[ovirt-users] Connection hickups with Pfsense and Carp

Itamar Heim iheim at redhat.com
Thu May 15 06:43:38 EDT 2014


On 05/15/2014 06:42 AM, Matt . wrote:
> OK, now I'm confused.
>
> For MacSpoofing we per default don't have the "macspoof" feature in the
> engine am I right ?
>
> To get that... you need to set:
>
> engine-config -s EnableMACAntiSpoofingFilterRules=false --cver=3.X
>
> But no hook needs to be installed for this ? I don't have ping at the momment with macspoof set on true on a VM.
>

macspoofing is more than just promiscuous mode for port mirroring, which 
does require the hook to be installed (and the VM to be restarted)

>
>
>
> 2014-05-15 12:35 GMT+02:00 Itamar Heim <iheim at redhat.com
> <mailto:iheim at redhat.com>>:
>
>     On 05/15/2014 04:26 AM, Matt . wrote:
>
>         Itamar,
>
>         On some testhost I'm updating now to 3.4(.x) I also need to
>         install the
>         hook it seems... it's not there by default.
>
>         Any idea why you thought it should be ?
>
>
>     there is no need for the hook for port mirroring. you can define a
>     vnic profile with port mirroring via the engine and vdsm has this
>     feature built-in.
>
>     if you need more than just port mirroring (say, port forwarding),
>     then you still need the hook.
>
>
>         Cheers,
>
>         Matt
>
>
>         2014-05-12 14:55 GMT+02:00 Matt . <yamakasi.014 at gmail.com
>         <mailto:yamakasi.014 at gmail.com>
>         <mailto:yamakasi.014 at gmail.com <mailto:yamakasi.014 at gmail.com>__>>:
>
>
>              Hi,
>
>              I really needed to enable the hook... Will investigate on
>         new hosts!
>
>
>              2014-05-11 22:37 GMT+02:00 Itamar Heim <iheim at redhat.com
>         <mailto:iheim at redhat.com>
>              <mailto:iheim at redhat.com <mailto:iheim at redhat.com>>>:
>
>
>                  On 04/17/2014 04:08 AM, Matt . wrote:
>
>                      Hi Guys,
>
>                      I'm not able to write a howto yet as we need to
>         check how
>                      this is
>                      running on high traffic and we are going soon.
>         Than, we need
>                      to test
>                      some other functions before I can actually write
>         something down.
>
>                      Because this is not all documented well indeed I'm in
>                      testmode and doing
>                      some @ life system as reallife environments are always
>                      coming with other
>                      things than your prefec test.
>
>                      I cannot say I needed promiscuouity, I did some
>         things you would
>                      normally do on pfsense which fixed that part. Some old
>                      message you
>                      really need to discard instead of clicking it away was
>                      confusing this test.
>
>
>
>                  you are not supposed to need the promiscious hook for
>                  sniffing/mirroring - that's by now part of engine/vdsm
>         (at vnic
>                  level in earlier versions, and at network profile in later
>                  versions iirc)
>
>
>
>                      2014-04-17 9:08 GMT+02:00 Dan Kenigsberg
>         <danken at redhat.com <mailto:danken at redhat.com>
>                      <mailto:danken at redhat.com <mailto:danken at redhat.com>>
>                      <mailto:danken at redhat.com
>         <mailto:danken at redhat.com> <mailto:danken at redhat.com
>         <mailto:danken at redhat.com>>>>:
>
>
>
>                           On Thu, Apr 17, 2014 at 01:11:13AM +0200, Matt
>         . wrote:
>                            > OK, also this is finetuned, but it would be
>         nice to
>                      have some
>                           more info
>                            > about the hooks in these cases... it's
>         interesting
>                      as oVirt has
>                           the right
>                            > settings to start with but we need to know
>         what we
>                      need to set
>                           when we have
>                            > a setup like this for an example.
>
>                           Could you explain what you have done, and what
>         do you
>                      need promiscuouity
>                           for? oVirt has "port mirroring" that allows to
>         mirror
>                      ip traffic from
>                           one vm network to another.
>
>                            >
>                            >
>                            > 2014-04-17 0:35 GMT+02:00 Matt .
>                      <yamakasi.014 at gmail.com
>         <mailto:yamakasi.014 at gmail.com> <mailto:yamakasi.014 at gmail.com
>         <mailto:yamakasi.014 at gmail.com>__>
>                           <mailto:yamakasi.014 at gmail.com
>         <mailto:yamakasi.014 at gmail.com>
>                      <mailto:yamakasi.014 at gmail.com
>         <mailto:yamakasi.014 at gmail.com>__>__>>:
>
>
>                            >
>                            > > Traffic issues are solved, but the
>         advertising in
>                      not that well.
>                            > >
>                            > > I see on ESXi (vSphere) that you need to
>         enable
>                      "Promiscuous
>                           Mode", but
>                            > > how on oVirt ?
>                            > >
>                            > >
>         http://www.blissfulidiot.com/____2013/11/using-carp-with-____vmware-esxi.html
>         <http://www.blissfulidiot.com/__2013/11/using-carp-with-__vmware-esxi.html>
>
>
>         <http://www.blissfulidiot.com/__2013/11/using-carp-with-__vmware-esxi.html
>         <http://www.blissfulidiot.com/2013/11/using-carp-with-vmware-esxi.html>>
>                            > >
>                            > > Do I need the vdsm-hook-promisc for it ?
>         as I need
>                      to make real
>                           settings
>                            > > on a VM there I think the vswitch only
>         needs the mode.
>                            > >
>                            > > Information is welcome!
>
>
>
>
>                      ___________________________________________________
>                      Users mailing list
>         Users at ovirt.org <mailto:Users at ovirt.org> <mailto:Users at ovirt.org
>         <mailto:Users at ovirt.org>>
>         http://lists.ovirt.org/____mailman/listinfo/users
>         <http://lists.ovirt.org/__mailman/listinfo/users>
>                      <http://lists.ovirt.org/__mailman/listinfo/users
>         <http://lists.ovirt.org/mailman/listinfo/users>>
>
>
>
>
>
>



More information about the Users mailing list