I'm facing an interesting issue having installed ROS on a VM on a hosted server in France.
The supplier, Online.net (previously named Dedibox) supplies great servers at bargain prices (I'm renting a quad-core xeon with plenty of ram, unmetered gigabit, and hw raid for 50€/month, no rush, it's limited to french customers)
They supply up to 10 extra IPs per phyisical server (not on the same range), that you can push around your different servers within the same account and datacenter, either as a virtual nic (ethX:Y), or better, for a VM, for which they give you a MAC address associated to the IP and server (to prevent spoofing for instance).
Using classic Linux based VMs, it's pretty straightforward despite a slight difference: On the VM, You must use the host servers Gateway as a gateway, your given IP is to be defined as a /32:
For example, on one of my machines:
Host has 88.190.36.xxx/24, GW is 126.96.36.199
On the VM:
A Debian-like /etc/network/interfaces would look like this:
(pardon the dns setting, it's a lame test )
# The loopback network interface auto lo iface lo inet loopback # The primary network interface (private lan within kvm) auto eth0 iface eth0 inet static address 192.168.122.35 netmask 255.255.255.0 auto eth1 iface eth1 inet static # notice it's a /32 address 88.190.210.yyy netmask 255.255.255.255 up route add -host 188.8.131.52 dev eth1 up route add default gw 184.108.40.206 dev eth1 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 220.127.116.11 dns-search zzz.jaxx.org
This works perfectly well, pingable from inside and outside the datacenters networks.
Though I admit using an IP that's not part of the interfaces range is mind twisting, it works on every OS tried until today
I believe transposing this conf to ROS would end up a bit this way:
/ip address add address=192.168.122.2/24 disabled=no interface=ether1 network=192.168.122.0 add address=88.190.210.yyy/32 disabled=no interface=ether2 network=88.190.210.yyy /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=18.104.22.168 scope=30 target-scope=10 add disabled=no distance=1 dst-address=22.214.171.124/32 gateway=ether2 scope=30 target-scope=10
Whatever I try as gateway value for the default route [ 126.96.36.199 | ether2 | 188.8.131.52%ether2 ]. It doesn't work.
It remains unreachable (or reachable with "ether2" but nothing goes through)
Though, a ping to 184.108.40.206 would always work (and I tried ping and arp values for the check method on the default route with no succes, not even a proxy-arp on ether2)
[jaxx@MikroTik] > /ip route print detail Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 0 S dst-address=0.0.0.0/0 gateway=220.127.116.11%ether2 gateway-status=18.104.22.168 unreachable distance=1 scope=30 target-scope=10 1 A S dst-address=22.214.171.124/32 gateway=ether2 gateway-status=ether2 reachable distance=1 scope=30 target-scope=10 2 ADC dst-address=88.190.210.yyy/32 pref-src=88.190.210.yyy gateway=ether2 gateway-status=ether2 reachable distance=0 scope=10 3 ADC dst-address=192.168.122.0/24 pref-src=192.168.122.2 gateway=ether1 gateway-status=ether1 reachable distance=0 scope=10
The only case I got something to work was, if I enlarged the adress from a /32 to a /11, the IP range of the provider (which could though lead to noise traffic), I could then reach and be reached from outside, but curiously not from other servers in the range. But again, /11 "is bad!" anyways.
And, I can sniff some traffic, including incoming ICMP requests when I ping the ROS VM, but the VM won't answer a single thing.
Any issues with /32 IPs on interfaces and sticking routes to it ?
We're a a handful of people already who'd like to get this working, the last resort would be having 1:1 NATs on the host (which works), but losing some functionality, elegance, and might even pick a few issues at the same time. But again, It should work, there's something we don't get (and there are better network engineers than me who've tried)
Mikrotik team : I wouldn't mind lending an access to a linux VM (which shares a LAN access to the ROS VM) to give it look.
Thanks in advance for any tips
FYI: Debian Host, installed Archipel Orchestrator (VMs on qemu-kvm, RouterOS with virtio interfaces, LAN works, and sniffing sees traffic, so I doubt it's the VM system anyways)