[ovirt-users] Vlans and subnets

Lior Vernia lvernia at redhat.com
Wed Oct 15 00:11:31 UTC 2014


Hi Demeter,

This is an issue others have stumbled onto before, so it probably needs
to be fixed; it's sort of a chicken-and-egg problem.

For the time being, I think the workaround is to set up your storage
network manually on the host as vlan101 (in an oVirt-compatible manner)
before running engine-setup. In engine-setup you would then name the
vlan102 device for the management network (which is used to communicate
with hosts).

Setting up the storage network in an oVirt-compatible manner can be
performed by pre-installing vdsm (i.e. "yum install vdsm") yourself on
your first host, then run something like:

vdsClient -s 0 addNetwork bridge=storageNetworkName vlan=101 nic=eth0 \
BOOTPROTO=dhcp

I hope I got it approximately right, can't commit that it's accurate :)
I've also added specific answers to your questions below, please let us
know if this does the trick or if you require more assistance.

On 14/10/14 19:58, Demeter Tibor wrote:
> Hello all,
> 
> I've created a self-hosted ovirt engine with two node, but on the last
> steps the engine-setup could not attach the node to the "default" cluster.
> I think it was because I have different services on different vlans.
> I  have vlan100 for glusterfs and vlan101 for vdsm hosts with different
> subnets. Also, I have an another connection (eth1) with different subnet
> for internet acces and this is the default route.
> 
> I would like to separate ovirt services, networks and glusterfs to
> different vlans/subnets by security reasons.
> But I don't know what services need to be on same vlan/subnets.
> 
> My questions/goals
> 
> - which services need to connect to another ?

Could you be more specific? The management network is used to
communicate between the engine and the hosts, the storage network is
only used by the hosts (and not the engine) as far as I know.

> - Is hosted engine's vm need to be on same network with gluster ? 

To my understanding no, see above point.

> - Is hosted engine's vm need to be on same network with vdsm hosts?

Yes, see above point :)

> - I want to separate ovirt/gluster networks from ovirt VM-s/public
> internet access

Not sure how much "separation" you're looking to get, but shouldn't be a
problem. For example, You can put the additional ("public") networks on
different VLANs and make sure to tag/untag packets as they enter/leave
your oVirt deployment. Keep in mind to also configure the additional
networks on the hosts and VMs.

> - I don't want to extra traffic on router 

Not sure about your topology, but if your hosts are on the same
broadcast domain then there's no reason why this traffic will put
unnecessary load on your router.

> 
> Does anyone experience with this way?
> 
> Thanks in advance
> 
> Tibor 
> 
> 
> 
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 



More information about the Users mailing list