ibm-cloud-docs / subnets Goto Github PK

I couldn't find it anywhere so I would like to add it to the documentation but don't know where!
To configure the networks for a new Proxmox (Debain 8) you need to

1- buy a subnet and make its target the ip of the proxmox host
2- configure the Proxmox host networking

• enable traffic forwarding
• reboot
• create a bridge vmbr0 and assign the bond1 (eth1, eth 3) and ip dress of bond1 (carrying the host public ip).
• Reboot
• Add the new subnet routing to the host routing
  3- create a guest container and assign an IP address

Proxmox Host Configuration Details

• enable traffic forwarding
  Run command
  root@px1:~#nano /etc/sysctl.conf

Now make the following changes
Uncomment
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

• Then reboot
• create a bridge vmbr0 and assign the bond1 (eth1, eth 3) and ip dress of bond1 (carrying the host public ip).

Run command
root@px1:~#nano /etc/network/interfaces

Now make the following changes

auto bond1
iface bond1 inet static                 # change static to manual
        bond-slaves eth1 eth3
        bond-miimon 100
        bond-mode 802.3ad
        bond-lacp-rate fast
        bond-downdelay 0
        bond-updelay 0
        bond-xmit_hash_policy 1 
        address  x.x.x.x.x                 # Comment this line
        netmask  xx                          # Comment this line
        Gateway. x.x.x.y                   # Comment this line

auto vmbr0
iface vmbr0 inet manual                       # convert manual to static      
        address  x.x.x.x                              # copy this line from the bond1 to here
        netmask  xx                                    # copy this line from the bond1 to here
        gateway  x.x.x.y                             # copy this line from the bond1 to here
        bridge-ports none                        # replace none with bond1                       
        bridge-stp off
        bridge-fd 0

• Reboot
• Add the new subnet routing to the host routing

up ip route add 192.168.0.0/24 dev vmbr0             # route for the whole subnet
up ip route add 192.168.0.1/32 dev vmbr0        # route for each IP address  note: the mask is /32
up ip route add 192.168.0.2/32 dev vmbr0       # note use the the public its instead.
up ip route add 192.168.0.3/32 dev vmbr0
up ip route add 192.168.0.4/32 dev vmbr0

Continue till the last IP address in the subnet

• Reboot

Now assign any ip to a vm and try pining it from any public.

Hi There - IBM Cloud has depreciated a type of subnet that was very useful for some use cases such as routing a bare-metal traffic to a VMware NSX env. Since unfortunately this feature has been removed, there is a need to offer an alternative and in my discussion with some of sdn folks, they recommended an alternative. Could you please add this work around content to this page:

Depreciated feature:
https://cloud.ibm.com/docs/subnets?topic=subnets-deprecating-static-to-vlan-routed-subnets

Workaround:
Behzad Koohi 1 day ago
without a perimeter FW like juniper…and customer using VPN in their NSX to connect to on-prem, what do you recommend for routing external bare-metal traffic in cloud to NSX layer?

JACK CHERKAS:happyminion: 1 day ago
Either NAT on NSX ESG or using portable private IP added on both Bare Metal and on vNIC of ESG in same subnet, then static routes on Bare Metal, using new vNIC on NSX ESG as gateway for specific subnets (edited)

Behzad Koohi 1 day ago
for portable private subnet in both bare-metal and vNIC on ESG option

Behzad Koohi 1 day ago
I can change the default gateway on on BM to point to vNIC on ESG

JACK CHERKAS:happyminion: 1 day ago
Or add static route for specific subnets you want to be able to route to

Behzad Koohi 1 day ago
right

JACK CHERKAS:happyminion: 1 day ago
If you change default gateway, make sure you add static routes for IBM Cloud Subnets (including Services and SSL VPN, etc…) to BCR

Behzad Koohi 1 day ago
correct. good point.

Behzad Koohi 1 day ago
To get to on-prem , I still have to NAT.

Behzad Koohi 1 day ago
customer wants to use their VXLAN IPs ( 10.17 ) to get to BM

Behzad Koohi 1 day ago
I see two options you described in above as two parts of one solution

JACK CHERKAS:happyminion: 1 day ago
Depends upon if there is IP conflicts between IBM Cloud underlay and customer network

Behzad Koohi 1 day ago
I think you are thinking of adding portable subnet to the tunnel to access from on-prem, Correct?

JACK CHERKAS:happyminion: 1 day ago
Yes you can do

Behzad Koohi 1 day ago
we do have conflict and they are interested to use their VXLAN ips

JACK CHERKAS:happyminion: 1 day ago
So then yes NAT

Behzad Koohi 1 day ago
Got. It. Thanks Jack. As usual, you are very helpful and stay safe.

Thomas Narten 1 day ago
Routed to VLAN addresses. They were always an oddity. And they’ve been deprecated. And I didn’t even notice. Says something. 🙂 Sounds like Jack has outlined the usual ways to get from overlay (and on prem) to BM when NSX is involved.