One last hurdle

Sat, 22 Feb 2014 16:38:24 -0800 


I am almost there to having a working config with advanced network on vsphere 
5.1
So I am using a pretty basic advanced network zone using vlan for isolation. 
Details are below:
Public range = x.x.233.0/24
Guest cidr = 10.1.1.0/24
VLAN range = 400-405

1. I create an instance of the default centos5.3 template, choosing to create a 
isolated network based on "DefaultIsolatedNetworkOfferingWithSourceNatService"
2. The system spawns a system router.
3. The system spawns the guest vm.
4. The router is made a part of the public vlan 233 and the isolated vlan 400
5. The guest vm is made a part of the isolated vlan 400.
6. The router is assigned an IP address on the isolated network of 10.1.1.1. 
The router is able to get out to the internet fine, and is able to ping the 
guest instance.
7. The guest is assigned an ip address on the isolated network. The guest vm is 
able to ping the router
Network Topology would look as follows:
guestvm ---> system router ---> firewall ---> router ---> internet
Up to this point everything LOOKS perfect...BUT...my guest vm is not able to 
get out to the internet.
At first I thought my problem might be with the hop after the system router 
which is my firewall. So what I did was to imitate what CS is doing, but with 
windows machines. Basically I spawned two machines, one which acted as a guest 
vm, the other to act as a system router. On the windows box, which I simulated 
the system router, I enabled routing and remote access to enable NAT. In this 
configuration the guest vm was able to use the simulated system router and 
browse the internet just fine. The test topology would look as follows:
guest vm ---> simulated router running windows and NAT ---> firewall ---> 
router ---> internet
So this leads me to believe that something is wrong with the system router and 
how it is NAT'ing. Up to this point I have tried the default network service 
"DefaultIsolatedNetworkOfferingWithSourceNatService" and created a new network 
offering using DNS,DHCP, and SourceNAT. 
I think once I get past this hurdle I will be be good to go....any help is 
hugely appreciated!!




                                          





















					Reply via email to