[ovirt-users] NAT/internal Networks in ovirt?
Derek Atkins
derek at ihtfp.com
Thu Nov 3 15:26:11 UTC 2016
Hi Dan,
On Thu, November 3, 2016 6:14 am, Dan Kenigsberg wrote:
> On Wed, Nov 02, 2016 at 05:22:43PM -0400, Derek Atkins wrote:
>> Hi,
>>
[snip]
> I'm afraid that we have not advanced this any further.
> Main conceptual problem with the suggested manual process is that VMs
> behind NAT cannot be reliably migrated to another host.
I suppose the only real issue in migration would be open connections. In
my case, since I only have a single machine, migration isn't an issue.
But I see the larger problem that seamless migration would cause.
> I hope that our current work, of attaching VMs onto an OVN-defined
> overlay network (see
> https://www.ovirt.org/blog/2016/11/ovirt-provider-ovn/ ) would satisfy
> most of what you need of a NATted network, and more.
I have to better understand OVN, how to configure it, and how it would
work, but it sounds like it might solve the problem. From a cursory
glance it looks like this would allow me to set up a virtual network that
goes through the OVN service in lieu of the standard bridges that ovirt
networking provides -- so I would provide an ovirt bridge to an OVN
network which could act as a NAT to the "standard" bridge out into the
Internet at large.
(Honestly, I wish there were a good overview of networking in ovirt -- all
the pages seem to assume you already know how it works and are more aimed
at explaining how to configure it -- which doesn't help a n00b like me)
> For HostOnly networks, btw, you can create dummy interfaces
> http://lists.ovirt.org/pipermail/users/2015-December/036897.html
> and then attach them to a network.
Yes, I don't specifically need this, but it would certainly work for those
who want a HostOnly network.
Thank you for your reply!
> Regards,
> Dan.
-derek
PS: Is there any particular reason, if I only have a single physical
network/uplink, to create multiple logical networks within ovirt? Or is
it "safe" to just use the management network for everything? Everything
is, effectively, already in the same broadcast network.
--
Derek Atkins 617-623-3745
derek at ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
More information about the Users
mailing list