[one-users] OpenNebula and DHCP Server

M Fazli A Jalaluddin fazli.jalaluddin at gmail.com
Thu Oct 3 02:22:32 PDT 2013 

Hi Valentin,

Your assumption is correct.

My method is to use OpenNebula Virtual Router by refer to this page [1] and
Openvswitch.

I have installed Openvswitch in the host and I was able to deploy VM in
isolated network.

I try to deploy the VirtualRouter in a virtual network.

My problem is, I cannot ping it and cannot SSH into it.

>From the documentation, I understand that the VirtualRouter needs to be
deploy as a VM in a specific virtual network and it will act as the DHCP
for the VMs in the same virtual network.
I also have included the example context in the VirtualRouter template.

My VirtualRouter template:

NIC=[NETWORK_ID="0"]
NIC=[NETWORK_ID="9",IP="10.0.10.1"]
INPUT=[BUS="usb",TYPE="tablet"]
MEMORY="512"
OS=[ARCH="x86_64",BOOT="hd"]
GRAPHICS=[LISTEN="0.0.0.0",TYPE="SPICE"]
DISK=[IMAGE_ID="24"]
CPU="0.5"
CONTEXT=[TARGET="hdb",NETWORK="YES",FORWARDING="8080:10.0.10.2:80
10.0.10.2:22",DHCP="YES",PRIVNET="$NETWORK[TEMPLATE, NETWORK=\"ovs
.10\"]",TEMPLATE="TEMPLATE",SSH_PUBLIC_KEY="ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCk+MN96iAn4uXRieJqyJG7WY32zW0LTXJBdISdjDLlp8QgFrxOdi9Aw2+eu+QSbVHwBsqOTimpOuzknisOhD4RPCTCT7G2/xaEUxWg0AB3ySrMZC3Dv5AgBy0CikFk50/CbwBtMjj2pRINm0axfP+cUT/VBhJRAiwVe2wsIOL/t2PGOy0O8Q2zjG1XfCVZPCYPOxj9Jk0y8DoMHp0ILA6gM7hGN4CKAQiXnbjv8WD9uFpRr7eruXQUdMuPn2wnyDMcCnzUEMtPUoPIy6gyAer3biRyEQkAXNJ+R1WXvX6Ah848MTyoICoA7KKIm9e3xe/SXMJxxOPHZLWSJSIRmhcd
hpc1 at hpc-workstation1",PUBNET="$NETWORK[TEMPLATE, NETWORK=\"Virtual Network
.113\"]",DNS="8.8.8.8 8.8.4.4"]

May I know how to actually use the VirtualRouter?

[1] http://opennebula.org/documentation:rel4.2:router



On Thu, Oct 3, 2013 at 3:56 PM, Valentin Bud <valentin.bud at gmail.com> wrote:

> Hello Fazli,
>
> I will make some assumptions about your infrastructure and provide
> possible approach(es).
>
> * Your KVM nodes have a single Ethernet interface, eth0, connected in a
>   switch and a router used as the default gateway for the 192.168.1/24
>   network,
>
> * Also the frontend is connected via the same switch with the rest of
>   the nodes,
>
> * You have a br0 bridge with eth0 connected to it on each node and also
>   the frontend,
>
> * Your frontend is also a node.
>
> If you have access to the router the simplest way would be to add an IP
> Address alias on the router interface as the default gateway for the new
> network.
>
> Configure a new network inside OpenNebula for that using the chosen
> subnet and the same bridge, br0.
>
> I don't know if you have any kind of security policies in place but be
> careful that in this way there is no Layer 2 separation and traffic
> between the two subnets is visible with tcpdump or other sniffers.
>
> The second approach I can think about is to have the frontend configured
> with the first IP Address from the new subnet on br0 and define a new
> network inside OpenNebula like the above.
>
> I don't know if this would work though.The NAT must be done for
> 10.100.0/24 over
> 192.168.1.X (the IP Address of frontend from 192.168.1/24 subnet). What
> I don't know is if iptables can MASQUERADE subnets on the same
> interface. Never tried it, it might work.
>
> Another approach that come to mind is to use the Virtual Router and
> define a new subnet on the same br0 bridge. The Virtual Router would
> have an interface connected to 192.168.1/24 network and one in the
> 10.100.0/24 one. Setup it up to have the first IP Address from the
> 10.100.0/24 network so it is the default gateway.
>
> The same applies, traffic over L2 is not separated in anyway.
>
> One more idea :-) would be to use Open vSwitch and GRE tunnels between
> the nodes. In this way you can use VLANs and transport over GRE between
> nodes. You can also setup IPSec encrypted GRE tunnels if you want
> security. It might be overkill but again it depends on your
> requirements.
>
> Another working setup I have done is to use tinc VPN [1] between nodes
> in switch mode and connect it to the Open vSwitch from each host as a
> port. This way traffic that travels between nodes is fully encrypted and
> you can use the same L2 network in a secure fashion.
>
> But maybe the best approach would be to have a second network card,
> eth1, in each node. Connect that second card in an Open vSwitch and use
> VLANs with the frontend being the router, or any other node for that
> matter.
>
> [1]: http://www.tinc-vpn.org/
>
> Good Will,
> Valentin
>
> On Thu, Oct 03, 2013 at 09:18:41AM +0800, M Fazli A Jalaluddin wrote:
> > Hello Valentin,
> >
> > My setup for OpenNebula is 1 Front-end and several KVM nodes. The
> front-end
> > and nodes are using IP address 192.168.1.xxx and are able to connect to
> the
> > internet.
> >
> > The current networking setup for the VM is using dummy and bridge, br0.
> >
> > So, for the VM able to access to the internet, is by assigning them
> > 192.168.1.xxx IP addresses.
> >
> > If I have many VMs, IP address 192.168.1.xxx will be depleted.
> >
> > Hence, I need to make a new private network such as, 10.0.1.xxx which
> will
> > map to only a single 192.168.1.xxx, e.g 192.168.1.5.
> >
> > Thank you.
> >
> > Regards,
> > Fazli
> >
> >
> > On Wed, Oct 2, 2013 at 7:21 PM, Valentin Bud <valentin.bud at gmail.com>
> wrote:
> >
> > > Hello Fazli,
> > >
> > > The Virtual Router documentation [1] is definitely a good place to
> start.
> > >
> > >
> > > On Wed, Oct 2, 2013 at 1:57 PM, M Fazli A Jalaluddin <
> > > fazli.jalaluddin at gmail.com> wrote:
> > >
> > >> Hi,
> > >>
> > >> Is there any tutorial on how to use the VirtualRouter?
> > >>
> > >> I have download the image from Marketplace and Deploy a VM out of it.
> > >>
> > >> Then what should I do?
> > >>
> > >> My concern is that the Multiple VM will be able to be assigned a
> private
> > >> IP address (at the same time connect to the internet) while the KVM
> host is
> > >> using public IP address.
> > >>
> > >
> > > I don't really understand your concern. Could you be more specific?
> > >
> > > Yes, every VM will get a private IP address from the Router in case you
> > > connect it to the private
> > > network. If you connect the VM to the public network too you'd have to
> > > setup the IP address on the VM.
> > > If context package is installed in the VM it'll autoconfigure the
> public
> > > IP also.
> > >
> > > [1]: http://opennebula.org/documentation:rel4.2:router
> > >
> > > Good Will,
> > >
> > >
> > >>
> > >> Thank you
> > >>
> > >> On Wed, Oct 2, 2013 at 4:26 PM, Carlos Martín Sánchez <
> > >> cmartin at opennebula.org> wrote:
> > >>
> > >>> Hi,
> > >>>
> > >>> On Wed, Oct 2, 2013 at 6:56 AM, M Fazli A Jalaluddin <
> > >>> fazli.jalaluddin at gmail.com> wrote:
> > >>>
> > >>> Hi,
> > >>>>
> > >>>> May I know if the Virtual Router provide NAT?
> > >>>>
> > >>>
> > >>> Yes, look for the Full Router section in the documentation:
> > >>> http://opennebula.org/documentation:rel4.2:router
> > >>>
> > >>> PS: Please reply also to the mailing list
> > >>>
> > >>> Regards.
> > >>> --
> > >>> Carlos Martín, MSc
> > >>> Project Engineer
> > >>> OpenNebula - Flexible Enterprise Cloud Made Simple
> > >>> www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula<
> http://twitter.com/opennebula><cmartin at opennebula.org>
> > >>>
> > >>>
> > >>> On Wed, Oct 2, 2013 at 6:56 AM, M Fazli A Jalaluddin <
> > >>> fazli.jalaluddin at gmail.com> wrote:
> > >>>
> > >>>> Hi,
> > >>>>
> > >>>> May I know if the Virtual Router provide NAT?
> > >>>>
> > >>>> Thank you
> > >>>>
> > >>>>
> > >>>> On Thu, Sep 5, 2013 at 5:29 PM, Carlos Martín Sánchez <
> > >>>> cmartin at opennebula.org> wrote:
> > >>>>
> > >>>>> Hi,
> > >>>>>
> > >>>>> Actually, we do provide a Virtual Router appliance that contains a
> > >>>>> DHCP server. It knows the correct IP assigned by OpenNebula to
> each MAC.
> > >>>>> See http://opennebula.org/documentation:rel4.2:router
> > >>>>>
> > >>>>> Regards
> > >>>>>
> > >>>>> --
> > >>>>> Join us at OpenNebulaConf2013 <http://opennebulaconf.com> in
> Berlin,
> > >>>>> 24-26 September, 2013
> > >>>>> --
> > >>>>> Carlos Martín, MSc
> > >>>>> Project Engineer
> > >>>>> OpenNebula - The Open-source Solution for Data Center
> Virtualization
> > >>>>> www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula<
> http://twitter.com/opennebula><cmartin at opennebula.org>
> > >>>>>
> > >>>>>
> > >>>>> On Thu, Sep 5, 2013 at 8:55 AM, Ionut Popovici <
> ionut at hackaserver.com>wrote:
> > >>>>>
> > >>>>>>  No opennebula don't provide DHCP , you could use vlans to brake
> the
> > >>>>>> network, and u can use contextualization to get the ip for virtual
> > >>>>>> machines, if u use bridge mode is u should make rules in
> iptables(ebtables)
> > >>>>>> for udp dst port 67  and allow only response from your DHCP
> server.
> > >>>>>> Chears.
> > >>>>>> On 9/5/2013 9:49 AM, Mohammad Fazli Ahmat Jalaluddin wrote:
> > >>>>>>
> > >>>>>>     Hi guys,
> > >>>>>>
> > >>>>>> I just want to ask few questions.
> > >>>>>>
> > >>>>>> Does OpenNebula act as a DHCP Server and give IP address to the
> VM if
> > >>>>>> it is not contextualized in the first place?
> > >>>>>>
> > >>>>>> When the VM is deploy (without context), e.g Ubuntu server default
> > >>>>>> network configuration is using DHCP, and thus the IP for the VM is
> > >>>>>> different with the one that OpenNebula uses from the vnet lease.
> > >>>>>>
> > >>>>>>  Is the IP address in the VM is given by OpenNebula (act as the
> DHCP
> > >>>>>> server) or given by our network existing DHCP server?
> > >>>>>>
> > >>>>>>  The reason I'm asking is because our network is poisoned since
> there
> > >>>>>> are 2 DHCP server. BTW, our OpenNebula configuration for the
> network is
> > >>>>>> using dummy and using bridge in the frontend
> > >>>>>>
> > >>>>>>  Thank you very much.
> > >>>>>>
> > >>>>>>  Regards,
> > >>>>>>  Fazli
> > >>>>>>
> > >>>>>>
> > >>>>>> _______________________________________________
> > >>>>>> Users mailing listUsers at lists.opennebula.orghttp://
> lists.opennebula.org/listinfo.cgi/users-opennebula.org
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> _______________________________________________
> > >>>>>> Users mailing list
> > >>>>>> Users at lists.opennebula.org
> > >>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> > >>>>>>
> > >>>>>>
> > >>>>>
> > >>>>> _______________________________________________
> > >>>>> Users mailing list
> > >>>>> Users at lists.opennebula.org
> > >>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> > >>>>>
> > >>>>>
> > >>>>
> > >>>
> > >>
> > >> _______________________________________________
> > >> Users mailing list
> > >> Users at lists.opennebula.org
> > >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> > >>
> > >>
> > >
> > >
> > > --
> > > Valentin Bud
> > > http://databus.pro | valentin at databus.pro
> > >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20131003/e5a5d9b2/attachment-0002.htm>

More information about the Users mailing list