I'm facing an interesting issue having installed ROS on a VM on a hosted server in France.
The supplier, Online.net (previously named Dedibox) supplies great servers at bargain prices (I'm renting a quad-core xeon with plenty of ram, unmetered gigabit, and hw raid for 50€/month, no rush, it's limited to french customers)
They supply up to 10 extra IPs per phyisical server (not on the same range), that you can push around your different servers within the same account and datacenter, either as a virtual nic (ethX:Y), or better, for a VM, for which they give you a MAC address associated to the IP and server (to prevent spoofing for instance).
Using classic Linux based VMs, it's pretty straightforward despite a slight difference: On the VM, You must use the host servers Gateway as a gateway, your given IP is to be defined as a /32:
For example, on one of my machines:
Host has 88.190.36.xxx/24, GW is 88.190.36.1
On the VM:
A Debian-like /etc/network/interfaces would look like this:
Code: Select all
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface (private lan within kvm)
auto eth0
iface eth0 inet static
address 192.168.122.35
netmask 255.255.255.0
auto eth1
iface eth1 inet static
# notice it's a /32
address 88.190.210.yyy
netmask 255.255.255.255
up route add -host 88.190.36.1 dev eth1
up route add default gw 88.190.36.1 dev eth1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 8.8.8.8
dns-search zzz.jaxx.org
This works perfectly well, pingable from inside and outside the datacenters networks.
Though I admit using an IP that's not part of the interfaces range is mind twisting, it works on every OS tried until today
I believe transposing this conf to ROS would end up a bit this way:
Code: Select all
/ip address
add address=192.168.122.2/24 disabled=no interface=ether1 network=192.168.122.0
add address=88.190.210.yyy/32 disabled=no interface=ether2 network=88.190.210.yyy
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=88.190.36.1 scope=30 target-scope=10
add disabled=no distance=1 dst-address=88.190.36.1/32 gateway=ether2 scope=30 target-scope=10
Whatever I try as gateway value for the default route [ 88.190.36.1 | ether2 | 88.190.36.1%ether2 ]. It doesn't work.
It remains unreachable (or reachable with "ether2" but nothing goes through)
Code: Select all
[jaxx@MikroTik] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 S dst-address=0.0.0.0/0 gateway=88.190.36.1%ether2 gateway-status=88.190.36.1 unreachable distance=1 scope=30 target-scope=10
1 A S dst-address=88.190.36.1/32 gateway=ether2 gateway-status=ether2 reachable distance=1 scope=30 target-scope=10
2 ADC dst-address=88.190.210.yyy/32 pref-src=88.190.210.yyy gateway=ether2 gateway-status=ether2 reachable distance=0 scope=10
3 ADC dst-address=192.168.122.0/24 pref-src=192.168.122.2 gateway=ether1 gateway-status=ether1 reachable distance=0 scope=10
The only case I got something to work was, if I enlarged the adress from a /32 to a /11, the IP range of the provider (which could though lead to noise traffic), I could then reach and be reached from outside, but curiously not from other servers in the range. But again, /11 "is bad!" anyways.
And, I can sniff some traffic, including incoming ICMP requests when I ping the ROS VM, but the VM won't answer a single thing.
Any issues with /32 IPs on interfaces and sticking routes to it ?
We're a a handful of people already who'd like to get this working, the last resort would be having 1:1 NATs on the host (which works), but losing some functionality, elegance, and might even pick a few issues at the same time. But again, It should work, there's something we don't get (and there are better network engineers than me who've tried)
Mikrotik team : I wouldn't mind lending an access to a linux VM (which shares a LAN access to the ROS VM) to give it look.
Thanks in advance for any tips
FYI: Debian Host, installed Archipel Orchestrator (VMs on qemu-kvm, RouterOS with virtio interfaces, LAN works, and sniffing sees traffic, so I doubt it's the VM system anyways)