[one-users] OpenNebula and DHCP Server

Valentin Bud valentin.bud at gmail.com
Thu Oct 3 04:44:36 PDT 2013


Hi Fazli,


On Thu, Oct 3, 2013 at 12:22 PM, M Fazli A Jalaluddin <
fazli.jalaluddin at gmail.com> wrote:

> Hi Valentin,
>
> Your assumption is correct.
>
> My method is to use OpenNebula Virtual Router by refer to this page [1]
> and Openvswitch.
>
> I have installed Openvswitch in the host and I was able to deploy VM in
> isolated network.
>
> I try to deploy the VirtualRouter in a virtual network.
>

In two virtual networks in fact, in the PUBNET which should be the 192.168
network from br0 on the
nodes and frontend and PRIVNET in the Open vSwitch network.


>
> My problem is, I cannot ping it and cannot SSH into it.
>

You should be able to connect to PUBNET's virtual IP Address from within
the 192.168 network.

Or you could add an internal port to Open vSwitch bridge and try to connect
to PRIVNET's virtual
IP Address of the VR.


>
> From the documentation, I understand that the VirtualRouter needs to be
> deploy as a VM in a specific virtual network and it will act as the DHCP
> for the VMs in the same virtual network.
> I also have included the example context in the VirtualRouter template.
>
> My VirtualRouter template:
>
> NIC=[NETWORK_ID="0"]
> NIC=[NETWORK_ID="9",IP="10.0.10.1"]
> INPUT=[BUS="usb",TYPE="tablet"]
> MEMORY="512"
> OS=[ARCH="x86_64",BOOT="hd"]
> GRAPHICS=[LISTEN="0.0.0.0",TYPE="SPICE"]
> DISK=[IMAGE_ID="24"]
> CPU="0.5"
> CONTEXT=[TARGET="hdb",NETWORK="YES",FORWARDING="8080:10.0.10.2:80
> 10.0.10.2:22",DHCP="YES",PRIVNET="$NETWORK[TEMPLATE, NETWORK=\"ovs
> .10\"]",TEMPLATE="TEMPLATE",SSH_PUBLIC_KEY="ssh-rsa
> AAAAB3NzaC1yc2EAAAADAQABAAABAQCk+MN96iAn4uXRieJqyJG7WY32zW0LTXJBdISdjDLlp8QgFrxOdi9Aw2+eu+QSbVHwBsqOTimpOuzknisOhD4RPCTCT7G2/xaEUxWg0AB3ySrMZC3Dv5AgBy0CikFk50/CbwBtMjj2pRINm0axfP+cUT/VBhJRAiwVe2wsIOL/t2PGOy0O8Q2zjG1XfCVZPCYPOxj9Jk0y8DoMHp0ILA6gM7hGN4CKAQiXnbjv8WD9uFpRr7eruXQUdMuPn2wnyDMcCnzUEMtPUoPIy6gyAer3biRyEQkAXNJ+R1WXvX6Ah848MTyoICoA7KKIm9e3xe/SXMJxxOPHZLWSJSIRmhcd
> hpc1 at hpc-workstation1",PUBNET="$NETWORK[TEMPLATE, NETWORK=\"Virtual
> Network .113\"]",DNS="8.8.8.8 8.8.4.4"]
>

This looks good and should work.


>
> May I know how to actually use the VirtualRouter?
>
>
> [1] http://opennebula.org/documentation:rel4.2:router
>
>
>
Good Will,


>
> On Thu, Oct 3, 2013 at 3:56 PM, Valentin Bud <valentin.bud at gmail.com>wrote:
>
>> Hello Fazli,
>>
>> I will make some assumptions about your infrastructure and provide
>> possible approach(es).
>>
>> * Your KVM nodes have a single Ethernet interface, eth0, connected in a
>>   switch and a router used as the default gateway for the 192.168.1/24
>>   network,
>>
>> * Also the frontend is connected via the same switch with the rest of
>>   the nodes,
>>
>> * You have a br0 bridge with eth0 connected to it on each node and also
>>   the frontend,
>>
>> * Your frontend is also a node.
>>
>> If you have access to the router the simplest way would be to add an IP
>> Address alias on the router interface as the default gateway for the new
>> network.
>>
>> Configure a new network inside OpenNebula for that using the chosen
>> subnet and the same bridge, br0.
>>
>> I don't know if you have any kind of security policies in place but be
>> careful that in this way there is no Layer 2 separation and traffic
>> between the two subnets is visible with tcpdump or other sniffers.
>>
>> The second approach I can think about is to have the frontend configured
>> with the first IP Address from the new subnet on br0 and define a new
>> network inside OpenNebula like the above.
>>
>> I don't know if this would work though.The NAT must be done for
>> 10.100.0/24 over
>> 192.168.1.X (the IP Address of frontend from 192.168.1/24 subnet). What
>> I don't know is if iptables can MASQUERADE subnets on the same
>> interface. Never tried it, it might work.
>>
>> Another approach that come to mind is to use the Virtual Router and
>> define a new subnet on the same br0 bridge. The Virtual Router would
>> have an interface connected to 192.168.1/24 network and one in the
>> 10.100.0/24 one. Setup it up to have the first IP Address from the
>> 10.100.0/24 network so it is the default gateway.
>>
>> The same applies, traffic over L2 is not separated in anyway.
>>
>> One more idea :-) would be to use Open vSwitch and GRE tunnels between
>> the nodes. In this way you can use VLANs and transport over GRE between
>> nodes. You can also setup IPSec encrypted GRE tunnels if you want
>> security. It might be overkill but again it depends on your
>> requirements.
>>
>> Another working setup I have done is to use tinc VPN [1] between nodes
>> in switch mode and connect it to the Open vSwitch from each host as a
>> port. This way traffic that travels between nodes is fully encrypted and
>> you can use the same L2 network in a secure fashion.
>>
>> But maybe the best approach would be to have a second network card,
>> eth1, in each node. Connect that second card in an Open vSwitch and use
>> VLANs with the frontend being the router, or any other node for that
>> matter.
>>
>> [1]: http://www.tinc-vpn.org/
>>
>> Good Will,
>> Valentin
>>
>> On Thu, Oct 03, 2013 at 09:18:41AM +0800, M Fazli A Jalaluddin wrote:
>> > Hello Valentin,
>> >
>> > My setup for OpenNebula is 1 Front-end and several KVM nodes. The
>> front-end
>> > and nodes are using IP address 192.168.1.xxx and are able to connect to
>> the
>> > internet.
>> >
>> > The current networking setup for the VM is using dummy and bridge, br0.
>> >
>> > So, for the VM able to access to the internet, is by assigning them
>> > 192.168.1.xxx IP addresses.
>> >
>> > If I have many VMs, IP address 192.168.1.xxx will be depleted.
>> >
>> > Hence, I need to make a new private network such as, 10.0.1.xxx which
>> will
>> > map to only a single 192.168.1.xxx, e.g 192.168.1.5.
>> >
>> > Thank you.
>> >
>> > Regards,
>> > Fazli
>> >
>> >
>> > On Wed, Oct 2, 2013 at 7:21 PM, Valentin Bud <valentin.bud at gmail.com>
>> wrote:
>> >
>> > > Hello Fazli,
>> > >
>> > > The Virtual Router documentation [1] is definitely a good place to
>> start.
>> > >
>> > >
>> > > On Wed, Oct 2, 2013 at 1:57 PM, M Fazli A Jalaluddin <
>> > > fazli.jalaluddin at gmail.com> wrote:
>> > >
>> > >> Hi,
>> > >>
>> > >> Is there any tutorial on how to use the VirtualRouter?
>> > >>
>> > >> I have download the image from Marketplace and Deploy a VM out of it.
>> > >>
>> > >> Then what should I do?
>> > >>
>> > >> My concern is that the Multiple VM will be able to be assigned a
>> private
>> > >> IP address (at the same time connect to the internet) while the KVM
>> host is
>> > >> using public IP address.
>> > >>
>> > >
>> > > I don't really understand your concern. Could you be more specific?
>> > >
>> > > Yes, every VM will get a private IP address from the Router in case
>> you
>> > > connect it to the private
>> > > network. If you connect the VM to the public network too you'd have to
>> > > setup the IP address on the VM.
>> > > If context package is installed in the VM it'll autoconfigure the
>> public
>> > > IP also.
>> > >
>> > > [1]: http://opennebula.org/documentation:rel4.2:router
>> > >
>> > > Good Will,
>> > >
>> > >
>> > >>
>> > >> Thank you
>> > >>
>> > >> On Wed, Oct 2, 2013 at 4:26 PM, Carlos Martín Sánchez <
>> > >> cmartin at opennebula.org> wrote:
>> > >>
>> > >>> Hi,
>> > >>>
>> > >>> On Wed, Oct 2, 2013 at 6:56 AM, M Fazli A Jalaluddin <
>> > >>> fazli.jalaluddin at gmail.com> wrote:
>> > >>>
>> > >>> Hi,
>> > >>>>
>> > >>>> May I know if the Virtual Router provide NAT?
>> > >>>>
>> > >>>
>> > >>> Yes, look for the Full Router section in the documentation:
>> > >>> http://opennebula.org/documentation:rel4.2:router
>> > >>>
>> > >>> PS: Please reply also to the mailing list
>> > >>>
>> > >>> Regards.
>> > >>> --
>> > >>> Carlos Martín, MSc
>> > >>> Project Engineer
>> > >>> OpenNebula - Flexible Enterprise Cloud Made Simple
>> > >>> www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula<
>> http://twitter.com/opennebula><cmartin at opennebula.org>
>> > >>>
>> > >>>
>> > >>> On Wed, Oct 2, 2013 at 6:56 AM, M Fazli A Jalaluddin <
>> > >>> fazli.jalaluddin at gmail.com> wrote:
>> > >>>
>> > >>>> Hi,
>> > >>>>
>> > >>>> May I know if the Virtual Router provide NAT?
>> > >>>>
>> > >>>> Thank you
>> > >>>>
>> > >>>>
>> > >>>> On Thu, Sep 5, 2013 at 5:29 PM, Carlos Martín Sánchez <
>> > >>>> cmartin at opennebula.org> wrote:
>> > >>>>
>> > >>>>> Hi,
>> > >>>>>
>> > >>>>> Actually, we do provide a Virtual Router appliance that contains a
>> > >>>>> DHCP server. It knows the correct IP assigned by OpenNebula to
>> each MAC.
>> > >>>>> See http://opennebula.org/documentation:rel4.2:router
>> > >>>>>
>> > >>>>> Regards
>> > >>>>>
>> > >>>>> --
>> > >>>>> Join us at OpenNebulaConf2013 <http://opennebulaconf.com> in
>> Berlin,
>> > >>>>> 24-26 September, 2013
>> > >>>>> --
>> > >>>>> Carlos Martín, MSc
>> > >>>>> Project Engineer
>> > >>>>> OpenNebula - The Open-source Solution for Data Center
>> Virtualization
>> > >>>>> www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula<
>> http://twitter.com/opennebula><cmartin at opennebula.org>
>> > >>>>>
>> > >>>>>
>> > >>>>> On Thu, Sep 5, 2013 at 8:55 AM, Ionut Popovici <
>> ionut at hackaserver.com>wrote:
>> > >>>>>
>> > >>>>>>  No opennebula don't provide DHCP , you could use vlans to brake
>> the
>> > >>>>>> network, and u can use contextualization to get the ip for
>> virtual
>> > >>>>>> machines, if u use bridge mode is u should make rules in
>> iptables(ebtables)
>> > >>>>>> for udp dst port 67  and allow only response from your DHCP
>> server.
>> > >>>>>> Chears.
>> > >>>>>> On 9/5/2013 9:49 AM, Mohammad Fazli Ahmat Jalaluddin wrote:
>> > >>>>>>
>> > >>>>>>     Hi guys,
>> > >>>>>>
>> > >>>>>> I just want to ask few questions.
>> > >>>>>>
>> > >>>>>> Does OpenNebula act as a DHCP Server and give IP address to the
>> VM if
>> > >>>>>> it is not contextualized in the first place?
>> > >>>>>>
>> > >>>>>> When the VM is deploy (without context), e.g Ubuntu server
>> default
>> > >>>>>> network configuration is using DHCP, and thus the IP for the VM
>> is
>> > >>>>>> different with the one that OpenNebula uses from the vnet lease.
>> > >>>>>>
>> > >>>>>>  Is the IP address in the VM is given by OpenNebula (act as the
>> DHCP
>> > >>>>>> server) or given by our network existing DHCP server?
>> > >>>>>>
>> > >>>>>>  The reason I'm asking is because our network is poisoned since
>> there
>> > >>>>>> are 2 DHCP server. BTW, our OpenNebula configuration for the
>> network is
>> > >>>>>> using dummy and using bridge in the frontend
>> > >>>>>>
>> > >>>>>>  Thank you very much.
>> > >>>>>>
>> > >>>>>>  Regards,
>> > >>>>>>  Fazli
>> > >>>>>>
>> > >>>>>>
>> > >>>>>> _______________________________________________
>> > >>>>>> Users mailing listUsers at lists.opennebula.orghttp://
>> lists.opennebula.org/listinfo.cgi/users-opennebula.org
>> > >>>>>>
>> > >>>>>>
>> > >>>>>>
>> > >>>>>> _______________________________________________
>> > >>>>>> Users mailing list
>> > >>>>>> Users at lists.opennebula.org
>> > >>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>> > >>>>>>
>> > >>>>>>
>> > >>>>>
>> > >>>>> _______________________________________________
>> > >>>>> Users mailing list
>> > >>>>> Users at lists.opennebula.org
>> > >>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>> > >>>>>
>> > >>>>>
>> > >>>>
>> > >>>
>> > >>
>> > >> _______________________________________________
>> > >> Users mailing list
>> > >> Users at lists.opennebula.org
>> > >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>> > >>
>> > >>
>> > >
>> > >
>> > > --
>> > > Valentin Bud
>> > > http://databus.pro | valentin at databus.pro
>> > >
>>
>
>


-- 
Valentin Bud
http://databus.pro | valentin at databus.pro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20131003/1cf4755d/attachment-0002.htm>


More information about the Users mailing list