[ovirt-users] Connection hickups with Pfsense and Carp
Itamar Heim
iheim at redhat.com
Thu May 15 11:01:35 UTC 2014
On 05/15/2014 06:45 AM, Matt . wrote:
> OK, we are on the same line there.
>
> The issue is that it doesn't work on this host, others do.
>
> I have a 3.3 cluster and 3.4... both are enabled using the command... or
> can't you have 2 versions ?
multiple versions shouldn't be an issue.
I'll let danken and others continue to torubleshoot why not working though.
>
>
> 2014-05-15 12:43 GMT+02:00 Itamar Heim <iheim at redhat.com
> <mailto:iheim at redhat.com>>:
>
> On 05/15/2014 06:42 AM, Matt . wrote:
>
> OK, now I'm confused.
>
> For MacSpoofing we per default don't have the "macspoof" feature
> in the
> engine am I right ?
>
> To get that... you need to set:
>
> engine-config -s EnableMACAntiSpoofingFilterRul__es=false --cver=3.X
>
> But no hook needs to be installed for this ? I don't have ping
> at the momment with macspoof set on true on a VM.
>
>
> macspoofing is more than just promiscuous mode for port mirroring,
> which does require the hook to be installed (and the VM to be restarted)
>
>
>
>
> 2014-05-15 12:35 GMT+02:00 Itamar Heim <iheim at redhat.com
> <mailto:iheim at redhat.com>
> <mailto:iheim at redhat.com <mailto:iheim at redhat.com>>>:
>
>
> On 05/15/2014 04:26 AM, Matt . wrote:
>
> Itamar,
>
> On some testhost I'm updating now to 3.4(.x) I also need to
> install the
> hook it seems... it's not there by default.
>
> Any idea why you thought it should be ?
>
>
> there is no need for the hook for port mirroring. you can
> define a
> vnic profile with port mirroring via the engine and vdsm
> has this
> feature built-in.
>
> if you need more than just port mirroring (say, port
> forwarding),
> then you still need the hook.
>
>
> Cheers,
>
> Matt
>
>
> 2014-05-12 14:55 GMT+02:00 Matt .
> <yamakasi.014 at gmail.com <mailto:yamakasi.014 at gmail.com>
> <mailto:yamakasi.014 at gmail.com
> <mailto:yamakasi.014 at gmail.com>__>
> <mailto:yamakasi.014 at gmail.com
> <mailto:yamakasi.014 at gmail.com> <mailto:yamakasi.014 at gmail.com
> <mailto:yamakasi.014 at gmail.com>__>__>>:
>
>
> Hi,
>
> I really needed to enable the hook... Will
> investigate on
> new hosts!
>
>
> 2014-05-11 22:37 GMT+02:00 Itamar Heim
> <iheim at redhat.com <mailto:iheim at redhat.com>
> <mailto:iheim at redhat.com <mailto:iheim at redhat.com>>
> <mailto:iheim at redhat.com <mailto:iheim at redhat.com>
> <mailto:iheim at redhat.com <mailto:iheim at redhat.com>>>>:
>
>
>
> On 04/17/2014 04:08 AM, Matt . wrote:
>
> Hi Guys,
>
> I'm not able to write a howto yet as we
> need to
> check how
> this is
> running on high traffic and we are going soon.
> Than, we need
> to test
> some other functions before I can actually
> write
> something down.
>
> Because this is not all documented well
> indeed I'm in
> testmode and doing
> some @ life system as reallife
> environments are always
> coming with other
> things than your prefec test.
>
> I cannot say I needed promiscuouity, I did
> some
> things you would
> normally do on pfsense which fixed that
> part. Some old
> message you
> really need to discard instead of clicking
> it away was
> confusing this test.
>
>
>
> you are not supposed to need the promiscious
> hook for
> sniffing/mirroring - that's by now part of
> engine/vdsm
> (at vnic
> level in earlier versions, and at network
> profile in later
> versions iirc)
>
>
>
> 2014-04-17 9:08 GMT+02:00 Dan Kenigsberg
> <danken at redhat.com <mailto:danken at redhat.com>
> <mailto:danken at redhat.com <mailto:danken at redhat.com>>
> <mailto:danken at redhat.com
> <mailto:danken at redhat.com> <mailto:danken at redhat.com
> <mailto:danken at redhat.com>>>
> <mailto:danken at redhat.com
> <mailto:danken at redhat.com>
> <mailto:danken at redhat.com <mailto:danken at redhat.com>>
> <mailto:danken at redhat.com <mailto:danken at redhat.com>
> <mailto:danken at redhat.com <mailto:danken at redhat.com>>>>>:
>
>
>
> On Thu, Apr 17, 2014 at 01:11:13AM
> +0200, Matt
> . wrote:
> > OK, also this is finetuned, but it
> would be
> nice to
> have some
> more info
> > about the hooks in these cases... it's
> interesting
> as oVirt has
> the right
> > settings to start with but we need
> to know
> what we
> need to set
> when we have
> > a setup like this for an example.
>
> Could you explain what you have done,
> and what
> do you
> need promiscuouity
> for? oVirt has "port mirroring" that
> allows to
> mirror
> ip traffic from
> one vm network to another.
>
> >
> >
> > 2014-04-17 0:35 GMT+02:00 Matt .
> <yamakasi.014 at gmail.com
> <mailto:yamakasi.014 at gmail.com>
> <mailto:yamakasi.014 at gmail.com
> <mailto:yamakasi.014 at gmail.com>__>
> <mailto:yamakasi.014 at gmail.com <mailto:yamakasi.014 at gmail.com>
> <mailto:yamakasi.014 at gmail.com
> <mailto:yamakasi.014 at gmail.com>__>__>
> <mailto:yamakasi.014 at gmail.com
> <mailto:yamakasi.014 at gmail.com>
> <mailto:yamakasi.014 at gmail.com
> <mailto:yamakasi.014 at gmail.com>__>
> <mailto:yamakasi.014 at gmail.com
> <mailto:yamakasi.014 at gmail.com>
> <mailto:yamakasi.014 at gmail.com
> <mailto:yamakasi.014 at gmail.com>__>__>__>>:
>
>
>
> >
> > > Traffic issues are solved, but the
> advertising in
> not that well.
> > >
> > > I see on ESXi (vSphere) that you
> need to
> enable
> "Promiscuous
> Mode", but
> > > how on oVirt ?
> > >
> > >
> http://www.blissfulidiot.com/______2013/11/using-carp-with-______vmware-esxi.html
> <http://www.blissfulidiot.com/____2013/11/using-carp-with-____vmware-esxi.html>
>
> <http://www.blissfulidiot.com/____2013/11/using-carp-with-____vmware-esxi.html
> <http://www.blissfulidiot.com/__2013/11/using-carp-with-__vmware-esxi.html>>
>
>
>
>
> <http://www.blissfulidiot.com/____2013/11/using-carp-with-____vmware-esxi.html
> <http://www.blissfulidiot.com/__2013/11/using-carp-with-__vmware-esxi.html>
>
> <http://www.blissfulidiot.com/__2013/11/using-carp-with-__vmware-esxi.html
> <http://www.blissfulidiot.com/2013/11/using-carp-with-vmware-esxi.html>>>
> > >
> > > Do I need the vdsm-hook-promisc
> for it ?
> as I need
> to make real
> settings
> > > on a VM there I think the
> vswitch only
> needs the mode.
> > >
> > > Information is welcome!
>
>
>
>
>
> _____________________________________________________
> Users mailing list
> Users at ovirt.org <mailto:Users at ovirt.org> <mailto:Users at ovirt.org
> <mailto:Users at ovirt.org>> <mailto:Users at ovirt.org
> <mailto:Users at ovirt.org>
> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>>
> http://lists.ovirt.org/______mailman/listinfo/users
> <http://lists.ovirt.org/____mailman/listinfo/users>
> <http://lists.ovirt.org/____mailman/listinfo/users
> <http://lists.ovirt.org/__mailman/listinfo/users>>
>
> <http://lists.ovirt.org/____mailman/listinfo/users
> <http://lists.ovirt.org/__mailman/listinfo/users>
> <http://lists.ovirt.org/__mailman/listinfo/users
> <http://lists.ovirt.org/mailman/listinfo/users>>>
>
>
>
>
>
>
>
>
More information about the Users
mailing list