[ovirt-users] How to build specific network structure?

Marcin Mirecki mmirecki at redhat.com
Fri Aug 25 06:42:29 UTC 2017


Just one more thought about your requirement to
have the VM with the firewall on a specific host,
I am not quite sure you need this requirement at all.
What you could do instead, is create an OVN network
that would contain only one vNIC on this VM, and
add your NIC (the one going out to the external servers)
manually to the appropriate OVN LogicalSwitch (the one
matching the OVN network).
This way the OVN network would bridge the externally
facing NIC to your VM vNIC. OVN would take care of
making sure the traffic gets to the appropriate host.



On Wed, Aug 23, 2017 at 5:46 PM, Mitchell Smith <
mitchinseattle2014 at gmail.com> wrote:

> Thanks very much for that, the youtube video was very helpful, I was
> basically working from the RedHat documentation at
> https://access.redhat.com/documentation/en-us/red_hat_
> virtualization/4.1/html/administration_guide/sect-
> adding_external_providers which wasn’t very in-depth.
>
> The video did a much better job explaining how OVN works which was very
> useful.
>
> I appreciate the info, thanks.
>
> On Aug 23, 2017, at 7:35 AM, Marcin Mirecki <mmirecki at redhat.com> wrote:
>
> Hi,
>
> Please check out this deep dive to see how the OVN provider is set up:
> https://www.youtube.com/watch?v=vGeouWfKJwA&t=10s
>
> By adding a subnet to the external network you will get a dhcp server
> on this network that will use the defined subnet.
>
> Try using affinity groups to make our VM come up on a specific groups.
>
> To allow to connect your nic with the public IP you can connect it
> to the vm as a passtrough device. Adding one more NIC connected
> to an OVN network would give you a VM connected to both.
>
> Another (not so clean) possiblity is to create an ovirt network, add
> it to the host, and connect the VM to it. On the host you will see
> that a bridge will be created for the network. You could then add
> your NIC that goes to the remote networks to the bridge created for
> the network on your host (manual action).
> This would also be possible using an OVN network with just the
> single NIC from that VM connected, and the external NIC plugged
> into the OVS bridge used for OVN (with manual OVN configuration).
>
>
>
>
>
>
>
>
> On Wed, Aug 23, 2017 at 11:32 AM, Mitch <mitchinseattle2014 at gmail.com>
> wrote:
>
>> Hi,
>>
>> I am trying to understand the best way to structure our network with
>> oVirt.
>>
>> We have a number of servers hosted in a remote datacenter, all with a
>> single NIC with a single public IP.
>>
>> One server also has a /26 subnet mapped to it which we have to present
>> on a specific MAC address.
>>
>> What I am trying to do is have all our VMs on a private subnet
>> 10.2.3.0/24 for example, and use OVN to make that subnet available
>> across all oVirt hosts, (PeerVPN and Tinc are also options I’m looking
>> at).
>>
>> On the single host with the /26 on it, I plan to run an instance of
>> Opnsense or similar as a VM, with two NICs, one bridged to eth0 with
>> the specific MAC required for the public subnet, and one that will
>> connect to the private virtual network, I could then do 1-to-1 NAT for
>> those hosts on the private network that need to be publically
>> accessible.
>>
>> I know this isn’t the ideal setup, but we have to work with in the
>> constraints required by the datacenter we are using.
>>
>> Unfortunately I can’t work out how to configure this in oVirt, I
>> assume I need to set up a logical network for the private subnet,
>> using OVN as an external provider, and set up another logical subnet
>> for the public address space and attach that to a specific host in the
>> cluster?
>>
>> For the public address space, how do I bridge that to eth0 and give it
>> a specific MAC address? Also how can I ensure my Opnsense VM comes up
>> on a specific host?
>>
>> For the private network, is OVN the best approach, or am I better off
>> looking at other mesh VPN solutions to build an internal network
>> across our oVirt hosts?
>>
>> Any comments or suggestions will be greatly appreciated.
>>
>> Thanks :)
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170825/271c34c4/attachment.html>


More information about the Users mailing list