<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Did you guys activate ip_forward the
packets to be routed tru networks ?<br>
On 10/3/2013 2:44 PM, Valentin Bud wrote:<br>
</div>
<blockquote
cite="mid:CALb5eVa5wcJvs0+KigN0o7WZxQcDm28_voBKhRx=RZG8Yp-QQQ@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Fazli,<br>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Thu, Oct 3, 2013 at 12:22 PM, M
Fazli A Jalaluddin <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:fazli.jalaluddin@gmail.com" target="_blank">fazli.jalaluddin@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>
<div>Hi Valentin,<br>
<br>
</div>
Your assumption is correct.<br>
<br>
</div>
My method is to use OpenNebula Virtual Router by
refer to this page [1] and Openvswitch.<br>
<br>
</div>
I have installed Openvswitch in the host and I was
able to deploy VM in isolated network. <br>
<br>
</div>
I try to deploy the VirtualRouter in a virtual
network.<br>
</div>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>In two virtual networks in fact, in the PUBNET which
should be the 192.168 network from br0 on the</div>
<div>nodes and frontend and PRIVNET in the Open vSwitch
network.</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>
<div><br>
</div>
My problem is, I cannot ping it and cannot SSH into
it.<br>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>You should be able to connect to PUBNET's virtual IP
Address from within the 192.168 network.</div>
<div><br>
</div>
<div>Or you could add an internal port to Open vSwitch
bridge and try to connect to PRIVNET's virtual</div>
<div>IP Address of the VR.</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div><br>
</div>
<div>From the documentation, I understand that the
VirtualRouter needs to be deploy as a VM in a specific
virtual network and it will act as the DHCP for the
VMs in the same virtual network.<br>
</div>
<div>I also have included the example context in the
VirtualRouter template.<br>
<br>
</div>
<div>My VirtualRouter template:<br>
<br>
NIC=[NETWORK_ID="0"]<br>
NIC=[NETWORK_ID="9",IP="10.0.10.1"]<br>
INPUT=[BUS="usb",TYPE="tablet"]<br>
MEMORY="512"<br>
OS=[ARCH="x86_64",BOOT="hd"]<br>
GRAPHICS=[LISTEN="0.0.0.0",TYPE="SPICE"]<br>
DISK=[IMAGE_ID="24"]<br>
CPU="0.5"<br>
CONTEXT=[TARGET="hdb",NETWORK="YES",FORWARDING="8080:<a
moz-do-not-send="true" href="http://10.0.10.2:80"
target="_blank">10.0.10.2:80</a> <a
moz-do-not-send="true" href="http://10.0.10.2:22"
target="_blank">10.0.10.2:22</a>",DHCP="YES",PRIVNET="$NETWORK[TEMPLATE,
NETWORK=\"ovs
.10\"]",TEMPLATE="TEMPLATE",SSH_PUBLIC_KEY="ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCk+MN96iAn4uXRieJqyJG7WY32zW0LTXJBdISdjDLlp8QgFrxOdi9Aw2+eu+QSbVHwBsqOTimpOuzknisOhD4RPCTCT7G2/xaEUxWg0AB3ySrMZC3Dv5AgBy0CikFk50/CbwBtMjj2pRINm0axfP+cUT/VBhJRAiwVe2wsIOL/t2PGOy0O8Q2zjG1XfCVZPCYPOxj9Jk0y8DoMHp0ILA6gM7hGN4CKAQiXnbjv8WD9uFpRr7eruXQUdMuPn2wnyDMcCnzUEMtPUoPIy6gyAer3biRyEQkAXNJ+R1WXvX6Ah848MTyoICoA7KKIm9e3xe/SXMJxxOPHZLWSJSIRmhcd
hpc1@hpc-workstation1",PUBNET="$NETWORK[TEMPLATE,
NETWORK=\"Virtual Network .113\"]",DNS="8.8.8.8
8.8.4.4"]<br>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>This looks good and should work.</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div><br>
</div>
May I know how to actually use the VirtualRouter?
<div class="im"><br>
<div>
<div><br>
[1] <a moz-do-not-send="true"
href="http://opennebula.org/documentation:rel4.2:router"
target="_blank">http://opennebula.org/documentation:rel4.2:router</a><br>
<br>
</div>
</div>
</div>
</div>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_extra"><br>
</div>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>Good Will,</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="HOEnZb">
<div class="h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Oct 3, 2013 at 3:56
PM, Valentin Bud <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:valentin.bud@gmail.com"
target="_blank">valentin.bud@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0
0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">Hello Fazli,<br>
<br>
I will make some assumptions about your
infrastructure and provide<br>
possible approach(es).<br>
<br>
* Your KVM nodes have a single Ethernet
interface, eth0, connected in a<br>
switch and a router used as the default
gateway for the 192.168.1/24<br>
network,<br>
<br>
* Also the frontend is connected via the same
switch with the rest of<br>
the nodes,<br>
<br>
* You have a br0 bridge with eth0 connected to
it on each node and also<br>
the frontend,<br>
<br>
* Your frontend is also a node.<br>
<br>
If you have access to the router the simplest
way would be to add an IP<br>
Address alias on the router interface as the
default gateway for the new<br>
network.<br>
<br>
Configure a new network inside OpenNebula for
that using the chosen<br>
subnet and the same bridge, br0.<br>
<br>
I don't know if you have any kind of security
policies in place but be<br>
careful that in this way there is no Layer 2
separation and traffic<br>
between the two subnets is visible with tcpdump
or other sniffers.<br>
<br>
The second approach I can think about is to have
the frontend configured<br>
with the first IP Address from the new subnet on
br0 and define a new<br>
network inside OpenNebula like the above.<br>
<br>
I don't know if this would work though.The NAT
must be done for 10.100.0/24 over<br>
192.168.1.X (the IP Address of frontend from
192.168.1/24 subnet). What<br>
I don't know is if iptables can MASQUERADE
subnets on the same<br>
interface. Never tried it, it might work.<br>
<br>
Another approach that come to mind is to use the
Virtual Router and<br>
define a new subnet on the same br0 bridge. The
Virtual Router would<br>
have an interface connected to 192.168.1/24
network and one in the<br>
10.100.0/24 one. Setup it up to have the first
IP Address from the<br>
10.100.0/24 network so it is the default
gateway.<br>
<br>
The same applies, traffic over L2 is not
separated in anyway.<br>
<br>
One more idea :-) would be to use Open vSwitch
and GRE tunnels between<br>
the nodes. In this way you can use VLANs and
transport over GRE between<br>
nodes. You can also setup IPSec encrypted GRE
tunnels if you want<br>
security. It might be overkill but again it
depends on your<br>
requirements.<br>
<br>
Another working setup I have done is to use tinc
VPN [1] between nodes<br>
in switch mode and connect it to the Open
vSwitch from each host as a<br>
port. This way traffic that travels between
nodes is fully encrypted and<br>
you can use the same L2 network in a secure
fashion.<br>
<br>
But maybe the best approach would be to have a
second network card,<br>
eth1, in each node. Connect that second card in
an Open vSwitch and use<br>
VLANs with the frontend being the router, or any
other node for that<br>
matter.<br>
<br>
[1]: <a moz-do-not-send="true"
href="http://www.tinc-vpn.org/"
target="_blank">http://www.tinc-vpn.org/</a><br>
<br>
Good Will,<br>
Valentin<br>
<div>
<div><br>
On Thu, Oct 03, 2013 at 09:18:41AM +0800, M
Fazli A Jalaluddin wrote:<br>
> Hello Valentin,<br>
><br>
> My setup for OpenNebula is 1 Front-end
and several KVM nodes. The front-end<br>
> and nodes are using IP address
192.168.1.xxx and are able to connect to the<br>
> internet.<br>
><br>
> The current networking setup for the VM
is using dummy and bridge, br0.<br>
><br>
> So, for the VM able to access to the
internet, is by assigning them<br>
> 192.168.1.xxx IP addresses.<br>
><br>
> If I have many VMs, IP address
192.168.1.xxx will be depleted.<br>
><br>
> Hence, I need to make a new private
network such as, 10.0.1.xxx which will<br>
> map to only a single 192.168.1.xxx, e.g
192.168.1.5.<br>
><br>
> Thank you.<br>
><br>
> Regards,<br>
> Fazli<br>
><br>
><br>
> On Wed, Oct 2, 2013 at 7:21 PM,
Valentin Bud <<a moz-do-not-send="true"
href="mailto:valentin.bud@gmail.com"
target="_blank">valentin.bud@gmail.com</a>>
wrote:<br>
><br>
> > Hello Fazli,<br>
> ><br>
> > The Virtual Router documentation
[1] is definitely a good place to start.<br>
> ><br>
> ><br>
> > On Wed, Oct 2, 2013 at 1:57 PM, M
Fazli A Jalaluddin <<br>
> > <a moz-do-not-send="true"
href="mailto:fazli.jalaluddin@gmail.com"
target="_blank">fazli.jalaluddin@gmail.com</a>>
wrote:<br>
> ><br>
> >> Hi,<br>
> >><br>
> >> Is there any tutorial on how
to use the VirtualRouter?<br>
> >><br>
> >> I have download the image from
Marketplace and Deploy a VM out of it.<br>
> >><br>
> >> Then what should I do?<br>
> >><br>
> >> My concern is that the
Multiple VM will be able to be assigned a
private<br>
> >> IP address (at the same time
connect to the internet) while the KVM host
is<br>
> >> using public IP address.<br>
> >><br>
> ><br>
> > I don't really understand your
concern. Could you be more specific?<br>
> ><br>
> > Yes, every VM will get a private
IP address from the Router in case you<br>
> > connect it to the private<br>
> > network. If you connect the VM to
the public network too you'd have to<br>
> > setup the IP address on the VM.<br>
> > If context package is installed in
the VM it'll autoconfigure the public<br>
> > IP also.<br>
> ><br>
> > [1]: <a moz-do-not-send="true"
href="http://opennebula.org/documentation:rel4.2:router"
target="_blank">http://opennebula.org/documentation:rel4.2:router</a><br>
> ><br>
> > Good Will,<br>
> ><br>
> ><br>
> >><br>
> >> Thank you<br>
> >><br>
> >> On Wed, Oct 2, 2013 at 4:26
PM, Carlos Martín Sánchez <<br>
> >> <a moz-do-not-send="true"
href="mailto:cmartin@opennebula.org"
target="_blank">cmartin@opennebula.org</a>>
wrote:<br>
> >><br>
> >>> Hi,<br>
> >>><br>
> >>> On Wed, Oct 2, 2013 at
6:56 AM, M Fazli A Jalaluddin <<br>
> >>> <a moz-do-not-send="true"
href="mailto:fazli.jalaluddin@gmail.com"
target="_blank">fazli.jalaluddin@gmail.com</a>>
wrote:<br>
> >>><br>
> >>> Hi,<br>
> >>>><br>
> >>>> May I know if the
Virtual Router provide NAT?<br>
> >>>><br>
> >>><br>
> >>> Yes, look for the Full
Router section in the documentation:<br>
> >>> <a moz-do-not-send="true"
href="http://opennebula.org/documentation:rel4.2:router" target="_blank">http://opennebula.org/documentation:rel4.2:router</a><br>
> >>><br>
> >>> PS: Please reply also to
the mailing list<br>
> >>><br>
> >>> Regards.<br>
> >>> --<br>
> >>> Carlos Martín, MSc<br>
> >>> Project Engineer<br>
> >>> OpenNebula - Flexible
Enterprise Cloud Made Simple<br>
</div>
</div>
> >>> <a moz-do-not-send="true"
href="http://www.OpenNebula.org"
target="_blank">www.OpenNebula.org</a> | <a
moz-do-not-send="true"
href="mailto:cmartin@opennebula.org"
target="_blank">cmartin@opennebula.org</a> |
@OpenNebula<<a moz-do-not-send="true"
href="http://twitter.com/opennebula"
target="_blank">http://twitter.com/opennebula</a>><<a
moz-do-not-send="true"
href="mailto:cmartin@opennebula.org"
target="_blank">cmartin@opennebula.org</a>><br>
<div>> >>><br>
> >>><br>
> >>> On Wed, Oct 2, 2013 at 6:56
AM, M Fazli A Jalaluddin <<br>
> >>> <a moz-do-not-send="true"
href="mailto:fazli.jalaluddin@gmail.com"
target="_blank">fazli.jalaluddin@gmail.com</a>>
wrote:<br>
> >>><br>
> >>>> Hi,<br>
> >>>><br>
> >>>> May I know if the
Virtual Router provide NAT?<br>
> >>>><br>
> >>>> Thank you<br>
> >>>><br>
> >>>><br>
> >>>> On Thu, Sep 5, 2013 at
5:29 PM, Carlos Martín Sánchez <<br>
> >>>> <a
moz-do-not-send="true"
href="mailto:cmartin@opennebula.org"
target="_blank">cmartin@opennebula.org</a>>
wrote:<br>
> >>>><br>
> >>>>> Hi,<br>
> >>>>><br>
> >>>>> Actually, we do
provide a Virtual Router appliance that
contains a<br>
> >>>>> DHCP server. It
knows the correct IP assigned by OpenNebula to
each MAC.<br>
> >>>>> See <a
moz-do-not-send="true"
href="http://opennebula.org/documentation:rel4.2:router"
target="_blank">http://opennebula.org/documentation:rel4.2:router</a><br>
> >>>>><br>
> >>>>> Regards<br>
> >>>>><br>
> >>>>> --<br>
</div>
> >>>>> Join us at
OpenNebulaConf2013 <<a moz-do-not-send="true"
href="http://opennebulaconf.com"
target="_blank">http://opennebulaconf.com</a>>
in Berlin,<br>
<div>> >>>>> 24-26 September,
2013<br>
> >>>>> --<br>
> >>>>> Carlos Martín, MSc<br>
> >>>>> Project Engineer<br>
> >>>>> OpenNebula - The
Open-source Solution for Data Center
Virtualization<br>
</div>
> >>>>> <a
moz-do-not-send="true"
href="http://www.OpenNebula.org"
target="_blank">www.OpenNebula.org</a> | <a
moz-do-not-send="true"
href="mailto:cmartin@opennebula.org"
target="_blank">cmartin@opennebula.org</a> |
@OpenNebula<<a moz-do-not-send="true"
href="http://twitter.com/opennebula"
target="_blank">http://twitter.com/opennebula</a>><<a
moz-do-not-send="true"
href="mailto:cmartin@opennebula.org"
target="_blank">cmartin@opennebula.org</a>><br>
<div>> >>>>><br>
> >>>>><br>
> >>>>> On Thu, Sep 5, 2013
at 8:55 AM, Ionut Popovici <<a
moz-do-not-send="true"
href="mailto:ionut@hackaserver.com"
target="_blank">ionut@hackaserver.com</a>>wrote:<br>
> >>>>><br>
> >>>>>> No opennebula
don't provide DHCP , you could use vlans to
brake the<br>
> >>>>>> network, and u
can use contextualization to get the ip for
virtual<br>
> >>>>>> machines, if u
use bridge mode is u should make rules in
iptables(ebtables)<br>
> >>>>>> for udp dst port
67 and allow only response from your DHCP
server.<br>
> >>>>>> Chears.<br>
> >>>>>> On 9/5/2013 9:49
AM, Mohammad Fazli Ahmat Jalaluddin wrote:<br>
> >>>>>><br>
> >>>>>> Hi guys,<br>
> >>>>>><br>
> >>>>>> I just want to
ask few questions.<br>
> >>>>>><br>
> >>>>>> Does OpenNebula
act as a DHCP Server and give IP address to
the VM if<br>
> >>>>>> it is not
contextualized in the first place?<br>
> >>>>>><br>
> >>>>>> When the VM is
deploy (without context), e.g Ubuntu server
default<br>
> >>>>>> network
configuration is using DHCP, and thus the IP
for the VM is<br>
> >>>>>> different with
the one that OpenNebula uses from the vnet
lease.<br>
> >>>>>><br>
> >>>>>> Is the IP
address in the VM is given by OpenNebula (act
as the DHCP<br>
> >>>>>> server) or given
by our network existing DHCP server?<br>
> >>>>>><br>
> >>>>>> The reason I'm
asking is because our network is poisoned
since there<br>
> >>>>>> are 2 DHCP
server. BTW, our OpenNebula configuration for
the network is<br>
> >>>>>> using dummy and
using bridge in the frontend<br>
> >>>>>><br>
> >>>>>> Thank you very
much.<br>
> >>>>>><br>
> >>>>>> Regards,<br>
> >>>>>> Fazli<br>
> >>>>>><br>
> >>>>>><br>
> >>>>>>
_______________________________________________<br>
</div>
> >>>>>> Users mailing
<a class="moz-txt-link-abbreviated" href="mailto:listUsers@lists.opennebula.orghttp://">listUsers@lists.opennebula.orghttp://</a><a
moz-do-not-send="true"
href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org"
target="_blank">lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
<div>
<div>> >>>>>><br>
> >>>>>><br>
> >>>>>><br>
> >>>>>>
_______________________________________________<br>
> >>>>>> Users mailing
list<br>
> >>>>>> <a
moz-do-not-send="true"
href="mailto:Users@lists.opennebula.org"
target="_blank">Users@lists.opennebula.org</a><br>
> >>>>>> <a
moz-do-not-send="true"
href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org"
target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
> >>>>>><br>
> >>>>>><br>
> >>>>><br>
> >>>>>
_______________________________________________<br>
> >>>>> Users mailing list<br>
> >>>>> <a
moz-do-not-send="true"
href="mailto:Users@lists.opennebula.org"
target="_blank">Users@lists.opennebula.org</a><br>
> >>>>> <a
moz-do-not-send="true"
href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org"
target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
> >>>>><br>
> >>>>><br>
> >>>><br>
> >>><br>
> >><br>
> >>
_______________________________________________<br>
> >> Users mailing list<br>
> >> <a moz-do-not-send="true"
href="mailto:Users@lists.opennebula.org"
target="_blank">Users@lists.opennebula.org</a><br>
> >> <a moz-do-not-send="true"
href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org"
target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
> >><br>
> >><br>
> ><br>
> ><br>
> > --<br>
> > Valentin Bud<br>
> > <a moz-do-not-send="true"
href="http://databus.pro" target="_blank">http://databus.pro</a>
| <a moz-do-not-send="true"
href="mailto:valentin@databus.pro"
target="_blank">valentin@databus.pro</a><br>
> ><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr">Valentin Bud
<div><a moz-do-not-send="true" href="http://databus.pro"
target="_blank">http://databus.pro</a> | <a
moz-do-not-send="true"
href="mailto:valentin@databus.pro" target="_blank">valentin@databus.pro</a></div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a>
</pre>
</blockquote>
<br>
</body>
</html>