[Users] why ovirt does not support NAT network

Dan Kenigsberg danken at redhat.com
Mon Dec 30 11:17:30 UTC 2013

On Sun, Dec 29, 2013 at 01:22:15AM +0100, woswas denni wrote:
> > I think that in this regard, you can use my recently-posted "extnet"
> > Vdsm hook. You should manually create a libvirt NATed network on each
> > host and then add the "extnet" custom property to vNICs that you want to
> > be connected to it.
> >
> > You may use another hook to automate the creation of that libvirt
> > network. If you provide more details on how you manually configure your
> > VPN, we may be able to help you write such a hook.
> >
> Thanks for your kind and quick answer.
> Well i understand that you had to set priorities in development, however i
> really belive the total number of servers could use similar setups are  way
> bigger than setups having its own network infrastructure so i really
> believe this feature would be really needed.

I agree, but it's less clear to me what this feature should encompass.
When you, and others, use it via the hook, we can understand more on
what's needed and how to provide it integrally within oVirt.

> doing that manually is something i could live with (even i would really
> live with at least for a while :)
> so is there any documentation regarding the extnet hook? i was searching
> google up and down but couldnt really find something

Well, there's nothing much beyond the hook's README
You should start by defining a libvirt network, and then mark a vNIC
profile with a custom propery so that the network is used by vNICs.

As a very first stage, you may define the libvirt network on top of your
existing br0 bridge
(http://libvirt.org/formatnetwork.html#examplesBridge) so oVirt can
consume your networking setup.

> about my setup - its pretty straight forward. i do not use libvirt bridge
> setup
> instead i simply define on the hosts network/interfaces 3 interfaces
> eth0
> public IP/gateway etc
> static
> tun1
> VPN interface to connect every phisical host to each other
> static

But who creates that VPN connection? Who supplies the credentials?

> br0
> internal subnet for VMs
> br0 has a different subnet on ever host like
> host 1 -
> host 2 .
> and so on
> i let all those br0 subnet route so i can easily conenct from host 1 - vm1
> on
> to another vm on host to like

How does this work, if they are both behind NAT?

> every host is working then as a NAT and transparent firewall
> so all IPs the host might have are bound to eth0 and i use ip tables for
> the NAT rules (incomming, outgoing ,... )
> all VMs using local storage on each host, iam using image file instead of
> LVM to be a bit more flexible
> so all i want is at least to be able to manually config that networking
> thing (of course automating woudl be supergreat)

You'd like to automate the creation of NAT rules? VPN creation?

> however when i tested ovirt ealier this year i wasnt able to even get it to
> run in anyway so a bit more documentation or a hint would be great

You failed to run oVirt altogether? Or a specific configuration? Where
was the failure?


More information about the Users mailing list