VPS Routing with IP Aliases

[Serpent]

I know a bit about basic networking and routing with a single internet-facing IP address. With a Jag VPS, I have three IP addresses that face the internet, and I'm not sure how to set up the routing correctly.

I'd like to post what was set up for me by default in my VPS, and what I'd like to do, and see if it makes sense.

There is one device, "venet0", with three aliases - venet0:0, venet0:1, and venet0:2.

venet0 has ip 127.0.0.1
venet0:0 has a public ip, x.y.z.10
venet0:1 has a public ip, x.y.z.11
venet0:2 has a public ip, x.y.z.12

Now, there are very few routes on the machine, but they confuse me anyhow. The default route is via venet0, but shouldn't it be via venet0:0?

$ ip route list
191.255.255.1 dev venet0 scope link
127.0.0.0/8 dev lo scope link
default via 191.255.255.1 dev venet0

That's my first question.

My second question is, I think I should have magic routing entries so that packets that claim to be from .11 actually go out venet0:1, etc. I believe I can do this with multiple routing tables.

The problem I'm trying to fix is this - any service listening on .11 or .12 doesn't seem to be talking to the internet correctly. .10 seems to be fine.

# Works fine if I connect from another host
$ nc -s x.y.z.10 -l -p 5555

# I can't connect from anywhere with this
$ nc -s x.y.z.11 -l -p 5555

# Or this
$ nc -s x.y.z.12 -l -p 5555

I believe this is because packets coming in on .11 are replied to with outgoing packets on .10 (or maybe the kernel is just dropping them outright because they are coming in on an interface that doesn't route back to them). I don't even see them in tcpdump.

Seems like I need special routing entries that describe that packets coming from .11 go out venet0:1, etc. Does that sound right?

If I start messing with my routing tables, and I can't connect back to my VPS, how upset will support be when they have to fix it? I don't see a way to get console access to my VPS... so I'm afraid to start tinkering.

Any thoughts would be helpful.

[JPC-NickO]

Hi,

You shouldn't have to be tinkering with the routing tables at all as the default route that is configured when we setup the VPS should be sufficient.

Technically, venet0 is virtual interface that connects you to the host node (191.255.255.1) which then passes your connection on to our network.

The most likely problem is that your firewall isn't configured properly or there is something wrong with the IP addresses that were assigned to you.

Please open a support ticket and I (or one of my colleagues) can take a look at this for you.

[Serpent]

Thanks - I opened a ticket in the past for this but because I thought it was just an issue with a service I was running on those secondary ip addresses, support could not help out (I have a bare-bones VPS). I re-opened the ticket as a general network issue with the new findings and they resolved the routing issue on their end.

Thanks.

[D]

JPC-NickO

Is it possible to get second virtual interface up and running inside VPS container? No second tunnel needed to HN, just iface with it's own IP, not another alias for venet0.

[JPC-Zishan]

Is it possible to get second virtual interface up and running inside VPS container?

Yes. Support for multiple network adapters in a single VE is implemented in Virtuozzo 4.0. Please open a ticket so that we can check it for you.