Hi Eric, Thank you so much for the reply and for such a complete answer! I will start to carefully grasp all the information provided by you. As soon as I will came to a conclusion related to my specific situation, I'll post my findings ...
Thank you, Ioan. On 2019/10/10 18:08:13, Eric Lee Green <eric.lee.gr...@gmail.com> wrote: > On 10/10/19 5:19 AM, Ioan Marginean wrote: > > Hi users, > > > > I installed CS 4.13 on 3 KVM hypervisors. Every host has 2 interfaces, eno1 > > end eno2. I had defined cloudbr0 on eno1 end here goes Management, Public > > and storage traffic. The guest traffic goes on eno2. All seems perfect > > until I started to create instances on a guest isolated network. If the > > instance VM is on the same host as the VR, all is fine and dandy but if the > > VM instance is created on a different host than VR's the outcome for ping > > is Destination Host Unreachable. > > The network service on that instance appears as failed and ifconfig shows > > eth0 with no ipv4 address as it should... > > I suspect that I didn't configure something wrong but I can't figure out > > what is wrong... Googleing and searching on user mailing list didn't helped > > .... Can anyone point me to the right direction? > > > Isolated guest networks by default operate as a VLAN. Your switch will > need to pass tagged VLAN traffic for those ports. If your switch is not > configured properly then VLAN traffic won't pass and you won't be able > to have isolated networks that extend outside of a single host. > > I used advanced networking and VLANs. Here is how my > /etc/sysconfig/network-scripts looks: > > ifcfg-bond0 ifcfg-bond0.102 ifcfg-enp1s0f1 > ifcfg-bond0.100 ifcfg-br100 ifcfg-enp5s0 > ifcfg-bond0.101 ifcfg-enp1s0f0 > > 'bond0' is my bonded network ports, defined as the Physical Network in > my zone, which actually just happens to have a single port right now on > this particular host, enp5s0 (it can be different ports on different > hosts, my hosts aren't completely homogenous, so keeping it as bond0 > means it doesn't matter if it's enp4s0 on some other host). 100 is my > management network, the one used to get everything else up and running, > and is the only one that has a bridge predefined for it, br100. This is > tagged in the KVM traffic label of the details in the management > network. (Which you get to by clicking the 'bond0' in the network). I > then defined 101 as 'public', 102 as 'Guest', and for storage it's 100 > again with KVM traffic label br100. > > In my Dell managed switch, for the 10 gigabit Ethernet ports connected > to the compute and storage hosts, they look like this: > > interface ethernet 1/xg2 > spanning-tree portfast > mtu 9216 > switchport mode general > switchport general pvid 100 > switchport general acceptable-frame-type tagged-only > switchport general allowed vlan add 1000-2000 > switchport general allowed vlan add 100-104,120,192,200 tagged > exit > > And of course for the ports that lead off to other switches in untagged > mode, like this port that hooks to my main infrastructure switch from > whence it is routed to the Internet, they look like this: > > interface ethernet 1/g4 > spanning-tree portfast > switchport access vlan 101 > exit > > Note that by default all managed switches have all ports defined as > access ports for VLAN 1 and will not accept tagged traffic for any other > VLAN. Now, you can define a port as *BOTH* an access port (i.e., > untagged packets get tagged to a VLAN, outgoing traffic on that VLAN > gets untagged and sent out as plain packets) *and* as a tagged port for > other VLANs in most switches, but it's a hinky way of doing things and > subject to many issues. In general, make a port either an access port > (i.e., untagged, on a single VLAN) or a tagged port (multiple VLANs) or > you are asking for a world of trouble. > > >
