[ovirt-users] Connection hickups with Pfsense and Carp
Matt .
yamakasi.014 at gmail.com
Thu May 15 10:45:46 UTC 2014
OK, we are on the same line there.
The issue is that it doesn't work on this host, others do.
I have a 3.3 cluster and 3.4... both are enabled using the command... or
can't you have 2 versions ?
2014-05-15 12:43 GMT+02:00 Itamar Heim <iheim at redhat.com>:
> On 05/15/2014 06:42 AM, Matt . wrote:
>
>> OK, now I'm confused.
>>
>> For MacSpoofing we per default don't have the "macspoof" feature in the
>> engine am I right ?
>>
>> To get that... you need to set:
>>
>> engine-config -s EnableMACAntiSpoofingFilterRules=false --cver=3.X
>>
>> But no hook needs to be installed for this ? I don't have ping at the
>> momment with macspoof set on true on a VM.
>>
>>
> macspoofing is more than just promiscuous mode for port mirroring, which
> does require the hook to be installed (and the VM to be restarted)
>
>
>>
>>
>> 2014-05-15 12:35 GMT+02:00 Itamar Heim <iheim at redhat.com
>> <mailto:iheim at redhat.com>>:
>>
>>
>> On 05/15/2014 04:26 AM, Matt . wrote:
>>
>> Itamar,
>>
>> On some testhost I'm updating now to 3.4(.x) I also need to
>> install the
>> hook it seems... it's not there by default.
>>
>> Any idea why you thought it should be ?
>>
>>
>> there is no need for the hook for port mirroring. you can define a
>> vnic profile with port mirroring via the engine and vdsm has this
>> feature built-in.
>>
>> if you need more than just port mirroring (say, port forwarding),
>> then you still need the hook.
>>
>>
>> Cheers,
>>
>> Matt
>>
>>
>> 2014-05-12 14:55 GMT+02:00 Matt . <yamakasi.014 at gmail.com
>> <mailto:yamakasi.014 at gmail.com>
>> <mailto:yamakasi.014 at gmail.com <mailto:yamakasi.014 at gmail.com
>> >__>>:
>>
>>
>> Hi,
>>
>> I really needed to enable the hook... Will investigate on
>> new hosts!
>>
>>
>> 2014-05-11 22:37 GMT+02:00 Itamar Heim <iheim at redhat.com
>> <mailto:iheim at redhat.com>
>> <mailto:iheim at redhat.com <mailto:iheim at redhat.com>>>:
>>
>>
>>
>> On 04/17/2014 04:08 AM, Matt . wrote:
>>
>> Hi Guys,
>>
>> I'm not able to write a howto yet as we need to
>> check how
>> this is
>> running on high traffic and we are going soon.
>> Than, we need
>> to test
>> some other functions before I can actually write
>> something down.
>>
>> Because this is not all documented well indeed I'm in
>> testmode and doing
>> some @ life system as reallife environments are
>> always
>> coming with other
>> things than your prefec test.
>>
>> I cannot say I needed promiscuouity, I did some
>> things you would
>> normally do on pfsense which fixed that part. Some
>> old
>> message you
>> really need to discard instead of clicking it away
>> was
>> confusing this test.
>>
>>
>>
>> you are not supposed to need the promiscious hook for
>> sniffing/mirroring - that's by now part of engine/vdsm
>> (at vnic
>> level in earlier versions, and at network profile in
>> later
>> versions iirc)
>>
>>
>>
>> 2014-04-17 9:08 GMT+02:00 Dan Kenigsberg
>> <danken at redhat.com <mailto:danken at redhat.com>
>> <mailto:danken at redhat.com <mailto:danken at redhat.com
>> >>
>> <mailto:danken at redhat.com
>> <mailto:danken at redhat.com> <mailto:danken at redhat.com
>> <mailto:danken at redhat.com>>>>:
>>
>>
>>
>> On Thu, Apr 17, 2014 at 01:11:13AM +0200, Matt
>> . wrote:
>> > OK, also this is finetuned, but it would be
>> nice to
>> have some
>> more info
>> > about the hooks in these cases... it's
>> interesting
>> as oVirt has
>> the right
>> > settings to start with but we need to know
>> what we
>> need to set
>> when we have
>> > a setup like this for an example.
>>
>> Could you explain what you have done, and what
>> do you
>> need promiscuouity
>> for? oVirt has "port mirroring" that allows to
>> mirror
>> ip traffic from
>> one vm network to another.
>>
>> >
>> >
>> > 2014-04-17 0:35 GMT+02:00 Matt .
>> <yamakasi.014 at gmail.com
>> <mailto:yamakasi.014 at gmail.com> <mailto:yamakasi.014 at gmail.com
>> <mailto:yamakasi.014 at gmail.com>__>
>> <mailto:yamakasi.014 at gmail.com
>> <mailto:yamakasi.014 at gmail.com>
>> <mailto:yamakasi.014 at gmail.com
>> <mailto:yamakasi.014 at gmail.com>__>__>>:
>>
>>
>>
>> >
>> > > Traffic issues are solved, but the
>> advertising in
>> not that well.
>> > >
>> > > I see on ESXi (vSphere) that you need to
>> enable
>> "Promiscuous
>> Mode", but
>> > > how on oVirt ?
>> > >
>> > >
>> http://www.blissfulidiot.com/____2013/11/using-carp-with-___
>> _vmware-esxi.html
>> <http://www.blissfulidiot.com/__2013/11/using-carp-with-__
>> vmware-esxi.html>
>>
>>
>>
>> <http://www.blissfulidiot.com/__2013/11/using-carp-with-__
>> vmware-esxi.html
>> <http://www.blissfulidiot.com/2013/11/using-carp-with-
>> vmware-esxi.html>>
>> > >
>> > > Do I need the vdsm-hook-promisc for it ?
>> as I need
>> to make real
>> settings
>> > > on a VM there I think the vswitch only
>> needs the mode.
>> > >
>> > > Information is welcome!
>>
>>
>>
>>
>> ___________________________________________________
>> Users mailing list
>> Users at ovirt.org <mailto:Users at ovirt.org> <mailto:Users at ovirt.org
>> <mailto:Users at ovirt.org>>
>> http://lists.ovirt.org/____mailman/listinfo/users
>> <http://lists.ovirt.org/__mailman/listinfo/users>
>> <http://lists.ovirt.org/__mailman/listinfo/users
>> <http://lists.ovirt.org/mailman/listinfo/users>>
>>
>>
>>
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140515/2ff22010/attachment-0001.html>
More information about the Users
mailing list