[Users] why ovirt does not support NAT network
Dan Kenigsberg
danken at redhat.com
Fri Dec 27 12:47:04 UTC 2013
On Fri, Dec 27, 2013 at 11:00:15AM +0000, quasides wrote:
> Why not Bridged/routed NAT Setup?
The short answer is that it simply has never been implemented. The
longer answer is about the entranchement of a network's interface device
in Engine, and the multitude of possible NAT configurations.
It is not easy to define which of the many-possible NAT configurations
should be contollable via Engine.
>
> Iam currently heavy using those setups.
> All VMs have an internal nic let say
> physical host1 - 10.10.10.x
> physical host2 - 10-10.11.x
> psysical host vpn - 10.10.1.x
>
> so basically every psysical host has at least one physical NIC, one virtual
> VPN nic, one virtual bridge.
>
> all those are internal routed (i use openvpn to connect host 1 and 2)
> so every VM can communicate to each others vm
> every psysical host hast also NAT to forward one or more IP/ports to each VM
> also the psysical host can work as a transparent firewall and i dont need a
> vpn nic on every vm.
>
> so what i would love to have is at least ability to use the vpn network
> interfaces instead of real one and at least beeing able to say that
> bridge/nat vonfig is done manually , which isnot ideal but better than not
> beeing able to use that setup at all
I think that in this regard, you can use my recently-posted "extnet"
Vdsm hook. You should manually create a libvirt NATed network on each
host and then add the "extnet" custom property to vNICs that you want to
be connected to it.
You may use another hook to automate the creation of that libvirt
network. If you provide more details on how you manually configure your
VPN, we may be able to help you write such a hook.
Dan.
More information about the Users
mailing list