Hello,
The problem with ovn ( 'br-int': No such device) occurs because you are
missing an ovs bridge named "br-int" on your host.
This is the integration bridge used by ovn to create its logical networks.
This is normally created by default during ovs/ovn installation. Please try
adding this manually:
ovs-vsctl add-br br-int
You can check if it exists using:
ovs-vsctl show
Once added the vm should start fine.
The network filters which you can define in ovirt are the libvirt network
filters (https://libvirt.org/formatnwfilter.html)
Afaik there is not "default" firewall solution advised for ovirt. I will
check if there are any good practices described, but I have not seen any so
far.
Marcin
On Tue, Nov 13, 2018 at 11:43 PM <dav...@riavera.com> wrote:
> Hello,
>
> I'm trying to setup a new ovirt install and have run into some general
> issues that I hope someone can help with.
>
> I'm somewhat new to ovirt (but not virtualization).
>
> First off, I've been doing lots of reading and I can't seem to find what
> the generally accepted method is for firewalling access between networks
> and VMs is in ovirt? I see references to network filters, but no obvious
> ways to set ports or modify the configuration beyond a set list of general
> good-practice policies (no arp spoofing, etc).
>
> What do people use in a production environment? Trunk out to an external
> firewall and do the filtering there? Run iptables or some rules locally in
> each VM? Or just run pfSense or other firewall software as another VM and
> manage it there?
>
> And lastly, I'm trying to setup a new interface using the external ovn
> provider but am having problems.
>
> I can define the external provider network just fine (not connected to
> physical network), but can't seem to actually use it.
>
> When I create a new VM and assign the new network to an associated
> interface, the VM fails to start.
>
> The error I get is:
>
> "VM testvm is down with error. Exit message: Cannot get interface MTU on
> 'br-int': No such device."
>
> Am I missing something obvious here?
>
> I'm running oVirt 4.2.7 with the latest oVirt Node on a few hosts (also
> 4.2.7).
>
> All my configuration has been via the web interface so far.
>
> Sincerely,
> _______________________________________________
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/TGPKRCARFQOMQFND5KWGSGLVCEEUO4AV/
>
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BS5GRBVR3BR7UHVFNF7CXCENM5XZCREN/
