Hi Dan, On Thu, November 3, 2016 6:14 am, Dan Kenigsberg wrote:
On Wed, Nov 02, 2016 at 05:22:43PM -0400, Derek Atkins wrote:
Hi,
[snip] I'm afraid that we have not advanced this any further. Main conceptual problem with the suggested manual process is that VMs behind NAT cannot be reliably migrated to another host.
I suppose the only real issue in migration would be open connections. In my case, since I only have a single machine, migration isn't an issue. But I see the larger problem that seamless migration would cause.
I hope that our current work, of attaching VMs onto an OVN-defined overlay network (see https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ ) would satisfy most of what you need of a NATted network, and more.
I have to better understand OVN, how to configure it, and how it would work, but it sounds like it might solve the problem. From a cursory glance it looks like this would allow me to set up a virtual network that goes through the OVN service in lieu of the standard bridges that ovirt networking provides -- so I would provide an ovirt bridge to an OVN network which could act as a NAT to the "standard" bridge out into the Internet at large. (Honestly, I wish there were a good overview of networking in ovirt -- all the pages seem to assume you already know how it works and are more aimed at explaining how to configure it -- which doesn't help a n00b like me)
For HostOnly networks, btw, you can create dummy interfaces http://lists.ovirt.org/pipermail/users/2015-December/036897.html and then attach them to a network.
Yes, I don't specifically need this, but it would certainly work for those who want a HostOnly network. Thank you for your reply!
Regards, Dan.
-derek PS: Is there any particular reason, if I only have a single physical network/uplink, to create multiple logical networks within ovirt? Or is it "safe" to just use the management network for everything? Everything is, effectively, already in the same broadcast network. -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant