This is an interesting issue, and I'm wondering if any other providers might have gone through a similar problem. This system is currently inaccessible, so I can't really take advice and run tests right now, but I'd like to see if sharing this generates some ideas.
So we get a new server set up, rented IP range and connected to our provider's network. The primary IP operates fine, the node is fully accessible from the internet. So I install OpenVZ, set all of the configuration correctly (knowing the configuration is correct, I still compared to a working system that is almost identical and connected to identical network equipment), create OpenVZ container, container has no internet. Also cannot ping container from the outside.
Now, I know exactly what you're thinking. I messed up a setting in sysctl.conf or vz.conf. Unfortunately, not so. IP forwarding is enabled, verified as enabled. Neighbor_devs is set to all. Tried setting neighbor_devs to detect. Tried enabling arp proxy.
The only way I can get an IP beyond the primary one to work on this system is to manually initiate an arp request OR to have the provider remove the subnet from the vlan and then add it back. Of course, only a matter of time before the arp entry expires.
According to my provider, and from everything he has shown me (been quite open about it), there is 0 difference between two nearly identical servers and their setup. Yet, on server1, I can do "ifconfig eth0:0 whateveriphere up" and immediately ping it from the outside internet. On server2, if I do the same, I have to manually initiate an arp request or it will never be pingable.
Both systems running CentOS 6.3, issue persists with or without OpenVZ kernel.
So at the risk of sounding like I can't run my business, because I know that's how some people will take it here, I'm being humble enough to ask for ideas. My real hope is that I find someone else who has had the same problem.