Network configuration in Hetzner

From ISPWiki
Jump to: navigation, search
Hierarchy: VMmanager KVM ->NETWORKS
VMmanager Cloud ->NETWORKS

This article walks you through the steps you need to perform for network configuration in the Hetzner data center.

Hetzner uses port security - a switch function enabling to limit the MAC addresses that are allowed to send traffic into the port. The port won't send packets if the sender's MAC-address is not allowed.

Therefor the following issues may occur:

  • A KVM virtual server has a separate MAC-address, so the switch will block packets that virtual machines send;
  • When you add a new cluster node, VMmanager will re-configure the network. Due to the restrictions described above, server connection will be lost.

To resolve the issues, you need to configure the network manually depending on how the server is allocated an IP address: a separate subnet or several additional IP addresses.

Using a separate subnet

The configuration procedure:

1. Add the Option BuildBridgesManually option into the /usr/local/mgr5/etc/vmmgr.conf configuration file

2. Restart VMmanager

/usr/local/mgr5/sbin/mgrctl -m vmmgr exit

3. Configure the server network interface. To do so, edit the /etc/sysconfig/network-scripts/ifcfg-<primary IP address of the server> file:

DEVICE=<primary IP address of the server>
BOOTPROTO=static
HWADDR=<MAC адрес>
ONBOOT=yes
BRIDGE=vmbr0
<default primary IP address> — the default value is eth0
<MAC address> — the MAC-address of the primary interface.


4. Set up the bridge. Create the /etc/sysconfig/network-scripts/ifcfg-vmbr0 file

touch /etc/sysconfig/network-scripts/ifcfg-vmbr0
cat > /etc/sysconfig/network-scripts/ifcfg-vmbr0 << EOF
DEVICE=vmbr0
TYPE="Bridge"
BOOTPROTO=static
IPADDR=<IP-address>
NETMASK=<network mask>
ONBOOT=yes
DELAY=0
<IP address> — the IP address for the server from the subnet.
<network mask> — the network mask.

5. Enable forwarding. To do so, add the following line into /etc/sysctl.conf:

net.ipv4.ip_forward = 1

6. Restart network:

service network restart

The IP address added to the bridge will be used as the gateway for virtual machines.

Using separate IP addresses

1. Add the Option BuildBridgesManually option into the /usr/local/mgr5/etc/vmmgr.conf configuration file to configure the panel manually. More information can be found under VMmanager configuration file and Networks.

2. Restart VMmanager

/usr/local/mgr5/sbin/mgrctl -m vmmgr exit

3. Configure the network interface.

Edit the /etc/sysconfig/network-scripts/ifcfg-<primary IP address of the server> file:

DEVICE=<primary IP address of the server>
BOOTPROTO=static
HWADDR=<MAC address>
ONBOOT=yes
BRIDGE=vmbr0
<default primary IP address> — the default value is eth0.
<MAC address> — the MAC-address of the primary interface.


4. Configure the network:

touch /etc/sysconfig/network-scripts/ifcfg-vmbr0
cat > /etc/sysconfig/network-scripts/ifcfg-vmbr0 << EOF
DEVICE=vmbr0
TYPE="Bridge"
BOOTPROTO=static
IPADDR=<primary IP address of the server>
NETMASK=255.255.255.255
SCOPE="peer <the gateway allocated by Hetzner for the primary IP>"
ONBOOT=yes
DELAY=0

5. Rename the /etc/sysconfig/network-scripts/route-eth0 file into /etc/sysconfig/network-scripts/route-vmbr0:

mv /etc/sysconfig/network-scripts/route-eth0 /etc/sysconfig/network-scripts/route-vmbr0

6. Restart network:

service network restart

When you add the server enter the gateway address given by the IP address provider, as the cluster node. The primary IP address of the server will be used as the gateway of the virtual machine. When you create a virtual machine, specify the MAC-address allocated by Hetzеner for the IP address.