4:22 p.m.
Hi,
I'm migrating off a vmware-server infrastructure and one thing that
provided was a NAT and a HostOnly network by default. I'm trying to
replicate this (at least the NAT part) in ovirt.
A few years ago people were asking about setting up oVirt with
NAT/Internal networks, e.g.
http://lists.ovirt.org/pipermail/users/2012-April/001751.html
I also found
https://www.ovirt.org/develop/developer-guide/vdsm/hook/network-nat/
Has this at all been integrated in the intervening years? Or is NAT
networking still completely a manual process? One would think this would
be a relatively common interface, where you want to have a VM that isn't
directly connected to the internet but still has internet access via a
(virtual) NAT?
-derek
--
Derek Atkins 617-623-3745
derek(a)ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
5:14 a.m.
On Wed, Nov 02, 2016 at 05:22:43PM -0400, Derek Atkins wrote:
Hi,
I'm migrating off a vmware-server infrastructure and one thing that
provided was a NAT and a HostOnly network by default. I'm trying to
replicate this (at least the NAT part) in ovirt.
A few years ago people were asking about setting up oVirt with
NAT/Internal networks, e.g.
http://lists.ovirt.org/pipermail/users/2012-April/001751.html
I also found
https://www.ovirt.org/develop/developer-guide/vdsm/hook/network-nat/
Has this at all been integrated in the intervening years? Or is NAT
networking still completely a manual process? One would think this would
be a relatively common interface, where you want to have a VM that isn't
directly connected to the internet but still has internet access via a
(virtual) NAT?
I'm afraid that we have not advanced this any further.
Main conceptual problem with the suggested manual process is that VMs
behind NAT cannot be reliably migrated to another host.
I hope that our current work, of attaching VMs onto an OVN-defined
overlay network (see
https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ ) would satisfy
most of what you need of a NATted network, and more.
For HostOnly networks, btw, you can create dummy interfaces
http://lists.ovirt.org/pipermail/users/2015-December/036897.html
and then attach them to a network.
Regards,
Dan.
10:26 a.m.
Hi Dan,
On Thu, November 3, 2016 6:14 am, Dan Kenigsberg wrote:
On Wed, Nov 02, 2016 at 05:22:43PM -0400, Derek Atkins wrote:
> Hi,
>
[snip]
I'm afraid that we have not advanced this any further.
Main conceptual problem with the suggested manual process is that VMs
behind NAT cannot be reliably migrated to another host.
I suppose the only real issue in migration would be open connections. In
my case, since I only have a single machine, migration isn't an issue.
But I see the larger problem that seamless migration would cause.
I hope that our current work, of attaching VMs onto an OVN-defined
overlay network (see
https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ ) would satisfy
most of what you need of a NATted network, and more.
I have to better understand OVN, how to configure it, and how it would
work, but it sounds like it might solve the problem. From a cursory
glance it looks like this would allow me to set up a virtual network that
goes through the OVN service in lieu of the standard bridges that ovirt
networking provides -- so I would provide an ovirt bridge to an OVN
network which could act as a NAT to the "standard" bridge out into the
Internet at large.
(Honestly, I wish there were a good overview of networking in ovirt -- all
the pages seem to assume you already know how it works and are more aimed
at explaining how to configure it -- which doesn't help a n00b like me)
For HostOnly networks, btw, you can create dummy interfaces
http://lists.ovirt.org/pipermail/users/2015-December/036897.html
and then attach them to a network.
Yes, I don't specifically need this, but it would certainly work for those
who want a HostOnly network.
Thank you for your reply!
Regards,
Dan.
-derek
PS: Is there any particular reason, if I only have a single physical
network/uplink, to create multiple logical networks within ovirt? Or is
it "safe" to just use the management network for everything? Everything
is, effectively, already in the same broadcast network.
--
Derek Atkins 617-623-3745
derek(a)ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
2728
days inactive
2729
days old
2 comments
2 participants
participants (2)
-
Dan Kenigsberg -
Derek Atkins