Re: [one-users] VMs are not reachable over their IP

2011-11-17 Thread Jaime Melis 
Hello Martin,

> When OpenNebula launches a (the first) VM, the vnet0 is attached to the
> bridge (this works flawlessly in my case).
> If my bridge has the IP 141.x.x.66 and the VMs get an IP , ranged from
> 141.x.x.67-141.x.x.80, how are the packets been routed to the VMs?
> Does OpenNebula (my context Script) just set the VM IP within the running
> VM, or is there also a mechanism that sets the corresponding IP (eg.
> 141.x.x.67) also on the bridge, so the VM is visible to the Network?

The bridge acts as a hub. All the packets that arrive trough the
physical device are forwarded over to all the virtual network
interfaces of all the running VMs. If a VM has configured from within
an IP, it will capture the packet, otherwise it will simply ignore the
packet.

In other words, if you fire up tcpdump from within the VM you will see
all the traffic of the bridge. By configuring an IP from within the VM
you will capture the packets delivered to that IP address.

The VMs' interfaces should be visible to the network, just as any
other physical machine.

> Or are VLAN Tags/Open vSwitch/ebtables the only way to process IP Packages
> to the KVM virtual Interfaces?

No, they're alternative network configurations precisely to avoid the
security problems exposed by a flat network like the one described in
the first scenario, where all the traffic is visible across al the
VMs.

I'm not sure if I understood correctly, but if you're having problems
with your network setup, could you be more specific on your
configuration and send us the output of some commands, like:

* ifconfig -a (both in the host and the vm)
* route -n (both in the host and the vm)
* brctl show (in the host)
* ps -ef|grep kvm (in the host)

cheers,
Jaime
-- 
Jaime Melis
Project Engineer
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org | jme...@opennebula.org
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] VMs are not reachable over their IP

2011-11-16 Thread Martin Lauer 

Hey Jaime,
thanks for the explanation. Maybe the formulation of my question wasn't 
really good at all. I've read most of the documentation and bridging 
isn't a new topic for me.


When OpenNebula launches a (the first) VM, the vnet0 is attached to the 
bridge (this works flawlessly in my case).
If my bridge has the IP 141.x.x.66 and the VMs get an IP , ranged from 
141.x.x.67-141.x.x.80, how are the packets been routed to the VMs?


Does OpenNebula (my context Script) just set the VM IP within the 
running VM, or is there also a mechanism that sets the corresponding IP 
(eg. 141.x.x.67) also on the bridge, so the VM is visible to the Network?
Or are VLAN Tags/Open vSwitch/ebtables the only way to process IP 
Packages to the KVM virtual Interfaces?


cheers, Martin


Am 16.11.2011 17:40, schrieb Jaime Melis:

Hi Martin,

The way the default network configuration works in OpenNebula is by 
making the hypervisor hook the virtual network interface of a virtual 
machine to a pre-existent bridge (created by the administrator), which 
is, in turn, connected to a real physical device:


  +---+
  |   |
  |  br0  |
  |   |
  +---+--++
  |  |
  |  |
+-+  +---+
| |  |   |
|  eth0   |  |vnet0  |
| |  |   |
+-+  +---+

br0: bridge created by administrator during the installation process 
of OpenNebula (which may or may not have an IP)

eth0: real physical device (which doesn't have an IP)
vnet0: the virtual network device of the virtual machine, created by 
the hypervisor.


You can verify this when running a VM by running the following command 
in your worker nodes:


$ bridge namebridge idSTP enabledinterfaces
br08000.001e682f4a02noeth0
vnet1

br18000.001e682f4a03noeth1
vnet0

In this particular case there are two bridges: br0 and br1

You can read about alternative network setups here:
http://opennebula.org/documentation:rel3.0:nm

Regards,
Jaime

On Mon, Nov 14, 2011 at 1:06 PM, Martin Lauer > wrote:


Hi,
I've set up my machine images with contextualization and they're
configured right, when looking into the machines via VNC.
The leases from my "public.net " are also given
to the machines.
Shouldn't the bridge on the host(s) "br0" be mapped with
additional IPs (the ones from the VMs)? This is just an
assumption, when thinking back to Eucalyptus, which I tried to use
before as a Private Cloud Infrastructure.

Can someone give me a hint how routing is done in OpenNebula and
how packets are accepted by the bridge!

Thanks,
martin

-- 
Martin Lauer


Hochschule der Medien  
Nobelstraße 10  
70569 Stuttgart



___
Users mailing list
Users@lists.opennebula.org 
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org




--
Jaime Melis
Project Engineer
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org  | jme...@opennebula.org 

___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] VMs are not reachable over their IP

2011-11-16 Thread Jaime Melis 
Hi Martin,

The way the default network configuration works in OpenNebula is by making
the hypervisor hook the virtual network interface of a virtual machine to a
pre-existent bridge (created by the administrator), which is, in turn,
connected to a real physical device:

  +---+
  |   |
  |  br0  |
  |   |
  +---+--++
  |  |
  |  |
+-+  +---+
| |  |   |
|  eth0   |  |vnet0  |
| |  |   |
+-+  +---+

br0: bridge created by administrator during the installation process of
OpenNebula (which may or may not have an IP)
eth0: real physical device (which doesn't have an IP)
vnet0: the virtual network device of the virtual machine, created by the
hypervisor.

You can verify this when running a VM by running the following command in
your worker nodes:

$ bridge name bridge id STP enabled interfaces
br0 8000.001e682f4a02 no eth0
 vnet1

br1 8000.001e682f4a03 no eth1
 vnet0

In this particular case there are two bridges: br0 and br1

You can read about alternative network setups here:
http://opennebula.org/documentation:rel3.0:nm

Regards,
Jaime

On Mon, Nov 14, 2011 at 1:06 PM, Martin Lauer wrote:

> **
> Hi,
> I've set up my machine images with contextualization and they're
> configured right, when looking into the machines via VNC.
> The leases from my "public.net" are also given to the machines.
> Shouldn't the bridge on the host(s) "br0" be mapped with additional IPs
> (the ones from the VMs)? This is just an assumption, when thinking back to
> Eucalyptus, which I tried to use before as a Private Cloud Infrastructure.
>
> Can someone give me a hint how routing is done in OpenNebula and how
> packets are accepted by the bridge!
>
> Thanks,
> martin
>
> --
> Martin LauerHochschule der Medien Nobelstraße 10 70569 Stuttgart
>
>
> ___
> Users mailing list
> Users@lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>


-- 
Jaime Melis
Project Engineer
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org | jme...@opennebula.org
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] VMs are not reachable over their IP

2011-11-14 Thread Martin Lauer 

Hi,
I've set up my machine images with contextualization and they're 
configured right, when looking into the machines via VNC.

The leases from my "public.net" are also given to the machines.
Shouldn't the bridge on the host(s) "br0" be mapped with additional IPs 
(the ones from the VMs)? This is just an assumption, when thinking back 
to Eucalyptus, which I tried to use before as a Private Cloud 
Infrastructure.


Can someone give me a hint how routing is done in OpenNebula and how 
packets are accepted by the bridge!


Thanks,
martin

--
Martin Lauer

Hochschule der Medien  
Nobelstraße 10  
70569 Stuttgart


___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org