3.4.2. Configuring Network Classes

OpenVZ allows you to track the inbound and outbound network traffic as well as to shape the outgoing traffic for virtual machines and containers. To provide the ability to distinguish between types of traffic, e.g., domestic and international, a concept of network classes is introduced. A network class is a range of IP addresses for which OpenVZ accounts and shapes the traffic.

Classes are specified in the /etc/vz/conf/networks_classes file. The file is in the ASCII format, and all empty lines and lines starting with the # sign are ignored. Other lines have the following format:

<class_id> <IP_address>/<prefix_length>

where <class_id> defines the network class ID, and the <IP_address>/<prefix_length> pair defines the range of IP addresses for this class. There may be several lines for each class.

Classes 0 and 1 have special meanings:

  • Class 0 defines the IP address range for which no accounting is performed. Usually, it corresponds to the hardware node subnet (the node itself and its virtual machines and containers). Setting up class 0 is not required; however, its correct setup improves performance.
  • Class 1 is defined by OpenVZ to match any IP address. It must be always present in the network classes definition file. Therefore, it is suggested not to change the default line in the networks_classes file.

    1 0.0.0.0/0

    If your virtual machines and containers are using IPv6 addresses, you can also add the following line to this file:

    1 ::/0

Other classes should be defined after class 1. They represent exceptions from the "matching-everything" rule of class 1. The example below illustrates a possible configuration of the network classes definition file containing rules for both IPv4 and IPv6 addresses:

# Hardware node networks
0 192.168.0.0/16
0 fe80::/64
# any IP address (all traffic)
1 0.0.0.0/0
1 ::/0
# class 2 - addresses for the "foreign" traffic
2 10.0.0.0/8
2 2001:db88::/64
# inside "foreign" network there
# is a hole belonging to "local" traffic
1 10.10.16.0/24
1 2001:db88:3333::/64

In this example, IPv4 addresses in the range of 192.168.0.0 to 192.168.255.255 and IPv6 addresses in the range of fe80:: to fe80::ffff:ffff:ffff:ffff are treated as class 0 addresses and no accounting is done for the traffic from virtual machines and containers destined to these addresses.

Class 2 matches the following IP addresses:

  • IPv4 addresses from 10.0.0.0 to 10.255.255.255 with the exception of addresses in the sub-range of 10.10.16.0 to 10.10.16.255, which are treated as class 1.
  • IPv6 addresses from 2001:db88:: to 2001:db88::ffff:ffff:ffff:ffff with the exception of addresses in the sub-range of 2001:db88:3333:: to 2001:db88:3333::ffff:ffff:ffff:ffff, which are also treated as class 1.

All other IP addresses (both IPv4 and IPv6) belong to class 1.

To apply changes after editing the /etc/vz/conf/networks_classes file, restart either the virtual machine(s) or/and container(s) for which changes have been made or the hardware node itself if the changes are global.