On Wed, Oct 10, 2012 at 7:25 PM, Ruben S. Montero <[email protected]>wrote:
> > Let's assume a standard configuration with 2 networks: public and > internal. > > - Is possibile to configure multiple filtering types on the same cloud > > and on the same virtual instance? > > (ebtable for public, vlan/openvswitch for the internal) > > Virtual Network drivers are defined per host and not per network (in > fact some of the technologies do not play together quite well, e.g. > iptables and ovswitch, when used in the same host) > > You can however define different clusters with different network > technology for the hosts, and then associated viertual networks to > each cluster (public network to cluster public) Note that VMs will not > be able to use both networks at the same time. > Or you can use ovswitch and set the iptables rules using pre/clean/post scripts. I use this approach to load firewall rules based on the role the VM has in the network. It works. I unload the rules when the VM stops. The role is setup be subdomain in some cases and by a CONTEXT variables in others. Each role translates to a chain in iptables. To keep the chains number to a minimum I insert a rule in the INPUT chain to direct traffic to VM IP to the `ROLE` chain. The iptables are written in a file `role`.iptables and pre script add them. If you want to use this approach don't forget to properly set up sudo rules. clean script deletes them at VM shutdown. I also use the above approach to sep up ebtables rules. > > In your specific case, I think you can simply not set the VLAN > attribute in the public network template this will bypass the vlan > processing in 802.1Q and ovswith drivers > > > > > I'm asking this because I would like to avoid a public vlan for each > > customers on the public side (this will need a router reconfiguration > > every time, to add the proper gateway on the same broadcast domain of > > customer in each vlan) > > > > - Is possibile, for a customer, to create a sort of PVLAN where a part > > of its internal network will be isolated from other virtual machines > > (same customer and same vlan). For example, let's assume that > > customer1 has 5 VPS: vps1, vps2...vps5. > > VPS1 should communicate only with VPS4 in a sort of custom vlan. I > > have a VLAN, on private side, for each customers and I would like to > > give customers the capability to create some communication groups. > > I'd recommend to take a look to the virtual appliance router, simply > add a virtual with a NIC in both networks > > http://opennebula.org/documentation:rel3.8:router > > > > > > - Accounting: on which frequency accounting data are saved on DB? This > > is much important for us, as we will use this to invoice customers. > > Will be possibile to touch the real number of seconds that an instance > > was ON and the real number of seconds that an instance was paused but > > with data still present on the node (no cpu/ram utilization but only > > disk utilization) > > _______________________________________________ > > Users mailing list > > [email protected] > > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > > > > -- > Ruben S. Montero, PhD > Project co-Lead and Chief Architect > OpenNebula - The Open Source Solution for Data Center Virtualization > www.OpenNebula.org | [email protected] | @OpenNebula > _______________________________________________ > Users mailing list > [email protected] > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org >
_______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
