Thanks Andrija, I have done as you have suggested and moved vm1 on host1 and vm2 on host2 and ping fails between the vms
Unfortunately I am not managing the switch settings so I will ask to look into the trunk ports and whether they are ware of the vlan id. As long as I can rule out the linux nic/bridge setup and Cloudstack config. (which I guess I can't fully, but I know where to look) Thanks Brian -----Original Message----- From: Andrija Panic <andrija.pa...@gmail.com<mailto:andrija%20panic%20%3candrija.pa...@gmail.com%3e>> Reply-To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org> To: users <users@cloudstack.apache.org<mailto:users%20%3cus...@cloudstack.apache.org%3e>> Subject: Re: Isolated guest network vlan between KVM hosts Date: Wed, 28 Apr 2021 14:46:20 +0200 CAUTION ! This email originated outside of the University of Chester. Do not click links or open attachments unless you recognise the sender and know the content is safe. ===== Hi there, to further help your self, make sure you have VM1 on host1, VM2 on host2, both VMs in the same network - and try to ping VM2 from VM1 and the other way around - if that fails - then, as you suggested, you do have Switch configuration issue which doesn't allow traffic to pass from host1 to host2. You need to configure switch ports in TRUNK mode with all VLANs that you added as you the vlan range in ACS to be used by GUEST traffic. Of course, based on your setup, make sure you don't break other traffic (management/storage/public) when you touch your switch ports. Best, On Wed, 28 Apr 2021 at 12:53, Brian Fitzpatrick < <mailto:b.fitzpatr...@chester.ac.uk> b.fitzpatr...@chester.ac.uk > wrote: Hi all, I am new to this list and new to cloudstack, so apologies if this is an obvious problem I am trying to learn CloudStack and have setup a simple advanced networking zone, 1 pod, 1 cluster, 2 hosts connected via the same layer2 cisco switch, 1 nic in each host (Ubuntu, KVM) If I setup a guest isolated lan and add a vm (setting up egress, firewall, port fowarding), the vm can get out onto the public/internet via the virtual router that gets automatically setup for my guest network. However if I move the vm to another host, it's internet stops working. If I then move the virtual router to the same host it starts again. So I guess it's something to do with isolated vlan tagging between hosts via the switch? I am not sure whether it's the switch, whether I am trying to do this via one nic or settings I have missed in cloudstack. my netplan host file(s) contain the same type of config; one on ip .25 one on ip .23 same subnet ethernets: ens4f0np0: dhcp4: false dhcp6: false mtu: 1550 bridges: cloudbr0: interfaces: [ens4f0np0] addresses: - 10.250.0.25/22 gateway4: 10.250.0.1 nameservers: addresses: - 10.58.2.140 - 10.58.2.141 mtu: 1500 parameters: stp: true forward-delay: 4 dhcp4: no dhcp6: no The isolated guest network has vlan id allocated of 603 When I move a vm from one host to another, a vlan interface appears to be created on the new kvm host cloudbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1550 qdisc noqueue state UP group default qlen 1000 link/ether bc:97:e1:be:72:10 brd ff:ff:ff:ff:ff:ff inet 10.250.0.25/22 brd 10.250.3.255 scope global cloudbr0 valid_lft forever preferred_lft forever inet6 fe80::be97:e1ff:febe:7210/64 scope link valid_lft forever preferred_lft forever cloud0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether fe:00:a9:fe:32:cc brd ff:ff:ff:ff:ff:ff inet 169.254.0.1/16 scope global cloud0 valid_lft forever preferred_lft forever inet6 fe80::40c4:4eff:fe5e:dcc0/64 scope link valid_lft forever preferred_lft forever ens4f0np0.603@ens4f0np0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1550 qdisc noqueue master brens4f0np0-603 state UP group default qlen 1000 link/ether bc:97:e1:be:72:10 brd ff:ff:ff:ff:ff:ff inet6 fe80::be97:e1ff:febe:7210/64 scope link valid_lft forever preferred_lft forever brens4f0np0-603: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1550 qdisc noqueue state UP group default qlen 1000 link/ether bc:97:e1:be:72:10 brd ff:ff:ff:ff:ff:ff inet6 fe80::e0d0:90ff:fe6a:71a7/64 scope link valid_lft forever preferred_lft forever As I say the public/internet stops working Not sure whether it's a switch port config, Linux nic config, or something in Cloudstack Very grateful of any pointers as to where to start looking to resolve this issue Thanks Brian Brian Fitzpatrick -- Andrija Panić
