Re: Dynamic routing for routed mode IPv6 and IPv4 Isolated and VPC networks
Hello Alex, I appreciate this back and forth as I am excited about the potential this feature would hold. * This is a very valid point. We could add network specific BGP peers as well, which would override the automatic AS allocation, in the same way that we now allocate DNS servers in the zone level but can override that by manually selecting different DNS servers at network creation time. Would that address your point? Why does the network specific BGP peers need to override automatic AS allocation? In my mind there isn’t a dependency that needs to exist to those two as they are somewhat independent of one another. I am not convinced that specifying BGP peers at the zone level is a good idea given the impacts BGP can have on a given network. I would much rather see both peer and AS specification handled at the network configuration, or another more specific level. Thanks, Alex From: Alex Mattioli Date: Wednesday, May 15, 2024 at 10:15 AM To: users@cloudstack.apache.org , d...@cloudstack.apache.org Subject: RE: Dynamic routing for routed mode IPv6 and IPv4 Isolated and VPC networks EXTERNAL Hi Alex, > Would zone-level BGP peers be those used by default for establishing new BGP > peers in networks where dynamic routing is enabled? Correct, so far we plan to allow for up to 4 BGP peers for a zone, with the possibility to setup different metrics to each peer. > This could affect a multi-tenant model where there may be different BGP peers > presented based on what the upstream network provides. An example of >this > would be where the VLANs associated to a given account are associated to > distinct VRFs and may have different peering IP addresses. > I would like to see the peering IP addresses specific to the networks where > dynamic routing is enabled instead of specifying defaults at the zone level. This is a very valid point. We could add network specific BGP peers as well, which would override the automatic AS allocation, in the same way that we now allocate DNS servers in the zone level but can override that by manually selecting different DNS servers at network creation time. Would that address your point? Cheers, Alex -Original Message- From: Dietrich, Alex Sent: Wednesday, May 15, 2024 2:34 PM To: users@cloudstack.apache.org; d...@cloudstack.apache.org Subject: Re: Dynamic routing for routed mode IPv6 and IPv4 Isolated and VPC networks Hi Alex, I appreciate the clarity! Excuse my ignorance if I am misunderstanding the intention of specifying BGP peers at the zone level. Would zone-level BGP peers be those used by default for establishing new BGP peers in networks where dynamic routing is enabled? This could affect a multi-tenant model where there may be different BGP peers presented based on what the upstream network provides. An example of this would be where the VLANs associated to a given account are associated to distinct VRFs and may have different peering IP addresses. I would like to see the peering IP addresses specific to the networks where dynamic routing is enabled instead of specifying defaults at the zone level. * Alex [__tpx__] From: Alex Mattioli Date: Wednesday, May 15, 2024 at 9:27 AM To: users@cloudstack.apache.org , d...@cloudstack.apache.org Subject: RE: Dynamic routing for routed mode IPv6 and IPv4 Isolated and VPC networks EXTERNAL Hi Alex, Answers inline below with > Cheers -Original Message- From: Dietrich, Alex Sent: Wednesday, May 15, 2024 3:12 PM To: users@cloudstack.apache.org; d...@cloudstack.apache.org Subject: Re: Dynamic routing for routed mode IPv6 and IPv4 Isolated and VPC networks Hello Alex, I appreciate you taking on this initiative as I’d like to see similar functionality made available in CloudStack. I do have some feedback on your implementation approach: 1 - Operator configures one or more BGP peers for a given Zone (with different metrics) What is the intention behind specifying BGP peers at the zone level? I would think this would need to be specific to the network that you want to enable BGP on and does not need to concern the entire zone. >The goal is for the process to be drive by the end user without operator >intervention. In the current design we'd enable the VR to share routes with >upstream routers without any need for extra configuration on the part of the >operator. >Your point is very valid and it should definitely be a future enhancement on >the feature. 2 - Operator presents a pool of Private AS numbers to the Zone (just like we do for VLANs) As a private AS consumer, I agree that this approach would be helpful for a more dynamic allocation as new dynamic routing enabled networks are created. >Glad we are in the same page there. 3 - When a network is created with an offering which has dynamic routing enabled an AS number is allocated to the network 4 - ACS configures the BGP session on the VR (using FRR), advertising all its
RE: Windows templates KVM
I also forgot to mention - we also add these lines into our agent.properties file on the KVM hosts so that we get better display resolution and use virtio for the graphics driver vm.video.ram=65536 vm.video.hardware=virtio and of course the virtio drivers and qemu agent are installed into all of our Windows templates Gary Dixon Quadris Cloud Manager +44 (0) 161 537 4980 +44 (0) 7989 717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN -Original Message- From: Francisco Arencibia Quesada Sent: Thursday, May 16, 2024 11:51 AM To: users@cloudstack.apache.org Subject: Re: Windows templates KVM Hi Gary, Yes we are using cloud-init and in our case we are removing the recovery partition, with XCP templates all good, now we are testing the same with KVM. Thank you for your feedback :) Regards On Thu, May 16, 2024 at 12:48 PM Gary Dixon wrote: > Hi Fransisco > > Be careful if you are building Windows 11 or Wiindows Server 2022 > templates as Microsoft have changed the default OS partitioning - they > have put the recovery partition at the end of the disk.. > > We build these initially from ISO so we can add a 1Gb partition - this > then gives us the opportunity after the VM is built to re-arrange the > OS partitions without losing the recovery partition but also allows us > to 'resize' the C drive later on if we ever need to - you can find > more detailed info here > https://supe/ > ruser.com%2Fquestions%2F1453790%2Fhow-to-move-the-recovery-partition-o > n-windows-10=05%7C02%7CGary.Dixon%40quadris.co.uk%7Cf0c2f74a25204 > a14834108dc7596172c%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C63851 > 4534711145460%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2lu > MzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=NMfku5CZydw2mrWW > 1VIBzqiHfX8SA1zP4Caa1Lp%2FwNg%3D=0 > > It can also be useful to install cloudbase-init in your windows > template which will give you more provisioning functinality > > Gary Dixon > Quadris Cloud Manager > +44 (0) 161 537 4980 <+44%20(0)%20161%20537%204980> > +44 (0) 7989 717661 <+44%20(0)%207989%20717661> > gary.di...@quadris.co.uk > http://www.q/ > uadris.com%2F=05%7C02%7CGary.Dixon%40quadris.co.uk%7Cf0c2f74a2520 > 4a14834108dc7596172c%7Cf1d6abf3d3b44894ae16db0fb93a96a2%7C0%7C0%7C6385 > 14534711154700%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2l > uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=ELE8vzHnoRjUl0E > jyQFn0BUinPeNKf%2FEKyo6HTvjD0I%3D=0 > Innovation House, 12‑13 Bredbury Business Park Bredbury Park Way, > Bredbury, Stockport, SK6 2SN > > From: Francisco Arencibia Quesada > Sent: Thursday, May 16, 2024 11:35 AM > To: users@cloudstack.apache.org > Subject: Windows templates KVM > > Good morning guys, > > Is there any updated guide to build windows templates for KVM? I have > one but I'm just checking with you guys the best approach. It is also > required to install virtio drivers and qemu guest agent right? > > I have found the latest version of both, is this enough? > > > https://fedo/ > rapeople.org%2Fgroups%2Fvirt%2Fvirtio-win%2Fdirect-downloads%2Farchive > -virtio%2Fvirtio-win-0.1.248-1%2F=05%7C02%7CGary.Dixon%40quadris. > co.uk%7Cf0c2f74a25204a14834108dc7596172c%7Cf1d6abf3d3b44894ae16db0fb93 > a96a2%7C0%7C0%7C638514534711160251%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4 > wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C > data=0s0x%2FyNV6IC3sgJ5WW8S%2FKzHetyux61nNJz7LroGRQ0%3D=0 > > > https://fedo/ > rapeople.org%2Fgroups%2Fvirt%2Fvirtio-win%2Fdirect-downloads%2Farchive > -qemu-ga%2Fqemu-ga-win-107.0.1-1.el9%2F=05%7C02%7CGary.Dixon%40qu > adris.co.uk%7Cf0c2f74a25204a14834108dc7596172c%7Cf1d6abf3d3b44894ae16d > b0fb93a96a2%7C0%7C0%7C638514534711164550%7CUnknown%7CTWFpbGZsb3d8eyJWI > joiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7 > C%7C=ylpRTsOZexvxDXs7tkJ6JQ12ZVhSSXz7%2B3hXUPoEhh8%3D=0 > > > Regards > Thanks in advance :) > -- > *Francisco Arencibia Quesada.* > *DevOps Engineer* > -- *Francisco Arencibia Quesada.* *DevOps Engineer*
Re: Windows templates KVM
Hi Gary, Yes we are using cloud-init and in our case we are removing the recovery partition, with XCP templates all good, now we are testing the same with KVM. Thank you for your feedback :) Regards On Thu, May 16, 2024 at 12:48 PM Gary Dixon wrote: > Hi Fransisco > > Be careful if you are building Windows 11 or Wiindows Server 2022 > templates as Microsoft have changed the default OS partitioning - they have > put the recovery partition at the end of the disk.. > > We build these initially from ISO so we can add a 1Gb partition - this > then gives us the opportunity after the VM is built to re-arrange the OS > partitions without losing the recovery partition but also allows us to > 'resize' the C drive later on if we ever need to - you can find more > detailed info here > https://superuser.com/questions/1453790/how-to-move-the-recovery-partition-on-windows-10 > > It can also be useful to install cloudbase-init in your windows template > which will give you more provisioning functinality > > Gary Dixon > Quadris Cloud Manager > +44 (0) 161 537 4980 <+44%20(0)%20161%20537%204980> > +44 (0) 7989 717661 <+44%20(0)%207989%20717661> > gary.di...@quadris.co.uk > www.quadris.com > Innovation House, 12‑13 Bredbury Business Park > Bredbury Park Way, Bredbury, Stockport, SK6 2SN > > From: Francisco Arencibia Quesada > Sent: Thursday, May 16, 2024 11:35 AM > To: users@cloudstack.apache.org > Subject: Windows templates KVM > > Good morning guys, > > Is there any updated guide to build windows templates for KVM? I have one > but I'm just checking with you guys the best approach. It is also required > to install virtio drivers and qemu guest agent right? > > I have found the latest version of both, is this enough? > > > https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.248-1/ > > > https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-qemu-ga/qemu-ga-win-107.0.1-1.el9/ > > > Regards > Thanks in advance :) > -- > *Francisco Arencibia Quesada.* > *DevOps Engineer* > -- *Francisco Arencibia Quesada.* *DevOps Engineer*
RE: Windows templates KVM
Hi Fransisco Be careful if you are building Windows 11 or Wiindows Server 2022 templates as Microsoft have changed the default OS partitioning - they have put the recovery partition at the end of the disk.. We build these initially from ISO so we can add a 1Gb partition - this then gives us the opportunity after the VM is built to re-arrange the OS partitions without losing the recovery partition but also allows us to 'resize' the C drive later on if we ever need to - you can find more detailed info here https://superuser.com/questions/1453790/how-to-move-the-recovery-partition-on-windows-10 It can also be useful to install cloudbase-init in your windows template which will give you more provisioning functinality Gary Dixon Quadris Cloud Manager +44 (0) 161 537 4980 +44 (0) 7989 717661 gary.di...@quadris.co.uk www.quadris.com Innovation House, 12-13 Bredbury Business Park Bredbury Park Way, Bredbury, Stockport, SK6 2SN From: Francisco Arencibia Quesada Sent: Thursday, May 16, 2024 11:35 AM To: users@cloudstack.apache.org Subject: Windows templates KVM Good morning guys, Is there any updated guide to build windows templates for KVM? I have one but I'm just checking with you guys the best approach. It is also required to install virtio drivers and qemu guest agent right? I have found the latest version of both, is this enough? https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.248-1/ https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-qemu-ga/qemu-ga-win-107.0.1-1.el9/ Regards Thanks in advance :) -- *Francisco Arencibia Quesada.* *DevOps Engineer*
Windows templates KVM
Good morning guys, Is there any updated guide to build windows templates for KVM? I have one but I'm just checking with you guys the best approach. It is also required to install virtio drivers and qemu guest agent right? I have found the latest version of both, is this enough? https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.248-1/ https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-qemu-ga/qemu-ga-win-107.0.1-1.el9/ Regards Thanks in advance :) -- *Francisco Arencibia Quesada.* *DevOps Engineer*
Re: Private and public network access with secuity groups
Hi, It seems that currently there is no way to have both a public network with security groups on one interface (eth0) and an isolated network as a secondary interface (eth1) on one instance at the same time. Does anyone know if this is a planned feature? Thanks. Best Regards, Tomas Leypold On Thursday, May 02, 2024 15:27 CEST, "Tomas Leypold" wrote: > Hi, > In our current in-home libvirt-based solution, we can spin up instances that > have access to the public network (public IP addresses) and a private VLAN > network on a secondary interface. Am I correct in understanding that it > currently isn't possible to have an advanced private network (isolated > network with NAT) and at the same time have access to the public network > secured by security groups on the secondary interface, as you can with some > public cloud providers? Is the closest approach to achieve this through a > static NAT with firewall rules? > Thanks. > --- > Best Regards, > Tomas Leypold > >
