<div dir="ltr"><div><div></div>Just one more thought about your requirement to<br>have the VM with the firewall on a specific host,<br></div><div>I am not quite sure you need this requirement at all.<br></div><div>What you could do instead, is create an OVN network<br></div><div>that would contain only one vNIC on this VM, and<br></div><div>add your NIC (the one going out to the external servers)<br></div><div>manually to the appropriate OVN LogicalSwitch (the one<br></div><div>matching the OVN network).<br></div><div>This way the OVN network would bridge the externally<br></div><div>facing NIC to your VM vNIC. OVN would take care of<br></div><div>making sure the traffic gets to the appropriate host.<br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 23, 2017 at 5:46 PM, Mitchell Smith <span dir="ltr"><<a href="mailto:mitchinseattle2014@gmail.com" target="_blank">mitchinseattle2014@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Thanks very much for that, the youtube video was very helpful, I was basically working from the RedHat documentation at <a href="https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html/administration_guide/sect-adding_external_providers" target="_blank">https://access.redhat.com/<wbr>documentation/en-us/red_hat_<wbr>virtualization/4.1/html/<wbr>administration_guide/sect-<wbr>adding_external_providers</a> which wasn’t very in-depth.<div><br></div><div>The video did a much better job explaining how OVN works which was very useful.</div><div><br></div><div>I appreciate the info, thanks.</div><div><div class="h5"><div><br><div><blockquote type="cite"><div>On Aug 23, 2017, at 7:35 AM, Marcin Mirecki <<a href="mailto:mmirecki@redhat.com" target="_blank">mmirecki@redhat.com</a>> wrote:</div><br class="m_-2818675835534118765Apple-interchange-newline"><div><div dir="ltr"><div><div><div>Hi,<br><br></div>Please check out this deep dive to see how the OVN provider is set up:<br><a href="https://www.youtube.com/watch?v=vGeouWfKJwA&t=10s" target="_blank">https://www.youtube.com/watch?<wbr>v=vGeouWfKJwA&t=10s</a><br><br></div>By adding a subnet to the external network you will get a dhcp server<br>on this network that will use the defined subnet.<br><br></div><div>Try using affinity groups to make our VM come up on a specific groups.<br><br></div><div>To allow to connect your nic with the public IP you can connect it<br></div><div>to the vm as a passtrough device. Adding one more NIC connected<br></div><div>to an OVN network would give you a VM connected to both.<br></div><div><br></div><div>Another (not so clean) possiblity is to create an ovirt network, add<br></div><div>it to the host, and connect the VM to it. On the host you will see<br></div><div>that a bridge will be created for the network. You could then add<br></div><div>your NIC that goes to the remote networks to the bridge created for <br></div><div>the network on your host (manual action). <br></div><div>This would also be possible using an OVN network with just the<br></div><div>single NIC from that VM connected, and the external NIC plugged<br></div><div>into the OVS bridge used for OVN (with manual OVN configuration).<br><br></div><div><div><div><br><br><br><br></div><br><div><br></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 23, 2017 at 11:32 AM, Mitch <span dir="ltr"><<a href="mailto:mitchinseattle2014@gmail.com" target="_blank">mitchinseattle2014@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
I am trying to understand the best way to structure our network with oVirt.<br>
<br>
We have a number of servers hosted in a remote datacenter, all with a<br>
single NIC with a single public IP.<br>
<br>
One server also has a /26 subnet mapped to it which we have to present<br>
on a specific MAC address.<br>
<br>
What I am trying to do is have all our VMs on a private subnet<br>
<a href="http://10.2.3.0/24" rel="noreferrer" target="_blank">10.2.3.0/24</a> for example, and use OVN to make that subnet available<br>
across all oVirt hosts, (PeerVPN and Tinc are also options I’m looking<br>
at).<br>
<br>
On the single host with the /26 on it, I plan to run an instance of<br>
Opnsense or similar as a VM, with two NICs, one bridged to eth0 with<br>
the specific MAC required for the public subnet, and one that will<br>
connect to the private virtual network, I could then do 1-to-1 NAT for<br>
those hosts on the private network that need to be publically<br>
accessible.<br>
<br>
I know this isn’t the ideal setup, but we have to work with in the<br>
constraints required by the datacenter we are using.<br>
<br>
Unfortunately I can’t work out how to configure this in oVirt, I<br>
assume I need to set up a logical network for the private subnet,<br>
using OVN as an external provider, and set up another logical subnet<br>
for the public address space and attach that to a specific host in the<br>
cluster?<br>
<br>
For the public address space, how do I bridge that to eth0 and give it<br>
a specific MAC address? Also how can I ensure my Opnsense VM comes up<br>
on a specific host?<br>
<br>
For the private network, is OVN the best approach, or am I better off<br>
looking at other mesh VPN solutions to build an internal network<br>
across our oVirt hosts?<br>
<br>
Any comments or suggestions will be greatly appreciated.<br>
<br>
Thanks :)<br>
______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br>
</blockquote></div><br></div>
</div></blockquote></div><br></div></div></div></div></blockquote></div><br></div>