Hi Valentin, Your assumption is correct.
My method is to use OpenNebula Virtual Router by refer to this page [1] and Openvswitch. I have installed Openvswitch in the host and I was able to deploy VM in isolated network. I try to deploy the VirtualRouter in a virtual network. My problem is, I cannot ping it and cannot SSH into it. >From the documentation, I understand that the VirtualRouter needs to be deploy as a VM in a specific virtual network and it will act as the DHCP for the VMs in the same virtual network. I also have included the example context in the VirtualRouter template. My VirtualRouter template: NIC=[NETWORK_ID="0"] NIC=[NETWORK_ID="9",IP="10.0.10.1"] INPUT=[BUS="usb",TYPE="tablet"] MEMORY="512" OS=[ARCH="x86_64",BOOT="hd"] GRAPHICS=[LISTEN="0.0.0.0",TYPE="SPICE"] DISK=[IMAGE_ID="24"] CPU="0.5" CONTEXT=[TARGET="hdb",NETWORK="YES",FORWARDING="8080:10.0.10.2:80 10.0.10.2:22",DHCP="YES",PRIVNET="$NETWORK[TEMPLATE, NETWORK=\"ovs .10\"]",TEMPLATE="TEMPLATE",SSH_PUBLIC_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCk+MN96iAn4uXRieJqyJG7WY32zW0LTXJBdISdjDLlp8QgFrxOdi9Aw2+eu+QSbVHwBsqOTimpOuzknisOhD4RPCTCT7G2/xaEUxWg0AB3ySrMZC3Dv5AgBy0CikFk50/CbwBtMjj2pRINm0axfP+cUT/VBhJRAiwVe2wsIOL/t2PGOy0O8Q2zjG1XfCVZPCYPOxj9Jk0y8DoMHp0ILA6gM7hGN4CKAQiXnbjv8WD9uFpRr7eruXQUdMuPn2wnyDMcCnzUEMtPUoPIy6gyAer3biRyEQkAXNJ+R1WXvX6Ah848MTyoICoA7KKIm9e3xe/SXMJxxOPHZLWSJSIRmhcd hpc1@hpc-workstation1",PUBNET="$NETWORK[TEMPLATE, NETWORK=\"Virtual Network .113\"]",DNS="8.8.8.8 8.8.4.4"] May I know how to actually use the VirtualRouter? [1] http://opennebula.org/documentation:rel4.2:router On Thu, Oct 3, 2013 at 3:56 PM, Valentin Bud <valentin....@gmail.com> wrote: > Hello Fazli, > > I will make some assumptions about your infrastructure and provide > possible approach(es). > > * Your KVM nodes have a single Ethernet interface, eth0, connected in a > switch and a router used as the default gateway for the 192.168.1/24 > network, > > * Also the frontend is connected via the same switch with the rest of > the nodes, > > * You have a br0 bridge with eth0 connected to it on each node and also > the frontend, > > * Your frontend is also a node. > > If you have access to the router the simplest way would be to add an IP > Address alias on the router interface as the default gateway for the new > network. > > Configure a new network inside OpenNebula for that using the chosen > subnet and the same bridge, br0. > > I don't know if you have any kind of security policies in place but be > careful that in this way there is no Layer 2 separation and traffic > between the two subnets is visible with tcpdump or other sniffers. > > The second approach I can think about is to have the frontend configured > with the first IP Address from the new subnet on br0 and define a new > network inside OpenNebula like the above. > > I don't know if this would work though.The NAT must be done for > 10.100.0/24 over > 192.168.1.X (the IP Address of frontend from 192.168.1/24 subnet). What > I don't know is if iptables can MASQUERADE subnets on the same > interface. Never tried it, it might work. > > Another approach that come to mind is to use the Virtual Router and > define a new subnet on the same br0 bridge. The Virtual Router would > have an interface connected to 192.168.1/24 network and one in the > 10.100.0/24 one. Setup it up to have the first IP Address from the > 10.100.0/24 network so it is the default gateway. > > The same applies, traffic over L2 is not separated in anyway. > > One more idea :-) would be to use Open vSwitch and GRE tunnels between > the nodes. In this way you can use VLANs and transport over GRE between > nodes. You can also setup IPSec encrypted GRE tunnels if you want > security. It might be overkill but again it depends on your > requirements. > > Another working setup I have done is to use tinc VPN [1] between nodes > in switch mode and connect it to the Open vSwitch from each host as a > port. This way traffic that travels between nodes is fully encrypted and > you can use the same L2 network in a secure fashion. > > But maybe the best approach would be to have a second network card, > eth1, in each node. Connect that second card in an Open vSwitch and use > VLANs with the frontend being the router, or any other node for that > matter. > > [1]: http://www.tinc-vpn.org/ > > Good Will, > Valentin > > On Thu, Oct 03, 2013 at 09:18:41AM +0800, M Fazli A Jalaluddin wrote: > > Hello Valentin, > > > > My setup for OpenNebula is 1 Front-end and several KVM nodes. The > front-end > > and nodes are using IP address 192.168.1.xxx and are able to connect to > the > > internet. > > > > The current networking setup for the VM is using dummy and bridge, br0. > > > > So, for the VM able to access to the internet, is by assigning them > > 192.168.1.xxx IP addresses. > > > > If I have many VMs, IP address 192.168.1.xxx will be depleted. > > > > Hence, I need to make a new private network such as, 10.0.1.xxx which > will > > map to only a single 192.168.1.xxx, e.g 192.168.1.5. > > > > Thank you. > > > > Regards, > > Fazli > > > > > > On Wed, Oct 2, 2013 at 7:21 PM, Valentin Bud <valentin....@gmail.com> > wrote: > > > > > Hello Fazli, > > > > > > The Virtual Router documentation [1] is definitely a good place to > start. > > > > > > > > > On Wed, Oct 2, 2013 at 1:57 PM, M Fazli A Jalaluddin < > > > fazli.jalalud...@gmail.com> wrote: > > > > > >> Hi, > > >> > > >> Is there any tutorial on how to use the VirtualRouter? > > >> > > >> I have download the image from Marketplace and Deploy a VM out of it. > > >> > > >> Then what should I do? > > >> > > >> My concern is that the Multiple VM will be able to be assigned a > private > > >> IP address (at the same time connect to the internet) while the KVM > host is > > >> using public IP address. > > >> > > > > > > I don't really understand your concern. Could you be more specific? > > > > > > Yes, every VM will get a private IP address from the Router in case you > > > connect it to the private > > > network. If you connect the VM to the public network too you'd have to > > > setup the IP address on the VM. > > > If context package is installed in the VM it'll autoconfigure the > public > > > IP also. > > > > > > [1]: http://opennebula.org/documentation:rel4.2:router > > > > > > Good Will, > > > > > > > > >> > > >> Thank you > > >> > > >> On Wed, Oct 2, 2013 at 4:26 PM, Carlos Martín Sánchez < > > >> cmar...@opennebula.org> wrote: > > >> > > >>> Hi, > > >>> > > >>> On Wed, Oct 2, 2013 at 6:56 AM, M Fazli A Jalaluddin < > > >>> fazli.jalalud...@gmail.com> wrote: > > >>> > > >>> Hi, > > >>>> > > >>>> May I know if the Virtual Router provide NAT? > > >>>> > > >>> > > >>> Yes, look for the Full Router section in the documentation: > > >>> http://opennebula.org/documentation:rel4.2:router > > >>> > > >>> PS: Please reply also to the mailing list > > >>> > > >>> Regards. > > >>> -- > > >>> Carlos Martín, MSc > > >>> Project Engineer > > >>> OpenNebula - Flexible Enterprise Cloud Made Simple > > >>> www.OpenNebula.org | cmar...@opennebula.org | @OpenNebula< > http://twitter.com/opennebula><cmar...@opennebula.org> > > >>> > > >>> > > >>> On Wed, Oct 2, 2013 at 6:56 AM, M Fazli A Jalaluddin < > > >>> fazli.jalalud...@gmail.com> wrote: > > >>> > > >>>> Hi, > > >>>> > > >>>> May I know if the Virtual Router provide NAT? > > >>>> > > >>>> Thank you > > >>>> > > >>>> > > >>>> On Thu, Sep 5, 2013 at 5:29 PM, Carlos Martín Sánchez < > > >>>> cmar...@opennebula.org> wrote: > > >>>> > > >>>>> Hi, > > >>>>> > > >>>>> Actually, we do provide a Virtual Router appliance that contains a > > >>>>> DHCP server. It knows the correct IP assigned by OpenNebula to > each MAC. > > >>>>> See http://opennebula.org/documentation:rel4.2:router > > >>>>> > > >>>>> Regards > > >>>>> > > >>>>> -- > > >>>>> Join us at OpenNebulaConf2013 <http://opennebulaconf.com> in > Berlin, > > >>>>> 24-26 September, 2013 > > >>>>> -- > > >>>>> Carlos Martín, MSc > > >>>>> Project Engineer > > >>>>> OpenNebula - The Open-source Solution for Data Center > Virtualization > > >>>>> www.OpenNebula.org | cmar...@opennebula.org | @OpenNebula< > http://twitter.com/opennebula><cmar...@opennebula.org> > > >>>>> > > >>>>> > > >>>>> On Thu, Sep 5, 2013 at 8:55 AM, Ionut Popovici < > io...@hackaserver.com>wrote: > > >>>>> > > >>>>>> No opennebula don't provide DHCP , you could use vlans to brake > the > > >>>>>> network, and u can use contextualization to get the ip for virtual > > >>>>>> machines, if u use bridge mode is u should make rules in > iptables(ebtables) > > >>>>>> for udp dst port 67 and allow only response from your DHCP > server. > > >>>>>> Chears. > > >>>>>> On 9/5/2013 9:49 AM, Mohammad Fazli Ahmat Jalaluddin wrote: > > >>>>>> > > >>>>>> Hi guys, > > >>>>>> > > >>>>>> I just want to ask few questions. > > >>>>>> > > >>>>>> Does OpenNebula act as a DHCP Server and give IP address to the > VM if > > >>>>>> it is not contextualized in the first place? > > >>>>>> > > >>>>>> When the VM is deploy (without context), e.g Ubuntu server default > > >>>>>> network configuration is using DHCP, and thus the IP for the VM is > > >>>>>> different with the one that OpenNebula uses from the vnet lease. > > >>>>>> > > >>>>>> Is the IP address in the VM is given by OpenNebula (act as the > DHCP > > >>>>>> server) or given by our network existing DHCP server? > > >>>>>> > > >>>>>> The reason I'm asking is because our network is poisoned since > there > > >>>>>> are 2 DHCP server. BTW, our OpenNebula configuration for the > network is > > >>>>>> using dummy and using bridge in the frontend > > >>>>>> > > >>>>>> Thank you very much. > > >>>>>> > > >>>>>> Regards, > > >>>>>> Fazli > > >>>>>> > > >>>>>> > > >>>>>> _______________________________________________ > > >>>>>> Users mailing listUsers@lists.opennebula.orghttp:// > lists.opennebula.org/listinfo.cgi/users-opennebula.org > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> _______________________________________________ > > >>>>>> Users mailing list > > >>>>>> Users@lists.opennebula.org > > >>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > > >>>>>> > > >>>>>> > > >>>>> > > >>>>> _______________________________________________ > > >>>>> Users mailing list > > >>>>> Users@lists.opennebula.org > > >>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > > >>>>> > > >>>>> > > >>>> > > >>> > > >> > > >> _______________________________________________ > > >> Users mailing list > > >> Users@lists.opennebula.org > > >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > > >> > > >> > > > > > > > > > -- > > > Valentin Bud > > > http://databus.pro | valen...@databus.pro > > > >
_______________________________________________ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org