0

I am in the process of configuring a server at the provider Hetzner with several individual IP addresses. On the server should run later several VMs via KVM. For the configuration I have to use pointopoint and proxy ARP must be active (only eth NIC's MAC is allowed).

However, I am a bit confused about the configuration example I found on the provider's site.

There the interface eth0 is configured with the main IP address, gateway and point-to-point. So far OK. Further on the vmbr0 is configured with the same IP as eth0, but the bridge is configured without bridge-ports. The second IP address is added to the bridge via up.

auto eth0
iface eth0 inet static
    address MAIN_IP/32
    gateway GATEWAY_IP
    pointopoint GATEWAY_IP

auto vmbr0
iface vmbr0 inet static
    address MAIN_IP/32
    bridge-ports none
    bridge-stp off
    bridge-fd 0
    up ip route add ADDITIONAL_IP/32 dev vmbr0

What surprises me is that the bridge is configured with the same IP as the eth0 interface.

I would have rather expected a configuration where eth0 is bridged into vmbr0 and everything is configured via vmbr0. So my expectation was something like this:

iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
    address MAIN_IP/32
    gateway GATEWAY_IP
    pointopoint GATEWAY_IP
    bridge-ports eth0
    bridge-stp off
    bridge-fd 0
    up ip route add ADDITIONAL_IP/32 dev vmbr0

The difference is not clear to me at the moment. Also the meaning when the same main IP is configured on both interfaces is not clear to me. I also don't know if there is a meaning for the configuration if later a VM with a public IP is connected to vmbr0, e.g. with routing or with proxy ARP.

I would be very grateful for an explanation and a mention of advantages and disadvantages. Or also a recommendation, how the configuration should be done or what to pay attention to.

Edit:
For systems that function equally but are on the private network (i.e. have private IP addresses) I use the following configuration. In this case, however, I do not need a point-to-point configuration and proxy ARP. And the VMs use IP addresses from the network where the host itself is also.

iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
    address 10.0.0.10/24
    gateway 10.0.0.1
    bridge-ports eth0
    bridge-stp off
    bridge-fd 0
phanaz
  • 295
  • 2
  • 8
  • Does the second configuration (ip address only configured on the bridge) work? – larsks Sep 06 '22 at 12:05
  • I haven't tested either configuration yet for fear of losing access to the machine. Regarding the second configuration, I added a section in the post; I use an equivalent of this within private networks. – phanaz Sep 07 '22 at 17:17
  • 1
    Re: fear of losing access, make non-persistent changes (just use `ip` rather than modifying files) and schedule a reboot ahead of time (`echo reboot | at now +10 minutes`) – larsks Sep 07 '22 at 17:19
  • Doesn't change much but did Hetzner ask you explicitly to configure proxy ARP on eth0? I don't see it (including in their [documentation](https://docs.hetzner.com/robot/dedicated-server/network/net-config-debian-ubuntu/#routed-brouter) or your link), could you give a reference link about it? If they didn't this might explain why they require a single MAC for this fake-bridge-really-router (possibly using static ARP entries for each of your IPs on their router so not requiring proxy ARP). Also note the reference in their documentation about asking additional MAC addresses for standard bridging. – A.B Sep 07 '22 at 17:59

0 Answers0