<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">Did you guys activate ip_forward the
      packets to be routed tru networks ?<br>
      On 10/3/2013 2:44 PM, Valentin Bud wrote:<br>
    </div>
    <blockquote
cite="mid:CALb5eVa5wcJvs0+KigN0o7WZxQcDm28_voBKhRx=RZG8Yp-QQQ@mail.gmail.com"
      type="cite">
      <div dir="ltr">Hi Fazli,<br>
        <div class="gmail_extra"><br>
          <br>
          <div class="gmail_quote">On Thu, Oct 3, 2013 at 12:22 PM, M
            Fazli A Jalaluddin <span dir="ltr"><<a
                moz-do-not-send="true"
                href="mailto:fazli.jalaluddin@gmail.com" target="_blank">fazli.jalaluddin@gmail.com</a>></span>
            wrote:<br>
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex">
              <div dir="ltr">
                <div>
                  <div>
                    <div>
                      <div>
                        <div>
                          <div>Hi Valentin,<br>
                            <br>
                          </div>
                          Your assumption is correct.<br>
                          <br>
                        </div>
                        My method is to use OpenNebula Virtual Router by
                        refer to this page [1] and Openvswitch.<br>
                        <br>
                      </div>
                      I have installed Openvswitch in the host and I was
                      able to deploy VM in isolated network.   <br>
                      <br>
                    </div>
                    I try to deploy the VirtualRouter in a virtual
                    network.<br>
                  </div>
                </div>
              </div>
            </blockquote>
            <div><br>
            </div>
            <div>In two virtual networks in fact, in the PUBNET which
              should be the 192.168 network from br0 on the</div>
            <div>nodes and frontend and PRIVNET in the Open vSwitch
              network.</div>
            <div> </div>
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex">
              <div dir="ltr">
                <div>
                  <div><br>
                  </div>
                  My problem is, I cannot ping it and cannot SSH into
                  it.<br>
                </div>
              </div>
            </blockquote>
            <div><br>
            </div>
            <div>You should be able to connect to PUBNET's virtual IP
              Address from within the 192.168 network.</div>
            <div><br>
            </div>
            <div>Or you could add an internal port to Open vSwitch
              bridge and try to connect to PRIVNET's virtual</div>
            <div>IP Address of the VR.</div>
            <div> </div>
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex">
              <div dir="ltr">
                <div><br>
                </div>
                <div>From the documentation, I understand that the
                  VirtualRouter needs to be deploy as a VM in a specific
                  virtual network and it will act as the DHCP for the
                  VMs in the same virtual network.<br>
                </div>
                <div>I also have included the example context in the
                  VirtualRouter template.<br>
                  <br>
                </div>
                <div>My VirtualRouter template:<br>
                  <br>
                  NIC=[NETWORK_ID="0"]<br>
                  NIC=[NETWORK_ID="9",IP="10.0.10.1"]<br>
                  INPUT=[BUS="usb",TYPE="tablet"]<br>
                  MEMORY="512"<br>
                  OS=[ARCH="x86_64",BOOT="hd"]<br>
                  GRAPHICS=[LISTEN="0.0.0.0",TYPE="SPICE"]<br>
                  DISK=[IMAGE_ID="24"]<br>
                  CPU="0.5"<br>
                  CONTEXT=[TARGET="hdb",NETWORK="YES",FORWARDING="8080:<a
                    moz-do-not-send="true" href="http://10.0.10.2:80"
                    target="_blank">10.0.10.2:80</a> <a
                    moz-do-not-send="true" href="http://10.0.10.2:22"
                    target="_blank">10.0.10.2:22</a>",DHCP="YES",PRIVNET="$NETWORK[TEMPLATE,
                  NETWORK=\"ovs
                  .10\"]",TEMPLATE="TEMPLATE",SSH_PUBLIC_KEY="ssh-rsa
                  AAAAB3NzaC1yc2EAAAADAQABAAABAQCk+MN96iAn4uXRieJqyJG7WY32zW0LTXJBdISdjDLlp8QgFrxOdi9Aw2+eu+QSbVHwBsqOTimpOuzknisOhD4RPCTCT7G2/xaEUxWg0AB3ySrMZC3Dv5AgBy0CikFk50/CbwBtMjj2pRINm0axfP+cUT/VBhJRAiwVe2wsIOL/t2PGOy0O8Q2zjG1XfCVZPCYPOxj9Jk0y8DoMHp0ILA6gM7hGN4CKAQiXnbjv8WD9uFpRr7eruXQUdMuPn2wnyDMcCnzUEMtPUoPIy6gyAer3biRyEQkAXNJ+R1WXvX6Ah848MTyoICoA7KKIm9e3xe/SXMJxxOPHZLWSJSIRmhcd

                  hpc1@hpc-workstation1",PUBNET="$NETWORK[TEMPLATE,
                  NETWORK=\"Virtual Network .113\"]",DNS="8.8.8.8
                  8.8.4.4"]<br>
                </div>
              </div>
            </blockquote>
            <div><br>
            </div>
            <div>This looks good and should work.</div>
            <div> </div>
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex">
              <div dir="ltr">
                <div><br>
                </div>
                May I know how to actually use the VirtualRouter?
                <div class="im"><br>
                  <div>
                    <div><br>
                      [1] <a moz-do-not-send="true"
                        href="http://opennebula.org/documentation:rel4.2:router"
                        target="_blank">http://opennebula.org/documentation:rel4.2:router</a><br>
                      <br>
                    </div>
                  </div>
                </div>
              </div>
              <div class="HOEnZb">
                <div class="h5">
                  <div class="gmail_extra"><br>
                  </div>
                </div>
              </div>
            </blockquote>
            <div><br>
            </div>
            <div>Good Will,</div>
            <div> </div>
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex">
              <div class="HOEnZb">
                <div class="h5">
                  <div class="gmail_extra"><br>
                    <div class="gmail_quote">On Thu, Oct 3, 2013 at 3:56
                      PM, Valentin Bud <span dir="ltr"><<a
                          moz-do-not-send="true"
                          href="mailto:valentin.bud@gmail.com"
                          target="_blank">valentin.bud@gmail.com</a>></span>
                      wrote:<br>
                      <blockquote class="gmail_quote" style="margin:0 0
                        0 .8ex;border-left:1px #ccc
                        solid;padding-left:1ex">Hello Fazli,<br>
                        <br>
                        I will make some assumptions about your
                        infrastructure and provide<br>
                        possible approach(es).<br>
                        <br>
                        * Your KVM nodes have a single Ethernet
                        interface, eth0, connected in a<br>
                          switch and a router used as the default
                        gateway for the 192.168.1/24<br>
                          network,<br>
                        <br>
                        * Also the frontend is connected via the same
                        switch with the rest of<br>
                          the nodes,<br>
                        <br>
                        * You have a br0 bridge with eth0 connected to
                        it on each node and also<br>
                          the frontend,<br>
                        <br>
                        * Your frontend is also a node.<br>
                        <br>
                        If you have access to the router the simplest
                        way would be to add an IP<br>
                        Address alias on the router interface as the
                        default gateway for the new<br>
                        network.<br>
                        <br>
                        Configure a new network inside OpenNebula for
                        that using the chosen<br>
                        subnet and the same bridge, br0.<br>
                        <br>
                        I don't know if you have any kind of security
                        policies in place but be<br>
                        careful that in this way there is no Layer 2
                        separation and traffic<br>
                        between the two subnets is visible with tcpdump
                        or other sniffers.<br>
                        <br>
                        The second approach I can think about is to have
                        the frontend configured<br>
                        with the first IP Address from the new subnet on
                        br0 and define a new<br>
                        network inside OpenNebula like the above.<br>
                        <br>
                        I don't know if this would work though.The NAT
                        must be done for 10.100.0/24 over<br>
                        192.168.1.X (the IP Address of frontend from
                        192.168.1/24 subnet). What<br>
                        I don't know is if iptables can MASQUERADE
                        subnets on the same<br>
                        interface. Never tried it, it might work.<br>
                        <br>
                        Another approach that come to mind is to use the
                        Virtual Router and<br>
                        define a new subnet on the same br0 bridge. The
                        Virtual Router would<br>
                        have an interface connected to 192.168.1/24
                        network and one in the<br>
                        10.100.0/24 one. Setup it up to have the first
                        IP Address from the<br>
                        10.100.0/24 network so it is the default
                        gateway.<br>
                        <br>
                        The same applies, traffic over L2 is not
                        separated in anyway.<br>
                        <br>
                        One more idea :-) would be to use Open vSwitch
                        and GRE tunnels between<br>
                        the nodes. In this way you can use VLANs and
                        transport over GRE between<br>
                        nodes. You can also setup IPSec encrypted GRE
                        tunnels if you want<br>
                        security. It might be overkill but again it
                        depends on your<br>
                        requirements.<br>
                        <br>
                        Another working setup I have done is to use tinc
                        VPN [1] between nodes<br>
                        in switch mode and connect it to the Open
                        vSwitch from each host as a<br>
                        port. This way traffic that travels between
                        nodes is fully encrypted and<br>
                        you can use the same L2 network in a secure
                        fashion.<br>
                        <br>
                        But maybe the best approach would be to have a
                        second network card,<br>
                        eth1, in each node. Connect that second card in
                        an Open vSwitch and use<br>
                        VLANs with the frontend being the router, or any
                        other node for that<br>
                        matter.<br>
                        <br>
                        [1]: <a moz-do-not-send="true"
                          href="http://www.tinc-vpn.org/"
                          target="_blank">http://www.tinc-vpn.org/</a><br>
                        <br>
                        Good Will,<br>
                        Valentin<br>
                        <div>
                          <div><br>
                            On Thu, Oct 03, 2013 at 09:18:41AM +0800, M
                            Fazli A Jalaluddin wrote:<br>
                            > Hello Valentin,<br>
                            ><br>
                            > My setup for OpenNebula is 1 Front-end
                            and several KVM nodes. The front-end<br>
                            > and nodes are using IP address
                            192.168.1.xxx and are able to connect to the<br>
                            > internet.<br>
                            ><br>
                            > The current networking setup for the VM
                            is using dummy and bridge, br0.<br>
                            ><br>
                            > So, for the VM able to access to the
                            internet, is by assigning them<br>
                            > 192.168.1.xxx IP addresses.<br>
                            ><br>
                            > If I have many VMs, IP address
                            192.168.1.xxx will be depleted.<br>
                            ><br>
                            > Hence, I need to make a new private
                            network such as, 10.0.1.xxx which will<br>
                            > map to only a single 192.168.1.xxx, e.g
                            192.168.1.5.<br>
                            ><br>
                            > Thank you.<br>
                            ><br>
                            > Regards,<br>
                            > Fazli<br>
                            ><br>
                            ><br>
                            > On Wed, Oct 2, 2013 at 7:21 PM,
                            Valentin Bud <<a moz-do-not-send="true"
                              href="mailto:valentin.bud@gmail.com"
                              target="_blank">valentin.bud@gmail.com</a>>
                            wrote:<br>
                            ><br>
                            > > Hello Fazli,<br>
                            > ><br>
                            > > The Virtual Router documentation
                            [1] is definitely a good place to start.<br>
                            > ><br>
                            > ><br>
                            > > On Wed, Oct 2, 2013 at 1:57 PM, M
                            Fazli A Jalaluddin <<br>
                            > > <a moz-do-not-send="true"
                              href="mailto:fazli.jalaluddin@gmail.com"
                              target="_blank">fazli.jalaluddin@gmail.com</a>>
                            wrote:<br>
                            > ><br>
                            > >> Hi,<br>
                            > >><br>
                            > >> Is there any tutorial on how
                            to use the VirtualRouter?<br>
                            > >><br>
                            > >> I have download the image from
                            Marketplace and Deploy a VM out of it.<br>
                            > >><br>
                            > >> Then what should I do?<br>
                            > >><br>
                            > >> My concern is that the
                            Multiple VM will be able to be assigned a
                            private<br>
                            > >> IP address (at the same time
                            connect to the internet) while the KVM host
                            is<br>
                            > >> using public IP address.<br>
                            > >><br>
                            > ><br>
                            > > I don't really understand your
                            concern. Could you be more specific?<br>
                            > ><br>
                            > > Yes, every VM will get a private
                            IP address from the Router in case you<br>
                            > > connect it to the private<br>
                            > > network. If you connect the VM to
                            the public network too you'd have to<br>
                            > > setup the IP address on the VM.<br>
                            > > If context package is installed in
                            the VM it'll autoconfigure the public<br>
                            > > IP also.<br>
                            > ><br>
                            > > [1]: <a moz-do-not-send="true"
                              href="http://opennebula.org/documentation:rel4.2:router"
                              target="_blank">http://opennebula.org/documentation:rel4.2:router</a><br>
                            > ><br>
                            > > Good Will,<br>
                            > ><br>
                            > ><br>
                            > >><br>
                            > >> Thank you<br>
                            > >><br>
                            > >> On Wed, Oct 2, 2013 at 4:26
                            PM, Carlos Martín Sánchez <<br>
                            > >> <a moz-do-not-send="true"
                              href="mailto:cmartin@opennebula.org"
                              target="_blank">cmartin@opennebula.org</a>>
                            wrote:<br>
                            > >><br>
                            > >>> Hi,<br>
                            > >>><br>
                            > >>> On Wed, Oct 2, 2013 at
                            6:56 AM, M Fazli A Jalaluddin <<br>
                            > >>> <a moz-do-not-send="true"
                              href="mailto:fazli.jalaluddin@gmail.com"
                              target="_blank">fazli.jalaluddin@gmail.com</a>>
                            wrote:<br>
                            > >>><br>
                            > >>> Hi,<br>
                            > >>>><br>
                            > >>>> May I know if the
                            Virtual Router provide NAT?<br>
                            > >>>><br>
                            > >>><br>
                            > >>> Yes, look for the Full
                            Router section in the documentation:<br>
                            > >>> <a moz-do-not-send="true"
href="http://opennebula.org/documentation:rel4.2:router" target="_blank">http://opennebula.org/documentation:rel4.2:router</a><br>
                            > >>><br>
                            > >>> PS: Please reply also to
                            the mailing list<br>
                            > >>><br>
                            > >>> Regards.<br>
                            > >>> --<br>
                            > >>> Carlos Martín, MSc<br>
                            > >>> Project Engineer<br>
                            > >>> OpenNebula - Flexible
                            Enterprise Cloud Made Simple<br>
                          </div>
                        </div>
                        > >>> <a moz-do-not-send="true"
                          href="http://www.OpenNebula.org"
                          target="_blank">www.OpenNebula.org</a> | <a
                          moz-do-not-send="true"
                          href="mailto:cmartin@opennebula.org"
                          target="_blank">cmartin@opennebula.org</a> |
                        @OpenNebula<<a moz-do-not-send="true"
                          href="http://twitter.com/opennebula"
                          target="_blank">http://twitter.com/opennebula</a>><<a
                          moz-do-not-send="true"
                          href="mailto:cmartin@opennebula.org"
                          target="_blank">cmartin@opennebula.org</a>><br>
                        <div>> >>><br>
                          > >>><br>
                          > >>> On Wed, Oct 2, 2013 at 6:56
                          AM, M Fazli A Jalaluddin <<br>
                          > >>> <a moz-do-not-send="true"
                            href="mailto:fazli.jalaluddin@gmail.com"
                            target="_blank">fazli.jalaluddin@gmail.com</a>>
                          wrote:<br>
                          > >>><br>
                          > >>>> Hi,<br>
                          > >>>><br>
                          > >>>> May I know if the
                          Virtual Router provide NAT?<br>
                          > >>>><br>
                          > >>>> Thank you<br>
                          > >>>><br>
                          > >>>><br>
                          > >>>> On Thu, Sep 5, 2013 at
                          5:29 PM, Carlos Martín Sánchez <<br>
                          > >>>> <a
                            moz-do-not-send="true"
                            href="mailto:cmartin@opennebula.org"
                            target="_blank">cmartin@opennebula.org</a>>
                          wrote:<br>
                          > >>>><br>
                          > >>>>> Hi,<br>
                          > >>>>><br>
                          > >>>>> Actually, we do
                          provide a Virtual Router appliance that
                          contains a<br>
                          > >>>>> DHCP server. It
                          knows the correct IP assigned by OpenNebula to
                          each MAC.<br>
                          > >>>>> See <a
                            moz-do-not-send="true"
                            href="http://opennebula.org/documentation:rel4.2:router"
                            target="_blank">http://opennebula.org/documentation:rel4.2:router</a><br>
                          > >>>>><br>
                          > >>>>> Regards<br>
                          > >>>>><br>
                          > >>>>> --<br>
                        </div>
                        > >>>>> Join us at
                        OpenNebulaConf2013 <<a moz-do-not-send="true"
                          href="http://opennebulaconf.com"
                          target="_blank">http://opennebulaconf.com</a>>
                        in Berlin,<br>
                        <div>> >>>>> 24-26 September,
                          2013<br>
                          > >>>>> --<br>
                          > >>>>> Carlos Martín, MSc<br>
                          > >>>>> Project Engineer<br>
                          > >>>>> OpenNebula - The
                          Open-source Solution for Data Center
                          Virtualization<br>
                        </div>
                        > >>>>> <a
                          moz-do-not-send="true"
                          href="http://www.OpenNebula.org"
                          target="_blank">www.OpenNebula.org</a> | <a
                          moz-do-not-send="true"
                          href="mailto:cmartin@opennebula.org"
                          target="_blank">cmartin@opennebula.org</a> |
                        @OpenNebula<<a moz-do-not-send="true"
                          href="http://twitter.com/opennebula"
                          target="_blank">http://twitter.com/opennebula</a>><<a
                          moz-do-not-send="true"
                          href="mailto:cmartin@opennebula.org"
                          target="_blank">cmartin@opennebula.org</a>><br>
                        <div>> >>>>><br>
                          > >>>>><br>
                          > >>>>> On Thu, Sep 5, 2013
                          at 8:55 AM, Ionut Popovici <<a
                            moz-do-not-send="true"
                            href="mailto:ionut@hackaserver.com"
                            target="_blank">ionut@hackaserver.com</a>>wrote:<br>
                          > >>>>><br>
                          > >>>>>>  No opennebula
                          don't provide DHCP , you could use vlans to
                          brake the<br>
                          > >>>>>> network, and u
                          can use contextualization to get the ip for
                          virtual<br>
                          > >>>>>> machines, if u
                          use bridge mode is u should make rules in
                          iptables(ebtables)<br>
                          > >>>>>> for udp dst port
                          67  and allow only response from your DHCP
                          server.<br>
                          > >>>>>> Chears.<br>
                          > >>>>>> On 9/5/2013 9:49
                          AM, Mohammad Fazli Ahmat Jalaluddin wrote:<br>
                          > >>>>>><br>
                          > >>>>>>     Hi guys,<br>
                          > >>>>>><br>
                          > >>>>>> I just want to
                          ask few questions.<br>
                          > >>>>>><br>
                          > >>>>>> Does OpenNebula
                          act as a DHCP Server and give IP address to
                          the VM if<br>
                          > >>>>>> it is not
                          contextualized in the first place?<br>
                          > >>>>>><br>
                          > >>>>>> When the VM is
                          deploy (without context), e.g Ubuntu server
                          default<br>
                          > >>>>>> network
                          configuration is using DHCP, and thus the IP
                          for the VM is<br>
                          > >>>>>> different with
                          the one that OpenNebula uses from the vnet
                          lease.<br>
                          > >>>>>><br>
                          > >>>>>>  Is the IP
                          address in the VM is given by OpenNebula (act
                          as the DHCP<br>
                          > >>>>>> server) or given
                          by our network existing DHCP server?<br>
                          > >>>>>><br>
                          > >>>>>>  The reason I'm
                          asking is because our network is poisoned
                          since there<br>
                          > >>>>>> are 2 DHCP
                          server. BTW, our OpenNebula configuration for
                          the network is<br>
                          > >>>>>> using dummy and
                          using bridge in the frontend<br>
                          > >>>>>><br>
                          > >>>>>>  Thank you very
                          much.<br>
                          > >>>>>><br>
                          > >>>>>>  Regards,<br>
                          > >>>>>>  Fazli<br>
                          > >>>>>><br>
                          > >>>>>><br>
                          > >>>>>>
                          _______________________________________________<br>
                        </div>
                        > >>>>>> Users mailing
                        <a class="moz-txt-link-abbreviated" href="mailto:listUsers@lists.opennebula.orghttp://">listUsers@lists.opennebula.orghttp://</a><a
                          moz-do-not-send="true"
                          href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org"
                          target="_blank">lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
                        <div>
                          <div>> >>>>>><br>
                            > >>>>>><br>
                            > >>>>>><br>
                            > >>>>>>
                            _______________________________________________<br>
                            > >>>>>> Users mailing
                            list<br>
                            > >>>>>> <a
                              moz-do-not-send="true"
                              href="mailto:Users@lists.opennebula.org"
                              target="_blank">Users@lists.opennebula.org</a><br>
                            > >>>>>> <a
                              moz-do-not-send="true"
                              href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org"
                              target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
                            > >>>>>><br>
                            > >>>>>><br>
                            > >>>>><br>
                            > >>>>>
                            _______________________________________________<br>
                            > >>>>> Users mailing list<br>
                            > >>>>> <a
                              moz-do-not-send="true"
                              href="mailto:Users@lists.opennebula.org"
                              target="_blank">Users@lists.opennebula.org</a><br>
                            > >>>>> <a
                              moz-do-not-send="true"
                              href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org"
                              target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
                            > >>>>><br>
                            > >>>>><br>
                            > >>>><br>
                            > >>><br>
                            > >><br>
                            > >>
                            _______________________________________________<br>
                            > >> Users mailing list<br>
                            > >> <a moz-do-not-send="true"
                              href="mailto:Users@lists.opennebula.org"
                              target="_blank">Users@lists.opennebula.org</a><br>
                            > >> <a moz-do-not-send="true"
                              href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org"
                              target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
                            > >><br>
                            > >><br>
                            > ><br>
                            > ><br>
                            > > --<br>
                            > > Valentin Bud<br>
                            > > <a moz-do-not-send="true"
                              href="http://databus.pro" target="_blank">http://databus.pro</a>
                            | <a moz-do-not-send="true"
                              href="mailto:valentin@databus.pro"
                              target="_blank">valentin@databus.pro</a><br>
                            > ><br>
                          </div>
                        </div>
                      </blockquote>
                    </div>
                    <br>
                  </div>
                </div>
              </div>
            </blockquote>
          </div>
          <br>
          <br clear="all">
          <div><br>
          </div>
          -- <br>
          <div dir="ltr">Valentin Bud
            <div><a moz-do-not-send="true" href="http://databus.pro"
                target="_blank">http://databus.pro</a> | <a
                moz-do-not-send="true"
                href="mailto:valentin@databus.pro" target="_blank">valentin@databus.pro</a></div>
          </div>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>