5:44 p.m.
--Sig_/UE.5pfd3QaxDXa=Ws+08+Lk
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Hello again,
I'm new to VLANs and have a few questions. Right now I just have the mgmt
interface (bridged with eth0) on my all-in-one oVirt test setup. I want to
separate some VMs from the public facing net, which I think means that they
need to be on a different VLAN. I created two new networks, pubX and
privY, with vlan ids X and Y, but couldn't assign them to eth0 because the
current mgmt network is non-VLAN. I was about to enable VLAN tagging on the
mgmt network, but I wanted to make sure that doing so wouldn't do anything
to eth0 that would disrupt access to it (I only have remote access and don't
want to lock myself out). Also, if it is safe, does the mgmt vlan tag id
matter? is 0 the right value?
Any/all help, hints, tips or references to examples/links greatly
appreciated.
Robert
--Sig_/UE.5pfd3QaxDXa=Ws+08+Lk
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlLhON4ACgkQ7/fVLLY1mniiJACcDurddwt0UzLeya6K64CBMt4q
1M4An3WGwate1/4fyOOBdqXAhvC34d13
=6/cS
-----END PGP SIGNATURE-----
--Sig_/UE.5pfd3QaxDXa=Ws+08+Lk--
5:59 p.m.
If you enable VLAN tagging on the management network, which is configured
on eth0 (Which also provides internet access from my understanding) then
you will connectivity as (I assume) your physical switches aren't configured
for VLANs.
For an all-in-one, what I would suggest is the following procedure:
On your PC, create a dummy NIC via:
sudo ip link add dev dummy_0 type dummy
sudo ip link set dev dummy_0 up
It's important that the name will be in the dummy_* format.
Following that, go back to the GUI, select the host and hit Refresh Host Capabilities.
You should see the new dummy_0 device as a host NIC.
Create a VM network, and under the host Network Interfaces tab hit Setup Host Networks.
Drag and drop the new VM network on dummy_0 (Don't give dummy_0 a boot protocol or an
IP address
in the edit network dialog).
At this point you should be able to attach VM vNICs' to the new VM network and they
won't
be physically connected to any other network, but they'll be able to talk amongst
themselves.
The "private network" feature is planned* for oVirt 3.5, so in the future
you'll be able
to just define a network as a private one and everything will work automatically.
* No promises!
Assaf Muller, Cloud Networking Engineer
Red Hat
----- Original Message -----
From: "Robert Story" <rstory(a)tislabs.com>
To: "users" <users(a)ovirt.org>
Sent: Thursday, January 23, 2014 5:44:25 PM
Subject: [Users] networking: basic vlan help
Hello again,
I'm new to VLANs and have a few questions. Right now I just have the mgmt
interface (bridged with eth0) on my all-in-one oVirt test setup. I want to
separate some VMs from the public facing net, which I think means that they
need to be on a different VLAN. I created two new networks, pubX and
privY, with vlan ids X and Y, but couldn't assign them to eth0 because the
current mgmt network is non-VLAN. I was about to enable VLAN tagging on the
mgmt network, but I wanted to make sure that doing so wouldn't do anything
to eth0 that would disrupt access to it (I only have remote access and don't
want to lock myself out). Also, if it is safe, does the mgmt vlan tag id
matter? is 0 the right value?
Any/all help, hints, tips or references to examples/links greatly
appreciated.
Robert
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
6:35 p.m.
On 01/23/2014 05:59 PM, Assaf Muller wrote:
If you enable VLAN tagging on the management network, which is
configured
on eth0 (Which also provides internet access from my understanding) then
you will connectivity as (I assume) your physical switches aren't configured
for VLANs.
For an all-in-one, what I would suggest is the following procedure:
On your PC, create a dummy NIC via:
sudo ip link add dev dummy_0 type dummy
sudo ip link set dev dummy_0 up
It's important that the name will be in the dummy_* format.
Following that, go back to the GUI, select the host and hit Refresh Host Capabilities.
You should see the new dummy_0 device as a host NIC.
Create a VM network, and under the host Network Interfaces tab hit Setup Host Networks.
Drag and drop the new VM network on dummy_0 (Don't give dummy_0 a boot protocol or an
IP address
in the edit network dialog).
At this point you should be able to attach VM vNICs' to the new VM network and they
won't
be physically connected to any other network, but they'll be able to talk amongst
themselves.
The "private network" feature is planned* for oVirt 3.5, so in the future
you'll be able
to just define a network as a private one and everything will work automatically.
* No promises!
Assaf Muller, Cloud Networking Engineer
Red Hat
----- Original Message -----
From: "Robert Story" <rstory(a)tislabs.com>
To: "users" <users(a)ovirt.org>
Sent: Thursday, January 23, 2014 5:44:25 PM
Subject: [Users] networking: basic vlan help
Hello again,
I'm new to VLANs and have a few questions. Right now I just have the mgmt
interface (bridged with eth0) on my all-in-one oVirt test setup. I want to
separate some VMs from the public facing net, which I think means that they
need to be on a different VLAN. I created two new networks, pubX and
privY, with vlan ids X and Y, but couldn't assign them to eth0 because the
current mgmt network is non-VLAN. I was about to enable VLAN tagging on the
mgmt network, but I wanted to make sure that doing so wouldn't do anything
to eth0 that would disrupt access to it (I only have remote access and don't
want to lock myself out). Also, if it is safe, does the mgmt vlan tag id
matter? is 0 the right value?
Any/all help, hints, tips or references to examples/links greatly
appreciated.
Robert
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
wouldn't disabling 'vm network' on the mgmt network to simply allow the
VLAN'd networks for VMs be simpler?
also, since this question/use-case came up several times past 2 weeks -
do we have a good enough user feedback on why user can't attach a
logical network to the same interface, suggesting there is a non-vlan'd
network visible to VMs, and that if they want to use VLAN'd networks on
the same nic, they should disable the 'vm network' role on the
non-vlan'd network?
3:19 p.m.
On 23/01/14 18:35, Itamar Heim wrote:
On 01/23/2014 05:59 PM, Assaf Muller wrote:
> If you enable VLAN tagging on the management network, which is configured
> on eth0 (Which also provides internet access from my understanding) then
> you will connectivity as (I assume) your physical switches aren't
> configured
> for VLANs.
>
> For an all-in-one, what I would suggest is the following procedure:
> On your PC, create a dummy NIC via:
> sudo ip link add dev dummy_0 type dummy
> sudo ip link set dev dummy_0 up
>
> It's important that the name will be in the dummy_* format.
>
> Following that, go back to the GUI, select the host and hit Refresh
> Host Capabilities.
>
> You should see the new dummy_0 device as a host NIC.
>
> Create a VM network, and under the host Network Interfaces tab hit
> Setup Host Networks.
>
> Drag and drop the new VM network on dummy_0 (Don't give dummy_0 a boot
> protocol or an IP address
> in the edit network dialog).
>
> At this point you should be able to attach VM vNICs' to the new VM
> network and they won't
> be physically connected to any other network, but they'll be able to
> talk amongst themselves.
>
>
> The "private network" feature is planned* for oVirt 3.5, so in the
> future you'll be able
> to just define a network as a private one and everything will work
> automatically.
>
> * No promises!
>
>
> Assaf Muller, Cloud Networking Engineer
> Red Hat
>
> ----- Original Message -----
> From: "Robert Story" <rstory(a)tislabs.com>
> To: "users" <users(a)ovirt.org>
> Sent: Thursday, January 23, 2014 5:44:25 PM
> Subject: [Users] networking: basic vlan help
>
> Hello again,
>
> I'm new to VLANs and have a few questions. Right now I just have the mgmt
> interface (bridged with eth0) on my all-in-one oVirt test setup. I
> want to
> separate some VMs from the public facing net, which I think means that
> they
> need to be on a different VLAN. I created two new networks, pubX and
> privY, with vlan ids X and Y, but couldn't assign them to eth0 because
> the
> current mgmt network is non-VLAN. I was about to enable VLAN tagging
> on the
> mgmt network, but I wanted to make sure that doing so wouldn't do
> anything
> to eth0 that would disrupt access to it (I only have remote access and
> don't
> want to lock myself out). Also, if it is safe, does the mgmt vlan tag id
> matter? is 0 the right value?
>
> Any/all help, hints, tips or references to examples/links greatly
> appreciated.
>
>
> Robert
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
wouldn't disabling 'vm network' on the mgmt network to simply allow the
VLAN'd networks for VMs be simpler?
Yes, this is an alternative to VLAN-tagging the mgmt network. And
segregation from the "outer world" could be achieved as proposed by
Robert using VLANs, if switches are configured properly.
also, since this question/use-case came up several times past 2 weeks
-
do we have a good enough user feedback on why user can't attach a
logical network to the same interface, suggesting there is a non-vlan'd
network visible to VMs, and that if they want to use VLAN'd networks on
the same nic, they should disable the 'vm network' role on the
non-vlan'd network?
When trying to put such networks together via the Setup Networks dialog,
users are currently informed that non-tagged VM networks can't exist on
the same interface as tagged VM networks, and are advised to detach the
non-tagged network.
If this appears to be insufficient, I could replace it by a suggestion
to configure it as non-VM, or add that to the existing suggestion, but
we're kinda short on real-estate in the status panel of that dialog (and
that's a lot of information to absorb in one error).
7:11 p.m.
--Sig_/I.0bq/1R+5=8=Pola=1f=Za
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
On Thu, 23 Jan 2014 10:59:57 -0500 (EST) Assaf wrote:
AM> If you enable VLAN tagging on the management network, which is
AM> configured on eth0 (Which also provides internet access from my
AM> understanding) then you will connectivity as (I assume) your physical
AM> switches aren't configured for VLANs.
I'm assuming "will connectivity" should have been "will lose
connectivity",
which is what I feared. I'm glad I asked!
AM> For an all-in-one, what I would suggest is the following procedure:
Excellent, I'll try that. Thanks!
My next question is for future planning. There is a second interface
(eth1) with a separate physical network which only contains the engine,
nodes and the nfs server.=20
+----------+
| internet |-----|-----------|----------|
+----------+ +--------+ +-------+ +-------+ < eth0
| engine | | node1 | | node2 |
+-----+ +--------+ +-------+ +-------+ < eth1
| nfs |-------|-----------|----------|
+-----+
Can the mgmt network be easily moved to eth1? Then the pubX would be
non-vlan on eth0, and mgmt + privY would be on eth1. If all the eth1
interfaces are connected to a dedicated/isolated switch, does that switch
need to explicitly support vlans, or does it matter?
Robert
--
Senior Software Engineer @ Parsons
--Sig_/I.0bq/1R+5=8=Pola=1f=Za
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlLhTVoACgkQ7/fVLLY1mngsuwCeJoEbSAkeyFuCEcGETMErbMoK
HBUAn2KBoQo0f1FuxdC5USyUK2KaEYBP
=xWbb
-----END PGP SIGNATURE-----
--Sig_/I.0bq/1R+5=8=Pola=1f=Za--
8:32 p.m.
What is the purpose of PubY on eth1?
Assaf Muller, Cloud Networking Engineer
Red Hat
----- Original Message -----
From: "Robert Story" <rstory(a)tislabs.com>
To: "Assaf Muller" <amuller(a)redhat.com>
Cc: "users" <users(a)ovirt.org>
Sent: Thursday, January 23, 2014 7:11:50 PM
Subject: Re: [Users] networking: basic vlan help
On Thu, 23 Jan 2014 10:59:57 -0500 (EST) Assaf wrote:
AM> If you enable VLAN tagging on the management network, which is
AM> configured on eth0 (Which also provides internet access from my
AM> understanding) then you will connectivity as (I assume) your physical
AM> switches aren't configured for VLANs.
I'm assuming "will connectivity" should have been "will lose
connectivity",
which is what I feared. I'm glad I asked!
AM> For an all-in-one, what I would suggest is the following procedure:
Excellent, I'll try that. Thanks!
My next question is for future planning. There is a second interface
(eth1) with a separate physical network which only contains the engine,
nodes and the nfs server.
+----------+
| internet |-----|-----------|----------|
+----------+ +--------+ +-------+ +-------+ < eth0
| engine | | node1 | | node2 |
+-----+ +--------+ +-------+ +-------+ < eth1
| nfs |-------|-----------|----------|
+-----+
Can the mgmt network be easily moved to eth1? Then the pubX would be
non-vlan on eth0, and mgmt + privY would be on eth1. If all the eth1
interfaces are connected to a dedicated/isolated switch, does that switch
need to explicitly support vlans, or does it matter?
Robert
--
Senior Software Engineer @ Parsons
8:33 p.m.
Sorry, privY on eth1.
Assaf Muller, Cloud Networking Engineer
Red Hat
----- Original Message -----
From: "Robert Story" <rstory(a)tislabs.com>
To: "Assaf Muller" <amuller(a)redhat.com>
Cc: "users" <users(a)ovirt.org>
Sent: Thursday, January 23, 2014 7:11:50 PM
Subject: Re: [Users] networking: basic vlan help
On Thu, 23 Jan 2014 10:59:57 -0500 (EST) Assaf wrote:
AM> If you enable VLAN tagging on the management network, which is
AM> configured on eth0 (Which also provides internet access from my
AM> understanding) then you will connectivity as (I assume) your physical
AM> switches aren't configured for VLANs.
I'm assuming "will connectivity" should have been "will lose
connectivity",
which is what I feared. I'm glad I asked!
AM> For an all-in-one, what I would suggest is the following procedure:
Excellent, I'll try that. Thanks!
My next question is for future planning. There is a second interface
(eth1) with a separate physical network which only contains the engine,
nodes and the nfs server.
+----------+
| internet |-----|-----------|----------|
+----------+ +--------+ +-------+ +-------+ < eth0
| engine | | node1 | | node2 |
+-----+ +--------+ +-------+ +-------+ < eth1
| nfs |-------|-----------|----------|
+-----+
Can the mgmt network be easily moved to eth1? Then the pubX would be
non-vlan on eth0, and mgmt + privY would be on eth1. If all the eth1
interfaces are connected to a dedicated/isolated switch, does that switch
need to explicitly support vlans, or does it matter?
Robert
--
Senior Software Engineer @ Parsons
8:41 p.m.
--Sig_/xo_1gV=Y/NLD6w28sNoPp6y
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
On Thu, 23 Jan 2014 13:33:07 -0500 (EST) Assaf wrote:
AM> Sorry, privY on eth1.
For VM to VM communication that doesn't need to go over the public net..
Robert
--
Senior Software Engineer @ Parsons
--Sig_/xo_1gV=Y/NLD6w28sNoPp6y
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlLhYmoACgkQ7/fVLLY1mnh0ZgCgmW8peR1Tb/+rJw5T3mi0/1cF
G+EAnikfQm7apnumOr+tzEWKco03FpLQ
=CS/c
-----END PGP SIGNATURE-----
--Sig_/xo_1gV=Y/NLD6w28sNoPp6y--
8:48 p.m.
Then the currently offered topology is to have ovirtmgmt on eth1 untagged, and non-VM, and
have
privY as a VM, tagged network on eth1. That would require the physical switch to be
VLAN-aware
and configured properly. oVirt wise you should have no problems using the GUI to move to
that
topology once you've decided to do so.
Assaf Muller, Cloud Networking Engineer
Red Hat
----- Original Message -----
From: "Robert Story" <rstory(a)tislabs.com>
To: "Assaf Muller" <amuller(a)redhat.com>
Cc: "users" <users(a)ovirt.org>
Sent: Thursday, January 23, 2014 8:41:43 PM
Subject: Re: [Users] networking: basic vlan help
On Thu, 23 Jan 2014 13:33:07 -0500 (EST) Assaf wrote:
AM> Sorry, privY on eth1.
For VM to VM communication that doesn't need to go over the public net..
Robert
--
Senior Software Engineer @ Parsons
3954
days inactive
3957
days old
8 comments
4 participants
participants (4)
-
Assaf Muller -
Itamar Heim -
Lior Vernia -
Robert Story