Hi Fazli,
On Thu, Oct 3, 2013 at 12:22 PM, M Fazli A Jalaluddin
<[email protected] <mailto:[email protected]>> wrote:
Hi Valentin,
Your assumption is correct.
My method is to use OpenNebula Virtual Router by refer to this
page [1] and Openvswitch.
I have installed Openvswitch in the host and I was able to deploy
VM in isolated network.
I try to deploy the VirtualRouter in a virtual network.
In two virtual networks in fact, in the PUBNET which should be the
192.168 network from br0 on the
nodes and frontend and PRIVNET in the Open vSwitch network.
My problem is, I cannot ping it and cannot SSH into it.
You should be able to connect to PUBNET's virtual IP Address from
within the 192.168 network.
Or you could add an internal port to Open vSwitch bridge and try to
connect to PRIVNET's virtual
IP Address of the VR.
From the documentation, I understand that the VirtualRouter needs
to be deploy as a VM in a specific virtual network and it will act
as the DHCP for the VMs in the same virtual network.
I also have included the example context in the VirtualRouter
template.
My VirtualRouter template:
NIC=[NETWORK_ID="0"]
NIC=[NETWORK_ID="9",IP="10.0.10.1"]
INPUT=[BUS="usb",TYPE="tablet"]
MEMORY="512"
OS=[ARCH="x86_64",BOOT="hd"]
GRAPHICS=[LISTEN="0.0.0.0",TYPE="SPICE"]
DISK=[IMAGE_ID="24"]
CPU="0.5"
CONTEXT=[TARGET="hdb",NETWORK="YES",FORWARDING="8080:10.0.10.2:80
<http://10.0.10.2:80> 10.0.10.2:22
<http://10.0.10.2:22>",DHCP="YES",PRIVNET="$NETWORK[TEMPLATE,
NETWORK=\"ovs .10\"]",TEMPLATE="TEMPLATE",SSH_PUBLIC_KEY="ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCk+MN96iAn4uXRieJqyJG7WY32zW0LTXJBdISdjDLlp8QgFrxOdi9Aw2+eu+QSbVHwBsqOTimpOuzknisOhD4RPCTCT7G2/xaEUxWg0AB3ySrMZC3Dv5AgBy0CikFk50/CbwBtMjj2pRINm0axfP+cUT/VBhJRAiwVe2wsIOL/t2PGOy0O8Q2zjG1XfCVZPCYPOxj9Jk0y8DoMHp0ILA6gM7hGN4CKAQiXnbjv8WD9uFpRr7eruXQUdMuPn2wnyDMcCnzUEMtPUoPIy6gyAer3biRyEQkAXNJ+R1WXvX6Ah848MTyoICoA7KKIm9e3xe/SXMJxxOPHZLWSJSIRmhcd
hpc1@hpc-workstation1",PUBNET="$NETWORK[TEMPLATE,
NETWORK=\"Virtual Network .113\"]",DNS="8.8.8.8 8.8.4.4"]
This looks good and should work.
May I know how to actually use the VirtualRouter?
[1] http://opennebula.org/documentation:rel4.2:router
Good Will,
On Thu, Oct 3, 2013 at 3:56 PM, Valentin Bud
<[email protected] <mailto:[email protected]>> wrote:
Hello Fazli,
I will make some assumptions about your infrastructure and provide
possible approach(es).
* Your KVM nodes have a single Ethernet interface, eth0,
connected in a
switch and a router used as the default gateway for the
192.168.1/24
network,
* Also the frontend is connected via the same switch with the
rest of
the nodes,
* You have a br0 bridge with eth0 connected to it on each node
and also
the frontend,
* Your frontend is also a node.
If you have access to the router the simplest way would be to
add an IP
Address alias on the router interface as the default gateway
for the new
network.
Configure a new network inside OpenNebula for that using the
chosen
subnet and the same bridge, br0.
I don't know if you have any kind of security policies in
place but be
careful that in this way there is no Layer 2 separation and
traffic
between the two subnets is visible with tcpdump or other sniffers.
The second approach I can think about is to have the frontend
configured
with the first IP Address from the new subnet on br0 and
define a new
network inside OpenNebula like the above.
I don't know if this would work though.The NAT must be done
for 10.100.0/24 over
192.168.1.X (the IP Address of frontend from 192.168.1/24
subnet). What
I don't know is if iptables can MASQUERADE subnets on the same
interface. Never tried it, it might work.
Another approach that come to mind is to use the Virtual
Router and
define a new subnet on the same br0 bridge. The Virtual Router
would
have an interface connected to 192.168.1/24 network and one in the
10.100.0/24 one. Setup it up to have the first IP Address from the
10.100.0/24 network so it is the default gateway.
The same applies, traffic over L2 is not separated in anyway.
One more idea :-) would be to use Open vSwitch and GRE tunnels
between
the nodes. In this way you can use VLANs and transport over
GRE between
nodes. You can also setup IPSec encrypted GRE tunnels if you want
security. It might be overkill but again it depends on your
requirements.
Another working setup I have done is to use tinc VPN [1]
between nodes
in switch mode and connect it to the Open vSwitch from each
host as a
port. This way traffic that travels between nodes is fully
encrypted and
you can use the same L2 network in a secure fashion.
But maybe the best approach would be to have a second network
card,
eth1, in each node. Connect that second card in an Open
vSwitch and use
VLANs with the frontend being the router, or any other node
for that
matter.
[1]: http://www.tinc-vpn.org/
Good Will,
Valentin
On Thu, Oct 03, 2013 at 09:18:41AM +0800, M Fazli A Jalaluddin
wrote:
> Hello Valentin,
>
> My setup for OpenNebula is 1 Front-end and several KVM
nodes. The front-end
> and nodes are using IP address 192.168.1.xxx and are able to
connect to the
> internet.
>
> The current networking setup for the VM is using dummy and
bridge, br0.
>
> So, for the VM able to access to the internet, is by
assigning them
> 192.168.1.xxx IP addresses.
>
> If I have many VMs, IP address 192.168.1.xxx will be depleted.
>
> Hence, I need to make a new private network such as,
10.0.1.xxx which will
> map to only a single 192.168.1.xxx, e.g 192.168.1.5.
>
> Thank you.
>
> Regards,
> Fazli
>
>
> On Wed, Oct 2, 2013 at 7:21 PM, Valentin Bud
<[email protected] <mailto:[email protected]>> wrote:
>
> > Hello Fazli,
> >
> > The Virtual Router documentation [1] is definitely a good
place to start.
> >
> >
> > On Wed, Oct 2, 2013 at 1:57 PM, M Fazli A Jalaluddin <
> > [email protected]
<mailto:[email protected]>> wrote:
> >
> >> Hi,
> >>
> >> Is there any tutorial on how to use the VirtualRouter?
> >>
> >> I have download the image from Marketplace and Deploy a
VM out of it.
> >>
> >> Then what should I do?
> >>
> >> My concern is that the Multiple VM will be able to be
assigned a private
> >> IP address (at the same time connect to the internet)
while the KVM host is
> >> using public IP address.
> >>
> >
> > I don't really understand your concern. Could you be more
specific?
> >
> > Yes, every VM will get a private IP address from the
Router in case you
> > connect it to the private
> > network. If you connect the VM to the public network too
you'd have to
> > setup the IP address on the VM.
> > If context package is installed in the VM it'll
autoconfigure the public
> > IP also.
> >
> > [1]: http://opennebula.org/documentation:rel4.2:router
> >
> > Good Will,
> >
> >
> >>
> >> Thank you
> >>
> >> On Wed, Oct 2, 2013 at 4:26 PM, Carlos Martín Sánchez <
> >> [email protected] <mailto:[email protected]>>
wrote:
> >>
> >>> Hi,
> >>>
> >>> On Wed, Oct 2, 2013 at 6:56 AM, M Fazli A Jalaluddin <
> >>> [email protected]
<mailto:[email protected]>> wrote:
> >>>
> >>> Hi,
> >>>>
> >>>> May I know if the Virtual Router provide NAT?
> >>>>
> >>>
> >>> Yes, look for the Full Router section in the documentation:
> >>> http://opennebula.org/documentation:rel4.2:router
> >>>
> >>> PS: Please reply also to the mailing list
> >>>
> >>> Regards.
> >>> --
> >>> Carlos Martín, MSc
> >>> Project Engineer
> >>> OpenNebula - Flexible Enterprise Cloud Made Simple
> >>> www.OpenNebula.org <http://www.OpenNebula.org> |
[email protected] <mailto:[email protected]> |
@OpenNebula<http://twitter.com/opennebula><[email protected]
<mailto:[email protected]>>
> >>>
> >>>
> >>> On Wed, Oct 2, 2013 at 6:56 AM, M Fazli A Jalaluddin <
> >>> [email protected]
<mailto:[email protected]>> wrote:
> >>>
> >>>> Hi,
> >>>>
> >>>> May I know if the Virtual Router provide NAT?
> >>>>
> >>>> Thank you
> >>>>
> >>>>
> >>>> On Thu, Sep 5, 2013 at 5:29 PM, Carlos Martín Sánchez <
> >>>> [email protected] <mailto:[email protected]>>
wrote:
> >>>>
> >>>>> Hi,
> >>>>>
> >>>>> Actually, we do provide a Virtual Router appliance
that contains a
> >>>>> DHCP server. It knows the correct IP assigned by
OpenNebula to each MAC.
> >>>>> See http://opennebula.org/documentation:rel4.2:router
> >>>>>
> >>>>> Regards
> >>>>>
> >>>>> --
> >>>>> Join us at OpenNebulaConf2013
<http://opennebulaconf.com> in Berlin,
> >>>>> 24-26 September, 2013
> >>>>> --
> >>>>> Carlos Martín, MSc
> >>>>> Project Engineer
> >>>>> OpenNebula - The Open-source Solution for Data Center
Virtualization
> >>>>> www.OpenNebula.org <http://www.OpenNebula.org> |
[email protected] <mailto:[email protected]> |
@OpenNebula<http://twitter.com/opennebula><[email protected]
<mailto:[email protected]>>
> >>>>>
> >>>>>
> >>>>> On Thu, Sep 5, 2013 at 8:55 AM, Ionut Popovici
<[email protected] <mailto:[email protected]>>wrote:
> >>>>>
> >>>>>> No opennebula don't provide DHCP , you could use
vlans to brake the
> >>>>>> network, and u can use contextualization to get the
ip for virtual
> >>>>>> machines, if u use bridge mode is u should make rules
in iptables(ebtables)
> >>>>>> for udp dst port 67 and allow only response from
your DHCP server.
> >>>>>> Chears.
> >>>>>> On 9/5/2013 9:49 AM, Mohammad Fazli Ahmat Jalaluddin
wrote:
> >>>>>>
> >>>>>> Hi guys,
> >>>>>>
> >>>>>> I just want to ask few questions.
> >>>>>>
> >>>>>> Does OpenNebula act as a DHCP Server and give IP
address to the VM if
> >>>>>> it is not contextualized in the first place?
> >>>>>>
> >>>>>> When the VM is deploy (without context), e.g Ubuntu
server default
> >>>>>> network configuration is using DHCP, and thus the IP
for the VM is
> >>>>>> different with the one that OpenNebula uses from the
vnet lease.
> >>>>>>
> >>>>>> Is the IP address in the VM is given by OpenNebula
(act as the DHCP
> >>>>>> server) or given by our network existing DHCP server?
> >>>>>>
> >>>>>> The reason I'm asking is because our network is
poisoned since there
> >>>>>> are 2 DHCP server. BTW, our OpenNebula configuration
for the network is
> >>>>>> using dummy and using bridge in the frontend
> >>>>>>
> >>>>>> Thank you very much.
> >>>>>>
> >>>>>> Regards,
> >>>>>> Fazli
> >>>>>>
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> Users mailing
[email protected]http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
<http://lists.opennebula.org/listinfo.cgi/users-opennebula.org>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> Users mailing list
> >>>>>> [email protected]
<mailto:[email protected]>
> >>>>>>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >>>>>>
> >>>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> Users mailing list
> >>>>> [email protected]
<mailto:[email protected]>
> >>>>>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >>>>>
> >>>>>
> >>>>
> >>>
> >>
> >> _______________________________________________
> >> Users mailing list
> >> [email protected]
<mailto:[email protected]>
> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >>
> >>
> >
> >
> > --
> > Valentin Bud
> > http://databus.pro | [email protected]
<mailto:[email protected]>
> >
--
Valentin Bud
http://databus.pro | [email protected] <mailto:[email protected]>
_______________________________________________
Users mailing list
[email protected]
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
