypervisor. Once it has been created, login to it and edit its eth0 configuration file:

[root@localhost [~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0

Paste in the following contents (replacing with your base IP assignment’s first usable address and gateway address):

DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=static
IPADDR=23.19.75.250
GATEWAY=23.19.75.249
NETMASK=255.255.255.248

Save the file, and then create an alias for it:

[root@localhost [~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0:1

Paste in the following contents (replacing relevant variables with your additional IP assignment information):

DEVICE=eth0:1
IPADDR=172.241.205.2
GATEWAY=23.19.75.249
NETMASK=255.255.255.0
ONBOOT=yes

Again, save the file. All adjustments to our network configuration have been completed, so let’s make the changes we made take effect now:

[root@localhost [~]# /etc/init.d/network restart

Now that our network configuration changes are in effect, we can move onto the next step: the enabling and disabling of some kernel runtime parameters. One parameter, net.ipv4.ip_forward, should already exist in /etc/sysctl.conf and simply needs to be updated to ‘1’ to enable it. The remaining parameters that need to be appended to the end of the /etc/sysctl.conf configuration file are the following:

net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.eth0.send_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.eth0:1.send_redirects = 0

So, let’s open up the relevant file and append our parameters to the end of the /etc/sysctl.conf configuration file:

[root@localhost [~]# vi /etc/sysctl.conf

Save the file, and then activate the changes we just made:

[root@localhost [~]# sysctl -p

Lastly, let’s ensure that the iptables firewall is disabled:

[root@localhost [~]# /etc/init.d/iptables stop && chkconfig iptables off

All necessary steps have now been completed. You can now utilize your additional IP assignment by adding its IPs to guest/virtual machines. Just ensure that you set the gateway address to the IP configured on the eth0:1 alias for any new guest/virtual machines that you create with an IP address from this assignment.

Written by
on October 2, 2015

Facebook Twitter Google+ LinkedIn Addthis