Debian/OVH: How to configure multiple Failover IP on the same Xen (Debian) Virtual Machine?
Solution 1
Incredible, but true: after have spoken to OVH support (which assessed not any problem with this configuration), and have restored the initial settings (re-associating IP Failover BBB.BBB.BBB.BBB to the same MAC Address as AAA.AAA.AAA.AAA) it now works fine!
Solution 2
You do not need to define a broadcast address for secondary IP addresses.
Configuration for "failover" IP adresses is just the following :
# Secondary NIC
auto eth0:0
iface eth0:0 inet static
address BBB.BBB.BBB.BBB
netmask 255.255.255.XXX
Example from a live server :
auto eth0:0
iface eth0:0 inet static
address 178.32.36.20
netmask 255.255.255.0
On a side note, you are doing this the wrong/overly-complicated way. The simple way to do this is to associate a "Virtual Mac address" to your failover IP addresses. You will find this option in the services tab of your server in the OVH Manager. This allows you to just bridge all the virtual interfaces associated with the given virtual Mac addresses. This way you also don't have to worry about any routing. Simple as it gets.
EDIT : I just thought of something. Make sure you enable routing in you dom0 with net.ipv4.ip_forward=1.
EDIT2 : After your comment, I went and had a look at what OVH recommends to do and you should try it. This is featured in this forum post. I don't know if you understand French but what it says is to put the following in your domU's network configuration.
auto eth0
iface eth0 inet static
address <IP FAILOVER> # domU IP address
netmask 255.255.255.255
post-up /sbin/ip route add IP.of.your.dom0.254 dev eth0 # IP.of.your.dom0.254 = dom0's gateway
post-up /sbin/ip route add default via IP.of.your.dom0.254
It seems to me like this would do the trick given that you are in bridged network configuration with virtual MAC addresses.
Related videos on Youtube
Deekshith Anand
Updated on September 18, 2022Comments
-
Deekshith Anand over 1 year
I have a problem on a Xen virtual machine (running latest Debian), when I try to configure a second failover IP address. OVH reports that my IP is misconfigured and they complaint they receive a massive quantity of ARP packets from this IPs, so they are going to block my IP unless I fix this issue.
I suspect there's a routing issue, but I don't know (and can't find any useful info on the provider's website, and their support doesn't provide me a valid solution, just bounce me to their online - useless - guides).
My /etc/network/interfaces look like this:
# The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address AAA.AAA.AAA.AAA netmask 255.255.255.255 broadcast AAA.AAA.AAA.AAA post-up route add 000.000.000.254 dev eth0 post-up route add default default gw 000.000.000.254 dev eth0 # Secondary NIC auto eth0:0 iface eth0:0 inet static address BBB.BBB.BBB.BBB netmask 255.255.255.255 broadcast BBB.BBB.BBB.BBB
And the routing table is:
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 000.000.000.254 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 0.0.0.0 000.000.000.254 0.0.0.0 UG 0 0 0 eth0
In these examples (true IP addresses are replaced by fake ones, guess why :)), 000.000.000.000 is my main server's IP address (dom0), 000.000.000.254 is the default gateway OVH recommends, AAA.AAA.AAA.AAA is the first IP Failover and BBB.BBB.BBB.BBB is the second one.
I need both AAA.AAA.AAA.AAA and BBB.BBB.BBB.BBB to be publicly reachable from Internet and point to my domU, and to be able to access Internet from inside the virtual machine (domU). I am using eth0 and eth0:0 because due to OVH support, I have to assign both IPs to the same MAC address and then create a virtual eth0:0 interface for the second IP.
Any suggestion? What am I doing wrong? How can I stop OVH complaining about ARP flood?
Many thanks in advance, DS
-
Deekshith Anand over 11 yearsSorry, Antoine, thanks for your help (I really appreciate it), but this doesn't fix the problem. I also tried to add a second virtual NIC to my domU, with a MAC assigned by OVH to my second Failover IP, and configured eth1 on domU instead of eth0:0, but unless I add a gateway on a different routing table to eth1, I cannot ping my secondary IP. And if I do that, the ARP flood warnings start again...
-
Antoine Benkemoun over 11 yearsJust updated my post :)
-
Deekshith Anand over 11 yearsHi Antoine, yes I have had a look to that in OVH (badly) translated to engish guides. In one of my attempts, I've added these post-up lines to my first IP on eth0, and after that I am able to ping my first IP; I believe they are exactly the same as using route (instead of ip route) as reported in my question. But I cannot setup a default gateway for the second IP on eth1, unless I use a different routing table (say 100) and a "ip rule from" my second IP. And even if I do so, OVH still complaints about ARP flood... :( I suppose I will ask their support to check my server and provide a solution.
-
Antoine Benkemoun over 11 yearsI know this may be not so smart but try to format your server and try again... Sometimes it helps and you just never know why.