[one-users] OpenNebula and DHCP Server

Ionut Popovici ionut at hackaserver.com
Thu Oct 3 07:08:02 PDT 2013


Did you guys activate ip_forward the packets to be routed tru networks ?
On 10/3/2013 2:44 PM, Valentin Bud wrote:
> Hi Fazli,
>
>
> On Thu, Oct 3, 2013 at 12:22 PM, M Fazli A Jalaluddin 
> <fazli.jalaluddin at gmail.com <mailto:fazli.jalaluddin at gmail.com>> wrote:
>
>     Hi Valentin,
>
>     Your assumption is correct.
>
>     My method is to use OpenNebula Virtual Router by refer to this
>     page [1] and Openvswitch.
>
>     I have installed Openvswitch in the host and I was able to deploy
>     VM in isolated network.
>
>     I try to deploy the VirtualRouter in a virtual network.
>
>
> In two virtual networks in fact, in the PUBNET which should be the 
> 192.168 network from br0 on the
> nodes and frontend and PRIVNET in the Open vSwitch network.
>
>
>     My problem is, I cannot ping it and cannot SSH into it.
>
>
> You should be able to connect to PUBNET's virtual IP Address from 
> within the 192.168 network.
>
> Or you could add an internal port to Open vSwitch bridge and try to 
> connect to PRIVNET's virtual
> IP Address of the VR.
>
>
>     From the documentation, I understand that the VirtualRouter needs
>     to be deploy as a VM in a specific virtual network and it will act
>     as the DHCP for the VMs in the same virtual network.
>     I also have included the example context in the VirtualRouter
>     template.
>
>     My VirtualRouter template:
>
>     NIC=[NETWORK_ID="0"]
>     NIC=[NETWORK_ID="9",IP="10.0.10.1"]
>     INPUT=[BUS="usb",TYPE="tablet"]
>     MEMORY="512"
>     OS=[ARCH="x86_64",BOOT="hd"]
>     GRAPHICS=[LISTEN="0.0.0.0",TYPE="SPICE"]
>     DISK=[IMAGE_ID="24"]
>     CPU="0.5"
>     CONTEXT=[TARGET="hdb",NETWORK="YES",FORWARDING="8080:10.0.10.2:80
>     <http://10.0.10.2:80> 10.0.10.2:22
>     <http://10.0.10.2:22>",DHCP="YES",PRIVNET="$NETWORK[TEMPLATE,
>     NETWORK=\"ovs .10\"]",TEMPLATE="TEMPLATE",SSH_PUBLIC_KEY="ssh-rsa
>     AAAAB3NzaC1yc2EAAAADAQABAAABAQCk+MN96iAn4uXRieJqyJG7WY32zW0LTXJBdISdjDLlp8QgFrxOdi9Aw2+eu+QSbVHwBsqOTimpOuzknisOhD4RPCTCT7G2/xaEUxWg0AB3ySrMZC3Dv5AgBy0CikFk50/CbwBtMjj2pRINm0axfP+cUT/VBhJRAiwVe2wsIOL/t2PGOy0O8Q2zjG1XfCVZPCYPOxj9Jk0y8DoMHp0ILA6gM7hGN4CKAQiXnbjv8WD9uFpRr7eruXQUdMuPn2wnyDMcCnzUEMtPUoPIy6gyAer3biRyEQkAXNJ+R1WXvX6Ah848MTyoICoA7KKIm9e3xe/SXMJxxOPHZLWSJSIRmhcd
>     hpc1 at hpc-workstation1",PUBNET="$NETWORK[TEMPLATE,
>     NETWORK=\"Virtual Network .113\"]",DNS="8.8.8.8 8.8.4.4"]
>
>
> This looks good and should work.
>
>
>     May I know how to actually use the VirtualRouter?
>
>
>     [1] http://opennebula.org/documentation:rel4.2:router
>
>
>
> Good Will,
>
>
>     On Thu, Oct 3, 2013 at 3:56 PM, Valentin Bud
>     <valentin.bud at gmail.com <mailto:valentin.bud at gmail.com>> wrote:
>
>         Hello Fazli,
>
>         I will make some assumptions about your infrastructure and provide
>         possible approach(es).
>
>         * Your KVM nodes have a single Ethernet interface, eth0,
>         connected in a
>           switch and a router used as the default gateway for the
>         192.168.1/24
>           network,
>
>         * Also the frontend is connected via the same switch with the
>         rest of
>           the nodes,
>
>         * You have a br0 bridge with eth0 connected to it on each node
>         and also
>           the frontend,
>
>         * Your frontend is also a node.
>
>         If you have access to the router the simplest way would be to
>         add an IP
>         Address alias on the router interface as the default gateway
>         for the new
>         network.
>
>         Configure a new network inside OpenNebula for that using the
>         chosen
>         subnet and the same bridge, br0.
>
>         I don't know if you have any kind of security policies in
>         place but be
>         careful that in this way there is no Layer 2 separation and
>         traffic
>         between the two subnets is visible with tcpdump or other sniffers.
>
>         The second approach I can think about is to have the frontend
>         configured
>         with the first IP Address from the new subnet on br0 and
>         define a new
>         network inside OpenNebula like the above.
>
>         I don't know if this would work though.The NAT must be done
>         for 10.100.0/24 over
>         192.168.1.X (the IP Address of frontend from 192.168.1/24
>         subnet). What
>         I don't know is if iptables can MASQUERADE subnets on the same
>         interface. Never tried it, it might work.
>
>         Another approach that come to mind is to use the Virtual
>         Router and
>         define a new subnet on the same br0 bridge. The Virtual Router
>         would
>         have an interface connected to 192.168.1/24 network and one in the
>         10.100.0/24 one. Setup it up to have the first IP Address from the
>         10.100.0/24 network so it is the default gateway.
>
>         The same applies, traffic over L2 is not separated in anyway.
>
>         One more idea :-) would be to use Open vSwitch and GRE tunnels
>         between
>         the nodes. In this way you can use VLANs and transport over
>         GRE between
>         nodes. You can also setup IPSec encrypted GRE tunnels if you want
>         security. It might be overkill but again it depends on your
>         requirements.
>
>         Another working setup I have done is to use tinc VPN [1]
>         between nodes
>         in switch mode and connect it to the Open vSwitch from each
>         host as a
>         port. This way traffic that travels between nodes is fully
>         encrypted and
>         you can use the same L2 network in a secure fashion.
>
>         But maybe the best approach would be to have a second network
>         card,
>         eth1, in each node. Connect that second card in an Open
>         vSwitch and use
>         VLANs with the frontend being the router, or any other node
>         for that
>         matter.
>
>         [1]: http://www.tinc-vpn.org/
>
>         Good Will,
>         Valentin
>
>         On Thu, Oct 03, 2013 at 09:18:41AM +0800, M Fazli A Jalaluddin
>         wrote:
>         > Hello Valentin,
>         >
>         > My setup for OpenNebula is 1 Front-end and several KVM
>         nodes. The front-end
>         > and nodes are using IP address 192.168.1.xxx and are able to
>         connect to the
>         > internet.
>         >
>         > The current networking setup for the VM is using dummy and
>         bridge, br0.
>         >
>         > So, for the VM able to access to the internet, is by
>         assigning them
>         > 192.168.1.xxx IP addresses.
>         >
>         > If I have many VMs, IP address 192.168.1.xxx will be depleted.
>         >
>         > Hence, I need to make a new private network such as,
>         10.0.1.xxx which will
>         > map to only a single 192.168.1.xxx, e.g 192.168.1.5.
>         >
>         > Thank you.
>         >
>         > Regards,
>         > Fazli
>         >
>         >
>         > On Wed, Oct 2, 2013 at 7:21 PM, Valentin Bud
>         <valentin.bud at gmail.com <mailto:valentin.bud at gmail.com>> wrote:
>         >
>         > > Hello Fazli,
>         > >
>         > > The Virtual Router documentation [1] is definitely a good
>         place to start.
>         > >
>         > >
>         > > On Wed, Oct 2, 2013 at 1:57 PM, M Fazli A Jalaluddin <
>         > > fazli.jalaluddin at gmail.com
>         <mailto:fazli.jalaluddin at gmail.com>> wrote:
>         > >
>         > >> Hi,
>         > >>
>         > >> Is there any tutorial on how to use the VirtualRouter?
>         > >>
>         > >> I have download the image from Marketplace and Deploy a
>         VM out of it.
>         > >>
>         > >> Then what should I do?
>         > >>
>         > >> My concern is that the Multiple VM will be able to be
>         assigned a private
>         > >> IP address (at the same time connect to the internet)
>         while the KVM host is
>         > >> using public IP address.
>         > >>
>         > >
>         > > I don't really understand your concern. Could you be more
>         specific?
>         > >
>         > > Yes, every VM will get a private IP address from the
>         Router in case you
>         > > connect it to the private
>         > > network. If you connect the VM to the public network too
>         you'd have to
>         > > setup the IP address on the VM.
>         > > If context package is installed in the VM it'll
>         autoconfigure the public
>         > > IP also.
>         > >
>         > > [1]: http://opennebula.org/documentation:rel4.2:router
>         > >
>         > > Good Will,
>         > >
>         > >
>         > >>
>         > >> Thank you
>         > >>
>         > >> On Wed, Oct 2, 2013 at 4:26 PM, Carlos Martín Sánchez <
>         > >> cmartin at opennebula.org <mailto:cmartin at opennebula.org>>
>         wrote:
>         > >>
>         > >>> Hi,
>         > >>>
>         > >>> On Wed, Oct 2, 2013 at 6:56 AM, M Fazli A Jalaluddin <
>         > >>> fazli.jalaluddin at gmail.com
>         <mailto:fazli.jalaluddin at gmail.com>> wrote:
>         > >>>
>         > >>> Hi,
>         > >>>>
>         > >>>> May I know if the Virtual Router provide NAT?
>         > >>>>
>         > >>>
>         > >>> Yes, look for the Full Router section in the documentation:
>         > >>> http://opennebula.org/documentation:rel4.2:router
>         > >>>
>         > >>> PS: Please reply also to the mailing list
>         > >>>
>         > >>> Regards.
>         > >>> --
>         > >>> Carlos Martín, MSc
>         > >>> Project Engineer
>         > >>> OpenNebula - Flexible Enterprise Cloud Made Simple
>         > >>> www.OpenNebula.org <http://www.OpenNebula.org> |
>         cmartin at opennebula.org <mailto:cmartin at opennebula.org> |
>         @OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org
>         <mailto:cmartin at opennebula.org>>
>         > >>>
>         > >>>
>         > >>> On Wed, Oct 2, 2013 at 6:56 AM, M Fazli A Jalaluddin <
>         > >>> fazli.jalaluddin at gmail.com
>         <mailto:fazli.jalaluddin at gmail.com>> wrote:
>         > >>>
>         > >>>> Hi,
>         > >>>>
>         > >>>> May I know if the Virtual Router provide NAT?
>         > >>>>
>         > >>>> Thank you
>         > >>>>
>         > >>>>
>         > >>>> On Thu, Sep 5, 2013 at 5:29 PM, Carlos Martín Sánchez <
>         > >>>> cmartin at opennebula.org <mailto:cmartin at opennebula.org>>
>         wrote:
>         > >>>>
>         > >>>>> Hi,
>         > >>>>>
>         > >>>>> Actually, we do provide a Virtual Router appliance
>         that contains a
>         > >>>>> DHCP server. It knows the correct IP assigned by
>         OpenNebula to each MAC.
>         > >>>>> See http://opennebula.org/documentation:rel4.2:router
>         > >>>>>
>         > >>>>> Regards
>         > >>>>>
>         > >>>>> --
>         > >>>>> Join us at OpenNebulaConf2013
>         <http://opennebulaconf.com> in Berlin,
>         > >>>>> 24-26 September, 2013
>         > >>>>> --
>         > >>>>> Carlos Martín, MSc
>         > >>>>> Project Engineer
>         > >>>>> OpenNebula - The Open-source Solution for Data Center
>         Virtualization
>         > >>>>> www.OpenNebula.org <http://www.OpenNebula.org> |
>         cmartin at opennebula.org <mailto:cmartin at opennebula.org> |
>         @OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org
>         <mailto:cmartin at opennebula.org>>
>         > >>>>>
>         > >>>>>
>         > >>>>> On Thu, Sep 5, 2013 at 8:55 AM, Ionut Popovici
>         <ionut at hackaserver.com <mailto:ionut at hackaserver.com>>wrote:
>         > >>>>>
>         > >>>>>>  No opennebula don't provide DHCP , you could use
>         vlans to brake the
>         > >>>>>> network, and u can use contextualization to get the
>         ip for virtual
>         > >>>>>> machines, if u use bridge mode is u should make rules
>         in iptables(ebtables)
>         > >>>>>> for udp dst port 67  and allow only response from
>         your DHCP server.
>         > >>>>>> Chears.
>         > >>>>>> On 9/5/2013 9:49 AM, Mohammad Fazli Ahmat Jalaluddin
>         wrote:
>         > >>>>>>
>         > >>>>>>     Hi guys,
>         > >>>>>>
>         > >>>>>> I just want to ask few questions.
>         > >>>>>>
>         > >>>>>> Does OpenNebula act as a DHCP Server and give IP
>         address to the VM if
>         > >>>>>> it is not contextualized in the first place?
>         > >>>>>>
>         > >>>>>> When the VM is deploy (without context), e.g Ubuntu
>         server default
>         > >>>>>> network configuration is using DHCP, and thus the IP
>         for the VM is
>         > >>>>>> different with the one that OpenNebula uses from the
>         vnet lease.
>         > >>>>>>
>         > >>>>>>  Is the IP address in the VM is given by OpenNebula
>         (act as the DHCP
>         > >>>>>> server) or given by our network existing DHCP server?
>         > >>>>>>
>         > >>>>>>  The reason I'm asking is because our network is
>         poisoned since there
>         > >>>>>> are 2 DHCP server. BTW, our OpenNebula configuration
>         for the network is
>         > >>>>>> using dummy and using bridge in the frontend
>         > >>>>>>
>         > >>>>>>  Thank you very much.
>         > >>>>>>
>         > >>>>>>  Regards,
>         > >>>>>>  Fazli
>         > >>>>>>
>         > >>>>>>
>         > >>>>>> _______________________________________________
>         > >>>>>> Users mailing
>         listUsers at lists.opennebula.orghttp://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>         <http://lists.opennebula.org/listinfo.cgi/users-opennebula.org>
>         > >>>>>>
>         > >>>>>>
>         > >>>>>>
>         > >>>>>> _______________________________________________
>         > >>>>>> Users mailing list
>         > >>>>>> Users at lists.opennebula.org
>         <mailto:Users at lists.opennebula.org>
>         > >>>>>>
>         http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>         > >>>>>>
>         > >>>>>>
>         > >>>>>
>         > >>>>> _______________________________________________
>         > >>>>> Users mailing list
>         > >>>>> Users at lists.opennebula.org
>         <mailto:Users at lists.opennebula.org>
>         > >>>>>
>         http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>         > >>>>>
>         > >>>>>
>         > >>>>
>         > >>>
>         > >>
>         > >> _______________________________________________
>         > >> Users mailing list
>         > >> Users at lists.opennebula.org
>         <mailto:Users at lists.opennebula.org>
>         > >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>         > >>
>         > >>
>         > >
>         > >
>         > > --
>         > > Valentin Bud
>         > > http://databus.pro | valentin at databus.pro
>         <mailto:valentin at databus.pro>
>         > >
>
>
>
>
>
> -- 
> Valentin Bud
> http://databus.pro | valentin at databus.pro <mailto:valentin at databus.pro>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20131003/bea00f61/attachment-0002.htm>


More information about the Users mailing list