Host Routed Mode: route a large group of IPv6 Addresses to one container

Discussion in 'Networking Questions' started by AaronMcH, Nov 20, 2015.

  1. AaronMcH

    AaronMcH Mega Poster

    Messages:
    130
    We are using Host Routed Mode and have Plesk Automation running in a container, we are setting up Plesk Automation to assign dedicated IPv6 addresses to subscriptions, we have assigned a pool of addresses that is quite large say 1:2:3:4::abcd:0 to 1:2:3:4::abcd:ffff.

    Is there any way with Host Routed Mode to automatically route any IP Address in that range to the PA Container, as manually adding IP Addresses in Virtuozzo is not really an option and we would like to try and avoid using Bridged mode where possible.

    Any help would be appreciated,
    Thank you
    Aaron
     
  2. Pavel

    Pavel A.I. Auto-Responder Staff Member

    Messages:
    478
    Hello Aaron,

    No, there is no way to route all IPs automatically.

    Adding them manually indeed would take a while, however, you can write a bash script to add them.
    Using Bridged mode won't work here as well, as it's a bit limited in amount of IPs it can take, you can refer to this thread for more details:
    http://forum.odin.com/threads/length-limit-of-ip-addresses-per-interface-container.332805/

    Probably Steve will be able to give you a better advice as he is using Plesk Automation as well.
     
  3. AaronMcH

    AaronMcH Mega Poster

    Messages:
    130
    Hi thanks for the info and idea about a bash script, here is a small one I just wrote, does the job

    Code:
    #!/bin/bash
    # Script to add a range of IP Addresses to a Container in bulk
    # Written by: Aaron McHale (L6Hosting Limited)
    
    if [ -z $1 ] || [ -z $2 ] || [ -z $3 ] || [ -z $4 ]; then
        echo "$0 Usage: <ID|Name> <addr> <first> <last>"
        echo "Example: The container name is 'PPA', the first address is 1234::1 and the last address you want to add is 1234::ff, you would run the command as follows:"
        echo "$0 PPA 1234:: 1 ff"
        exit
    fi
    
    for ((n=$3; $n <= $4; n++)); do
        prlctl set MN1-PPA --ipadd $2:$n
    done
     
  4. SteveITS

    SteveITS Tera Poster

    Messages:
    277
    Hi Aaron,

    I just saw this thread. I have been talking with Virtozzo support about my issues adding IPv6 addresses to nodes. Using prlctl to do it works sometimes, but often hangs. I have to test it but they are telling me:

    "It is not recommended to assign lots of IP addresses to a container in bridged mode.
    The reason is that the length of the field is somewhat limited and not all IP addresses can fit to the field.
    (In a test environment, it is limited to ~150 IPv4 addresses in total, the number is slightly less for IPv6 addresses.)
    ...
    For that number of IP addresses, it is recommended to leave network interfaces not configured from the node's side, and assign these IP addresses from the container directly.
    In bridged mode, it is allowed to assign IP addresses from a container and everything should work fine."

    ...meaning to edit /etc/sysconfig/network-scripts/ifcfg-* directly.

    If that's true though I don't understand why PPA can't successfully allocate new IPs to the container.

    The part I'm confused about is if it is a length issue, as I've posted in another thread, why was my script able to use prlctl to add 32 IPv6 addresses to eth0, eth1, eth2, and only get halfway through eth3?
     
  5. SteveITS

    SteveITS Tera Poster

    Messages:
    277
    I found if I add additional IPv6 addresses to eth3 I can't ping them outside the container.
     
  6. SteveITS

    SteveITS Tera Poster

    Messages:
    277
  7. Pavel

    Pavel A.I. Auto-Responder Staff Member

    Messages:
    478
    Hello Steve,

    First of all - can you tell me the ticket ID? I'd like to check the history.
    Second - it requires additional configuration, but from the first glance it should be possible. It would be necessary to disable ipfilter and use "--configure none" to make sure container startup does not overwrite network settings.

    As for the length - ip settings are stored within the same line for all bridged adapters. Thus overall capacity should be the same no matter which adapter you add the IP.
    As to why doesn't eth3 work - first of all check if eth3 has IP address assigned. Besides, your network configuration also important - as to are eth3 and eth0-2 attached to the same switch and subnet, or not, etc. I suspect routing issues.

    It seems like this issue has been ongoing for you for a while now, and I do want to help you.
    Drop me your e-mail or skype as a private message, I'll contact you and we'll see if I can help you anyhow.
     
  8. SteveITS

    SteveITS Tera Poster

    Messages:
    277
    Hi Pavel, I don't want to hijack Aaron's thread since I have my own, which you cited above. My Virtuozzo ticket # is 2049188. It's a new ticket, I was just trying to figure most things out on my own before using support incidents, and it had not happened in a couple months.

    To correct what I wrote above, as I now understand it (and I am confirming) Support is telling me that the limitations are within PVA and/or Virtuozzo. If I create an interface in PVA and assign anything to it (even configured as DHCP) it will have problems with a lot of IP(v6) addresses. They are telling me to create the container with one interface, no IP addresses, DHCP disabled. Then only add IPv4 and IPv6 addresses via vzctl and not prlctl. (incidentally vzctl is significantly faster). Finally, don't ever use PVA to edit the network configuration from then on, because of the string length limits. By "edit /etc/sysconfig/network-scripts/ifcfg-* directly" he apparently meant using vzctl.

    As I understand it this works only because we're using bridged mode networking which is handled inside the container. Per support: "if an interface is created for a container, but there is no configuration for it (no IP, no gateway, no DNS, etc) from the node's side, the container is free to set up IP addresses and use those IP addresses."

    To clarify my comment about eth3, the scenario is that my script (using prlctl) added IPv6 addresses to eth0, eth2 (I apparently skipped copy/pasting eth1, oops) and got a few addresses into eth3 before hanging. When I say "hangs" I mean prlctl will sit for days until the script process is killed.

    The plus side is that in PPA, I added a webspace with a dedicated IPv6 address and it allocated it from the IPv6 pool, and it is pingable. If that works then we do not have to preallocate IPv6 (or even IPv4) addresses, and can just set up one big pool for all service nodes. We primarily need to worry about which will be used for Sendmail's outbound connections, for mail from the web sites, and that is configurable.

    I could never understand why PPA could not allocate the IP address itself, but maybe this is why...because I created the container in PVA with an IP address.
     
  9. SteveITS

    SteveITS Tera Poster

    Messages:
    277
    Despite the example given to me, support says that using vzctl to add the IP addresses will still break:

    "...it is assumed that the command `vzctl exec` (or `vzctl enter`) was used to add IP addresses.
    If the command `vzctl set .. --ifname ..--ipadd ...` is in use, then the same issue will be there after adding >100-150 IP addresses."
     
  10. Pavel

    Pavel A.I. Auto-Responder Staff Member

    Messages:
    478
    Hello Steve,

    By "modify ifcfg- scripts directly" support meant exactly what it meant.
    For bridged containers it is possible to configure IP addresses from inside of them. Such IP address will not be accounted in PVA or in container's configuration file, but it should work. If approach with using "vzctl" suits you right now, okay then :) if some time you feel you're short on IP addresses - give a shot to configuring IP address from within the container (again, works only for CTs in bridged mode with no IPs configured. Theoretically you might have to disable ipfilter for such CT to work)
     

Share This Page