Hi Guys

I think I have sorted it out. It turns out that my KVM hosts and CloudManagement host private backlink connections were fully isolated from public network. So I had to configure firewalld gateway forwarding from my private NIC to the public NIC and set a gateway for my private 192.168.50.0/24 subnet since there no gateway existed. I followed this guide:

- https://blog.redbranch.net/2015/07/30/centos-7-as-nat-gateway-for-private-network/

I managed to re-create zone and now my SSVM and console VMs agents are running and their health check is working well. However, I have no idea what repercussions this has and would like to know if I can keep the configuration so?

On 11/18/22 16:22, Granwille Strauss wrote:

Hi Wei

Thanks, but that GRE config would only affect my guests. In this case, my storage (SSVM & Console), which is set as VLAN isolation during zone config are the ones in question. Their agents do not want to connect because they cannot reach DNS servers for some reason.

On 11/18/22 16:17, Wei ZHOU wrote:
I do not think GRE isolation works with native linux bridge in cloudstack. GRE works with openvswitch as far as I know.

You can try vlan or vxlan, both should work.

-Wei


On Friday, 18 November 2022, Granwille Strauss <granwi...@namhost.com> wrote:

    Hi Wei

    Thank you for getting back to me, yes I have. When creating the
    zone, for the physical interfaces I added two so:

    - eno1: Guest & Public - using cloudbr1 for traffic label with
    GRE Isolation
    - eno2: Management & Storage - using cloudbr0 for traffic label
    with VLAN Isolation

    On 11/18/22 13:38, Wei ZHOU wrote:
    Have you set the "kvm network label" when you created the zone ?

    -Wei

    On Friday, 18 November 2022, Granwille Strauss
    <granwi...@namhost.com.invalid>  <mailto:granwi...@namhost.com.invalid>  
wrote:

    Hi Guys

    My head is a bit stuck here and the documentation does not seem to help
    much in this regard and hoping I can get some insight on this. My KVM host
    has two NICs, one for public traffic and one for private traffic (via
    private VLAN & backlink connection).

    I currently have the following setup:

    eno1 (public interface):

    TYPE=Ethernet
    BOOTPROTO=none
    DEVICE=eno1
    HWADDR=00:04:xx:xx:xx:xx
    ONBOOT=yes
    BRIDGE=cloudbr1
    HOTPLUG=no

    cloudbr1:

    TYPE=Bridge
    BOOTPROTO=none
    IPADDR=PUBLIC SERVER IP
    NETMASK=255.255.255.248
    GATEWAY=PUBLIC IP GATEWAY
    DEVICE=cloudbr1
    ONBOOT=yes
    IPV6INIT=no
    IPV6_AUTOCONF=no
    DELAY=5
    STP=yes


    -------------------------


    eno2 (private interface):

    TYPE=Ethernet
    BOOTPROTO=none
    DEVICE=eno2
    HWADDR=00:05:xx:xx:xx:xx
    ONBOOT=yes
    BRIDGE=cloudbr0
    HOTPLUG=no

    cloudbr0:

    TYPE=Bridge
    BOOTPROTO=none
    IPADDR=192.168.50.3
    NETMASK=255.255.255.0
    DEVICE=cloudbr0
    ONBOOT=yes
    IPV6INIT=no
    IPV6_AUTOCONF=no
    DELAY=5
    STP=yes

    I can successfully ping all other kvm host and management host on private
    192.168.50.0/24  <http://192.168.50.0/24>  network and public network. But 
when creating my zone in
    CS, my SSVM agent does not connect, this is because the SSVM cannot ping
    the DNS server (1.1.1.1) meaning it cannot ping the public
    network(internet) at all. This suggests that my network config is wrong.

    Looking at the documentation, it suggests I need to set cloudbr1 without
    an IP address, in my case this would be my public bridge interface, which
    will most likely make my server unreachable if I reboot. But if I "switch"
    it around, I assume it would be meant for cloudbr0, in my case. But then I
    cannot ping my other hosts on the private subnet if I do so. This is why I
    am a bit confused and would like some clarity on what the correct set up
    would be with my two NIC setup, please?
    --
    Regards / Groete

    <https://www.namhost.com>  <https://www.namhost.com>  Granwille Strauss  // 
 Senior Systems Admin

    *e:*granwi...@namhost.com
    *m:* +264 81 323 1260 <+264813231260>
    *w:*www.namhost.com  <http://www.namhost.com>

    <https://www.facebook.com/namhost>  <https://www.facebook.com/namhost>  
<https://twitter.com/namhost>  <https://twitter.com/namhost>
    <https://www.instagram.com/namhostinternetservices/>  
<https://www.instagram.com/namhostinternetservices/>
    <https://www.linkedin.com/company/namhos>  
<https://www.linkedin.com/company/namhos>
    <https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA>  
<https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA>


    
<https://www.adsigner.com/v1/l/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/banner>
  
<https://www.adsigner.com/v1/l/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/banner>

    Namhost Internet Services (Pty) Ltd,

    24 Black Eagle Rd, Hermanus  
<https://www.google.com/maps/search/24+Black+Eagle+Rd,+Hermanus?entry=gmail&source=g>  
<https://www.google.com/maps/search/24+Black+Eagle+Rd,+Hermanus?entry=gmail&source=g>  
<https://www.google.com/maps/search/24+Black+Eagle+Rd,+Hermanus?entry=gmail&source=g>, 7210, RSA



    The content of this message is confidential. If you have received it by
    mistake, please inform us by email reply and then delete the message. It is
    forbidden to copy, forward, or in any way reveal the contents of this
    message to anyone without our explicit consent. The integrity and security
    of this email cannot be guaranteed over the Internet. Therefore, the sender
    will not be held liable for any damage caused by the message. For our full
    privacy policy and disclaimers, please go tohttps://www.namhost.com/
    privacy-policy

    [image: Powered by AdSigner]
    <https://www.adsigner.com/v1/c/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818> 
 <https://www.adsigner.com/v1/c/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818>

-- Regards / Groete

    <https://www.namhost.com>     Granwille Strauss  // Senior Systems Admin

    *e:* granwi...@namhost.com
    *m:* +264 81 323 1260 <tel:+264813231260>
    *w:* www.namhost.com <https://www.namhost.com/>

    
<https://www.facebook.com/namhost><https://twitter.com/namhost><https://www.instagram.com/namhostinternetservices/><https://www.linkedin.com/company/namhos><https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA>

    
<https://www.adsigner.com/v1/l/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/banner>

    Namhost Internet Services (Pty) Ltd,

    24 Black Eagle Rd, Hermanus  
<https://www.google.com/maps/search/24+Black+Eagle+Rd,+Hermanus?entry=gmail&source=g>,
 7210, RSA



    The content of this message is confidential. If you have received
    it by mistake, please inform us by email reply and then delete
    the message. It is forbidden to copy, forward, or in any way
    reveal the contents of this message to anyone without our
    explicit consent. The integrity and security of this email cannot
    be guaranteed over the Internet. Therefore, the sender will not
    be held liable for any damage caused by the message. For our full
    privacy policy and disclaimers, please go to
    https://www.namhost.com/privacy-policy
    <https://www.namhost.com/privacy-policy>

    Powered by AdSigner
    
<https://www.adsigner.com/v1/c/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818>

--
Regards / Groete

<https://www.namhost.com>         Granwille Strauss  // Senior Systems Admin

*e:* granwi...@namhost.com
*m:* +264 81 323 1260 <tel:+264813231260>
*w:* www.namhost.com <https://www.namhost.com/>

<https://www.facebook.com/namhost><https://twitter.com/namhost><https://www.instagram.com/namhostinternetservices/><https://www.linkedin.com/company/namhos><https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA>

<https://www.adsigner.com/v1/l/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/banner>

Namhost Internet Services (Pty) Ltd,
24 Black Eagle Rd, Hermanus, 7210, RSA


The content of this message is confidential. If you have received it by mistake, please inform us by email reply and then delete the message. It is forbidden to copy, forward, or in any way reveal the contents of this message to anyone without our explicit consent. The integrity and security of this email cannot be guaranteed over the Internet. Therefore, the sender will not be held liable for any damage caused by the message. For our full privacy policy and disclaimers, please go to https://www.namhost.com/privacy-policy

Powered by AdSigner <https://www.adsigner.com/v1/c/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818>
--
Regards / Groete

<https://www.namhost.com>         Granwille Strauss  // Senior Systems Admin

*e:* granwi...@namhost.com
*m:* +264 81 323 1260 <tel:+264813231260>
*w:* www.namhost.com <https://www.namhost.com/>

<https://www.facebook.com/namhost><https://twitter.com/namhost><https://www.instagram.com/namhostinternetservices/><https://www.linkedin.com/company/namhos><https://www.youtube.com/channel/UCTd5v-kVPaic_dguGur15AA>

<https://www.adsigner.com/v1/l/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818/banner>

Namhost Internet Services (Pty) Ltd,

24 Black Eagle Rd, Hermanus, 7210, RSA



The content of this message is confidential. If you have received it by mistake, please inform us by email reply and then delete the message. It is forbidden to copy, forward, or in any way reveal the contents of this message to anyone without our explicit consent. The integrity and security of this email cannot be guaranteed over the Internet. Therefore, the sender will not be held liable for any damage caused by the message. For our full privacy policy and disclaimers, please go to https://www.namhost.com/privacy-policy

Powered by AdSigner <https://www.adsigner.com/v1/c/631091998d4670001fe43ec2/621c9b76c140bb001ed0f818>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to