[ovirt-users] Connection hickups with Pfsense and Carp
Itamar Heim
iheim at redhat.com
Thu May 15 06:43:38 EDT 2014
On 05/15/2014 06:42 AM, Matt . wrote:
> OK, now I'm confused.
>
> For MacSpoofing we per default don't have the "macspoof" feature in the
> engine am I right ?
>
> To get that... you need to set:
>
> engine-config -s EnableMACAntiSpoofingFilterRules=false --cver=3.X
>
> But no hook needs to be installed for this ? I don't have ping at the momment with macspoof set on true on a VM.
>
macspoofing is more than just promiscuous mode for port mirroring, which
does require the hook to be installed (and the VM to be restarted)
>
>
>
> 2014-05-15 12:35 GMT+02:00 Itamar Heim <iheim at redhat.com
> <mailto:iheim at redhat.com>>:
>
> On 05/15/2014 04:26 AM, Matt . wrote:
>
> Itamar,
>
> On some testhost I'm updating now to 3.4(.x) I also need to
> install the
> hook it seems... it's not there by default.
>
> Any idea why you thought it should be ?
>
>
> there is no need for the hook for port mirroring. you can define a
> vnic profile with port mirroring via the engine and vdsm has this
> feature built-in.
>
> if you need more than just port mirroring (say, port forwarding),
> then you still need the hook.
>
>
> Cheers,
>
> Matt
>
>
> 2014-05-12 14:55 GMT+02:00 Matt . <yamakasi.014 at gmail.com
> <mailto:yamakasi.014 at gmail.com>
> <mailto:yamakasi.014 at gmail.com <mailto:yamakasi.014 at gmail.com>__>>:
>
>
> Hi,
>
> I really needed to enable the hook... Will investigate on
> new hosts!
>
>
> 2014-05-11 22:37 GMT+02:00 Itamar Heim <iheim at redhat.com
> <mailto:iheim at redhat.com>
> <mailto:iheim at redhat.com <mailto:iheim at redhat.com>>>:
>
>
> On 04/17/2014 04:08 AM, Matt . wrote:
>
> Hi Guys,
>
> I'm not able to write a howto yet as we need to
> check how
> this is
> running on high traffic and we are going soon.
> Than, we need
> to test
> some other functions before I can actually write
> something down.
>
> Because this is not all documented well indeed I'm in
> testmode and doing
> some @ life system as reallife environments are always
> coming with other
> things than your prefec test.
>
> I cannot say I needed promiscuouity, I did some
> things you would
> normally do on pfsense which fixed that part. Some old
> message you
> really need to discard instead of clicking it away was
> confusing this test.
>
>
>
> you are not supposed to need the promiscious hook for
> sniffing/mirroring - that's by now part of engine/vdsm
> (at vnic
> level in earlier versions, and at network profile in later
> versions iirc)
>
>
>
> 2014-04-17 9:08 GMT+02:00 Dan Kenigsberg
> <danken at redhat.com <mailto:danken at redhat.com>
> <mailto:danken at redhat.com <mailto:danken at redhat.com>>
> <mailto:danken at redhat.com
> <mailto:danken at redhat.com> <mailto:danken at redhat.com
> <mailto:danken at redhat.com>>>>:
>
>
>
> On Thu, Apr 17, 2014 at 01:11:13AM +0200, Matt
> . wrote:
> > OK, also this is finetuned, but it would be
> nice to
> have some
> more info
> > about the hooks in these cases... it's
> interesting
> as oVirt has
> the right
> > settings to start with but we need to know
> what we
> need to set
> when we have
> > a setup like this for an example.
>
> Could you explain what you have done, and what
> do you
> need promiscuouity
> for? oVirt has "port mirroring" that allows to
> mirror
> ip traffic from
> one vm network to another.
>
> >
> >
> > 2014-04-17 0:35 GMT+02:00 Matt .
> <yamakasi.014 at gmail.com
> <mailto:yamakasi.014 at gmail.com> <mailto:yamakasi.014 at gmail.com
> <mailto:yamakasi.014 at gmail.com>__>
> <mailto:yamakasi.014 at gmail.com
> <mailto:yamakasi.014 at gmail.com>
> <mailto:yamakasi.014 at gmail.com
> <mailto:yamakasi.014 at gmail.com>__>__>>:
>
>
> >
> > > Traffic issues are solved, but the
> advertising in
> not that well.
> > >
> > > I see on ESXi (vSphere) that you need to
> enable
> "Promiscuous
> Mode", but
> > > how on oVirt ?
> > >
> > >
> http://www.blissfulidiot.com/____2013/11/using-carp-with-____vmware-esxi.html
> <http://www.blissfulidiot.com/__2013/11/using-carp-with-__vmware-esxi.html>
>
>
> <http://www.blissfulidiot.com/__2013/11/using-carp-with-__vmware-esxi.html
> <http://www.blissfulidiot.com/2013/11/using-carp-with-vmware-esxi.html>>
> > >
> > > Do I need the vdsm-hook-promisc for it ?
> as I need
> to make real
> settings
> > > on a VM there I think the vswitch only
> needs the mode.
> > >
> > > Information is welcome!
>
>
>
>
> ___________________________________________________
> Users mailing list
> Users at ovirt.org <mailto:Users at ovirt.org> <mailto:Users at ovirt.org
> <mailto:Users at ovirt.org>>
> http://lists.ovirt.org/____mailman/listinfo/users
> <http://lists.ovirt.org/__mailman/listinfo/users>
> <http://lists.ovirt.org/__mailman/listinfo/users
> <http://lists.ovirt.org/mailman/listinfo/users>>
>
>
>
>
>
>
More information about the Users
mailing list