[ovirt-users] Connection hickups with Pfsense and Carp

Itamar Heim iheim at redhat.com
Thu May 15 07:01:35 EDT 2014


On 05/15/2014 06:45 AM, Matt . wrote:
> OK, we are on the same line there.
>
> The issue is that it doesn't work on this host, others do.
>
> I have a 3.3 cluster and 3.4... both are enabled using the command... or
> can't you have 2 versions ?

multiple versions shouldn't be an issue.
I'll let danken and others continue to torubleshoot why not working though.

>
>
> 2014-05-15 12:43 GMT+02:00 Itamar Heim <iheim at redhat.com
> <mailto:iheim at redhat.com>>:
>
>     On 05/15/2014 06:42 AM, Matt . wrote:
>
>         OK, now I'm confused.
>
>         For MacSpoofing we per default don't have the "macspoof" feature
>         in the
>         engine am I right ?
>
>         To get that... you need to set:
>
>         engine-config -s EnableMACAntiSpoofingFilterRul__es=false --cver=3.X
>
>         But no hook needs to be installed for this ? I don't have ping
>         at the momment with macspoof set on true on a VM.
>
>
>     macspoofing is more than just promiscuous mode for port mirroring,
>     which does require the hook to be installed (and the VM to be restarted)
>
>
>
>
>         2014-05-15 12:35 GMT+02:00 Itamar Heim <iheim at redhat.com
>         <mailto:iheim at redhat.com>
>         <mailto:iheim at redhat.com <mailto:iheim at redhat.com>>>:
>
>
>              On 05/15/2014 04:26 AM, Matt . wrote:
>
>                  Itamar,
>
>                  On some testhost I'm updating now to 3.4(.x) I also need to
>                  install the
>                  hook it seems... it's not there by default.
>
>                  Any idea why you thought it should be ?
>
>
>              there is no need for the hook for port mirroring. you can
>         define a
>              vnic profile with port mirroring via the engine and vdsm
>         has this
>              feature built-in.
>
>              if you need more than just port mirroring (say, port
>         forwarding),
>              then you still need the hook.
>
>
>                  Cheers,
>
>                  Matt
>
>
>                  2014-05-12 14:55 GMT+02:00 Matt .
>         <yamakasi.014 at gmail.com <mailto:yamakasi.014 at gmail.com>
>                  <mailto:yamakasi.014 at gmail.com
>         <mailto:yamakasi.014 at gmail.com>__>
>                  <mailto:yamakasi.014 at gmail.com
>         <mailto:yamakasi.014 at gmail.com> <mailto:yamakasi.014 at gmail.com
>         <mailto:yamakasi.014 at gmail.com>__>__>>:
>
>
>                       Hi,
>
>                       I really needed to enable the hook... Will
>         investigate on
>                  new hosts!
>
>
>                       2014-05-11 22:37 GMT+02:00 Itamar Heim
>         <iheim at redhat.com <mailto:iheim at redhat.com>
>                  <mailto:iheim at redhat.com <mailto:iheim at redhat.com>>
>                       <mailto:iheim at redhat.com <mailto:iheim at redhat.com>
>         <mailto:iheim at redhat.com <mailto:iheim at redhat.com>>>>:
>
>
>
>                           On 04/17/2014 04:08 AM, Matt . wrote:
>
>                               Hi Guys,
>
>                               I'm not able to write a howto yet as we
>         need to
>                  check how
>                               this is
>                               running on high traffic and we are going soon.
>                  Than, we need
>                               to test
>                               some other functions before I can actually
>         write
>                  something down.
>
>                               Because this is not all documented well
>         indeed I'm in
>                               testmode and doing
>                               some @ life system as reallife
>         environments are always
>                               coming with other
>                               things than your prefec test.
>
>                               I cannot say I needed promiscuouity, I did
>         some
>                  things you would
>                               normally do on pfsense which fixed that
>         part. Some old
>                               message you
>                               really need to discard instead of clicking
>         it away was
>                               confusing this test.
>
>
>
>                           you are not supposed to need the promiscious
>         hook for
>                           sniffing/mirroring - that's by now part of
>         engine/vdsm
>                  (at vnic
>                           level in earlier versions, and at network
>         profile in later
>                           versions iirc)
>
>
>
>                               2014-04-17 9:08 GMT+02:00 Dan Kenigsberg
>                  <danken at redhat.com <mailto:danken at redhat.com>
>         <mailto:danken at redhat.com <mailto:danken at redhat.com>>
>                               <mailto:danken at redhat.com
>         <mailto:danken at redhat.com> <mailto:danken at redhat.com
>         <mailto:danken at redhat.com>>>
>                               <mailto:danken at redhat.com
>         <mailto:danken at redhat.com>
>                  <mailto:danken at redhat.com <mailto:danken at redhat.com>>
>         <mailto:danken at redhat.com <mailto:danken at redhat.com>
>                  <mailto:danken at redhat.com <mailto:danken at redhat.com>>>>>:
>
>
>
>                                    On Thu, Apr 17, 2014 at 01:11:13AM
>         +0200, Matt
>                  . wrote:
>                                     > OK, also this is finetuned, but it
>         would be
>                  nice to
>                               have some
>                                    more info
>                                     > about the hooks in these cases... it's
>                  interesting
>                               as oVirt has
>                                    the right
>                                     > settings to start with but we need
>         to know
>                  what we
>                               need to set
>                                    when we have
>                                     > a setup like this for an example.
>
>                                    Could you explain what you have done,
>         and what
>                  do you
>                               need promiscuouity
>                                    for? oVirt has "port mirroring" that
>         allows to
>                  mirror
>                               ip traffic from
>                                    one vm network to another.
>
>                                     >
>                                     >
>                                     > 2014-04-17 0:35 GMT+02:00 Matt .
>                               <yamakasi.014 at gmail.com
>         <mailto:yamakasi.014 at gmail.com>
>                  <mailto:yamakasi.014 at gmail.com
>         <mailto:yamakasi.014 at gmail.com>__>
>         <mailto:yamakasi.014 at gmail.com <mailto:yamakasi.014 at gmail.com>
>                  <mailto:yamakasi.014 at gmail.com
>         <mailto:yamakasi.014 at gmail.com>__>__>
>                                    <mailto:yamakasi.014 at gmail.com
>         <mailto:yamakasi.014 at gmail.com>
>                  <mailto:yamakasi.014 at gmail.com
>         <mailto:yamakasi.014 at gmail.com>__>
>                               <mailto:yamakasi.014 at gmail.com
>         <mailto:yamakasi.014 at gmail.com>
>                  <mailto:yamakasi.014 at gmail.com
>         <mailto:yamakasi.014 at gmail.com>__>__>__>>:
>
>
>
>                                     >
>                                     > > Traffic issues are solved, but the
>                  advertising in
>                               not that well.
>                                     > >
>                                     > > I see on ESXi (vSphere) that you
>         need to
>                  enable
>                               "Promiscuous
>                                    Mode", but
>                                     > > how on oVirt ?
>                                     > >
>                                     > >
>         http://www.blissfulidiot.com/______2013/11/using-carp-with-______vmware-esxi.html
>         <http://www.blissfulidiot.com/____2013/11/using-carp-with-____vmware-esxi.html>
>
>         <http://www.blissfulidiot.com/____2013/11/using-carp-with-____vmware-esxi.html
>         <http://www.blissfulidiot.com/__2013/11/using-carp-with-__vmware-esxi.html>>
>
>
>
>
>         <http://www.blissfulidiot.com/____2013/11/using-carp-with-____vmware-esxi.html
>         <http://www.blissfulidiot.com/__2013/11/using-carp-with-__vmware-esxi.html>
>
>         <http://www.blissfulidiot.com/__2013/11/using-carp-with-__vmware-esxi.html
>         <http://www.blissfulidiot.com/2013/11/using-carp-with-vmware-esxi.html>>>
>                                     > >
>                                     > > Do I need the vdsm-hook-promisc
>         for it ?
>                  as I need
>                               to make real
>                                    settings
>                                     > > on a VM there I think the
>         vswitch only
>                  needs the mode.
>                                     > >
>                                     > > Information is welcome!
>
>
>
>
>
>           _____________________________________________________
>                               Users mailing list
>         Users at ovirt.org <mailto:Users at ovirt.org> <mailto:Users at ovirt.org
>         <mailto:Users at ovirt.org>> <mailto:Users at ovirt.org
>         <mailto:Users at ovirt.org>
>                  <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>>
>         http://lists.ovirt.org/______mailman/listinfo/users
>         <http://lists.ovirt.org/____mailman/listinfo/users>
>                  <http://lists.ovirt.org/____mailman/listinfo/users
>         <http://lists.ovirt.org/__mailman/listinfo/users>>
>
>           <http://lists.ovirt.org/____mailman/listinfo/users
>         <http://lists.ovirt.org/__mailman/listinfo/users>
>                  <http://lists.ovirt.org/__mailman/listinfo/users
>         <http://lists.ovirt.org/mailman/listinfo/users>>>
>
>
>
>
>
>
>
>



More information about the Users mailing list