[one-users] Public IPs on an internal private network of an OpenNebula Cluster

Alberto Zuin - Liste liste at albertozuin.eu
Wed Jul 4 07:52:10 PDT 2012

Hello Patrizio,
If I correctly understood, the master server is the OpenNebula server 
and the slaves are the KVM hosts. The master is connected to Internet, 
has a public ip address and is also connected to a private lan; slaves 
(kvm servers) are connected only to private lan.
You use also the master server to masquerade traffic form VM to Internet 
via iptables.

If it's correct, you have 2 possible solution:
1) configure the public IPs as secondary in master servers and set 
iptalbles to DNAT traffic from public IP to the private one
2) install a second ethernet card on slave server, connect it to public 
internet and create a second bridge (without a real public IP address).

The second solution for me is better.


On 04/07/2012 16:36, Patrizio Dazzi wrote:
> Dear all OpenNebulers,
>      As a researcher of the HPCLab at ISTI-CNR I am working for the CONTRAIL
> EU project (http://www.contrail-project.eu/), which main aim is to
> conceive and develop
> an holistic system for building cloud federation that can be managed
> in an integrated and
> seamless way.
> For the reference implementation of CONTRAIL system, we decided to exploit
> OpenNebula as Provider-level IaaS. As a consequence, CNR and a few other
> project partners are setting up an OpenNebula Cloud each.
> Unfortunately, at CNR we are experiencing some issues related to OpenNebula
> configuration. These are mainly due to the lack of public IPs
> availability on our side and
> the consequent decision to reserve them for the VMs hence avoiding to
> assign to each
> Physical machine a public IP.
> Let me describe what's going on on our side.
> We have installed the tarball distribution of open nebula 3.4.1 for
> running virtual machines on a (kvm based) cluster made of 5 computers:
> a front-end machine and 4 slaves machines. Currently, the master has 2
> network interfaces configured whereas the slaves have only a single
> network interface configured each. All the nodes of the cluster are
> running Ubuntu server 12.04 64 bit.
> The slaves of the cluster are connected to the front-end via a gigabit
> switch. The front-end uses the second network interface to connect to
> Internet. Such front-end is the only machine having a public IP.
> Indeed, the internal network exploits a class of private IPs
> (192.168.100.X). The front-end iptables has been already properly
> configured to forward and masquerade the connections from the slaves
> to the internet. Indeed, we are able to connect to ubuntu update sites
> directly from the slaves.
> I also have a few public IPs that I would like to assign to certain
> Virtual Machines that will be run on the cluster.
> Unfortunately, the slaves are connected to a private network, hence
> their virtual bridges, as far as I know, can receive only packets sent
> to IPs having the same network address/mask. As a consequence
> assigning them a public IP would result in a useless operation because
> the packets won't be properly routed to the physical machine hosting
> such a public IP.
> Can you help me ? Do you have any suggestion ?
> Best Regards,
> -- Patrizio
> Dr Patrizio Dazzi, Ph.D.
> HPC Lab @ ISTI-CNR, Via Moruzzi, 1 - 56126, Pisa, Italy
> Phone: +39 050 315 30 74  --  Fax: +39 050 315 20 40
> "Genius is one percent inspiration, ninety-nine percent perspiration"
> - Thomas Alva Edison
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Alberto Zuin
via Mare, 36/A
36030 Lugo di Vicenza (VI)
P.I. 04310790284
Tel. +39.0499271575
Fax. +39.0492106654
Cell. +39.3286268626
www.azns.it - alberto at azns.it

More information about the Users mailing list