Matt, I attached a hook that will give you a kick start on the promisc mode, it implemented only the mirror mode which is a part of vdsm now but you can look at the comments and the README file that have the appropriate in-line mode commands and implementation.
Shahar Havivi. On 10.02.13 17:07, Matt . wrote: > Here: http://www.mail-archive.com/[email protected]/msg06261.html > > > 2013/2/10 Shahar Havivi <[email protected]> > > > On 10.02.13 16:36, Matt . wrote: > > > Hi, > > > > > > I'm thinking about the way how I did that with the dedicated NIC to the > > VM. > > > I was discussing this a couple of months ago on IRC but I can't remeber > > and > > > I already tried to do this... no luck yet. I remember that the NICS were > > > just available when adding a nic to the VM, by MAC-address. Can't figure > > it > > > out yet what I did those except of not sleeping that much :) > > I don't remember that, sorry... > > > > > > About the error that I get I do the following: > > > > > > > > > Hosts > Network Interfaces > Setup Host Networks. > > > > > > When I drag a network I created to a NIC and I don't set an IP or DHCP or > > > None I get that error: "Error while executing action Setup Networks: > > > Illegal or Incomplete IP Address" > > > > > > When I set and IP to that network that is draaged to the Nic I don't get > > an > > > error, but why only and IP and no GW as this is IP seems to be bridged in > > > the host to the VM where you add a Nic to with that same network you just > > > gave an IP. > > > > > > When saying the above, could have been possible that I have set the > > > Mac-Address of the real Nic @ the VM Nic ? As this is possible that might > > > have been the solution I used ? > > > > > > For the rest this software is good and the support is superb! > > I can't reproduce this error, > > its look like UI validation... > > Alona,Moti did you encounter this error? > > > > > > > > Thanks so far again. > > > > > > Matt > > > > > > > > > 2013/2/10 Shahar Havivi <[email protected]> > > > > > > > On 10.02.13 16:16, Matt . wrote: > > > > > Hi Shahar, > > > > > > > > > > Thanks, I need to work this out further to have it 100% visible. > > > > > > > > > > I wonder why I was able in the past (3.1) to dedicate an NIC to a VM. > > > > > > > > > > Do you also have an explanation why I cannot save a network > > configuration > > > > > with a nic in DHCP mode ? It complains about a wrong IP and I have > > seen > > > > it > > > > > should be a bug. Is this right ? > > > > How did you that... > > > > I.e can you tell me the steps that you made in the UI? (for both cases) > > > > > > > > > > Cheers, > > > > > > > > > > Matt > > > > > > > > > > > > > > > 2013/2/10 Shahar Havivi <[email protected]> > > > > > > > > > > > On 10.02.13 14:13, Dan Kenigsberg wrote: > > > > > > > On Sun, Feb 10, 2013 at 12:19:57PM +0100, Matt . wrote: > > > > > > > > Hi, > > > > > > > > > > > > > > > > For setting up a firewall in a VM I would like to add 2 of my 4 > > > > nics > > > > > > > > directly to a VM. > > > > > > > > > > > > > > > > In my previous setup I thought I have done that, but at the > > moment > > > > I > > > > > > cannot > > > > > > > > figure this out and cannot find the docs to accomplish this. > > > > > > > > > > > > > > > > I would like to dedicate those 2 nics to my firewall VM's to > > avoid > > > > > > sharing > > > > > > > > them using a network per accident to other VM's. > > > > > > > > > > > > > > > > How is this be done at the moment ? > > > > > > > > > > > > > > AFAIK it can be done only with a vdsm hook. You'd need to define > > > > your VM > > > > > > > with no interface at all, but instead, mark it with a special > > custom > > > > > > > property you define. Then, you should write a hook that adds the > > two > > > > > > > host interfaces to the VM, by means of either > > > > > > > http://libvirt.org/formatdomain.html#elementsNICSDirect or > > > > > > > http://libvirt.org/formatdomain.html#elementsNICSHostdev > > > > > > > > > > > > > > Most probably, you would need to pin your firewall VM to a > > specific > > > > > > > host. > > > > > > > > > > > > > > Writing a hook is not too complex, but it requires understanding > > of > > > > how > > > > > > > vdsm and libvirt works. You can take > > > > > > > > > http://gerrit.ovirt.org/gitweb?p=vdsm.git;a=tree;f=vdsm_hooks/vmfexas a > > > > > > > reference, or ask for specific guidance here. > > > > > > > > > > > > > > Dan. > > > > > > Dan is right, > > > > > > Currently you can do it via hook, > > > > > > We do have promisc mode but currently we have mirroring mode only > > (ie > > > > you > > > > > > can > > > > > > monitor each VM traffic but cannot intercept it). > > > > > > The way to do it is via layer 2. > > > > > > > > > > > > its best to implement after_vm_start hook and use ebtables. > > > > > > you can pass to the hook the network name. > > > > > > when you have the network name you can prob for its mac address > > and in > > > > the > > > > > > libvirt xml > > > > > > you can view the interfaces that are part of that network and get > > the > > > > mac > > > > > > addresses as well. (look at other hooks as Dan point out) > > > > > > > > > > > > when you have the network name the network mac and the target > > > > interface you > > > > > > can use ebtables: > > > > > > 1. set the bridge in promisc mode > > > > > > $ ifconfig <netwok name> promisc > > > > > > 2. traffic to the monitoring machine > > > > > > $ ebtables -t nat -A PREROUTING -d 00:1a:4a:16:01:51 -i eth0 -j > > dnat > > > > > > --to-destination 00:1a:4a:16:01:11 > > > > > > 3. traffic from the monitoring machine > > > > > > $ ebtables -t nat -A PREROUTING -s 00:1a:4a:16:01:51 -i vnet0 -j > > > > dnat > > > > > > --to-destination 00:1a:4a:16:01:11 > > > > > > > > > > > > 1. set the network interface in promiscous mode > > > > > > 2. traffic that ment to the vm mac will go to the destination mac > > > > > > 2. traffic that sent from the vm mac will go to the destination mac > > > > > > > > > > > > note that the -i <interface> is the interface name and I think it > > can > > > > be > > > > > > omitted... > > > > > > > > > > > > Shahar Havivi. > > > > > > > > > > > >
promisc.tar.gz
Description: GNU Zip compressed data
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
