GitHub user bradh352 edited a comment on the discussion: private gateway attach to physical network issue
Inspecting the database gave me a hint, the traffic type in the database said "Guest" and I didn't have any guest network defined for my 'mgmt' physical network. I'd think it should have errored out if it was needed, so I don't honestly know how it chose what to use. I've pasted the instructions below I created for myself. That said, its still not perfect, if you have a deny rule in your network acls for egress, nothing works. What's even more frustrating is if you temporarily switch it to default_allow it works, then when you switch it back to your ACL, it still works! Restarting the VPC is the only way to know if it will really persist. ## Access to Ceph Network We need to be able to add a private gateway to access the hypervisor network which is also our management network. In order to do that we must add a tag to our management network and then add support for guest traffic types and finally set the traffic label to match our interface name. 1. Under Infrastructure -> Zones -> Select Zone -> Physical Networks, choose the mgmt network. 2. Click the pencil button to update the physical network and add a tag. I just used 'mgmt', not sure the tag matters but it won't let us add multiple guest networks in the zone without them having different tags. 3. Click the `[+]` button to add a traffic type and choose `guest`, set the isolation method to `vlan` 4. Finally click the merge or branch looking button which is really `update traffic labels` then select the Guest network and set the kvm traffic label to the network interface name, in our case `hypervisor` GitHub link: https://github.com/apache/cloudstack/discussions/11795#discussioncomment-14609798 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
