[one-users] VMs are not reachable over their IP
Jaime Melis
jmelis at opennebula.org
Thu Nov 17 06:16:25 PST 2011
Hello Martin,
> When OpenNebula launches a (the first) VM, the vnet0 is attached to the
> bridge (this works flawlessly in my case).
> If my bridge has the IP 141.x.x.66 and the VMs get an IP , ranged from
> 141.x.x.67-141.x.x.80, how are the packets been routed to the VMs?
> Does OpenNebula (my context Script) just set the VM IP within the running
> VM, or is there also a mechanism that sets the corresponding IP (eg.
> 141.x.x.67) also on the bridge, so the VM is visible to the Network?
The bridge acts as a hub. All the packets that arrive trough the
physical device are forwarded over to all the virtual network
interfaces of all the running VMs. If a VM has configured from within
an IP, it will capture the packet, otherwise it will simply ignore the
packet.
In other words, if you fire up tcpdump from within the VM you will see
all the traffic of the bridge. By configuring an IP from within the VM
you will capture the packets delivered to that IP address.
The VMs' interfaces should be visible to the network, just as any
other physical machine.
> Or are VLAN Tags/Open vSwitch/ebtables the only way to process IP Packages
> to the KVM virtual Interfaces?
No, they're alternative network configurations precisely to avoid the
security problems exposed by a flat network like the one described in
the first scenario, where all the traffic is visible across al the
VMs.
I'm not sure if I understood correctly, but if you're having problems
with your network setup, could you be more specific on your
configuration and send us the output of some commands, like:
* ifconfig -a (both in the host and the vm)
* route -n (both in the host and the vm)
* brctl show (in the host)
* ps -ef|grep kvm (in the host)
cheers,
Jaime
--
Jaime Melis
Project Engineer
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org | jmelis at opennebula.org
More information about the Users
mailing list