subject:"\[ovirt\-users\] Re\: Ovirt VLAN Primer"

[ovirt-users] Re: Ovirt VLAN Primer

2021-02-03 Thread David Johnson

Thank you.

I got so buried in the mechanics that I lost sight of the purpose of the
tagging. The tagged network should not be able to ping the untagged - that
was the whole purpose of the exercise.

The real problem is that the untagged network is unable to see its gateway
to the internet, which may be something as simple as configuring the
gateway on the router (not an ovirt problem). I was caught up chasing a red
herring by trying to ping the physical network.



On Wed, Feb 3, 2021, 12:26 AM Ales Musil  wrote:

>
>
> On Tue, Feb 2, 2021 at 8:07 PM Dan Yasny  wrote:
>
>>
>>
>> On Tue, Feb 2, 2021 at 2:00 PM David Johnson <
>> djohn...@maxistechnology.com> wrote:
>>
>>> Ah ... so if I connected one of the other ethernet ports to the tagged
>>> traffic (second physical network for tagged traffic), it should work as I
>>> expect?
>>>
>>
>> Yes, if there are no untagged networks attached
>>
>
> Mixing untagged and tagged is not a good practice from a security point of
> view but it should work.
> There might be 2 things blocking traffic to/from VM. Please make sure that
> the network does not have "Port Isolation".
> The second thing might be network filters, it can be disabled in
> corresponding vNIC profile and then rebooting VM or plugging/unplugging VM
> interface will make this change effective.
>
> Regards,
> Ales
>
>
>>
>>
>>> Regards,
>>> David Johnson
>>> Director of Development, Maxis Technology
>>> 844.696.2947 ext 702 (o)  |  479.531.3590 (c)
>>> djohn...@maxistechnology.com
>>>
>>>
>>> [image: Maxis Techncology] 
>>> www.maxistechnology.com
>>>
>>>
>>> *stay connected *
>>>
>>>
>>> On Tue, Feb 2, 2021 at 12:56 PM Dan Yasny  wrote:
>>>
 You're trying to mix tagged and untagged traffic. That, iirc, isn't
 supported for security reasons (the untagged network can see all the tagged
 traffic). You can put multiple tagged networks on the same NIC though.

 Please check with the ovirt folks though, it's been a while since I
 last checked the state of things

 On Tue, Feb 2, 2021 at 1:51 PM David Johnson <
 djohn...@maxistechnology.com> wrote:

> I have a physical network ovirtmgmt, and a logical network 10-non-prod
> with the vlan tag of 10 and the network label of 10.
>
> The physical and vlan have both been dragged to the enp0 NIC on the
> host.
>
> What I understand from this is that the bridge has been there all
> along, but, since I can't ping the host no traffic is crossing it.
>
> Host IP's : *192.168.2.18/24  * and 
> *10.210.100.18/24
> *
> VLAN IP on host: *10.210.10.18/24 *
>
>
> Regards,
>
> David Johnson
>
> On Tue, Feb 2, 2021 at 12:44 PM Dan Yasny  wrote:
>
>>
>>
>> On Tue, Feb 2, 2021 at 1:38 PM David Johnson <
>> djohn...@maxistechnology.com> wrote:
>>
>>> Thanks, this is a step closer, but the details are still very
>>> sketchy.
>>>
>>> Following the instructions at
>>> https://www.ovirt.org/documentation/administration_guide/#appe-Custom_Network_Properties
>>> :
>>>
>>> If I understand the instructions correctly:
>>>
>>>1. Open the host in the Ovirt UI
>>>2. Go to the Network tab
>>>3. Select the NIC I want to bridge to
>>>4. Click "Setup Host Networks"
>>>5. Click the pencil icon on the (host? VLAN?) network
>>>6. Choose the Custom Properties tab
>>>7. In the Custom Properties (Please Select a key), choose
>>>"bridge_opts"
>>>8.  At this point, there is no way to add the keys it looks
>>>like it needs ???   Total loss ???
>>>
>>>
>> You need to create a logical network first. Do you have any of those?
>> Logical networks are where you may add VLAN tags.
>>
>> In the hosts' network setup window you simply drag the logical
>> network to the NIC or bond and save. The VLAN tag and bridge will be
>> created accordingly on the host
>>
>>
>>>
>>> Regards,
>>> David Johnson
>>> Director of Development, Maxis Technology
>>> 844.696.2947 ext 702 (o)  |  479.531.3590 (c)
>>> djohn...@maxistechnology.com
>>>
>>>
>>> [image: Maxis Techncology] 
>>> www.maxistechnology.com
>>>
>>>
>>> *stay connected *
>>>
>>>
>>> On Tue, Feb 2, 2021 at 9:24 AM Dan Yasny  wrote:
>>>


 On Tue, Feb 2, 2021 at 10:20 AM David Johnson <
 djohn...@maxistechnology.com> wrote:

> This is great ... I am missing the bridge (at least).
>
> Does the bridge reside on the host or the VM?  Is it created in
> the Ovirt UI, or in the VM operating system?
>

 On

[ovirt-users] Re: Ovirt VLAN Primer

2021-02-02 Thread Ales Musil

On Tue, Feb 2, 2021 at 8:07 PM Dan Yasny  wrote:

>
>
> On Tue, Feb 2, 2021 at 2:00 PM David Johnson 
> wrote:
>
>> Ah ... so if I connected one of the other ethernet ports to the tagged
>> traffic (second physical network for tagged traffic), it should work as I
>> expect?
>>
>
> Yes, if there are no untagged networks attached
>

Mixing untagged and tagged is not a good practice from a security point of
view but it should work.
There might be 2 things blocking traffic to/from VM. Please make sure that
the network does not have "Port Isolation".
The second thing might be network filters, it can be disabled in
corresponding vNIC profile and then rebooting VM or plugging/unplugging VM
interface will make this change effective.

Regards,
Ales


>
>
>> Regards,
>> David Johnson
>> Director of Development, Maxis Technology
>> 844.696.2947 ext 702 (o)  |  479.531.3590 (c)
>> djohn...@maxistechnology.com
>>
>>
>> [image: Maxis Techncology] 
>> www.maxistechnology.com
>>
>>
>> *stay connected *
>>
>>
>> On Tue, Feb 2, 2021 at 12:56 PM Dan Yasny  wrote:
>>
>>> You're trying to mix tagged and untagged traffic. That, iirc, isn't
>>> supported for security reasons (the untagged network can see all the tagged
>>> traffic). You can put multiple tagged networks on the same NIC though.
>>>
>>> Please check with the ovirt folks though, it's been a while since I last
>>> checked the state of things
>>>
>>> On Tue, Feb 2, 2021 at 1:51 PM David Johnson <
>>> djohn...@maxistechnology.com> wrote:
>>>
 I have a physical network ovirtmgmt, and a logical network 10-non-prod
 with the vlan tag of 10 and the network label of 10.

 The physical and vlan have both been dragged to the enp0 NIC on the
 host.

 What I understand from this is that the bridge has been there all
 along, but, since I can't ping the host no traffic is crossing it.

 Host IP's : *192.168.2.18/24  * and 
 *10.210.100.18/24
 *
 VLAN IP on host: *10.210.10.18/24 *


 Regards,

 David Johnson

 On Tue, Feb 2, 2021 at 12:44 PM Dan Yasny  wrote:

>
>
> On Tue, Feb 2, 2021 at 1:38 PM David Johnson <
> djohn...@maxistechnology.com> wrote:
>
>> Thanks, this is a step closer, but the details are still very sketchy.
>>
>> Following the instructions at
>> https://www.ovirt.org/documentation/administration_guide/#appe-Custom_Network_Properties
>> :
>>
>> If I understand the instructions correctly:
>>
>>1. Open the host in the Ovirt UI
>>2. Go to the Network tab
>>3. Select the NIC I want to bridge to
>>4. Click "Setup Host Networks"
>>5. Click the pencil icon on the (host? VLAN?) network
>>6. Choose the Custom Properties tab
>>7. In the Custom Properties (Please Select a key), choose
>>"bridge_opts"
>>8.  At this point, there is no way to add the keys it looks
>>like it needs ???   Total loss ???
>>
>>
> You need to create a logical network first. Do you have any of those?
> Logical networks are where you may add VLAN tags.
>
> In the hosts' network setup window you simply drag the logical network
> to the NIC or bond and save. The VLAN tag and bridge will be created
> accordingly on the host
>
>
>>
>> Regards,
>> David Johnson
>> Director of Development, Maxis Technology
>> 844.696.2947 ext 702 (o)  |  479.531.3590 (c)
>> djohn...@maxistechnology.com
>>
>>
>> [image: Maxis Techncology] 
>> www.maxistechnology.com
>>
>>
>> *stay connected *
>>
>>
>> On Tue, Feb 2, 2021 at 9:24 AM Dan Yasny  wrote:
>>
>>>
>>>
>>> On Tue, Feb 2, 2021 at 10:20 AM David Johnson <
>>> djohn...@maxistechnology.com> wrote:
>>>
 This is great ... I am missing the bridge (at least).

 Does the bridge reside on the host or the VM?  Is it created in the
 Ovirt UI, or in the VM operating system?

>>>
>>> On the host. Logical networks in oVirt are a virtual construct,
>>> translating to a "profile" that gets built on the hosts in the cluster.
>>> Essentially, each logical network is a bridge with the same name on the
>>> hosts, and if there's a vlan tag, then the interface (or bond) gets 
>>> tagged,
>>> and the bridge is built on top of that tagged interface. VMs are plugged
>>> into the bridges and their traffic flows through the bridges to the
>>> switches. Very simple really, and there was a KB we published about this
>>> about a decade ago.
>>>
>>>

 Thanks!

 David Johnson

 On Tue, Feb 2, 2021 at 9:16 AM Dan Yasny

[ovirt-users] Re: Ovirt VLAN Primer

2021-02-02 Thread Dan Yasny

On Tue, Feb 2, 2021 at 2:00 PM David Johnson 
wrote:

> Ah ... so if I connected one of the other ethernet ports to the tagged
> traffic (second physical network for tagged traffic), it should work as I
> expect?
>

Yes, if there are no untagged networks attached


> Regards,
> David Johnson
> Director of Development, Maxis Technology
> 844.696.2947 ext 702 (o)  |  479.531.3590 (c)
> djohn...@maxistechnology.com
>
>
> [image: Maxis Techncology] 
> www.maxistechnology.com
>
>
> *stay connected *
>
>
> On Tue, Feb 2, 2021 at 12:56 PM Dan Yasny  wrote:
>
>> You're trying to mix tagged and untagged traffic. That, iirc, isn't
>> supported for security reasons (the untagged network can see all the tagged
>> traffic). You can put multiple tagged networks on the same NIC though.
>>
>> Please check with the ovirt folks though, it's been a while since I last
>> checked the state of things
>>
>> On Tue, Feb 2, 2021 at 1:51 PM David Johnson <
>> djohn...@maxistechnology.com> wrote:
>>
>>> I have a physical network ovirtmgmt, and a logical network 10-non-prod
>>> with the vlan tag of 10 and the network label of 10.
>>>
>>> The physical and vlan have both been dragged to the enp0 NIC on the host.
>>>
>>> What I understand from this is that the bridge has been there all along,
>>> but, since I can't ping the host no traffic is crossing it.
>>>
>>> Host IP's : *192.168.2.18/24  * and 
>>> *10.210.100.18/24
>>> *
>>> VLAN IP on host: *10.210.10.18/24 *
>>>
>>>
>>> Regards,
>>>
>>> David Johnson
>>>
>>> On Tue, Feb 2, 2021 at 12:44 PM Dan Yasny  wrote:
>>>


 On Tue, Feb 2, 2021 at 1:38 PM David Johnson <
 djohn...@maxistechnology.com> wrote:

> Thanks, this is a step closer, but the details are still very sketchy.
>
> Following the instructions at
> https://www.ovirt.org/documentation/administration_guide/#appe-Custom_Network_Properties
> :
>
> If I understand the instructions correctly:
>
>1. Open the host in the Ovirt UI
>2. Go to the Network tab
>3. Select the NIC I want to bridge to
>4. Click "Setup Host Networks"
>5. Click the pencil icon on the (host? VLAN?) network
>6. Choose the Custom Properties tab
>7. In the Custom Properties (Please Select a key), choose
>"bridge_opts"
>8.  At this point, there is no way to add the keys it looks
>like it needs ???   Total loss ???
>
>
 You need to create a logical network first. Do you have any of those?
 Logical networks are where you may add VLAN tags.

 In the hosts' network setup window you simply drag the logical network
 to the NIC or bond and save. The VLAN tag and bridge will be created
 accordingly on the host


>
> Regards,
> David Johnson
> Director of Development, Maxis Technology
> 844.696.2947 ext 702 (o)  |  479.531.3590 (c)
> djohn...@maxistechnology.com
>
>
> [image: Maxis Techncology] 
> www.maxistechnology.com
>
>
> *stay connected *
>
>
> On Tue, Feb 2, 2021 at 9:24 AM Dan Yasny  wrote:
>
>>
>>
>> On Tue, Feb 2, 2021 at 10:20 AM David Johnson <
>> djohn...@maxistechnology.com> wrote:
>>
>>> This is great ... I am missing the bridge (at least).
>>>
>>> Does the bridge reside on the host or the VM?  Is it created in the
>>> Ovirt UI, or in the VM operating system?
>>>
>>
>> On the host. Logical networks in oVirt are a virtual construct,
>> translating to a "profile" that gets built on the hosts in the cluster.
>> Essentially, each logical network is a bridge with the same name on the
>> hosts, and if there's a vlan tag, then the interface (or bond) gets 
>> tagged,
>> and the bridge is built on top of that tagged interface. VMs are plugged
>> into the bridges and their traffic flows through the bridges to the
>> switches. Very simple really, and there was a KB we published about this
>> about a decade ago.
>>
>>
>>>
>>> Thanks!
>>>
>>> David Johnson
>>>
>>> On Tue, Feb 2, 2021 at 9:16 AM Dan Yasny  wrote:
>>>


 On Tue, Feb 2, 2021 at 10:06 AM David Johnson <
 djohn...@maxistechnology.com> wrote:

> Good morning Ales,
>
> Thank you for your response.
>
> At this point, while I believe I have marked the networks as
> required, I am hesitant to assume that they are marked because I don't
> understand for sure which pieces I don't understand.
>
> Unfortunately, what I am missing is a number of random bits and
> pieces that tie everything together.
>
> I have fought with

[ovirt-users] Re: Ovirt VLAN Primer

2021-02-02 Thread David Johnson

Ah ... so if I connected one of the other ethernet ports to the tagged
traffic (second physical network for tagged traffic), it should work as I
expect?

Regards,
David Johnson
Director of Development, Maxis Technology
844.696.2947 ext 702 (o)  |  479.531.3590 (c)
djohn...@maxistechnology.com


[image: Maxis Techncology] 
www.maxistechnology.com


*stay connected *


On Tue, Feb 2, 2021 at 12:56 PM Dan Yasny  wrote:

> You're trying to mix tagged and untagged traffic. That, iirc, isn't
> supported for security reasons (the untagged network can see all the tagged
> traffic). You can put multiple tagged networks on the same NIC though.
>
> Please check with the ovirt folks though, it's been a while since I last
> checked the state of things
>
> On Tue, Feb 2, 2021 at 1:51 PM David Johnson 
> wrote:
>
>> I have a physical network ovirtmgmt, and a logical network 10-non-prod
>> with the vlan tag of 10 and the network label of 10.
>>
>> The physical and vlan have both been dragged to the enp0 NIC on the host.
>>
>> What I understand from this is that the bridge has been there all along,
>> but, since I can't ping the host no traffic is crossing it.
>>
>> Host IP's : *192.168.2.18/24  * and *10.210.100.18/24
>> *
>> VLAN IP on host: *10.210.10.18/24 *
>>
>>
>> Regards,
>>
>> David Johnson
>>
>> On Tue, Feb 2, 2021 at 12:44 PM Dan Yasny  wrote:
>>
>>>
>>>
>>> On Tue, Feb 2, 2021 at 1:38 PM David Johnson <
>>> djohn...@maxistechnology.com> wrote:
>>>
 Thanks, this is a step closer, but the details are still very sketchy.

 Following the instructions at
 https://www.ovirt.org/documentation/administration_guide/#appe-Custom_Network_Properties
 :

 If I understand the instructions correctly:

1. Open the host in the Ovirt UI
2. Go to the Network tab
3. Select the NIC I want to bridge to
4. Click "Setup Host Networks"
5. Click the pencil icon on the (host? VLAN?) network
6. Choose the Custom Properties tab
7. In the Custom Properties (Please Select a key), choose
"bridge_opts"
8.  At this point, there is no way to add the keys it looks
like it needs ???   Total loss ???


>>> You need to create a logical network first. Do you have any of those?
>>> Logical networks are where you may add VLAN tags.
>>>
>>> In the hosts' network setup window you simply drag the logical network
>>> to the NIC or bond and save. The VLAN tag and bridge will be created
>>> accordingly on the host
>>>
>>>

 Regards,
 David Johnson
 Director of Development, Maxis Technology
 844.696.2947 ext 702 (o)  |  479.531.3590 (c)
 djohn...@maxistechnology.com


 [image: Maxis Techncology] 
 www.maxistechnology.com


 *stay connected *


 On Tue, Feb 2, 2021 at 9:24 AM Dan Yasny  wrote:

>
>
> On Tue, Feb 2, 2021 at 10:20 AM David Johnson <
> djohn...@maxistechnology.com> wrote:
>
>> This is great ... I am missing the bridge (at least).
>>
>> Does the bridge reside on the host or the VM?  Is it created in the
>> Ovirt UI, or in the VM operating system?
>>
>
> On the host. Logical networks in oVirt are a virtual construct,
> translating to a "profile" that gets built on the hosts in the cluster.
> Essentially, each logical network is a bridge with the same name on the
> hosts, and if there's a vlan tag, then the interface (or bond) gets 
> tagged,
> and the bridge is built on top of that tagged interface. VMs are plugged
> into the bridges and their traffic flows through the bridges to the
> switches. Very simple really, and there was a KB we published about this
> about a decade ago.
>
>
>>
>> Thanks!
>>
>> David Johnson
>>
>> On Tue, Feb 2, 2021 at 9:16 AM Dan Yasny  wrote:
>>
>>>
>>>
>>> On Tue, Feb 2, 2021 at 10:06 AM David Johnson <
>>> djohn...@maxistechnology.com> wrote:
>>>
 Good morning Ales,

 Thank you for your response.

 At this point, while I believe I have marked the networks as
 required, I am hesitant to assume that they are marked because I don't
 understand for sure which pieces I don't understand.

 Unfortunately, what I am missing is a number of random bits and
 pieces that tie everything together.

 I have fought with the networking on this cluster for over a week.
 The network configuration was so messed up it was faster and cleaner to
 wipe the cluster completely and start from scratch, and I just 
 finished a
 clean reinstallation.

 Now that it's back up and I

[ovirt-users] Re: Ovirt VLAN Primer

2021-02-02 Thread Dan Yasny

You're trying to mix tagged and untagged traffic. That, iirc, isn't
supported for security reasons (the untagged network can see all the tagged
traffic). You can put multiple tagged networks on the same NIC though.

Please check with the ovirt folks though, it's been a while since I last
checked the state of things

On Tue, Feb 2, 2021 at 1:51 PM David Johnson 
wrote:

> I have a physical network ovirtmgmt, and a logical network 10-non-prod
> with the vlan tag of 10 and the network label of 10.
>
> The physical and vlan have both been dragged to the enp0 NIC on the host.
>
> What I understand from this is that the bridge has been there all along,
> but, since I can't ping the host no traffic is crossing it.
>
> Host IP's : *192.168.2.18/24  * and *10.210.100.18/24
> *
> VLAN IP on host: *10.210.10.18/24 *
>
>
> Regards,
>
> David Johnson
>
> On Tue, Feb 2, 2021 at 12:44 PM Dan Yasny  wrote:
>
>>
>>
>> On Tue, Feb 2, 2021 at 1:38 PM David Johnson <
>> djohn...@maxistechnology.com> wrote:
>>
>>> Thanks, this is a step closer, but the details are still very sketchy.
>>>
>>> Following the instructions at
>>> https://www.ovirt.org/documentation/administration_guide/#appe-Custom_Network_Properties
>>> :
>>>
>>> If I understand the instructions correctly:
>>>
>>>1. Open the host in the Ovirt UI
>>>2. Go to the Network tab
>>>3. Select the NIC I want to bridge to
>>>4. Click "Setup Host Networks"
>>>5. Click the pencil icon on the (host? VLAN?) network
>>>6. Choose the Custom Properties tab
>>>7. In the Custom Properties (Please Select a key), choose
>>>"bridge_opts"
>>>8.  At this point, there is no way to add the keys it looks like
>>>it needs ???   Total loss ???
>>>
>>>
>> You need to create a logical network first. Do you have any of those?
>> Logical networks are where you may add VLAN tags.
>>
>> In the hosts' network setup window you simply drag the logical network to
>> the NIC or bond and save. The VLAN tag and bridge will be created
>> accordingly on the host
>>
>>
>>>
>>> Regards,
>>> David Johnson
>>> Director of Development, Maxis Technology
>>> 844.696.2947 ext 702 (o)  |  479.531.3590 (c)
>>> djohn...@maxistechnology.com
>>>
>>>
>>> [image: Maxis Techncology] 
>>> www.maxistechnology.com
>>>
>>>
>>> *stay connected *
>>>
>>>
>>> On Tue, Feb 2, 2021 at 9:24 AM Dan Yasny  wrote:
>>>


 On Tue, Feb 2, 2021 at 10:20 AM David Johnson <
 djohn...@maxistechnology.com> wrote:

> This is great ... I am missing the bridge (at least).
>
> Does the bridge reside on the host or the VM?  Is it created in the
> Ovirt UI, or in the VM operating system?
>

 On the host. Logical networks in oVirt are a virtual construct,
 translating to a "profile" that gets built on the hosts in the cluster.
 Essentially, each logical network is a bridge with the same name on the
 hosts, and if there's a vlan tag, then the interface (or bond) gets tagged,
 and the bridge is built on top of that tagged interface. VMs are plugged
 into the bridges and their traffic flows through the bridges to the
 switches. Very simple really, and there was a KB we published about this
 about a decade ago.


>
> Thanks!
>
> David Johnson
>
> On Tue, Feb 2, 2021 at 9:16 AM Dan Yasny  wrote:
>
>>
>>
>> On Tue, Feb 2, 2021 at 10:06 AM David Johnson <
>> djohn...@maxistechnology.com> wrote:
>>
>>> Good morning Ales,
>>>
>>> Thank you for your response.
>>>
>>> At this point, while I believe I have marked the networks as
>>> required, I am hesitant to assume that they are marked because I don't
>>> understand for sure which pieces I don't understand.
>>>
>>> Unfortunately, what I am missing is a number of random bits and
>>> pieces that tie everything together.
>>>
>>> I have fought with the networking on this cluster for over a week.
>>> The network configuration was so messed up it was faster and cleaner to
>>> wipe the cluster completely and start from scratch, and I just finished 
>>> a
>>> clean reinstallation.
>>>
>>> Now that it's back up and I understand it better, the VM's on VLAN's
>>> are still unable to reach beyond themselves - they cannot even ping the
>>> host they are on.
>>>
>>> Rather than try to address it symptom by symptom, I would like to
>>> get a solid overview of how the different pieces tie together.
>>> Unfortunately, in the official documentation, all I found was which 
>>> buttons
>>> to push to edit the vlan, with nothing that addresses how the different
>>> pieces are wired together.
>>>
>>> My understanding of the architecture is:
>>>
>>> VM -> vNIC -> virtual switch -> physical NIC ->

[ovirt-users] Re: Ovirt VLAN Primer

2021-02-02 Thread David Johnson

I have a physical network ovirtmgmt, and a logical network 10-non-prod with
the vlan tag of 10 and the network label of 10.

The physical and vlan have both been dragged to the enp0 NIC on the host.

What I understand from this is that the bridge has been there all along,
but, since I can't ping the host no traffic is crossing it.

Host IP's : *192.168.2.18/24  * and *10.210.100.18/24
*
VLAN IP on host: *10.210.10.18/24 *


Regards,

David Johnson

On Tue, Feb 2, 2021 at 12:44 PM Dan Yasny  wrote:

>
>
> On Tue, Feb 2, 2021 at 1:38 PM David Johnson 
> wrote:
>
>> Thanks, this is a step closer, but the details are still very sketchy.
>>
>> Following the instructions at
>> https://www.ovirt.org/documentation/administration_guide/#appe-Custom_Network_Properties
>> :
>>
>> If I understand the instructions correctly:
>>
>>1. Open the host in the Ovirt UI
>>2. Go to the Network tab
>>3. Select the NIC I want to bridge to
>>4. Click "Setup Host Networks"
>>5. Click the pencil icon on the (host? VLAN?) network
>>6. Choose the Custom Properties tab
>>7. In the Custom Properties (Please Select a key), choose
>>"bridge_opts"
>>8.  At this point, there is no way to add the keys it looks like
>>it needs ???   Total loss ???
>>
>>
> You need to create a logical network first. Do you have any of those?
> Logical networks are where you may add VLAN tags.
>
> In the hosts' network setup window you simply drag the logical network to
> the NIC or bond and save. The VLAN tag and bridge will be created
> accordingly on the host
>
>
>>
>> Regards,
>> David Johnson
>> Director of Development, Maxis Technology
>> 844.696.2947 ext 702 (o)  |  479.531.3590 (c)
>> djohn...@maxistechnology.com
>>
>>
>> [image: Maxis Techncology] 
>> www.maxistechnology.com
>>
>>
>> *stay connected *
>>
>>
>> On Tue, Feb 2, 2021 at 9:24 AM Dan Yasny  wrote:
>>
>>>
>>>
>>> On Tue, Feb 2, 2021 at 10:20 AM David Johnson <
>>> djohn...@maxistechnology.com> wrote:
>>>
 This is great ... I am missing the bridge (at least).

 Does the bridge reside on the host or the VM?  Is it created in the
 Ovirt UI, or in the VM operating system?

>>>
>>> On the host. Logical networks in oVirt are a virtual construct,
>>> translating to a "profile" that gets built on the hosts in the cluster.
>>> Essentially, each logical network is a bridge with the same name on the
>>> hosts, and if there's a vlan tag, then the interface (or bond) gets tagged,
>>> and the bridge is built on top of that tagged interface. VMs are plugged
>>> into the bridges and their traffic flows through the bridges to the
>>> switches. Very simple really, and there was a KB we published about this
>>> about a decade ago.
>>>
>>>

 Thanks!

 David Johnson

 On Tue, Feb 2, 2021 at 9:16 AM Dan Yasny  wrote:

>
>
> On Tue, Feb 2, 2021 at 10:06 AM David Johnson <
> djohn...@maxistechnology.com> wrote:
>
>> Good morning Ales,
>>
>> Thank you for your response.
>>
>> At this point, while I believe I have marked the networks as
>> required, I am hesitant to assume that they are marked because I don't
>> understand for sure which pieces I don't understand.
>>
>> Unfortunately, what I am missing is a number of random bits and
>> pieces that tie everything together.
>>
>> I have fought with the networking on this cluster for over a week.
>> The network configuration was so messed up it was faster and cleaner to
>> wipe the cluster completely and start from scratch, and I just finished a
>> clean reinstallation.
>>
>> Now that it's back up and I understand it better, the VM's on VLAN's
>> are still unable to reach beyond themselves - they cannot even ping the
>> host they are on.
>>
>> Rather than try to address it symptom by symptom, I would like to get
>> a solid overview of how the different pieces tie together. Unfortunately,
>> in the official documentation, all I found was which buttons to push to
>> edit the vlan, with nothing that addresses how the different pieces are
>> wired together.
>>
>> My understanding of the architecture is:
>>
>> VM -> vNIC -> virtual switch -> physical NIC -> external network ->
>> gateway -> internet
>>
>
> When you create a tagged network, the scheme changes a bit:
> VM -> vNIC -> BRIDGE -> NIC.tag -> NIC -> switch
>
> All the VM traffic will get tagged this way, and the switch port
> should be in trunk mode allowing tagged traffic through.
>
>
>
>
>>
>> What I don't understand is how to determine at which point in the
>> architecture the configuration is wrong, when the only symptom I have for
>> sure right now is that my VM's on a VLAN won't ping

[ovirt-users] Re: Ovirt VLAN Primer

2021-02-02 Thread Dan Yasny

On Tue, Feb 2, 2021 at 1:38 PM David Johnson 
wrote:

> Thanks, this is a step closer, but the details are still very sketchy.
>
> Following the instructions at
> https://www.ovirt.org/documentation/administration_guide/#appe-Custom_Network_Properties
> :
>
> If I understand the instructions correctly:
>
>1. Open the host in the Ovirt UI
>2. Go to the Network tab
>3. Select the NIC I want to bridge to
>4. Click "Setup Host Networks"
>5. Click the pencil icon on the (host? VLAN?) network
>6. Choose the Custom Properties tab
>7. In the Custom Properties (Please Select a key), choose "bridge_opts"
>8.  At this point, there is no way to add the keys it looks like
>it needs ???   Total loss ???
>
>
You need to create a logical network first. Do you have any of those?
Logical networks are where you may add VLAN tags.

In the hosts' network setup window you simply drag the logical network to
the NIC or bond and save. The VLAN tag and bridge will be created
accordingly on the host


>
> Regards,
> David Johnson
> Director of Development, Maxis Technology
> 844.696.2947 ext 702 (o)  |  479.531.3590 (c)
> djohn...@maxistechnology.com
>
>
> [image: Maxis Techncology] 
> www.maxistechnology.com
>
>
> *stay connected *
>
>
> On Tue, Feb 2, 2021 at 9:24 AM Dan Yasny  wrote:
>
>>
>>
>> On Tue, Feb 2, 2021 at 10:20 AM David Johnson <
>> djohn...@maxistechnology.com> wrote:
>>
>>> This is great ... I am missing the bridge (at least).
>>>
>>> Does the bridge reside on the host or the VM?  Is it created in the
>>> Ovirt UI, or in the VM operating system?
>>>
>>
>> On the host. Logical networks in oVirt are a virtual construct,
>> translating to a "profile" that gets built on the hosts in the cluster.
>> Essentially, each logical network is a bridge with the same name on the
>> hosts, and if there's a vlan tag, then the interface (or bond) gets tagged,
>> and the bridge is built on top of that tagged interface. VMs are plugged
>> into the bridges and their traffic flows through the bridges to the
>> switches. Very simple really, and there was a KB we published about this
>> about a decade ago.
>>
>>
>>>
>>> Thanks!
>>>
>>> David Johnson
>>>
>>> On Tue, Feb 2, 2021 at 9:16 AM Dan Yasny  wrote:
>>>


 On Tue, Feb 2, 2021 at 10:06 AM David Johnson <
 djohn...@maxistechnology.com> wrote:

> Good morning Ales,
>
> Thank you for your response.
>
> At this point, while I believe I have marked the networks as required,
> I am hesitant to assume that they are marked because I don't understand 
> for
> sure which pieces I don't understand.
>
> Unfortunately, what I am missing is a number of random bits and pieces
> that tie everything together.
>
> I have fought with the networking on this cluster for over a week. The
> network configuration was so messed up it was faster and cleaner to wipe
> the cluster completely and start from scratch, and I just finished a clean
> reinstallation.
>
> Now that it's back up and I understand it better, the VM's on VLAN's
> are still unable to reach beyond themselves - they cannot even ping the
> host they are on.
>
> Rather than try to address it symptom by symptom, I would like to get
> a solid overview of how the different pieces tie together. Unfortunately,
> in the official documentation, all I found was which buttons to push to
> edit the vlan, with nothing that addresses how the different pieces are
> wired together.
>
> My understanding of the architecture is:
>
> VM -> vNIC -> virtual switch -> physical NIC -> external network ->
> gateway -> internet
>

 When you create a tagged network, the scheme changes a bit:
 VM -> vNIC -> BRIDGE -> NIC.tag -> NIC -> switch

 All the VM traffic will get tagged this way, and the switch port should
 be in trunk mode allowing tagged traffic through.




>
> What I don't understand is how to determine at which point in the
> architecture the configuration is wrong, when the only symptom I have for
> sure right now is that my VM's on a VLAN won't ping the host or anything 
> on
> the external network.
>
> At one point everything was working as expected, briefly, before the
> whole thing came crashing down, so the external network is at least mostly
> configured.
>
> On Tue, Feb 2, 2021, 12:20 AM Ales Musil  wrote:
>
>>
>>
>> On Tue, Feb 2, 2021 at 6:18 AM David Johnson <
>> djohn...@maxistechnology.com> wrote:
>>
>>> Good morning all,
>>>
>>> On my ovirt 4.4.4 cluster, I am trying to use VLan's to separate
>>> VM's for security purposes.
>>>
>>> Is there a usable how-to document that describes how to configure
>>> the vlan's so they actually function without taking the

[ovirt-users] Re: Ovirt VLAN Primer

2021-02-02 Thread David Johnson

Thanks, this is a step closer, but the details are still very sketchy.

Following the instructions at
https://www.ovirt.org/documentation/administration_guide/#appe-Custom_Network_Properties
:

If I understand the instructions correctly:

   1. Open the host in the Ovirt UI
   2. Go to the Network tab
   3. Select the NIC I want to bridge to
   4. Click "Setup Host Networks"
   5. Click the pencil icon on the (host? VLAN?) network
   6. Choose the Custom Properties tab
   7. In the Custom Properties (Please Select a key), choose "bridge_opts"
   8.  At this point, there is no way to add the keys it looks like it
   needs ???   Total loss ???

Regards,
David Johnson
Director of Development, Maxis Technology
844.696.2947 ext 702 (o)  |  479.531.3590 (c)
djohn...@maxistechnology.com

[image: Maxis Techncology] 
www.maxistechnology.com

*stay connected *

On Tue, Feb 2, 2021 at 9:24 AM Dan Yasny  wrote:

>
>
> On Tue, Feb 2, 2021 at 10:20 AM David Johnson <
> djohn...@maxistechnology.com> wrote:
>
>> This is great ... I am missing the bridge (at least).
>>
>> Does the bridge reside on the host or the VM?  Is it created in the Ovirt
>> UI, or in the VM operating system?
>>
>
> On the host. Logical networks in oVirt are a virtual construct,
> translating to a "profile" that gets built on the hosts in the cluster.
> Essentially, each logical network is a bridge with the same name on the
> hosts, and if there's a vlan tag, then the interface (or bond) gets tagged,
> and the bridge is built on top of that tagged interface. VMs are plugged
> into the bridges and their traffic flows through the bridges to the
> switches. Very simple really, and there was a KB we published about this
> about a decade ago.
>
>
>>
>> Thanks!
>>
>> David Johnson
>>
>> On Tue, Feb 2, 2021 at 9:16 AM Dan Yasny  wrote:
>>
>>>
>>>
>>> On Tue, Feb 2, 2021 at 10:06 AM David Johnson <
>>> djohn...@maxistechnology.com> wrote:
>>>
 Good morning Ales,

 Thank you for your response.

 At this point, while I believe I have marked the networks as required,
 I am hesitant to assume that they are marked because I don't understand for
 sure which pieces I don't understand.

 Unfortunately, what I am missing is a number of random bits and pieces
 that tie everything together.

 I have fought with the networking on this cluster for over a week. The
 network configuration was so messed up it was faster and cleaner to wipe
 the cluster completely and start from scratch, and I just finished a clean
 reinstallation.

 Now that it's back up and I understand it better, the VM's on VLAN's
 are still unable to reach beyond themselves - they cannot even ping the
 host they are on.

 Rather than try to address it symptom by symptom, I would like to get a
 solid overview of how the different pieces tie together. Unfortunately, in
 the official documentation, all I found was which buttons to push to edit
 the vlan, with nothing that addresses how the different pieces are wired
 together.

 My understanding of the architecture is:

 VM -> vNIC -> virtual switch -> physical NIC -> external network ->
 gateway -> internet

>>>
>>> When you create a tagged network, the scheme changes a bit:
>>> VM -> vNIC -> BRIDGE -> NIC.tag -> NIC -> switch
>>>
>>> All the VM traffic will get tagged this way, and the switch port should
>>> be in trunk mode allowing tagged traffic through.
>>>
>>>
>>>
>>>

 What I don't understand is how to determine at which point in the
 architecture the configuration is wrong, when the only symptom I have for
 sure right now is that my VM's on a VLAN won't ping the host or anything on
 the external network.

 At one point everything was working as expected, briefly, before the
 whole thing came crashing down, so the external network is at least mostly
 configured.

 On Tue, Feb 2, 2021, 12:20 AM Ales Musil  wrote:

>
>
> On Tue, Feb 2, 2021 at 6:18 AM David Johnson <
> djohn...@maxistechnology.com> wrote:
>
>> Good morning all,
>>
>> On my ovirt 4.4.4 cluster, I am trying to use VLan's to separate VM's
>> for security purposes.
>>
>> Is there a usable how-to document that describes how to configure the
>> vlan's so they actually function without taking the host into
>> non-operational mode?
>>
>> Thank you in advance.
>>
>> Regards,
>> David Johnson
>>
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>>

[ovirt-users] Re: Ovirt VLAN Primer

2021-02-02 Thread Dan Yasny

On Tue, Feb 2, 2021 at 10:20 AM David Johnson 
wrote:

> This is great ... I am missing the bridge (at least).
>
> Does the bridge reside on the host or the VM?  Is it created in the Ovirt
> UI, or in the VM operating system?
>

On the host. Logical networks in oVirt are a virtual construct, translating
to a "profile" that gets built on the hosts in the cluster. Essentially,
each logical network is a bridge with the same name on the hosts, and if
there's a vlan tag, then the interface (or bond) gets tagged, and the
bridge is built on top of that tagged interface. VMs are plugged into the
bridges and their traffic flows through the bridges to the switches. Very
simple really, and there was a KB we published about this about a decade
ago.


>
> Thanks!
>
> David Johnson
>
> On Tue, Feb 2, 2021 at 9:16 AM Dan Yasny  wrote:
>
>>
>>
>> On Tue, Feb 2, 2021 at 10:06 AM David Johnson <
>> djohn...@maxistechnology.com> wrote:
>>
>>> Good morning Ales,
>>>
>>> Thank you for your response.
>>>
>>> At this point, while I believe I have marked the networks as required, I
>>> am hesitant to assume that they are marked because I don't understand for
>>> sure which pieces I don't understand.
>>>
>>> Unfortunately, what I am missing is a number of random bits and pieces
>>> that tie everything together.
>>>
>>> I have fought with the networking on this cluster for over a week. The
>>> network configuration was so messed up it was faster and cleaner to wipe
>>> the cluster completely and start from scratch, and I just finished a clean
>>> reinstallation.
>>>
>>> Now that it's back up and I understand it better, the VM's on VLAN's are
>>> still unable to reach beyond themselves - they cannot even ping the host
>>> they are on.
>>>
>>> Rather than try to address it symptom by symptom, I would like to get a
>>> solid overview of how the different pieces tie together. Unfortunately, in
>>> the official documentation, all I found was which buttons to push to edit
>>> the vlan, with nothing that addresses how the different pieces are wired
>>> together.
>>>
>>> My understanding of the architecture is:
>>>
>>> VM -> vNIC -> virtual switch -> physical NIC -> external network ->
>>> gateway -> internet
>>>
>>
>> When you create a tagged network, the scheme changes a bit:
>> VM -> vNIC -> BRIDGE -> NIC.tag -> NIC -> switch
>>
>> All the VM traffic will get tagged this way, and the switch port should
>> be in trunk mode allowing tagged traffic through.
>>
>>
>>
>>
>>>
>>> What I don't understand is how to determine at which point in the
>>> architecture the configuration is wrong, when the only symptom I have for
>>> sure right now is that my VM's on a VLAN won't ping the host or anything on
>>> the external network.
>>>
>>> At one point everything was working as expected, briefly, before the
>>> whole thing came crashing down, so the external network is at least mostly
>>> configured.
>>>
>>> On Tue, Feb 2, 2021, 12:20 AM Ales Musil  wrote:
>>>


 On Tue, Feb 2, 2021 at 6:18 AM David Johnson <
 djohn...@maxistechnology.com> wrote:

> Good morning all,
>
> On my ovirt 4.4.4 cluster, I am trying to use VLan's to separate VM's
> for security purposes.
>
> Is there a usable how-to document that describes how to configure the
> vlan's so they actually function without taking the host into
> non-operational mode?
>
> Thank you in advance.
>
> Regards,
> David Johnson
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/IYPORJKHTSVTYTTRGWIW3V2MF5CFZ6DC/
>

 Hello,

 I assume that you have marked those networks as required. This is handy
 to make sure that all hosts in a cluster have this network attached.
 Which implies that the host is considered non operational until you
 assign all required networks.

 To avoid this you can uncheck it for a new network in the cluster tab
 of the "New Logical Network" window. For existing go to
 Compute -> Clusters -> $YOUR_CLUSTER -> Logical Networks -> Manage
 Networks and uncheck required for the affected network.
 This can be always changed back.

 Hopefully this helps.
 Regards,
 Ales




 --

 Ales Musil

 Software Engineer - RHV Network

 Red Hat EMEA 

 amu...@redhat.comIM: amusil
 

>>> ___
>>> Users mailing list -- users@ovirt.org
>>> To unsubscribe send an email to users-le...@ovirt.org
>>> Privacy Statement:

[ovirt-users] Re: Ovirt VLAN Primer

2021-02-02 Thread David Johnson

This is great ... I am missing the bridge (at least).

Does the bridge reside on the host or the VM?  Is it created in the Ovirt
UI, or in the VM operating system?

Thanks!

David Johnson

On Tue, Feb 2, 2021 at 9:16 AM Dan Yasny  wrote:

>
>
> On Tue, Feb 2, 2021 at 10:06 AM David Johnson <
> djohn...@maxistechnology.com> wrote:
>
>> Good morning Ales,
>>
>> Thank you for your response.
>>
>> At this point, while I believe I have marked the networks as required, I
>> am hesitant to assume that they are marked because I don't understand for
>> sure which pieces I don't understand.
>>
>> Unfortunately, what I am missing is a number of random bits and pieces
>> that tie everything together.
>>
>> I have fought with the networking on this cluster for over a week. The
>> network configuration was so messed up it was faster and cleaner to wipe
>> the cluster completely and start from scratch, and I just finished a clean
>> reinstallation.
>>
>> Now that it's back up and I understand it better, the VM's on VLAN's are
>> still unable to reach beyond themselves - they cannot even ping the host
>> they are on.
>>
>> Rather than try to address it symptom by symptom, I would like to get a
>> solid overview of how the different pieces tie together. Unfortunately, in
>> the official documentation, all I found was which buttons to push to edit
>> the vlan, with nothing that addresses how the different pieces are wired
>> together.
>>
>> My understanding of the architecture is:
>>
>> VM -> vNIC -> virtual switch -> physical NIC -> external network ->
>> gateway -> internet
>>
>
> When you create a tagged network, the scheme changes a bit:
> VM -> vNIC -> BRIDGE -> NIC.tag -> NIC -> switch
>
> All the VM traffic will get tagged this way, and the switch port should be
> in trunk mode allowing tagged traffic through.
>
>
>
>
>>
>> What I don't understand is how to determine at which point in the
>> architecture the configuration is wrong, when the only symptom I have for
>> sure right now is that my VM's on a VLAN won't ping the host or anything on
>> the external network.
>>
>> At one point everything was working as expected, briefly, before the
>> whole thing came crashing down, so the external network is at least mostly
>> configured.
>>
>> On Tue, Feb 2, 2021, 12:20 AM Ales Musil  wrote:
>>
>>>
>>>
>>> On Tue, Feb 2, 2021 at 6:18 AM David Johnson <
>>> djohn...@maxistechnology.com> wrote:
>>>
 Good morning all,

 On my ovirt 4.4.4 cluster, I am trying to use VLan's to separate VM's
 for security purposes.

 Is there a usable how-to document that describes how to configure the
 vlan's so they actually function without taking the host into
 non-operational mode?

 Thank you in advance.

 Regards,
 David Johnson

 ___
 Users mailing list -- users@ovirt.org
 To unsubscribe send an email to users-le...@ovirt.org
 Privacy Statement: https://www.ovirt.org/privacy-policy.html
 oVirt Code of Conduct:
 https://www.ovirt.org/community/about/community-guidelines/
 List Archives:
 https://lists.ovirt.org/archives/list/users@ovirt.org/message/IYPORJKHTSVTYTTRGWIW3V2MF5CFZ6DC/

>>>
>>> Hello,
>>>
>>> I assume that you have marked those networks as required. This is handy
>>> to make sure that all hosts in a cluster have this network attached.
>>> Which implies that the host is considered non operational until you
>>> assign all required networks.
>>>
>>> To avoid this you can uncheck it for a new network in the cluster tab of
>>> the "New Logical Network" window. For existing go to
>>> Compute -> Clusters -> $YOUR_CLUSTER -> Logical Networks -> Manage
>>> Networks and uncheck required for the affected network.
>>> This can be always changed back.
>>>
>>> Hopefully this helps.
>>> Regards,
>>> Ales
>>>
>>>
>>>
>>>
>>> --
>>>
>>> Ales Musil
>>>
>>> Software Engineer - RHV Network
>>>
>>> Red Hat EMEA 
>>>
>>> amu...@redhat.comIM: amusil
>>> 
>>>
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/47JUY2NVTCQ76LPCVIAHY7ONYSZV3P5B/
>>
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VCY562FAKGA5X5WRGRG536PUJV2QGVJP/

[ovirt-users] Re: Ovirt VLAN Primer

2021-02-02 Thread Dan Yasny

On Tue, Feb 2, 2021 at 10:06 AM David Johnson 
wrote:

> Good morning Ales,
>
> Thank you for your response.
>
> At this point, while I believe I have marked the networks as required, I
> am hesitant to assume that they are marked because I don't understand for
> sure which pieces I don't understand.
>
> Unfortunately, what I am missing is a number of random bits and pieces
> that tie everything together.
>
> I have fought with the networking on this cluster for over a week. The
> network configuration was so messed up it was faster and cleaner to wipe
> the cluster completely and start from scratch, and I just finished a clean
> reinstallation.
>
> Now that it's back up and I understand it better, the VM's on VLAN's are
> still unable to reach beyond themselves - they cannot even ping the host
> they are on.
>
> Rather than try to address it symptom by symptom, I would like to get a
> solid overview of how the different pieces tie together. Unfortunately, in
> the official documentation, all I found was which buttons to push to edit
> the vlan, with nothing that addresses how the different pieces are wired
> together.
>
> My understanding of the architecture is:
>
> VM -> vNIC -> virtual switch -> physical NIC -> external network ->
> gateway -> internet
>

When you create a tagged network, the scheme changes a bit:
VM -> vNIC -> BRIDGE -> NIC.tag -> NIC -> switch

All the VM traffic will get tagged this way, and the switch port should be
in trunk mode allowing tagged traffic through.




>
> What I don't understand is how to determine at which point in the
> architecture the configuration is wrong, when the only symptom I have for
> sure right now is that my VM's on a VLAN won't ping the host or anything on
> the external network.
>
> At one point everything was working as expected, briefly, before the whole
> thing came crashing down, so the external network is at least mostly
> configured.
>
> On Tue, Feb 2, 2021, 12:20 AM Ales Musil  wrote:
>
>>
>>
>> On Tue, Feb 2, 2021 at 6:18 AM David Johnson <
>> djohn...@maxistechnology.com> wrote:
>>
>>> Good morning all,
>>>
>>> On my ovirt 4.4.4 cluster, I am trying to use VLan's to separate VM's
>>> for security purposes.
>>>
>>> Is there a usable how-to document that describes how to configure the
>>> vlan's so they actually function without taking the host into
>>> non-operational mode?
>>>
>>> Thank you in advance.
>>>
>>> Regards,
>>> David Johnson
>>>
>>> ___
>>> Users mailing list -- users@ovirt.org
>>> To unsubscribe send an email to users-le...@ovirt.org
>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>>> oVirt Code of Conduct:
>>> https://www.ovirt.org/community/about/community-guidelines/
>>> List Archives:
>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/IYPORJKHTSVTYTTRGWIW3V2MF5CFZ6DC/
>>>
>>
>> Hello,
>>
>> I assume that you have marked those networks as required. This is handy
>> to make sure that all hosts in a cluster have this network attached.
>> Which implies that the host is considered non operational until you
>> assign all required networks.
>>
>> To avoid this you can uncheck it for a new network in the cluster tab of
>> the "New Logical Network" window. For existing go to
>> Compute -> Clusters -> $YOUR_CLUSTER -> Logical Networks -> Manage
>> Networks and uncheck required for the affected network.
>> This can be always changed back.
>>
>> Hopefully this helps.
>> Regards,
>> Ales
>>
>>
>>
>>
>> --
>>
>> Ales Musil
>>
>> Software Engineer - RHV Network
>>
>> Red Hat EMEA 
>>
>> amu...@redhat.comIM: amusil
>> 
>>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/47JUY2NVTCQ76LPCVIAHY7ONYSZV3P5B/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UY5BJDCRF32UVGMV3QYILY5MIRLYFFVM/

[ovirt-users] Re: Ovirt VLAN Primer

2021-02-02 Thread David Johnson

Good morning Ales,

Thank you for your response.

At this point, while I believe I have marked the networks as required, I am
hesitant to assume that they are marked because I don't understand for sure
which pieces I don't understand.

Unfortunately, what I am missing is a number of random bits and pieces that
tie everything together.

I have fought with the networking on this cluster for over a week. The
network configuration was so messed up it was faster and cleaner to wipe
the cluster completely and start from scratch, and I just finished a clean
reinstallation.

Now that it's back up and I understand it better, the VM's on VLAN's are
still unable to reach beyond themselves - they cannot even ping the host
they are on.

Rather than try to address it symptom by symptom, I would like to get a
solid overview of how the different pieces tie together. Unfortunately, in
the official documentation, all I found was which buttons to push to edit
the vlan, with nothing that addresses how the different pieces are wired
together.

My understanding of the architecture is:

VM -> vNIC -> virtual switch -> physical NIC -> external network -> gateway
-> internet

What I don't understand is how to determine at which point in the
architecture the configuration is wrong, when the only symptom I have for
sure right now is that my VM's on a VLAN won't ping the host or anything on
the external network.

At one point everything was working as expected, briefly, before the whole
thing came crashing down, so the external network is at least mostly
configured.

On Tue, Feb 2, 2021, 12:20 AM Ales Musil  wrote:

>
>
> On Tue, Feb 2, 2021 at 6:18 AM David Johnson 
> wrote:
>
>> Good morning all,
>>
>> On my ovirt 4.4.4 cluster, I am trying to use VLan's to separate VM's for
>> security purposes.
>>
>> Is there a usable how-to document that describes how to configure the
>> vlan's so they actually function without taking the host into
>> non-operational mode?
>>
>> Thank you in advance.
>>
>> Regards,
>> David Johnson
>>
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/IYPORJKHTSVTYTTRGWIW3V2MF5CFZ6DC/
>>
>
> Hello,
>
> I assume that you have marked those networks as required. This is handy to
> make sure that all hosts in a cluster have this network attached.
> Which implies that the host is considered non operational until you assign
> all required networks.
>
> To avoid this you can uncheck it for a new network in the cluster tab of
> the "New Logical Network" window. For existing go to
> Compute -> Clusters -> $YOUR_CLUSTER -> Logical Networks -> Manage
> Networks and uncheck required for the affected network.
> This can be always changed back.
>
> Hopefully this helps.
> Regards,
> Ales
>
>
>
>
> --
>
> Ales Musil
>
> Software Engineer - RHV Network
>
> Red Hat EMEA 
>
> amu...@redhat.comIM: amusil
> 
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/47JUY2NVTCQ76LPCVIAHY7ONYSZV3P5B/

[ovirt-users] Re: Ovirt VLAN Primer

2021-02-01 Thread Ales Musil

On Tue, Feb 2, 2021 at 6:18 AM David Johnson 
wrote:

> Good morning all,
>
> On my ovirt 4.4.4 cluster, I am trying to use VLan's to separate VM's for
> security purposes.
>
> Is there a usable how-to document that describes how to configure the
> vlan's so they actually function without taking the host into
> non-operational mode?
>
> Thank you in advance.
>
> Regards,
> David Johnson
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/IYPORJKHTSVTYTTRGWIW3V2MF5CFZ6DC/
>

Hello,

I assume that you have marked those networks as required. This is handy to
make sure that all hosts in a cluster have this network attached.
Which implies that the host is considered non operational until you assign
all required networks.

To avoid this you can uncheck it for a new network in the cluster tab of
the "New Logical Network" window. For existing go to
Compute -> Clusters -> $YOUR_CLUSTER -> Logical Networks -> Manage Networks
and uncheck required for the affected network.
This can be always changed back.

Hopefully this helps.
Regards,
Ales

-- 

Ales Musil

Software Engineer - RHV Network

Red Hat EMEA 

amu...@redhat.comIM: amusil

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JEUZXK7Y6KRH2LIATXQMIUIXO4LXKSUT/

[ovirt-users] Re: Ovirt VLAN Primer

[ovirt-users] Re: Ovirt VLAN Primer

[ovirt-users] Re: Ovirt VLAN Primer

[ovirt-users] Re: Ovirt VLAN Primer

[ovirt-users] Re: Ovirt VLAN Primer

[ovirt-users] Re: Ovirt VLAN Primer

[ovirt-users] Re: Ovirt VLAN Primer

[ovirt-users] Re: Ovirt VLAN Primer

[ovirt-users] Re: Ovirt VLAN Primer

[ovirt-users] Re: Ovirt VLAN Primer

[ovirt-users] Re: Ovirt VLAN Primer

[ovirt-users] Re: Ovirt VLAN Primer

[ovirt-users] Re: Ovirt VLAN Primer

13 matches

Site Navigation

Mail list logo

Footer information