Hi , Thanks for your kind response. Please pardon my ignorance -- but i still struggle with very basic use case -- any machine(may be laptop) in guest vlan ( i mean l3 switch vlan), how to talk or connect with guests. Laptop <--------L3 Gusest VLAN ---------> Host - guest ALso another use case -- L3 Gusest VLAN ---------> Host1 - guest11 /guest12 / guest13
L3 Gusest VLAN ---------> Host2 - guest21 How guest11 & guest21 talks together. I see so far -- guest11/ guest12 /guest13 talks .. I am sure that i am missing some basic design issue. I use advanced zone -- with default options - network service in virtual router only. For guests machine to talk between hosts , do i need to have OVS? Best Regards Papu Bhattacharya CEO- PTR Technologies http://www.ptrsoft.com 91-9963111687 ----- Original Message ----- From: "Andrija Panic" <andrija.pa...@gmail.com> To: users@cloudstack.apache.org Sent: Wednesday, December 3, 2014 9:43:43 PM Subject: Re: Can't ping/ssh any guest from a laptop attached in same vlan - guests can talk wth each other though Papu, that is default VLAN isolation method behaviour. ACS takes cloudbr0 - checks what physical NIC is connected to it (i.e. eth0) and then it creates new bridges i.e. breth0-35 - with eth0.35 vlan interface joined to bridge so traffic from VM to internal network goes like this: vnetXXX --> breth0-35-->eth0.35 --(vlan tagging)-->eth0--> physical network. There is no way to directly attach vnet to your bridge as far as I know - at least when using VLANs. On 3 December 2014 at 16:52, papu bhattcharaya <p...@ptrsoft.com> wrote: > Hi Tilak, > Thanks for your kind response. I am using shared networking, not isolated > and i see no option of defining egress rule there. > Also every time i create a guest , it appears the cloud stack is not > creating vnet interface on cloubr0 bridge - rather its creating another > bridge interface on eth0 and > then creating vnet. May be because of vlan defined. But i wonder how to > get network interface on cloudbr0. > Thanks Again. > Best Regards > Papu Bhattacharya > CEO- PTR Technologies > http://www.ptrsoft.com > 91-9963111687 > > ----- Original Message ----- > From: "Tilak Raj Singh" <tila...@gmail.com> > To: users@cloudstack.apache.org > Sent: Wednesday, December 3, 2014 6:05:06 AM > Subject: Re: Can't ping/ssh any guest from a laptop attached in same vlan > - guests can talk wth each other though > > try adding ingress rules in your security group from cloudstack > UI...incoming traffic is disabled by default on virtual machines... > rules to be added.. > TCP start port 0 end port 65535 cidr 0.0.0.0/0 > UDP start port 0 end port 65535 cidr 0.0.0.0/0 > for ping allow ICMP too > ICMP icmp type -1 icmp code -1 cidr 0.0.0.0/0 > > Regards > > > On Tue, Dec 2, 2014 at 10:20 PM, papu bhattcharaya <p...@ptrsoft.com> > wrote: > > > Hi, ( sending same mail with attachments image- seems early mail image > was > > not attached), > > I am using cloudstack(4.4.1) with KVM host. I have a L3 switch - > > partitioned to 4 vlans > > public(CIDR:-192.168.1.0/24) > > guest vlan (CIDR:-10.0.0.0/24) > > management vlan (CIDR:-10.0.1.0/24) > > storage vlan (CIDR:-10.0.2.0/24) > > > > I have a kvm host with four physical NICS that a connected in switch and > > each NIC is connected in each different vlan. > > I have created bridge over each physical nics:- > > Cloudrbr0:-ip address:-10.0.0.24 connected on the port of the switch > > belongs to guest vlan) > > Cloudbr1:-ip address:-10.0.1.24 (connected on the port of the switch > > belongs to management vlan) > > Cloudbr2:-ip address:-10.0.2.24 (connected on the port of the switch > > belongs to storage vlan) > > Cloudbr3:-ip address:-192.168.1.24 (connected on the port of the switch > > belongs to public vlan) > > > > I have a physical machine with four NICS and CloudStack management is > > installed on it and four NICS are connected in four vlans with ip. > > =>I have created a zone with advanced networking and everything been > > success so far. > > > > when I created two instances(guests) on kvm host, I can ping this > > instances with each other.( guest1/ guest2) > > i.e > > Instance1:-ip address:-10.0.0.90 > > Instance2:-ip address:-10.0.0.91 > > Virtual router:-ip address:-10.0.0.4 > > Now when I tried to ping /ssh the guest from a laptop attached in same > > vlan (guest vlan) , I can’t ping guests. > > From the laptop , I can ping 10.0.0.24 ( my cloudbr0 ip – in KVM host > > machine) , but cant ping/ssh any guest. > > There is no firewall issues - i checked. > > > > I have attached a network diagram also for better understanding of > issues. > > > > Could you please help me so that I can ping /ssh to any guest from any > > machine in guest vlan. > > Thanks in advance > > > > > > Best Regards > > Papu Bhattacharya > > CEO- PTR Technologies > > http://www.ptrsoft.com > > 91-9963111687 > > > > ----- Original Message ----- > > From: "papu bhattcharaya" <p...@ptrsoft.com> > > To: papub...@gmail.com > > Sent: Tuesday, December 2, 2014 10:15:30 PM > > Subject: Fwd: Can't ping/ssh any guest from a laptop attached in same > > vlan - guests can talk wth each other though > > > > > > > > Best Regards > > Papu Bhattacharya > > CEO- PTR Technologies > > http://www.ptrsoft.com > > 91-9963111687 > > > > ----- Forwarded Message ----- > > From: "papu bhattcharaya" <p...@ptrsoft.com> > > To: d...@cloudstack.apache.org > > Sent: Tuesday, December 2, 2014 10:05:11 PM > > Subject: Can't ping/ssh any guest from a laptop attached in same vlan - > > guests can talk wth each other though > > > > Hi , > > I am using cloudstack(4.4.1) with KVM host. I have a L3 switch - > > partitioned to 4 vlans > > public(CIDR:-192.168.1.0/24) > > guest vlan (CIDR:-10.0.0.0/24) > > management vlan (CIDR:-10.0.1.0/24) > > storage vlan (CIDR:-10.0.2.0/24) > > > > I have a kvm host with four physical NICS that a connected in switch and > > each NIC is connected in each different vlan. > > I have created bridge over each physical nics:- > > Cloudrbr0:-ip address:-10.0.0.24 connected on the port of the switch > > belongs to guest vlan) > > Cloudbr1:-ip address:-10.0.1.24 (connected on the port of the switch > > belongs to management vlan) > > Cloudbr2:-ip address:-10.0.2.24 (connected on the port of the switch > > belongs to storage vlan) > > Cloudbr3:-ip address:-192.168.1.24 (connected on the port of the switch > > belongs to public vlan) > > > > I have a physical machine with four NICS and CloudStack management is > > installed on it and four NICS are connected in four vlans with ip. > > =>I have created a zone with advanced networking and everything been > > success so far. > > > > when I created two instances(guests) on kvm host, I can ping this > > instances with each other.( guest1/ guest2) > > i.e > > Instance1:-ip address:-10.0.0.90 > > Instance2:-ip address:-10.0.0.91 > > Virtual router:-ip address:-10.0.0.4 > > Now when I tried to ping /ssh the guest from a laptop attached in same > > vlan (guest vlan) , I can’t ping guests. > > From the laptop , I can ping 10.0.0.24 ( my cloudbr0 ip – in KVM host > > machine) , but cant ping/ssh any guest. > > There is no firewall issues - i checked. > > > > I have attached a network diagram also for better understanding of > issues. > > > > Could you please help me so that I can ping /ssh to any guest from any > > machine in guest vlan. > > Thanks in advance > > > > Best Regards > > Papu Bhattacharya > > CEO- PTR Technologies > > http://www.ptrsoft.com > > 91-9963111687 > > > > > -- Andrija Panić
