[Users] why ovirt does not support NAT network

Mark Wu wudxw at linux.vnet.ibm.com
Wed Mar 13 06:10:00 UTC 2013 

On Wed 13 Mar 2013 07:09:16 AM CST, Itamar Heim wrote:
> On 03/11/2013 05:16 AM, Mark Wu wrote:
>> On 03/08/2013 05:16 AM, Dan Kenigsberg wrote:
>>> On Thu, Mar 07, 2013 at 03:57:49PM +0100, Adrian Gibanel wrote:
>>>> Just in case it might help you please check:
>>>>
>>>> http://lists.ovirt.org/pipermail/users/2012-April/001751.html
>>> This is almost 1 year old, but I did not notice it yet. I love the
>>> detailed solution!
>> +1 on NAT network.  Except that it can save ip address, it also could
>> reduce the external physical switch's pressure on mac table. Because the
>> VM's
>> mac address is invisible to external switch.
>>
>> But there're two limitations of NAT network compared with physically
>> bridged network:
>> 1. The VMs attached to the same NAT network, but on different hosts
>> can't hear each other.  It could be resolved by constructing a tunnel or
>> tunnels
>>      among the hosts in the same cluster and centralizing the mac
>> address management of dnsmasq on ovirt engine.
>>
>> 2. The VMs in NAT network are hidden behind the host. The external host
>> can't initiate a connection to the VM.  I think it's fine for a
>> desktop VM.\
>> For a server VM, it can't be resolved by add a DNAT rule on demand. It's
>> similar to the 'floating ip address' in quantum.
>
> also need to remember live migration will probably not work with NAT.
Yes, it could break live migration.  But we could use 
conntrack-tools(conntrack or conntrackd)
to sync the ip conntrack entries related to that VM's ip address before 
resume the VM on dest host.
Just a preliminary idea, not verified yet.


> how would floating IP work? wouldn't you need to map it 1:1 with the
> NAT'd IP?
Yes, it should have a 1:1 mapping between external ip address and the 
ip address in the NAT network.
>
>>
>> ////
>>>
>>> Yes, the rant there, about ovirt network being tightly-coupled with a
>>> physical interface, is 100% justified. I'm trying to address some of
>>> that inhttp://www.ovirt.org/Features/Nicless_Network  but it's a long
>>> way to go.
>>>
>>>> I managed to implement Virtualbox-hostonly-alike networks gathering
>>>> more info from:
>>>> http://libvirt.org/formatnetwork.html
>>>> .
>>>> You might be also interested
>>>> in:http://wiki.libvirt.org/page/Networking  although I didn't use
>>>> it myself.
>>>>
>>>> You might probably already know this information but, just in case,
>>>> here it is.
>>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>

More information about the Users mailing list