[Users] Default route on hosts

Christopher Geddings chris.geddings at duke.edu
Tue Nov 12 14:50:26 UTC 2013


On Nov 12, 2013, at 7:58 AM, Assaf Muller wrote:

> Can users outside of the hosts' networks reach the VMs in the hosts?
I have not tested this yet.  I have been focused on the host's networking behavior outside of the ovirt/vdsm bits.
(Mainly, it checking in on other things.)  I realize this presents a flaw in my thinking that the host was not behaving
properly.  I will adjust my thinking on this item, and then test with a valid set of criteria.

> If you use netstat -rn it is expected that the gateway will be 0.0.0.0, as ifcfg-ovirtmgmt has DEFROUTE=yes and ifcfg-public has DEFROUTE=no, then ovirtmgmt's
> 'gateway' (0.0.0.0) will be determined as the host's default gateway. However with the new multiple gateways feature we configure source routing to make
> sure that traffic that comes (from the outside) in the public network's device will return the way it came in.
That makes a lot of sense to me now.  And, actually, I believe is the way it is working, the more I think about the behavior I'm seeing.

> You can use 'ip rule' to see the rules VDSM configures. It creates two rules and a routing table per device. You can use 'ip route show table %s' on each
> table, where the IDs can be obtained by 'ip rule'.
This is super helpful.  Thank you.

A large part of this is likely me needing to adjust my thinking.  As long as my VM's are behaving as expected, do I actually need the host
to, by default, send traffic out the 'public' interface?  If I do, what traffic is that?  Can I change that traffic?  The likely hood is that there are
only a small amount of data, mostly centering around metrics,  and some config management, that would be host sourced data that currently
isn't destined for my management network.  Maybe those data *should* run over the management network, if my desire for an extra layer
of protection of those data is a valid desire.

Of course, that's not the way I have things arranged right now, but, maybe I can fix that.

Thank you very much for your help, I have enough information to get back on the problem now.

--Chris


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20131112/856ed363/attachment-0001.html>


More information about the Users mailing list