Hi GuysI think I have sorted it out. It turns out that my KVM hosts and CloudManagement host private backlink connections were fully isolated from public network. So I had to configure firewalld gateway forwarding from my private NIC to the public NIC and set a gateway for my private 192.168.50.0/24 subnet since there no gateway existed. I followed this guide:
- https://blog.redbranch.net/2015/07/30/centos-7-as-nat-gateway-for-private-network/
I managed to re-create zone and now my SSVM and console VMs agents are running and their health check is working well. However, I have no idea what repercussions this has and would like to know if I can keep the configuration so?
On 11/18/22 16:22, Granwille Strauss wrote:
Hi WeiThanks, but that GRE config would only affect my guests. In this case, my storage (SSVM & Console), which is set as VLAN isolation during zone config are the ones in question. Their agents do not want to connect because they cannot reach DNS servers for some reason.On 11/18/22 16:17, Wei ZHOU wrote:I do not think GRE isolation works with native linux bridge in cloudstack. GRE works with openvswitch as far as I know.You can try vlan or vxlan, both should work. -WeiOn Friday, 18 November 2022, Granwille Strauss <granwi...@namhost.com> wrote:Hi Wei Thank you for getting back to me, yes I have. When creating the zone, for the physical interfaces I added two so: - eno1: Guest & Public - using cloudbr1 for traffic label with GRE Isolation - eno2: Management & Storage - using cloudbr0 for traffic label with VLAN Isolation On 11/18/22 13:38, Wei ZHOU wrote:-- Regards / GroeteHave you set the "kvm network label" when you created the zone ? -Wei On Friday, 18 November 2022, Granwille Strauss <granwi...@namhost.com.invalid> <mailto:granwi...@namhost.com.invalid> wrote:Hi Guys My head is a bit stuck here and the documentation does not seem to help much in this regard and hoping I can get some insight on this. My KVM host has two NICs, one for public traffic and one for private traffic (via private VLAN & backlink connection). I currently have the following setup: eno1 (public interface): TYPE=Ethernet BOOTPROTO=none DEVICE=eno1 HWADDR=00:04:xx:xx:xx:xx ONBOOT=yes BRIDGE=cloudbr1 HOTPLUG=no cloudbr1: TYPE=Bridge BOOTPROTO=none IPADDR=PUBLIC SERVER IP NETMASK=255.255.255.248 GATEWAY=PUBLIC IP GATEWAY DEVICE=cloudbr1 ONBOOT=yes IPV6INIT=no IPV6_AUTOCONF=no DELAY=5 STP=yes ------------------------- eno2 (private interface): TYPE=Ethernet BOOTPROTO=none DEVICE=eno2 HWADDR=00:05:xx:xx:xx:xx ONBOOT=yes BRIDGE=cloudbr0 HOTPLUG=no cloudbr0: TYPE=Bridge BOOTPROTO=none IPADDR=192.168.50.3 NETMASK=255.255.255.0 DEVICE=cloudbr0 ONBOOT=yes IPV6INIT=no IPV6_AUTOCONF=no DELAY=5 STP=yes I can successfully ping all other kvm host and management host on private 192.168.50.0/24 <http://192.168.50.0/24> network and public network. But when creating my zone in CS, my SSVM agent does not connect, this is because the SSVM cannot ping the DNS server (1.1.1.1) meaning it cannot ping the public network(internet) at all. This suggests that my network config is wrong. Looking at the documentation, it suggests I need to set cloudbr1 without an IP address, in my case this would be my public bridge interface, which will most likely make my server unreachable if I reboot. But if I "switch" it around, I assume it would be meant for cloudbr0, in my case. But then I cannot ping my other hosts on the private subnet if I do so. This is why I am a bit confused and would like some clarity on what the correct set up would be with my two NIC setup, please? -- Regards / Groete <https://www.namhost.com> <https://www.namhost.com> Granwille Strauss // Senior Systems Admin *e:*granwi...@namhost.com *m:* +264 81 323 1260 <+264813231260> *w:*www.namhost.com <http://www.namhost.com> <https://www.facebook.com/namhost> <https://www.facebook.com/namhost> <https://twitter.com/namhost> <https://twitter.com/namhost> <https://www.instagram.com/namhostinternetservices/> <https://www.instagram.com/namhostinternetservices/> <https://www.linkedin.com/company/namhos> <https://www.linkedin.com/company/namhos> <https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA> <https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA> <https://www.adsigner.com/v1/l/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/banner> <https://www.adsigner.com/v1/l/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/banner> Namhost Internet Services (Pty) Ltd, 24 Black Eagle Rd, Hermanus <https://www.google.com/maps/search/24+Black+Eagle+Rd,+Hermanus?entry=gmail&source=g> <https://www.google.com/maps/search/24+Black+Eagle+Rd,+Hermanus?entry=gmail&source=g> <https://www.google.com/maps/search/24+Black+Eagle+Rd,+Hermanus?entry=gmail&source=g>, 7210, RSA The content of this message is confidential. If you have received it by mistake, please inform us by email reply and then delete the message. It is forbidden to copy, forward, or in any way reveal the contents of this message to anyone without our explicit consent. The integrity and security of this email cannot be guaranteed over the Internet. Therefore, the sender will not be held liable for any damage caused by the message. For our full privacy policy and disclaimers, please go tohttps://www.namhost.com/ privacy-policy [image: Powered by AdSigner] <https://www.adsigner.com/v1/c/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818> <https://www.adsigner.com/v1/c/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818><https://www.namhost.com> Granwille Strauss // Senior Systems Admin *e:* granwi...@namhost.com *m:* +264 81 323 1260 <tel:+264813231260> *w:* www.namhost.com <https://www.namhost.com/> <https://www.facebook.com/namhost><https://twitter.com/namhost><https://www.instagram.com/namhostinternetservices/><https://www.linkedin.com/company/namhos><https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA> <https://www.adsigner.com/v1/l/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/banner> Namhost Internet Services (Pty) Ltd, 24 Black Eagle Rd, Hermanus <https://www.google.com/maps/search/24+Black+Eagle+Rd,+Hermanus?entry=gmail&source=g>, 7210, RSA The content of this message is confidential. If you have received it by mistake, please inform us by email reply and then delete the message. It is forbidden to copy, forward, or in any way reveal the contents of this message to anyone without our explicit consent. The integrity and security of this email cannot be guaranteed over the Internet. Therefore, the sender will not be held liable for any damage caused by the message. For our full privacy policy and disclaimers, please go to https://www.namhost.com/privacy-policy <https://www.namhost.com/privacy-policy> Powered by AdSigner <https://www.adsigner.com/v1/c/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818>-- Regards / Groete <https://www.namhost.com> Granwille Strauss // Senior Systems Admin *e:* granwi...@namhost.com *m:* +264 81 323 1260 <tel:+264813231260> *w:* www.namhost.com <https://www.namhost.com/> <https://www.facebook.com/namhost><https://twitter.com/namhost><https://www.instagram.com/namhostinternetservices/><https://www.linkedin.com/company/namhos><https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA> <https://www.adsigner.com/v1/l/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/banner> Namhost Internet Services (Pty) Ltd, 24 Black Eagle Rd, Hermanus, 7210, RSAThe content of this message is confidential. If you have received it by mistake, please inform us by email reply and then delete the message. It is forbidden to copy, forward, or in any way reveal the contents of this message to anyone without our explicit consent. The integrity and security of this email cannot be guaranteed over the Internet. Therefore, the sender will not be held liable for any damage caused by the message. For our full privacy policy and disclaimers, please go to https://www.namhost.com/privacy-policyPowered by AdSigner <https://www.adsigner.com/v1/c/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818>
-- Regards / Groete <https://www.namhost.com> Granwille Strauss // Senior Systems Admin *e:* granwi...@namhost.com *m:* +264 81 323 1260 <tel:+264813231260> *w:* www.namhost.com <https://www.namhost.com/> <https://www.facebook.com/namhost><https://twitter.com/namhost><https://www.instagram.com/namhostinternetservices/><https://www.linkedin.com/company/namhos><https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA> <https://www.adsigner.com/v1/l/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/banner> Namhost Internet Services (Pty) Ltd, 24 Black Eagle Rd, Hermanus, 7210, RSAThe content of this message is confidential. If you have received it by mistake, please inform us by email reply and then delete the message. It is forbidden to copy, forward, or in any way reveal the contents of this message to anyone without our explicit consent. The integrity and security of this email cannot be guaranteed over the Internet. Therefore, the sender will not be held liable for any damage caused by the message. For our full privacy policy and disclaimers, please go to https://www.namhost.com/privacy-policy
Powered by AdSigner <https://www.adsigner.com/v1/c/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818>
smime.p7s
Description: S/MIME Cryptographic Signature