On Tue, Mar 9, 2021 at 2:54 PM Andrei Verovski <andreil1@starlett.lv> wrote:

I’m running oVirt 4.4.4.7-1.el8 and need to connect one of the VMs straight to the ISP link via Ethernet cable.
oVirt already have 2 networks (ovirt mgmt local + DMZ).
Created new network provider and assigned to it available physical interface of HP ProLiant, connected via cable to ISP switch with public IP.

By provider do you mean ovirt-provider-ovn? If so are you using OVS cluster type? The physical interface connection for external networks work only
in an OVS switch type cluster.

If you mean Native Open vSwitch as described here we don’t use it.
https://www.ovirt.org/develop/release-management/features/network/openvswitch/native-openvswitch.html

Current setup is simple 2-node and unfortunately I'm not aware of all deep details of oVirt networking.
Since oVirt uses KVM as underlying technology I assume it uses bridged networking to connect VMs and physical interfaces.

Correct, every network in Linux Bridge switch type cluster is created as a bridge on host when marked as VM network.

Non-VM networks are bridgeless.

Each our server uses 2 Ethernet connections, 1 for internal LAN 192.168.0.xxx and 2nd for DMZ 192.168.1.xxx.
If so I assumed that it could not be a problem to bridge VM to external IP via 3rd Ethernet using oVirt networking.

It should not because if the interface is really directly connected to an external network, the bridge provides the needed L2 connection.

May be its enough to turn on “isolated port” and VM Interface Profile to “clean-traffic”?

Actually quite the opposite, if there are any troubles like that I would suggest to have Port Isolation turned off

and no network filter.

Best regards,

Ales

Please correct if I'm wrong here

Options of this network: (VM Network = on, Port Isolation = off, NIC Type = VirtIO, the rest are defaults).
VM is Debian 10.

Link works but with strange artefacts. If VM left being idle for a while, it cant be connected or pinged from outside, until I initiate pings from VM itself.
I have only 2 IPs from this ISP so I’m sure there are no IP address conflicts.
Another port and public IP go to our VyOS router handling internal and DMZ zone.

When this happens I would suggest to trace where the packets are getting dropped.

How to fix this problem ?
Thanks in advance.
Andrei

_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/5SAC77DSZQ4PXCCNT6N6MEG7MYDOHFQU/

Thank you.
Best regards,
Ales

--
Ales Musil
Software Engineer - RHV Network
Red Hat EMEA

amusil@redhat.com IM: amusil

Ales Musil

Software Engineer - RHV Network

Red Hat EMEA

amusil@redhat.com IM: amusil