On 10/10/19 5:19 AM, Ioan Marginean wrote:
Hi users,
I installed CS 4.13 on 3 KVM hypervisors. Every host has 2 interfaces, eno1 end
eno2. I had defined cloudbr0 on eno1 end here goes Management, Public and
storage traffic. The guest traffic goes on eno2. All seems perfect until I
started to create instances on a guest isolated network. If the instance VM is
on the same host as the VR, all is fine and dandy but if the VM instance is
created on a different host than VR's the outcome for ping is Destination Host
Unreachable.
The network service on that instance appears as failed and ifconfig shows eth0
with no ipv4 address as it should...
I suspect that I didn't configure something wrong but I can't figure out what
is wrong... Googleing and searching on user mailing list didn't helped .... Can
anyone point me to the right direction?
Isolated guest networks by default operate as a VLAN. Your switch will
need to pass tagged VLAN traffic for those ports. If your switch is not
configured properly then VLAN traffic won't pass and you won't be able
to have isolated networks that extend outside of a single host.
I used advanced networking and VLANs. Here is how my
/etc/sysconfig/network-scripts looks:
ifcfg-bond0 ifcfg-bond0.102 ifcfg-enp1s0f1
ifcfg-bond0.100 ifcfg-br100 ifcfg-enp5s0
ifcfg-bond0.101 ifcfg-enp1s0f0
'bond0' is my bonded network ports, defined as the Physical Network in
my zone, which actually just happens to have a single port right now on
this particular host, enp5s0 (it can be different ports on different
hosts, my hosts aren't completely homogenous, so keeping it as bond0
means it doesn't matter if it's enp4s0 on some other host). 100 is my
management network, the one used to get everything else up and running,
and is the only one that has a bridge predefined for it, br100. This is
tagged in the KVM traffic label of the details in the management
network. (Which you get to by clicking the 'bond0' in the network). I
then defined 101 as 'public', 102 as 'Guest', and for storage it's 100
again with KVM traffic label br100.
In my Dell managed switch, for the 10 gigabit Ethernet ports connected
to the compute and storage hosts, they look like this:
interface ethernet 1/xg2
spanning-tree portfast
mtu 9216
switchport mode general
switchport general pvid 100
switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 1000-2000
switchport general allowed vlan add 100-104,120,192,200 tagged
exit
And of course for the ports that lead off to other switches in untagged
mode, like this port that hooks to my main infrastructure switch from
whence it is routed to the Internet, they look like this:
interface ethernet 1/g4
spanning-tree portfast
switchport access vlan 101
exit
Note that by default all managed switches have all ports defined as
access ports for VLAN 1 and will not accept tagged traffic for any other
VLAN. Now, you can define a port as *BOTH* an access port (i.e.,
untagged packets get tagged to a VLAN, outgoing traffic on that VLAN
gets untagged and sent out as plain packets) *and* as a tagged port for
other VLANs in most switches, but it's a hinky way of doing things and
subject to many issues. In general, make a port either an access port
(i.e., untagged, on a single VLAN) or a tagged port (multiple VLANs) or
you are asking for a world of trouble.
