Dom0 and domu has different subnet and dom0 act as router
- Dom0 has A.B.C.81 with netmask 255.255.255.0.
- Domu has ip range X.Y.X.144 - X.Y.Z.151 netmask 255.255.255.248.
OVH inform us, this ip range (X.Y.X.144 - X.Y.Z.151) will be reroute via A.B.C.81. It means, br0 becomes a gateway for domu.
Solution:
This is text diaagram for paritcular case:
A.B.C.254 ---- A.B.C.81
(Gateway) (br0/dom0)
X.Y.X.150 ---- X.Y.X.144 - X.Y.Z.149 (domu)
(br1/dom0)
List of ip can not be used for domu
- X.Y.X.144 as address
- X.Y.X.151 as broadcast
- X.Y.X.150 OVH ask me to assign this ip as a gateway
I create a new bridge network br1 which does not attach to any physical device and assign it as router with ip Z.Y.Z.150:
# brctl addbr br1
# ifconfig br1 Z.Y.Z.150 netmask 255.255.255.248 up
# brctl stp br1 on (optional)
Here is a new bridge configuration:
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.e03f49e8149b yes eth0
br1 8000.feffffffffff no vif2.0
virbr0 8000.000000000000 no
Here is route output:
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default A.B.C.254 0.0.0.0 UG 0 0 0 br0
A.B.C.0 * 255.255.255.0 U 0 0 0 br0
192.168.0.0 * 255.255.255.0 U 0 0 0 virbr0
X.Y.X.144 * 255.255.255.248 U 0 0 0 br1
You can create your domu using xen-create-image with ip range from X.Y.X.145 to X.Y.X.149 and br1 as bridge network. This is an example:
# xen-create-image --hostname test --size=10GB --swap=1024MB --memory=512MB --vcpu=1 --dist=jessie --ip=Z.Y.Z.145 --netmask=255.255.255.248 --gateway=Z.Y.Z.150 --bridge=br1
Ping reply from outside (public) after dom0 make internal process to reroute from br0 into br1:
>ping x.y.z.145
Pinging x.y.z.145 with 32 bytes of data:
Reply from x.y.z.145: bytes=32 time=276ms TTL=50
Reply from x.y.z.145: bytes=32 time=270ms TTL=50
Reply from x.y.z.145: bytes=32 time=288ms TTL=50
Reply from x.y.z.145: bytes=32 time=269ms TTL=50
Ping statistics for x.y.z.145:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 269ms, Maximum = 288ms, Average = 275ms
To make it permanent, add br1 into /etc/network/networking in dom0:
auto br1
iface br1 inet static
address X.Y.X.150
netmask 255.255.255.248
broadcast X.Y.X.151
pre-up brctl addbr br1
References (thanks):
- http://www.linuxforums.org/forum/newbie/186273-iptables-forwarding-vs-ip-route.html
- http://www.linuxquestions.org/questions/linux-networking-3/routing-between-interfaces-217543/
- http://www.linuxquestions.org/questions/linux-networking-3/network-routing-between-two-networks-problem-569978/
- http://www.linuxquestions.org/questions/linux-networking-3/how-to-route-ip-packets-between-ethernet-bridges-725543/
- http://askubuntu.com/questions/581771/kvm-create-a-virtual-machine-with-2-bridges-interfaces
- http://serverfault.com/questions/529963/bridged-network-setup-with-gateway-not-in-netmask
- https://help.ubuntu.com/community/Xen
- https://debian-administration.org/article/360/An_introduction_to_custom_Xen_networking
- http://www.pocketnix.org/posts/Linux%20Networking%3A%20Dummy%20Interfaces%20and%20Virtual%20Bridges
- http://unix.stackexchange.com/questions/152331/how-can-i-create-a-virtual-ethernet-interface-on-a-machine-without-a-physical-ad
- http://forums.debian.net/viewtopic.php?f=5&t=49303
- http://linux-vserver.org/Networking_vserver_guests
- http://wiki.networksecuritytoolkit.org/nstwiki/index.php/Dummy_Interface
- https://systemausfall.org/wikis/howto/XenUpgrade3.2#Dummy_network_interfaces_stopped_working
- http://jodies.de/ipcalc