[one-users] OpenNebula and DHCP Server
Ionut Popovici
ionut at hackaserver.com
Thu Oct 3 07:08:02 PDT 2013
Did you guys activate ip_forward the packets to be routed tru networks ?
On 10/3/2013 2:44 PM, Valentin Bud wrote:
> Hi Fazli,
>
>
> On Thu, Oct 3, 2013 at 12:22 PM, M Fazli A Jalaluddin
> <fazli.jalaluddin at gmail.com <mailto:fazli.jalaluddin at gmail.com>> wrote:
>
> Hi Valentin,
>
> Your assumption is correct.
>
> My method is to use OpenNebula Virtual Router by refer to this
> page [1] and Openvswitch.
>
> I have installed Openvswitch in the host and I was able to deploy
> VM in isolated network.
>
> I try to deploy the VirtualRouter in a virtual network.
>
>
> In two virtual networks in fact, in the PUBNET which should be the
> 192.168 network from br0 on the
> nodes and frontend and PRIVNET in the Open vSwitch network.
>
>
> My problem is, I cannot ping it and cannot SSH into it.
>
>
> You should be able to connect to PUBNET's virtual IP Address from
> within the 192.168 network.
>
> Or you could add an internal port to Open vSwitch bridge and try to
> connect to PRIVNET's virtual
> IP Address of the VR.
>
>
> From the documentation, I understand that the VirtualRouter needs
> to be deploy as a VM in a specific virtual network and it will act
> as the DHCP for the VMs in the same virtual network.
> I also have included the example context in the VirtualRouter
> template.
>
> My VirtualRouter template:
>
> NIC=[NETWORK_ID="0"]
> NIC=[NETWORK_ID="9",IP="10.0.10.1"]
> INPUT=[BUS="usb",TYPE="tablet"]
> MEMORY="512"
> OS=[ARCH="x86_64",BOOT="hd"]
> GRAPHICS=[LISTEN="0.0.0.0",TYPE="SPICE"]
> DISK=[IMAGE_ID="24"]
> CPU="0.5"
> CONTEXT=[TARGET="hdb",NETWORK="YES",FORWARDING="8080:10.0.10.2:80
> <http://10.0.10.2:80> 10.0.10.2:22
> <http://10.0.10.2:22>",DHCP="YES",PRIVNET="$NETWORK[TEMPLATE,
> NETWORK=\"ovs .10\"]",TEMPLATE="TEMPLATE",SSH_PUBLIC_KEY="ssh-rsa
> AAAAB3NzaC1yc2EAAAADAQABAAABAQCk+MN96iAn4uXRieJqyJG7WY32zW0LTXJBdISdjDLlp8QgFrxOdi9Aw2+eu+QSbVHwBsqOTimpOuzknisOhD4RPCTCT7G2/xaEUxWg0AB3ySrMZC3Dv5AgBy0CikFk50/CbwBtMjj2pRINm0axfP+cUT/VBhJRAiwVe2wsIOL/t2PGOy0O8Q2zjG1XfCVZPCYPOxj9Jk0y8DoMHp0ILA6gM7hGN4CKAQiXnbjv8WD9uFpRr7eruXQUdMuPn2wnyDMcCnzUEMtPUoPIy6gyAer3biRyEQkAXNJ+R1WXvX6Ah848MTyoICoA7KKIm9e3xe/SXMJxxOPHZLWSJSIRmhcd
> hpc1 at hpc-workstation1",PUBNET="$NETWORK[TEMPLATE,
> NETWORK=\"Virtual Network .113\"]",DNS="8.8.8.8 8.8.4.4"]
>
>
> This looks good and should work.
>
>
> May I know how to actually use the VirtualRouter?
>
>
> [1] http://opennebula.org/documentation:rel4.2:router
>
>
>
> Good Will,
>
>
> On Thu, Oct 3, 2013 at 3:56 PM, Valentin Bud
> <valentin.bud at gmail.com <mailto:valentin.bud at gmail.com>> wrote:
>
> Hello Fazli,
>
> I will make some assumptions about your infrastructure and provide
> possible approach(es).
>
> * Your KVM nodes have a single Ethernet interface, eth0,
> connected in a
> switch and a router used as the default gateway for the
> 192.168.1/24
> network,
>
> * Also the frontend is connected via the same switch with the
> rest of
> the nodes,
>
> * You have a br0 bridge with eth0 connected to it on each node
> and also
> the frontend,
>
> * Your frontend is also a node.
>
> If you have access to the router the simplest way would be to
> add an IP
> Address alias on the router interface as the default gateway
> for the new
> network.
>
> Configure a new network inside OpenNebula for that using the
> chosen
> subnet and the same bridge, br0.
>
> I don't know if you have any kind of security policies in
> place but be
> careful that in this way there is no Layer 2 separation and
> traffic
> between the two subnets is visible with tcpdump or other sniffers.
>
> The second approach I can think about is to have the frontend
> configured
> with the first IP Address from the new subnet on br0 and
> define a new
> network inside OpenNebula like the above.
>
> I don't know if this would work though.The NAT must be done
> for 10.100.0/24 over
> 192.168.1.X (the IP Address of frontend from 192.168.1/24
> subnet). What
> I don't know is if iptables can MASQUERADE subnets on the same
> interface. Never tried it, it might work.
>
> Another approach that come to mind is to use the Virtual
> Router and
> define a new subnet on the same br0 bridge. The Virtual Router
> would
> have an interface connected to 192.168.1/24 network and one in the
> 10.100.0/24 one. Setup it up to have the first IP Address from the
> 10.100.0/24 network so it is the default gateway.
>
> The same applies, traffic over L2 is not separated in anyway.
>
> One more idea :-) would be to use Open vSwitch and GRE tunnels
> between
> the nodes. In this way you can use VLANs and transport over
> GRE between
> nodes. You can also setup IPSec encrypted GRE tunnels if you want
> security. It might be overkill but again it depends on your
> requirements.
>
> Another working setup I have done is to use tinc VPN [1]
> between nodes
> in switch mode and connect it to the Open vSwitch from each
> host as a
> port. This way traffic that travels between nodes is fully
> encrypted and
> you can use the same L2 network in a secure fashion.
>
> But maybe the best approach would be to have a second network
> card,
> eth1, in each node. Connect that second card in an Open
> vSwitch and use
> VLANs with the frontend being the router, or any other node
> for that
> matter.
>
> [1]: http://www.tinc-vpn.org/
>
> Good Will,
> Valentin
>
> On Thu, Oct 03, 2013 at 09:18:41AM +0800, M Fazli A Jalaluddin
> wrote:
> > Hello Valentin,
> >
> > My setup for OpenNebula is 1 Front-end and several KVM
> nodes. The front-end
> > and nodes are using IP address 192.168.1.xxx and are able to
> connect to the
> > internet.
> >
> > The current networking setup for the VM is using dummy and
> bridge, br0.
> >
> > So, for the VM able to access to the internet, is by
> assigning them
> > 192.168.1.xxx IP addresses.
> >
> > If I have many VMs, IP address 192.168.1.xxx will be depleted.
> >
> > Hence, I need to make a new private network such as,
> 10.0.1.xxx which will
> > map to only a single 192.168.1.xxx, e.g 192.168.1.5.
> >
> > Thank you.
> >
> > Regards,
> > Fazli
> >
> >
> > On Wed, Oct 2, 2013 at 7:21 PM, Valentin Bud
> <valentin.bud at gmail.com <mailto:valentin.bud at gmail.com>> wrote:
> >
> > > Hello Fazli,
> > >
> > > The Virtual Router documentation [1] is definitely a good
> place to start.
> > >
> > >
> > > On Wed, Oct 2, 2013 at 1:57 PM, M Fazli A Jalaluddin <
> > > fazli.jalaluddin at gmail.com
> <mailto:fazli.jalaluddin at gmail.com>> wrote:
> > >
> > >> Hi,
> > >>
> > >> Is there any tutorial on how to use the VirtualRouter?
> > >>
> > >> I have download the image from Marketplace and Deploy a
> VM out of it.
> > >>
> > >> Then what should I do?
> > >>
> > >> My concern is that the Multiple VM will be able to be
> assigned a private
> > >> IP address (at the same time connect to the internet)
> while the KVM host is
> > >> using public IP address.
> > >>
> > >
> > > I don't really understand your concern. Could you be more
> specific?
> > >
> > > Yes, every VM will get a private IP address from the
> Router in case you
> > > connect it to the private
> > > network. If you connect the VM to the public network too
> you'd have to
> > > setup the IP address on the VM.
> > > If context package is installed in the VM it'll
> autoconfigure the public
> > > IP also.
> > >
> > > [1]: http://opennebula.org/documentation:rel4.2:router
> > >
> > > Good Will,
> > >
> > >
> > >>
> > >> Thank you
> > >>
> > >> On Wed, Oct 2, 2013 at 4:26 PM, Carlos Martín Sánchez <
> > >> cmartin at opennebula.org <mailto:cmartin at opennebula.org>>
> wrote:
> > >>
> > >>> Hi,
> > >>>
> > >>> On Wed, Oct 2, 2013 at 6:56 AM, M Fazli A Jalaluddin <
> > >>> fazli.jalaluddin at gmail.com
> <mailto:fazli.jalaluddin at gmail.com>> wrote:
> > >>>
> > >>> Hi,
> > >>>>
> > >>>> May I know if the Virtual Router provide NAT?
> > >>>>
> > >>>
> > >>> Yes, look for the Full Router section in the documentation:
> > >>> http://opennebula.org/documentation:rel4.2:router
> > >>>
> > >>> PS: Please reply also to the mailing list
> > >>>
> > >>> Regards.
> > >>> --
> > >>> Carlos Martín, MSc
> > >>> Project Engineer
> > >>> OpenNebula - Flexible Enterprise Cloud Made Simple
> > >>> www.OpenNebula.org <http://www.OpenNebula.org> |
> cmartin at opennebula.org <mailto:cmartin at opennebula.org> |
> @OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org
> <mailto:cmartin at opennebula.org>>
> > >>>
> > >>>
> > >>> On Wed, Oct 2, 2013 at 6:56 AM, M Fazli A Jalaluddin <
> > >>> fazli.jalaluddin at gmail.com
> <mailto:fazli.jalaluddin at gmail.com>> wrote:
> > >>>
> > >>>> Hi,
> > >>>>
> > >>>> May I know if the Virtual Router provide NAT?
> > >>>>
> > >>>> Thank you
> > >>>>
> > >>>>
> > >>>> On Thu, Sep 5, 2013 at 5:29 PM, Carlos Martín Sánchez <
> > >>>> cmartin at opennebula.org <mailto:cmartin at opennebula.org>>
> wrote:
> > >>>>
> > >>>>> Hi,
> > >>>>>
> > >>>>> Actually, we do provide a Virtual Router appliance
> that contains a
> > >>>>> DHCP server. It knows the correct IP assigned by
> OpenNebula to each MAC.
> > >>>>> See http://opennebula.org/documentation:rel4.2:router
> > >>>>>
> > >>>>> Regards
> > >>>>>
> > >>>>> --
> > >>>>> Join us at OpenNebulaConf2013
> <http://opennebulaconf.com> in Berlin,
> > >>>>> 24-26 September, 2013
> > >>>>> --
> > >>>>> Carlos Martín, MSc
> > >>>>> Project Engineer
> > >>>>> OpenNebula - The Open-source Solution for Data Center
> Virtualization
> > >>>>> www.OpenNebula.org <http://www.OpenNebula.org> |
> cmartin at opennebula.org <mailto:cmartin at opennebula.org> |
> @OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org
> <mailto:cmartin at opennebula.org>>
> > >>>>>
> > >>>>>
> > >>>>> On Thu, Sep 5, 2013 at 8:55 AM, Ionut Popovici
> <ionut at hackaserver.com <mailto:ionut at hackaserver.com>>wrote:
> > >>>>>
> > >>>>>> No opennebula don't provide DHCP , you could use
> vlans to brake the
> > >>>>>> network, and u can use contextualization to get the
> ip for virtual
> > >>>>>> machines, if u use bridge mode is u should make rules
> in iptables(ebtables)
> > >>>>>> for udp dst port 67 and allow only response from
> your DHCP server.
> > >>>>>> Chears.
> > >>>>>> On 9/5/2013 9:49 AM, Mohammad Fazli Ahmat Jalaluddin
> wrote:
> > >>>>>>
> > >>>>>> Hi guys,
> > >>>>>>
> > >>>>>> I just want to ask few questions.
> > >>>>>>
> > >>>>>> Does OpenNebula act as a DHCP Server and give IP
> address to the VM if
> > >>>>>> it is not contextualized in the first place?
> > >>>>>>
> > >>>>>> When the VM is deploy (without context), e.g Ubuntu
> server default
> > >>>>>> network configuration is using DHCP, and thus the IP
> for the VM is
> > >>>>>> different with the one that OpenNebula uses from the
> vnet lease.
> > >>>>>>
> > >>>>>> Is the IP address in the VM is given by OpenNebula
> (act as the DHCP
> > >>>>>> server) or given by our network existing DHCP server?
> > >>>>>>
> > >>>>>> The reason I'm asking is because our network is
> poisoned since there
> > >>>>>> are 2 DHCP server. BTW, our OpenNebula configuration
> for the network is
> > >>>>>> using dummy and using bridge in the frontend
> > >>>>>>
> > >>>>>> Thank you very much.
> > >>>>>>
> > >>>>>> Regards,
> > >>>>>> Fazli
> > >>>>>>
> > >>>>>>
> > >>>>>> _______________________________________________
> > >>>>>> Users mailing
> listUsers at lists.opennebula.orghttp://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> <http://lists.opennebula.org/listinfo.cgi/users-opennebula.org>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> _______________________________________________
> > >>>>>> Users mailing list
> > >>>>>> Users at lists.opennebula.org
> <mailto:Users at lists.opennebula.org>
> > >>>>>>
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> > >>>>>>
> > >>>>>>
> > >>>>>
> > >>>>> _______________________________________________
> > >>>>> Users mailing list
> > >>>>> Users at lists.opennebula.org
> <mailto:Users at lists.opennebula.org>
> > >>>>>
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> > >>>>>
> > >>>>>
> > >>>>
> > >>>
> > >>
> > >> _______________________________________________
> > >> Users mailing list
> > >> Users at lists.opennebula.org
> <mailto:Users at lists.opennebula.org>
> > >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> > >>
> > >>
> > >
> > >
> > > --
> > > Valentin Bud
> > > http://databus.pro | valentin at databus.pro
> <mailto:valentin at databus.pro>
> > >
>
>
>
>
>
> --
> Valentin Bud
> http://databus.pro | valentin at databus.pro <mailto:valentin at databus.pro>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20131003/bea00f61/attachment-0002.htm>
More information about the Users
mailing list