[one-users] virtual switching

Ruben S. Montero rsmontero at opennebula.org
Thu May 10 14:59:57 PDT 2012 

Hi,

Usually this is scenario is implemented as follows:

1.- Create a **private** network for the VMs. Basically bridging it to
the private physical switch.

2.- Create a **public** network, with a set of valid public IP's
bridge to the public network

3.- Configure a virtual router VM. This router will have configured
iptables to support NAT, and do the port forwarding you need (it may
also have running DHCP and/or DNSmasq services).  The virtual router
will have two NICs one in  the **private** and another one in the
**public** network.

4.- The VMs will have only one NIC in the private network, and the
virtual router as the default gateway. The may be also using the DCHP
server to get all this configuration data.

This procedure may seem too cumbersome but it only requires the
virtual router appliance which is fairly straightforward. Note that:

1.- You do need access to any switch (the VLAN's may be configured
before hand to setup the private and public networks) (We use two
different hw switches for these)
2.- If the private networks are dynamically created this setup can be
easily replicated for multiple users (isolating this VMs....)


Hope this helps.

Cheers

Ruben

On Thu, May 10, 2012 at 4:17 PM, Sean Abbott <seabbott at akamai.com> wrote:
> Hello,
>
> I'm in a situation where I have 3 hosts, 3 "public" IPs, and no control
> or access to the physical switches in my environment.
>
> I have KVM virtual machines using the default libvirt NAT/IP
> masquerading which works fine for accessing the internet, but falls
> short as soon as a machine is instantiated on one of the nodes that is
> not the master.  My VM ended up in an "unknown" state and I wasn't able
> to recover.
>
> My goal is to have all my virtual machines be able to communicate with
> each other, and have a single virtual machine accessible from the
> outside via a forwarded port.  Also, all virtual machines should be able
> to reach the internet via IP masquerading.
>
> Should this be working with the setup I have?  Or if not, is there a
> setup that might be able to provide this for me, given the restrictions
> I have?  open vswitch looks like it might work, but they concentrate
> pretty heavily on using vlan tags and working with the physical
> infrastructure, whereas I would just need to configure it to forward
> messages to specific IP addresses somehow...
>
> Thanks!
>
> sean
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org



-- 
Ruben S. Montero, PhD
Project co-Lead and Chief Architect
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org | rsmontero at opennebula.org | @OpenNebula

More information about the Users mailing list