On Tue, Feb 2, 2021 at 10:20 AM David Johnson <djohn...@maxistechnology.com> wrote:
> This is great ... I am missing the bridge (at least). > > Does the bridge reside on the host or the VM? Is it created in the Ovirt > UI, or in the VM operating system? > On the host. Logical networks in oVirt are a virtual construct, translating to a "profile" that gets built on the hosts in the cluster. Essentially, each logical network is a bridge with the same name on the hosts, and if there's a vlan tag, then the interface (or bond) gets tagged, and the bridge is built on top of that tagged interface. VMs are plugged into the bridges and their traffic flows through the bridges to the switches. Very simple really, and there was a KB we published about this about a decade ago. > > Thanks! > > David Johnson > > On Tue, Feb 2, 2021 at 9:16 AM Dan Yasny <dya...@gmail.com> wrote: > >> >> >> On Tue, Feb 2, 2021 at 10:06 AM David Johnson < >> djohn...@maxistechnology.com> wrote: >> >>> Good morning Ales, >>> >>> Thank you for your response. >>> >>> At this point, while I believe I have marked the networks as required, I >>> am hesitant to assume that they are marked because I don't understand for >>> sure which pieces I don't understand. >>> >>> Unfortunately, what I am missing is a number of random bits and pieces >>> that tie everything together. >>> >>> I have fought with the networking on this cluster for over a week. The >>> network configuration was so messed up it was faster and cleaner to wipe >>> the cluster completely and start from scratch, and I just finished a clean >>> reinstallation. >>> >>> Now that it's back up and I understand it better, the VM's on VLAN's are >>> still unable to reach beyond themselves - they cannot even ping the host >>> they are on. >>> >>> Rather than try to address it symptom by symptom, I would like to get a >>> solid overview of how the different pieces tie together. Unfortunately, in >>> the official documentation, all I found was which buttons to push to edit >>> the vlan, with nothing that addresses how the different pieces are wired >>> together. >>> >>> My understanding of the architecture is: >>> >>> VM -> vNIC -> virtual switch -> physical NIC -> external network -> >>> gateway -> internet >>> >> >> When you create a tagged network, the scheme changes a bit: >> VM -> vNIC -> BRIDGE -> NIC.tag -> NIC -> switch >> >> All the VM traffic will get tagged this way, and the switch port should >> be in trunk mode allowing tagged traffic through. >> >> >> >> >>> >>> What I don't understand is how to determine at which point in the >>> architecture the configuration is wrong, when the only symptom I have for >>> sure right now is that my VM's on a VLAN won't ping the host or anything on >>> the external network. >>> >>> At one point everything was working as expected, briefly, before the >>> whole thing came crashing down, so the external network is at least mostly >>> configured. >>> >>> On Tue, Feb 2, 2021, 12:20 AM Ales Musil <amu...@redhat.com> wrote: >>> >>>> >>>> >>>> On Tue, Feb 2, 2021 at 6:18 AM David Johnson < >>>> djohn...@maxistechnology.com> wrote: >>>> >>>>> Good morning all, >>>>> >>>>> On my ovirt 4.4.4 cluster, I am trying to use VLan's to separate VM's >>>>> for security purposes. >>>>> >>>>> Is there a usable how-to document that describes how to configure the >>>>> vlan's so they actually function without taking the host into >>>>> non-operational mode? >>>>> >>>>> Thank you in advance. >>>>> >>>>> Regards, >>>>> David Johnson >>>>> >>>>> _______________________________________________ >>>>> Users mailing list -- users@ovirt.org >>>>> To unsubscribe send an email to users-le...@ovirt.org >>>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html >>>>> oVirt Code of Conduct: >>>>> https://www.ovirt.org/community/about/community-guidelines/ >>>>> List Archives: >>>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/IYPORJKHTSVTYTTRGWIW3V2MF5CFZ6DC/ >>>>> >>>> >>>> Hello, >>>> >>>> I assume that you have marked those networks as required. This is handy >>>> to make sure that all hosts in a cluster have this network attached. >>>> Which implies that the host is considered non operational until you >>>> assign all required networks. >>>> >>>> To avoid this you can uncheck it for a new network in the cluster tab >>>> of the "New Logical Network" window. For existing go to >>>> Compute -> Clusters -> $YOUR_CLUSTER -> Logical Networks -> Manage >>>> Networks and uncheck required for the affected network. >>>> This can be always changed back. >>>> >>>> Hopefully this helps. >>>> Regards, >>>> Ales >>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Ales Musil >>>> >>>> Software Engineer - RHV Network >>>> >>>> Red Hat EMEA <https://www.redhat.com> >>>> >>>> amu...@redhat.com IM: amusil >>>> <https://red.ht/sig> >>>> >>> _______________________________________________ >>> Users mailing list -- users@ovirt.org >>> To unsubscribe send an email to users-le...@ovirt.org >>> Privacy Statement: https://www.ovirt.org/privacy-policy.html >>> oVirt Code of Conduct: >>> https://www.ovirt.org/community/about/community-guidelines/ >>> List Archives: >>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/47JUY2NVTCQ76LPCVIAHY7ONYSZV3P5B/ >>> >>
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/SVCFC2CGKMJ34FANVUPTXZ2IYCGFXB54/
