Re: [ovirt-users] EXTNET Hook and Libvirtd "Default" Network Setup
Hi Andrew, In the medium term I think that might be easier and more scalable - oVirt should allow you to not have to deal with libvirt "plumbing". Re-reading your original e-mail, I only now understand that you're using the default network to setup NAT, and that you weren't adding iptables rules on your own. If you do prefer to go with that, I have very little knowledge of libvirt's NAT. Maybe others on the list know more... Yours, Lior. On 18/12/14 19:00, Andrew Wagner wrote: > Lior, > > The main purpose of this is for testing. Medium-term, my plan is to spin > up another VLAN and routable private subnet with DHCP to trunk our > virtualization hosts onto. That requires more people to get involved to > get the testing environment in place. I suppose I can spin up a DHCP > server and private network outside of libvirt on the machine itself and > add to oVirt. > > Andrew > > On 12/18/2014 2:41 AM, Lior Vernia wrote: >> Hi Andrew, >> >> On 17/12/14 22:39, Andrew Wagner wrote: >>> All, >>> >>> I'm testing out oVirt for one of our projects that wants to try an >>> all-in-one setup before going to a larger deployment. For their testing, >>> they want to use the default NAT'd network from libvirtd on the host. >>> >>> I've install oVirt, installed the extnet hook, enabled IP forwarding in >>> sysctl.conf and loaded the setting, and created a vm that attaches to >>> the libvirtd "default" network and gets an IP. The VM can ssh to the >>> virbr0 IP address, in this case 192.168.122.1, to access the host. >>> However, the VM cannot reach any IP address off of the NAT'd subnet. I >>> haven't changed any of the default iptables rules that oVirt and >>> libvirtd create. Looking at ip route and the iptables rules, I feel that >>> traffic should be getting directed appropriately. >> Could you elaborate why there's need to meddle with the networking at >> the level of libvirt and to use the extnet hook? >> >> If all you need is an IP address and NAT, I would think a default oVirt >> setup would do as long as you have a DHCP server and add proper iptables >> rules to the host. >> >> Even if you do in fact need the specific libvirt network and to use the >> hook, maybe it's worth trying without them first - just to make sure >> your iptables rules are alright (they would be my prime suspect). >> >>> Does anyone have any thoughts as to what the issue may be? For some >>> reason, the ovirtmgmt bridge doesn't seem to be receiving or allowing >>> traffic from virbr0 to pass across it. I can provide more information if >>> that would be helpful! >>> >>> Andrew Wagner >>> ___ >>> Users mailing list >>> Users@ovirt.org >>> http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] EXTNET Hook and Libvirtd "Default" Network Setup
Lior, The main purpose of this is for testing. Medium-term, my plan is to spin up another VLAN and routable private subnet with DHCP to trunk our virtualization hosts onto. That requires more people to get involved to get the testing environment in place. I suppose I can spin up a DHCP server and private network outside of libvirt on the machine itself and add to oVirt. Andrew On 12/18/2014 2:41 AM, Lior Vernia wrote: Hi Andrew, On 17/12/14 22:39, Andrew Wagner wrote: All, I'm testing out oVirt for one of our projects that wants to try an all-in-one setup before going to a larger deployment. For their testing, they want to use the default NAT'd network from libvirtd on the host. I've install oVirt, installed the extnet hook, enabled IP forwarding in sysctl.conf and loaded the setting, and created a vm that attaches to the libvirtd "default" network and gets an IP. The VM can ssh to the virbr0 IP address, in this case 192.168.122.1, to access the host. However, the VM cannot reach any IP address off of the NAT'd subnet. I haven't changed any of the default iptables rules that oVirt and libvirtd create. Looking at ip route and the iptables rules, I feel that traffic should be getting directed appropriately. Could you elaborate why there's need to meddle with the networking at the level of libvirt and to use the extnet hook? If all you need is an IP address and NAT, I would think a default oVirt setup would do as long as you have a DHCP server and add proper iptables rules to the host. Even if you do in fact need the specific libvirt network and to use the hook, maybe it's worth trying without them first - just to make sure your iptables rules are alright (they would be my prime suspect). Does anyone have any thoughts as to what the issue may be? For some reason, the ovirtmgmt bridge doesn't seem to be receiving or allowing traffic from virbr0 to pass across it. I can provide more information if that would be helpful! Andrew Wagner ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] EXTNET Hook and Libvirtd "Default" Network Setup
Hi Andrew, On 17/12/14 22:39, Andrew Wagner wrote: > All, > > I'm testing out oVirt for one of our projects that wants to try an > all-in-one setup before going to a larger deployment. For their testing, > they want to use the default NAT'd network from libvirtd on the host. > > I've install oVirt, installed the extnet hook, enabled IP forwarding in > sysctl.conf and loaded the setting, and created a vm that attaches to > the libvirtd "default" network and gets an IP. The VM can ssh to the > virbr0 IP address, in this case 192.168.122.1, to access the host. > However, the VM cannot reach any IP address off of the NAT'd subnet. I > haven't changed any of the default iptables rules that oVirt and > libvirtd create. Looking at ip route and the iptables rules, I feel that > traffic should be getting directed appropriately. Could you elaborate why there's need to meddle with the networking at the level of libvirt and to use the extnet hook? If all you need is an IP address and NAT, I would think a default oVirt setup would do as long as you have a DHCP server and add proper iptables rules to the host. Even if you do in fact need the specific libvirt network and to use the hook, maybe it's worth trying without them first - just to make sure your iptables rules are alright (they would be my prime suspect). > > Does anyone have any thoughts as to what the issue may be? For some > reason, the ovirtmgmt bridge doesn't seem to be receiving or allowing > traffic from virbr0 to pass across it. I can provide more information if > that would be helpful! > > Andrew Wagner > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] EXTNET Hook and Libvirtd "Default" Network Setup
All, I'm testing out oVirt for one of our projects that wants to try an all-in-one setup before going to a larger deployment. For their testing, they want to use the default NAT'd network from libvirtd on the host. I've install oVirt, installed the extnet hook, enabled IP forwarding in sysctl.conf and loaded the setting, and created a vm that attaches to the libvirtd "default" network and gets an IP. The VM can ssh to the virbr0 IP address, in this case 192.168.122.1, to access the host. However, the VM cannot reach any IP address off of the NAT'd subnet. I haven't changed any of the default iptables rules that oVirt and libvirtd create. Looking at ip route and the iptables rules, I feel that traffic should be getting directed appropriately. Does anyone have any thoughts as to what the issue may be? For some reason, the ovirtmgmt bridge doesn't seem to be receiving or allowing traffic from virbr0 to pass across it. I can provide more information if that would be helpful! Andrew Wagner ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users