That'd be an interesting approach, I do something similar on my vanilla libvirt installs. This opens up some issues though, that of the HA of dnsmasq for one. It'd still be an interesting idea, though and would very much play ball with the network filtering bits.
Cheers for sharing Wido -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ----- Original Message ----- > From: "Wido den Hollander" <w...@widodh.nl> > To: "Nux!" <n...@li.nux.ro>, dev@cloudstack.apache.org > Sent: Saturday, 13 February, 2016 16:41:58 > Subject: Re: [Discuss] Getting rid of the Virtual Router (associated downtime) >> Op 13 februari 2016 om 10:41 schreef Nux! <n...@li.nux.ro>: >> >> >> Hello, >> >> I saw it mentioned somewhere around here in the recent past, but don't recall >> details. >> >> Has anybody had any interesting ideas? I for one absolutely dread relying on >> the VR, and not because of the VR itself, but for the downtime involved with >> upgrading it. >> >> At work we've been running a SG zone and it's been rock solid with 100% >> uptime, but the lack of features (multiple network support mainly) is >> becoming >> more and more pressing. >> >> Is moving VR functionality down to the hypervisor an option for platforms >> that >> support this? (Xen, KVM) >> > > Well, I never thought about it very much, but one thing that came to mind is > moving the DHCP part towards the KVM hypervisor. > > Libvirt supports networks for example: http://libvirt.org/formatnetwork.html > > It also allows for DHCP reservations. Under water libvirt will simply spawn > dnsmasq to perform the DHCP. > > This combines nicely with the network filtering being performed by libvirt: > https://issues.apache.org/jira/browse/CLOUDSTACK-1164 > > So in short: > - Use libvirt for the DHCP on the hypervisor > - Also use libvirt for the security grouping > > Wido > > >> Lucian >> >> >> >> -- >> Sent from the Delta quadrant using Borg technology! >> >> Nux! > > www.nux.ro
