I do not think GRE isolation works with native linux bridge in cloudstack. GRE works with openvswitch as far as I know.
You can try vlan or vxlan, both should work. -Wei On Friday, 18 November 2022, Granwille Strauss <granwi...@namhost.com> wrote: > Hi Wei > > Thank you for getting back to me, yes I have. When creating the zone, for > the physical interfaces I added two so: > > - eno1: Guest & Public - using cloudbr1 for traffic label with GRE > Isolation > - eno2: Management & Storage - using cloudbr0 for traffic label with VLAN > Isolation > On 11/18/22 13:38, Wei ZHOU wrote: > > Have you set the "kvm network label" when you created the zone ? > > -Wei > > On Friday, 18 November 2022, Granwille Strauss<granwi...@namhost.com.invalid> > <granwi...@namhost.com.invalid> wrote: > > > Hi Guys > > My head is a bit stuck here and the documentation does not seem to help > much in this regard and hoping I can get some insight on this. My KVM host > has two NICs, one for public traffic and one for private traffic (via > private VLAN & backlink connection). > > I currently have the following setup: > > eno1 (public interface): > > TYPE=Ethernet > BOOTPROTO=none > DEVICE=eno1 > HWADDR=00:04:xx:xx:xx:xx > ONBOOT=yes > BRIDGE=cloudbr1 > HOTPLUG=no > > cloudbr1: > > TYPE=Bridge > BOOTPROTO=none > IPADDR=PUBLIC SERVER IP > NETMASK=255.255.255.248 > GATEWAY=PUBLIC IP GATEWAY > DEVICE=cloudbr1 > ONBOOT=yes > IPV6INIT=no > IPV6_AUTOCONF=no > DELAY=5 > STP=yes > > > ------------------------- > > > eno2 (private interface): > > TYPE=Ethernet > BOOTPROTO=none > DEVICE=eno2 > HWADDR=00:05:xx:xx:xx:xx > ONBOOT=yes > BRIDGE=cloudbr0 > HOTPLUG=no > > cloudbr0: > > TYPE=Bridge > BOOTPROTO=none > IPADDR=192.168.50.3 > NETMASK=255.255.255.0 > DEVICE=cloudbr0 > ONBOOT=yes > IPV6INIT=no > IPV6_AUTOCONF=no > DELAY=5 > STP=yes > > I can successfully ping all other kvm host and management host on > private192.168.50.0/24 network and public network. But when creating my zone > in > CS, my SSVM agent does not connect, this is because the SSVM cannot ping > the DNS server (1.1.1.1) meaning it cannot ping the public > network(internet) at all. This suggests that my network config is wrong. > > Looking at the documentation, it suggests I need to set cloudbr1 without > an IP address, in my case this would be my public bridge interface, which > will most likely make my server unreachable if I reboot. But if I "switch" > it around, I assume it would be meant for cloudbr0, in my case. But then I > cannot ping my other hosts on the private subnet if I do so. This is why I > am a bit confused and would like some clarity on what the correct set up > would be with my two NIC setup, please? > -- > Regards / Groete > <https://www.namhost.com> <https://www.namhost.com> Granwille Strauss // > Senior Systems Admin > > *e:* granwi...@namhost.com > *m:* +264 81 323 1260 <+264813231260> > *w:* www.namhost.com > <https://www.facebook.com/namhost> <https://www.facebook.com/namhost> > <https://twitter.com/namhost> > <https://twitter.com/namhost><https://www.instagram.com/namhostinternetservices/> > > <https://www.instagram.com/namhostinternetservices/><https://www.linkedin.com/company/namhos> > > <https://www.linkedin.com/company/namhos><https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA> > <https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA> > > <https://www.adsigner.com/v1/l/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/banner> > > <https://www.adsigner.com/v1/l/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/banner> > > Namhost Internet Services (Pty) Ltd, > 24 Black Eagle Rd, Hermanus > <https://www.google.com/maps/search/24+Black+Eagle+Rd,+Hermanus?entry=gmail&source=g> > > <https://www.google.com/maps/search/24+Black+Eagle+Rd,+Hermanus?entry=gmail&source=g> > > <https://www.google.com/maps/search/24+Black+Eagle+Rd,+Hermanus?entry=gmail&source=g>, > 7210, RSA > > > > The content of this message is confidential. If you have received it by > mistake, please inform us by email reply and then delete the message. It is > forbidden to copy, forward, or in any way reveal the contents of this > message to anyone without our explicit consent. The integrity and security > of this email cannot be guaranteed over the Internet. Therefore, the sender > will not be held liable for any damage caused by the message. For our full > privacy policy and disclaimers, please go to https://www.namhost.com/ > privacy-policy > > [image: Powered by > AdSigner]<https://www.adsigner.com/v1/c/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818> > > <https://www.adsigner.com/v1/c/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818> > > -- > Regards / Groete > > <https://www.namhost.com> Granwille Strauss // Senior Systems Admin > > *e:* granwi...@namhost.com > *m:* +264 81 323 1260 <+264813231260> > *w:* www.namhost.com > > <https://www.facebook.com/namhost> <https://twitter.com/namhost> > <https://www.instagram.com/namhostinternetservices/> > <https://www.linkedin.com/company/namhos> > <https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA> > > > <https://www.adsigner.com/v1/l/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/banner> > > Namhost Internet Services (Pty) Ltd, > > 24 Black Eagle Rd, Hermanus > <https://www.google.com/maps/search/24+Black+Eagle+Rd,+Hermanus?entry=gmail&source=g>, > 7210, RSA > > > > The content of this message is confidential. If you have received it by > mistake, please inform us by email reply and then delete the message. It is > forbidden to copy, forward, or in any way reveal the contents of this > message to anyone without our explicit consent. The integrity and security > of this email cannot be guaranteed over the Internet. Therefore, the sender > will not be held liable for any damage caused by the message. For our full > privacy policy and disclaimers, please go to https://www.namhost.com/ > privacy-policy > > [image: Powered by AdSigner] > <https://www.adsigner.com/v1/c/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818> >
