> Well, there's nothing much beyond the hook's README
> http://gerrit.ovirt.org/gitweb?p=vdsm.git;a=blob;f=vdsm_hooks/extnet/README;h=0778dbb3ef85c5ae179fb0f6c9ceeabc268abe89;hb=HEAD
> You should start by defining a libvirt network, and then mark a vNIC
> profile with a custom propery so that the network is used by vNICs.
> As a very first stage, you may define the libvirt network on top of your
> existing br0 bridge
> (http://libvirt.org/formatnetwork.html#examplesBridge) so oVirt can
> consume your networking setup.

Hmm do we really need a libvirt bridge or cant we go simply with a regular virtual brdige as i already use?

all i want is connect ovirts vlan nic to existing interfaces.
iam aware tat then many configs has to be done manually, but thats fine for now

> But who creates that VPN connection? Who supplies the credentials?
well this is manually, only once per host no desire for automation here, ive automated scripts for that but i usually use an offline pc as a signing device.


> How does this work, if they are both behind NAT?

Well they are not and they are, its a routed NAT combo :)

Lets say i have 2 server - we would have then 3 internal networks -

1 - VPN conncting and routing between physical hosts
2&3 - Each hosts internal bridge subnet which does routing

NAT comes in when we go outside - usually Portforward - which is handy to save IPs

So think of every Host not only as an Hypervisor but also as an Network Node

only downside if i move a vm from a to b ife to adjust the ips l, nat and firewall

upside and reson for this is:
1, i can use one ext ip for several vms if they need different ports. atm i can save over 3/4 of ext ips.
2, also i do not need to manage the firewall on every vm only on the hosts
3, Additional Security by having all Daemons whatsoever only bound to internal Interfaces.

all daemons are bound to their internal br0 ip and i can easy access certain ports like ssh or mysl within the vpn only without exposing anything outside with a minimum administrative work
Who can access what is currently defined by Firewall Rules within each Host - Here comes Firewallbuilder Handy BTW :)))

> You'd like to automate the creation of NAT rules? VPN creation?
well i would like to automate port based nat and firewallrules thats the dream. VPN as described i dont really but but hey who knows if someone else want it.
Actually i think (even im not gonna need it) would be a nice feature for many - specielly these days

only portforwarding/and or complete nat on the host would make live easier. however most importingly is that i get the thing running.
even it means manual config on each host

my issues with ovirt where simple that i couldn find a way to assign the needed interfaces. so if i simply manually specify whats going on it should be enough

btw i took a look at openqrm and they have alreaey adressed many of those needs like puppet, dhcp , dns and nat translation over ip pools and stuff. still my setup seems to strange for them either lol

i think (if understand the readme correctly its exactly whats extnet is doing) the best way would be simply allow to specify custom interface names.
that way we can build custom configs on our hosts how ever strange we want em

Since you have todo it only for each physical host its not THAT evil todo and you can write easy scripts todo that for you.

But what would be Handy in any case - no matter which setup or regular Ovirt setup and iam really missing is a Firewall config.
Perfect dream would be something Visual with objects like Firewall Builder (dev stopped sadly) , i think i saw something webbased in some opensource firewall distros too.

I mean we have to config FIrewalls for the Hosts in anycase - of course i know this would be a monster to implement fully

just dreaming :))