Hi Eric, Thank you. You were right! After we re-configure our switches to allow VLANs traffic, the problem is gone and everything works like a charm...
All the best and thank you again! On 2019/10/11 10:02:36, Ioan Marginean <ionica.margin...@gmail.com> wrote: > Hi Eric, > > Thank you so much for the reply and for such a complete answer! I will start > to carefully grasp all the information provided by you. As soon as I will > came to a conclusion related to my specific situation, I'll post my findings > ... > > Thank you, Ioan. > > On 2019/10/10 18:08:13, Eric Lee Green <eric.lee.gr...@gmail.com> wrote: > > On 10/10/19 5:19 AM, Ioan Marginean wrote: > > > Hi users, > > > > > > I installed CS 4.13 on 3 KVM hypervisors. Every host has 2 interfaces, > > > eno1 end eno2. I had defined cloudbr0 on eno1 end here goes Management, > > > Public and storage traffic. The guest traffic goes on eno2. All seems > > > perfect until I started to create instances on a guest isolated network. > > > If the instance VM is on the same host as the VR, all is fine and dandy > > > but if the VM instance is created on a different host than VR's the > > > outcome for ping is Destination Host Unreachable. > > > The network service on that instance appears as failed and ifconfig shows > > > eth0 with no ipv4 address as it should... > > > I suspect that I didn't configure something wrong but I can't figure out > > > what is wrong... Googleing and searching on user mailing list didn't > > > helped .... Can anyone point me to the right direction? > > > > > > Isolated guest networks by default operate as a VLAN. Your switch will > > need to pass tagged VLAN traffic for those ports. If your switch is not > > configured properly then VLAN traffic won't pass and you won't be able > > to have isolated networks that extend outside of a single host. > > > > I used advanced networking and VLANs. Here is how my > > /etc/sysconfig/network-scripts looks: > > > > ifcfg-bond0 ifcfg-bond0.102 ifcfg-enp1s0f1 > > ifcfg-bond0.100 ifcfg-br100 ifcfg-enp5s0 > > ifcfg-bond0.101 ifcfg-enp1s0f0 > > > > 'bond0' is my bonded network ports, defined as the Physical Network in > > my zone, which actually just happens to have a single port right now on > > this particular host, enp5s0 (it can be different ports on different > > hosts, my hosts aren't completely homogenous, so keeping it as bond0 > > means it doesn't matter if it's enp4s0 on some other host). 100 is my > > management network, the one used to get everything else up and running, > > and is the only one that has a bridge predefined for it, br100. This is > > tagged in the KVM traffic label of the details in the management > > network. (Which you get to by clicking the 'bond0' in the network). I > > then defined 101 as 'public', 102 as 'Guest', and for storage it's 100 > > again with KVM traffic label br100. > > > > In my Dell managed switch, for the 10 gigabit Ethernet ports connected > > to the compute and storage hosts, they look like this: > > > > interface ethernet 1/xg2 > > spanning-tree portfast > > mtu 9216 > > switchport mode general > > switchport general pvid 100 > > switchport general acceptable-frame-type tagged-only > > switchport general allowed vlan add 1000-2000 > > switchport general allowed vlan add 100-104,120,192,200 tagged > > exit > > > > And of course for the ports that lead off to other switches in untagged > > mode, like this port that hooks to my main infrastructure switch from > > whence it is routed to the Internet, they look like this: > > > > interface ethernet 1/g4 > > spanning-tree portfast > > switchport access vlan 101 > > exit > > > > Note that by default all managed switches have all ports defined as > > access ports for VLAN 1 and will not accept tagged traffic for any other > > VLAN. Now, you can define a port as *BOTH* an access port (i.e., > > untagged packets get tagged to a VLAN, outgoing traffic on that VLAN > > gets untagged and sent out as plain packets) *and* as a tagged port for > > other VLANs in most switches, but it's a hinky way of doing things and > > subject to many issues. In general, make a port either an access port > > (i.e., untagged, on a single VLAN) or a tagged port (multiple VLANs) or > > you are asking for a world of trouble. > > > > > > >
