Hello Phil,
The current setup doesn't seem to leverage oVirt's and Neutron's features.
I would try to move the tunnel between the hosts, or some higher-up entity
in your data centers. Would that be possible while adhering to your security
requirements?
You could then use Neutron FWaaS to replace the VM firewall, and Neutron LBaaS to replace
OSPF.
----- Forwarded Message -----
From: "Phil Daws" <uxbod(a)splatnix.net>
To: "Moti Asayag" <masayag(a)redhat.com>
Cc: "users" <users(a)ovirt.org>
Sent: Tuesday, October 21, 2014 10:21:18 PM
Subject: Re: [ovirt-users] oVirt 3.5 & Neutron (Will this work?)
Hi Moti:
Have thrown together a diagram of how I think it should look :-
https://cloudvault.innoffice247.com/public.php?service=files&t=9e5768...
As each oVirt host has a single activated NIC am trying to see how I can use
OVS, to provide OSPF & SFLOW, and vLAN capability like I have used manually
with KVM and OVS. From my dev machine this is how OVS looks:
[root@dev01 ~]# ovs-vsctl show
55a2af2f-daf5-4f01-a757-9bccaf4f6932
Bridge "ovsbr0"
Port "vnet0"
Interface "vnet0"
Port "vnet1"
tag: 8
Interface "vnet1"
Port "vnet13"
tag: 14
Interface "vnet13"
Port "vnet9"
tag: 10
Interface "vnet9"
Port "mgmt0"
Interface "mgmt0"
type: internal
Port "vnet14"
tag: 8
Interface "vnet14"
Port "ovsbr0"
Interface "ovsbr0"
type: internal
Port "vnet11"
tag: 8
Interface "vnet11"
Port "vnet10"
tag: 13
Interface "vnet10"
Port "vnet12"
tag: 13
Interface "vnet12"
Port "em1"
Interface "em1"
Port "vnet3"
tag: 14
Interface "vnet3"
Port "vnet4"
tag: 20
Interface "vnet4"
Port "vnet2"
tag: 10
Interface "vnet2"
ovs_version: "2.3.90"
So I have a single NIC with a public facing IP and then I present that IP as
a gateway, via the bridge, to a VM firewall which then handles the vlans
inside that.
Hope that makes sense ?
Thanks, Phil
----- Original Message -----
From: "Phil Daws" <uxbod(a)splatnix.net>
To: "Moti Asayag" <masayag(a)redhat.com>
Cc: "users" <users(a)ovirt.org>
Sent: Tuesday, 21 October, 2014 5:26:33 PM
Subject: Re: [ovirt-users] oVirt 3.5 & Neutron (Will this work?)
Hi Moti:
thank you for detailed response. I will diagram what I am thinking as that
should explain it a whole lot better :)
Thanks, Phil
----- Original Message -----
From: "Moti Asayag" <masayag(a)redhat.com>
To: "Phil Daws" <uxbod(a)splatnix.net>
Cc: "users" <users(a)ovirt.org>
Sent: Tuesday, 21 October, 2014 4:50:45 PM
Subject: Re: [ovirt-users] oVirt 3.5 & Neutron (Will this work?)
Hi Phil,
See answers/questions inline.
----- Original Message -----
> From: "Phil Daws" <uxbod(a)splatnix.net>
> To: "users" <users(a)ovirt.org>
> Sent: Tuesday, October 21, 2014 6:05:55 PM
> Subject: Re: [ovirt-users] oVirt 3.5 & Neutron (Will this work?)
>
> Hmmm, this is interesting as it would appear you can only use the Neutron
> appliance with a brand new host ?!? so how does one switch to use it on a
> current system ?
A new host is not mandatory. You need to move an existing host to maintenance
and reinstall it. On the "Re-install" dialog select the details of the
network
provider.
>
> Thanks, Phil
>
> ----- Original Message -----
> From: "Phil Daws" <uxbod(a)splatnix.net>
> To: users(a)ovirt.org
> Sent: Tuesday, 21 October, 2014 1:31:09 PM
> Subject: [ovirt-users] oVirt 3.5 & Neutron (Will this work?)
>
> Hello:
>
> have installed oVirt 3.5 on two cloud based servers and then managing them
> from a local engine using a VPN link. On each server I would like to use
> the Neutron VM appliance so that I can provision the networks using
> OpenVswitch as I would like to learn about using OSPF between the two
> diverse systems.
>
Do you intend to use a single neutron appliance for each host or to use a
single
neutron appliance to manage connectivity on the two hosts ?
> The question is that only physical NIC is enabled (public facing), and
> occupies the ovirtmgmt network, so would I still be able to use Neutron on
> the second NIC even though it is not connected to anything ?
Is there L2 connectivity between the hosts ? Or by "not connected to
anything" you
actually mean there is no wiring between the hosts ?
If this is the first case, you should be able to define for each subnet a
gateway
via the 'Add subnet' dialog on the engine. That gateway should be used for
obtaining
connectivity for the vms to the public/external network. You'll have to
configure it manually
though (doesn't covered as part of the ovirt-neutron integration).
If there is really no connectivity between the hosts and the only outgoing
traffic from
each host is via the ovirtmgmt network - it is problematic. According to [1],
you'll
have to specify as bridge mappings on the network provider agent details:
br-neutron:ovirtmgmt,
where ovirtmgmt will replace the neutron.
But that also implies that you'll share any traffic going through the
integration bridge
of neutron and the hosts with the management network and respectively with
the public
network, hence the dhcp agents connected to br-int (which is connected to
br-neutron and
to ovirtmgmt) will receive request from the 'ovirtmgmt' network as well.
Haven't tried it myself, and can't expect the results.
[1]
http://www.ovirt.org/images/2/2a/Neutron-appliance-topology.png
> Or could I
> bind the Neutron network to the same one as the ovirtmgmt ? Basically wish
> to run the VMs with private IPs and then NAT through a VM firewall to the
> public address.
>
> Any help would be gratefully appreciated.
>
> Thanks, Phil
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
>
http://lists.ovirt.org/mailman/listinfo/users
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
>
http://lists.ovirt.org/mailman/listinfo/users
>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users