Re: NATing on z/VM
On Mon, Nov 28, 2011 at 2:41 AM, Alan Altmark alan_altm...@us.ibm.com wrote: How did you do that? Through the 'send dhcp-client-identifier' option? I have wished that the dchp client config file had something like send vname-as-dhcp-client-identifier so that it could in the constant part of the clone. Then it could be used on all virtual servers. (Where vname is something like hypervisorname-vmname.) Wishes ;-) I think mine was that VSWITCH would have its own built-in DHCP server to respond with the configured IP address and probably even refuse anything else done by the guest... IIRC we had the userid in the client hostname field (that's there for the DHCP server to register the client in DNS). The DHCP server would get the configuration data out of LDAP. In theory there's a lot of potential in doing dynamic IP addresses for servers and register them in DNS. This would allow servers to move or have extra ones added on demand. Unfortunately many DNS implementations today stretch the protocol in dangerous ways and make it very hard to manage. Rob -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: NATing on z/VM
The most obvious solution is to run one zLinux guest straddling internal and external, forwarding enabled, and tell the others it is their router. If you need to generate the internal addresses, run DHCP server on it (or on another internal guest). You'll need layer 2 for DHCP traffic. NAT on Linux is easy then with IPTABLES. On Nov 27, 2011 12:26 PM, Cameron Seay cws...@gmail.com wrote: All: We need to use NATing to generate private IP addresses that can be accessed externally to our network. Has anyone done this? Thanks. -- Cameron Seay, Ph.D. Electronics, Computer and Information Technology School of Technology NC A T State University Greensboro, NC 336 334 7717 x2251 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: NATing on z/VM
... I should add that I don't personally recommend DHCP in a z/VM context. Better to have the addresses pre-assigned to each guest. (You'd want to do some prep of your virt MAC addresses. Might as well cut to the chase, even relegate the MAC addrs to VM and save that effort.) On z/VM there are other ways to match the IP addr with the guest. Also ... NAT itself is not the plus we once thought. It really only buys you address constraint relief in IPv4 space. Most of us see it (or used to) as also offering security, but that is misleading. When you get to IPv6, you'll want to dispense with NAT though still have stateful firewalls. On Nov 27, 2011 12:26 PM, Cameron Seay cws...@gmail.com wrote: All: We need to use NATing to generate private IP addresses that can be accessed externally to our network. Has anyone done this? Thanks. -- Cameron Seay, Ph.D. Electronics, Computer and Information Technology School of Technology NC A T State University Greensboro, NC 336 334 7717 x2251 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: NATing on z/VM
Yes. Use a Linux guest as your external access and use iptables to do the NAT. Works just like it does on intel, but note that it will require a fair amount of CPU because the guest has to examine every packet. On Nov 27, 2011, at 12:25, Cameron Seay cws...@gmail.com wrote: All: We need to use NATing to generate private IP addresses that can be accessed externally to our network. Has anyone done this? Thanks. -- Cameron Seay, Ph.D. Electronics, Computer and Information Technology School of Technology NC A T State University Greensboro, NC 336 334 7717 x2251 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: NATing on z/VM
On Sunday, 11/27/2011 at 01:38 EST, Richard Troth vmcow...@gmail.com wrote: ... I should add that I don't personally recommend DHCP in a z/VM context. Better to have the addresses pre-assigned to each guest. (You'd want to do some prep of your virt MAC addresses. Might as well cut to the chase, even relegate the MAC addrs to VM and save that effort.) On z/VM there are other ways to match the IP addr with the guest. Let's not throw the baby out with the bathwater, eh? :-) If you specify MACID on the NICDEF, a DHCP reservation can be used to assign a permanent IP address. Some installations do this for all servers, as they want to be able to update the gateway, dns, subnet mask, etc. from a central point. Alan Altmark Senior Managing z/VM and Linux Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: NATing on z/VM
On Nov 27, 2011, at 4:22 PM, Alan Altmark wrote: Let's not throw the baby out with the bathwater, eh? :-) If you specify MACID on the NICDEF, a DHCP reservation can be used to assign a permanent IP address. Some installations do this for all servers, as they want to be able to update the gateway, dns, subnet mask, etc. from a central point. True. We found DHCP (as reservations to a permanent IP address) to be invaluable for simplifying DR exercises. We were on a Layer 3 VSWITCH at the time of implementation though so the MACID was not feasable for us. My solution was to have the DHCP client send the VM user name as the client ID, and key the static leases off that instead of the MAC address. It worked so well we stuck with it after migrating to Layer 2 VSWITCHes. It substantially simplified the process of deploying flashcopy clones, too. ok bear. -- until further notice -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: NATing on z/VM
Maybe you could advertise a public address using. QUAGA OSPFD Bruce -m We need to use NATing to generate private IP addresses that can be accessed externally to our network. Has anyone done this? -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: NATing on z/VM
On Sunday, 11/27/2011 at 07:57 EST, r.stricklin b...@typewritten.org wrote: My solution was to have the DHCP client send the VM user name as the client ID, and key the static leases off that instead of the MAC address. It worked so well we stuck with it after migrating to Layer 2 VSWITCHes. How did you do that? Through the 'send dhcp-client-identifier' option? I have wished that the dchp client config file had something like send vname-as-dhcp-client-identifier so that it could in the constant part of the clone. Then it could be used on all virtual servers. (Where vname is something like hypervisorname-vmname.) Alan Altmark Senior Managing z/VM and Linux Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: NATing on z/VM
On Nov 27, 2011, at 5:41 PM, Alan Altmark wrote:
How did you do that? Through the 'send dhcp-client-identifier' option? I
have wished that the dchp client config file had something like send
vname-as-dhcp-client-identifier so that it could in the constant part
of the clone. Then it could be used on all virtual servers. (Where vname
is something like hypervisorname-vmname.)
Indeed. On SuSE this is done in /etc/sysconfig/network/dhcp with
DHCLIENT_CLIENT_ID. By default it's blank. But,
DHCLIENT_CLIENT_ID=`/usr/bin/awk '/VM00 Name:/ { print $NF }' /proc/sysinfo`
This was the foundation of a lot of DR and provisioning automation for us. I've
spent more than a little time to no avail, trying to determine whether this is
even possible with, for example, Xen. Disappointing, as it's such a simple
thing.
ok
bear.
--
until further notice
--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/
