Guest network without virtual router

[Wei Leong <wl...@blackducksoftware.com>]

Is there an easy way from the UI to create a network without using the virtual router? I'm running configured cloudstack with basic networking and the cloudstack server sits in our network that already has a dhcp/server setup. I would like my guest VMs to just that instead of the virtual router.

According to this blog it is possible but only through the API, is there an alternative?
http://blog.remibergsma.com/2012/03/10/howto-create-a-network-in-cloudstack-without-a-virtual-router/

Re: Guest network without virtual router

[Chiradeep Vittal <Ch...@citrix.com>]

You can check by logging in to the VR and the contents of
/var/lib/misc/dnsmasq.leases
Dnsmasq is programmed to only answer requests that it knows the mac
address of.
In CS, all mac addresses start with 06: (which is a 'private' OUI)

On 3/12/13 7:08 PM, "Wei Leong" <wl...@blackducksoftware.com> wrote:

>Thanks for your response. I'd have to investigate further about the
>dropped packets. Back to the first case, today was the third time in a
>week that my sys admin has told me that he thinks the virtual router
>(with DHCP enabled) is leasing IPs to machines outside the cloud on the
>network. Has this been a problem for anyone else?
>
>
>On Mar 12, 2013, at 8:13 PM, Chiradeep Vittal
><Ch...@citrix.com> wrote:
>
>> In the first go-around, not sure what do you mean DNS didn't work. I
>> assume you could ping www.google.com ? The cloudstack DHCP systemvm will
>> forward DNS requests that it cannot resolve with its own /etc/hosts to
>>the
>> 'zone' DNS server.
>> 
>> In the second go-around it is probably expected behavior, but I cannot
>>say
>> for sure. CloudStack implements anti-spoofing at the hypervisor level,
>>so
>> if the packet coming out of the VM does not have a source ip/mac it
>> doesn't know about, it instructs the hypervisor to drop it. In this case
>> since the ip was assigned by a DHCP server not controlled by CloudStack
>> this will most likely result in a dropped packet.
>> You could try logging into the hypervisor and execute
>> ebtables -F
>> 
>> 
>> On 3/12/13 4:48 AM, "Wei Leong" <wl...@blackducksoftware.com> wrote:
>> 
>>> Nope, basic networking the second time too.
>>> 
>>> On Mar 12, 2013, at 1:25 AM, "Chiradeep Vittal"
>>> <Ch...@citrix.com> wrote:
>>> 
>>>> Is the second go-around using advanced networking?
>>>> 
>>>> On 3/10/13 1:54 PM, "Wei Leong" <wl...@blackducksoftware.com> wrote:
>>>> 
>>>>> It seems I am having a lot of trouble setting up even the simplest of
>>>>> cloudstack networking configurations.
>>>>> 
>>>>> A quick background on my setup:
>>>>> 
>>>>> The kvm host is part of a network of machines that gets their IPs
>>>>>from
>>>>> the router. I intend to set up cloudstack to extend our development
>>>>> infrastructure, VMs in the cloud will function just like physical
>>>>> machines on the network and depend on the router for dhcp and dns. My
>>>>> intention is to have cloudstack manage the provisioning of VMs and
>>>>> provide analysis of the cloud resources (memory, storage etc). Pretty
>>>>> straightforward stuff here.
>>>>> 
>>>>> My initial setup actually worked out ok - I created a zone with basic
>>>>> networking (DefaultSharedNetworkOfferingWithSGService) and guest VMs
>>>>> were
>>>>> assigned IPs according to the range I specified. The VMs had access
>>>>>to
>>>>> the internet and were able to connect to other machines on the
>>>>>network,
>>>>> but DNS did not work. My sys admin was also curious about whether the
>>>>> virtual router was leasing out IPs to physical machines on the
>>>>>network,
>>>>> could this happen? Is is better for hosts to have static IP
>>>>>addresses?
>>>>> 
>>>>> I then scratched the initial setup and created a new network offering
>>>>> without DHCP, and used that instead. For this configuration, no
>>>>>virtual
>>>>> router came up, VMs seem to be getting IPs from the external router,
>>>>> but
>>>>> none of them can connect to physical machines on the network/the
>>>>> internet.
>>>>> 
>>>>> I feel like i'm close to getting the right configuration, and might
>>>>> just
>>>>> be missing a small detail. I'm not ready to give up yet, even though
>>>>> I'm
>>>>> out of ideas at this point. Any suggestions/help is much appreciated.
>>>>> Thanks for reading!
>>>>> 
>>>>> Wei
>>>>> 
>>>>> 
>>>>> On Mar 7, 2013, at 6:22 PM, Bryan Whitehead
>>>>> <dr...@megahappy.net>> wrote:
>>>>> 
>>>>> Create a new network offering without DHCP. After you do that create
>>>>>a
>>>>> new
>>>>> guest network using that network offering / vlan.
>>>>> 
>>>>> 
>>>>> On Thu, Mar 7, 2013 at 8:58 AM, Wei Leong
>>>>> 
>>>>> 
>>>>><wl...@blackducksoftware.com>>wro
>>>>>te
>>>>> :
>>>>> 
>>>>> Is there an easy way from the UI to create a network without using
>>>>>the
>>>>> virtual router? I'm running configured cloudstack with basic
>>>>>networking
>>>>> and
>>>>> the cloudstack server sits in our network that already has a
>>>>> dhcp/server
>>>>> setup. I would like my guest VMs to just that instead of the virtual
>>>>> router.
>>>>> 
>>>>> According to this blog it is possible but only through the API, is
>>>>> there
>>>>> an alternative?
>>>>> 
>>>>> 
>>>>> 
>>>>>http://blog.remibergsma.com/2012/03/10/howto-create-a-network-in-cloud
>>>>>st
>>>>> ac
>>>>> k-without-a-virtual-router/
>>>> 
>> 
>

Re: Guest network without virtual router

[Wei Leong <wl...@blackducksoftware.com>]

Thanks for your response. I'd have to investigate further about the dropped packets. Back to the first case, today was the third time in a week that my sys admin has told me that he thinks the virtual router (with DHCP enabled) is leasing IPs to machines outside the cloud on the network. Has this been a problem for anyone else?


On Mar 12, 2013, at 8:13 PM, Chiradeep Vittal <Ch...@citrix.com> wrote:

> In the first go-around, not sure what do you mean DNS didn't work. I
> assume you could ping www.google.com ? The cloudstack DHCP systemvm will
> forward DNS requests that it cannot resolve with its own /etc/hosts to the
> 'zone' DNS server.
> 
> In the second go-around it is probably expected behavior, but I cannot say
> for sure. CloudStack implements anti-spoofing at the hypervisor level, so
> if the packet coming out of the VM does not have a source ip/mac it
> doesn't know about, it instructs the hypervisor to drop it. In this case
> since the ip was assigned by a DHCP server not controlled by CloudStack
> this will most likely result in a dropped packet.
> You could try logging into the hypervisor and execute
> ebtables -F
> 
> 
> On 3/12/13 4:48 AM, "Wei Leong" <wl...@blackducksoftware.com> wrote:
> 
>> Nope, basic networking the second time too.
>> 
>> On Mar 12, 2013, at 1:25 AM, "Chiradeep Vittal"
>> <Ch...@citrix.com> wrote:
>> 
>>> Is the second go-around using advanced networking?
>>> 
>>> On 3/10/13 1:54 PM, "Wei Leong" <wl...@blackducksoftware.com> wrote:
>>> 
>>>> It seems I am having a lot of trouble setting up even the simplest of
>>>> cloudstack networking configurations.
>>>> 
>>>> A quick background on my setup:
>>>> 
>>>> The kvm host is part of a network of machines that gets their IPs from
>>>> the router. I intend to set up cloudstack to extend our development
>>>> infrastructure, VMs in the cloud will function just like physical
>>>> machines on the network and depend on the router for dhcp and dns. My
>>>> intention is to have cloudstack manage the provisioning of VMs and
>>>> provide analysis of the cloud resources (memory, storage etc). Pretty
>>>> straightforward stuff here.
>>>> 
>>>> My initial setup actually worked out ok - I created a zone with basic
>>>> networking (DefaultSharedNetworkOfferingWithSGService) and guest VMs
>>>> were
>>>> assigned IPs according to the range I specified. The VMs had access to
>>>> the internet and were able to connect to other machines on the network,
>>>> but DNS did not work. My sys admin was also curious about whether the
>>>> virtual router was leasing out IPs to physical machines on the network,
>>>> could this happen? Is is better for hosts to have static IP addresses?
>>>> 
>>>> I then scratched the initial setup and created a new network offering
>>>> without DHCP, and used that instead. For this configuration, no virtual
>>>> router came up, VMs seem to be getting IPs from the external router,
>>>> but
>>>> none of them can connect to physical machines on the network/the
>>>> internet.
>>>> 
>>>> I feel like i'm close to getting the right configuration, and might
>>>> just
>>>> be missing a small detail. I'm not ready to give up yet, even though
>>>> I'm
>>>> out of ideas at this point. Any suggestions/help is much appreciated.
>>>> Thanks for reading!
>>>> 
>>>> Wei
>>>> 
>>>> 
>>>> On Mar 7, 2013, at 6:22 PM, Bryan Whitehead
>>>> <dr...@megahappy.net>> wrote:
>>>> 
>>>> Create a new network offering without DHCP. After you do that create a
>>>> new
>>>> guest network using that network offering / vlan.
>>>> 
>>>> 
>>>> On Thu, Mar 7, 2013 at 8:58 AM, Wei Leong
>>>> 
>>>> <wl...@blackducksoftware.com>>wrote
>>>> :
>>>> 
>>>> Is there an easy way from the UI to create a network without using the
>>>> virtual router? I'm running configured cloudstack with basic networking
>>>> and
>>>> the cloudstack server sits in our network that already has a
>>>> dhcp/server
>>>> setup. I would like my guest VMs to just that instead of the virtual
>>>> router.
>>>> 
>>>> According to this blog it is possible but only through the API, is
>>>> there
>>>> an alternative?
>>>> 
>>>> 
>>>> http://blog.remibergsma.com/2012/03/10/howto-create-a-network-in-cloudst
>>>> ac
>>>> k-without-a-virtual-router/
>>> 
> 

Re: Guest network without virtual router

[Chiradeep Vittal <Ch...@citrix.com>]

In the first go-around, not sure what do you mean DNS didn't work. I
assume you could ping www.google.com ? The cloudstack DHCP systemvm will
forward DNS requests that it cannot resolve with its own /etc/hosts to the
'zone' DNS server.

In the second go-around it is probably expected behavior, but I cannot say
for sure. CloudStack implements anti-spoofing at the hypervisor level, so
if the packet coming out of the VM does not have a source ip/mac it
doesn't know about, it instructs the hypervisor to drop it. In this case
since the ip was assigned by a DHCP server not controlled by CloudStack
this will most likely result in a dropped packet.
You could try logging into the hypervisor and execute
ebtables -F


On 3/12/13 4:48 AM, "Wei Leong" <wl...@blackducksoftware.com> wrote:

>Nope, basic networking the second time too.
>
>On Mar 12, 2013, at 1:25 AM, "Chiradeep Vittal"
><Ch...@citrix.com> wrote:
>
>> Is the second go-around using advanced networking?
>> 
>> On 3/10/13 1:54 PM, "Wei Leong" <wl...@blackducksoftware.com> wrote:
>> 
>>> It seems I am having a lot of trouble setting up even the simplest of
>>> cloudstack networking configurations.
>>> 
>>> A quick background on my setup:
>>> 
>>> The kvm host is part of a network of machines that gets their IPs from
>>> the router. I intend to set up cloudstack to extend our development
>>> infrastructure, VMs in the cloud will function just like physical
>>> machines on the network and depend on the router for dhcp and dns. My
>>> intention is to have cloudstack manage the provisioning of VMs and
>>> provide analysis of the cloud resources (memory, storage etc). Pretty
>>> straightforward stuff here.
>>> 
>>> My initial setup actually worked out ok - I created a zone with basic
>>> networking (DefaultSharedNetworkOfferingWithSGService) and guest VMs
>>>were
>>> assigned IPs according to the range I specified. The VMs had access to
>>> the internet and were able to connect to other machines on the network,
>>> but DNS did not work. My sys admin was also curious about whether the
>>> virtual router was leasing out IPs to physical machines on the network,
>>> could this happen? Is is better for hosts to have static IP addresses?
>>> 
>>> I then scratched the initial setup and created a new network offering
>>> without DHCP, and used that instead. For this configuration, no virtual
>>> router came up, VMs seem to be getting IPs from the external router,
>>>but
>>> none of them can connect to physical machines on the network/the
>>>internet.
>>> 
>>> I feel like i'm close to getting the right configuration, and might
>>>just
>>> be missing a small detail. I'm not ready to give up yet, even though
>>>I'm
>>> out of ideas at this point. Any suggestions/help is much appreciated.
>>> Thanks for reading!
>>> 
>>> Wei
>>> 
>>> 
>>> On Mar 7, 2013, at 6:22 PM, Bryan Whitehead
>>> <dr...@megahappy.net>> wrote:
>>> 
>>> Create a new network offering without DHCP. After you do that create a
>>>new
>>> guest network using that network offering / vlan.
>>> 
>>> 
>>> On Thu, Mar 7, 2013 at 8:58 AM, Wei Leong
>>> 
>>><wl...@blackducksoftware.com>>wrote
>>>:
>>> 
>>> Is there an easy way from the UI to create a network without using the
>>> virtual router? I'm running configured cloudstack with basic networking
>>> and
>>> the cloudstack server sits in our network that already has a
>>>dhcp/server
>>> setup. I would like my guest VMs to just that instead of the virtual
>>> router.
>>> 
>>> According to this blog it is possible but only through the API, is
>>>there
>>> an alternative?
>>> 
>>> 
>>>http://blog.remibergsma.com/2012/03/10/howto-create-a-network-in-cloudst
>>>ac
>>> k-without-a-virtual-router/
>> 

Re: Guest network without virtual router

[Wei Leong <wl...@blackducksoftware.com>]

Nope, basic networking the second time too.

On Mar 12, 2013, at 1:25 AM, "Chiradeep Vittal" <Ch...@citrix.com> wrote:

> Is the second go-around using advanced networking?
> 
> On 3/10/13 1:54 PM, "Wei Leong" <wl...@blackducksoftware.com> wrote:
> 
>> It seems I am having a lot of trouble setting up even the simplest of
>> cloudstack networking configurations.
>> 
>> A quick background on my setup:
>> 
>> The kvm host is part of a network of machines that gets their IPs from
>> the router. I intend to set up cloudstack to extend our development
>> infrastructure, VMs in the cloud will function just like physical
>> machines on the network and depend on the router for dhcp and dns. My
>> intention is to have cloudstack manage the provisioning of VMs and
>> provide analysis of the cloud resources (memory, storage etc). Pretty
>> straightforward stuff here.
>> 
>> My initial setup actually worked out ok - I created a zone with basic
>> networking (DefaultSharedNetworkOfferingWithSGService) and guest VMs were
>> assigned IPs according to the range I specified. The VMs had access to
>> the internet and were able to connect to other machines on the network,
>> but DNS did not work. My sys admin was also curious about whether the
>> virtual router was leasing out IPs to physical machines on the network,
>> could this happen? Is is better for hosts to have static IP addresses?
>> 
>> I then scratched the initial setup and created a new network offering
>> without DHCP, and used that instead. For this configuration, no virtual
>> router came up, VMs seem to be getting IPs from the external router, but
>> none of them can connect to physical machines on the network/the internet.
>> 
>> I feel like i'm close to getting the right configuration, and might just
>> be missing a small detail. I'm not ready to give up yet, even though I'm
>> out of ideas at this point. Any suggestions/help is much appreciated.
>> Thanks for reading!
>> 
>> Wei
>> 
>> 
>> On Mar 7, 2013, at 6:22 PM, Bryan Whitehead
>> <dr...@megahappy.net>> wrote:
>> 
>> Create a new network offering without DHCP. After you do that create a new
>> guest network using that network offering / vlan.
>> 
>> 
>> On Thu, Mar 7, 2013 at 8:58 AM, Wei Leong
>> <wl...@blackducksoftware.com>>wrote:
>> 
>> Is there an easy way from the UI to create a network without using the
>> virtual router? I'm running configured cloudstack with basic networking
>> and
>> the cloudstack server sits in our network that already has a dhcp/server
>> setup. I would like my guest VMs to just that instead of the virtual
>> router.
>> 
>> According to this blog it is possible but only through the API, is there
>> an alternative?
>> 
>> http://blog.remibergsma.com/2012/03/10/howto-create-a-network-in-cloudstac
>> k-without-a-virtual-router/
> 

Re: Guest network without virtual router

[Chiradeep Vittal <Ch...@citrix.com>]

Is the second go-around using advanced networking?

On 3/10/13 1:54 PM, "Wei Leong" <wl...@blackducksoftware.com> wrote:

>It seems I am having a lot of trouble setting up even the simplest of
>cloudstack networking configurations.
>
>A quick background on my setup:
>
>The kvm host is part of a network of machines that gets their IPs from
>the router. I intend to set up cloudstack to extend our development
>infrastructure, VMs in the cloud will function just like physical
>machines on the network and depend on the router for dhcp and dns. My
>intention is to have cloudstack manage the provisioning of VMs and
>provide analysis of the cloud resources (memory, storage etc). Pretty
>straightforward stuff here.
>
>My initial setup actually worked out ok - I created a zone with basic
>networking (DefaultSharedNetworkOfferingWithSGService) and guest VMs were
>assigned IPs according to the range I specified. The VMs had access to
>the internet and were able to connect to other machines on the network,
>but DNS did not work. My sys admin was also curious about whether the
>virtual router was leasing out IPs to physical machines on the network,
>could this happen? Is is better for hosts to have static IP addresses?
>
>I then scratched the initial setup and created a new network offering
>without DHCP, and used that instead. For this configuration, no virtual
>router came up, VMs seem to be getting IPs from the external router, but
>none of them can connect to physical machines on the network/the internet.
>
>I feel like i'm close to getting the right configuration, and might just
>be missing a small detail. I'm not ready to give up yet, even though I'm
>out of ideas at this point. Any suggestions/help is much appreciated.
>Thanks for reading!
>
>Wei
>
>
>On Mar 7, 2013, at 6:22 PM, Bryan Whitehead
><dr...@megahappy.net>> wrote:
>
>Create a new network offering without DHCP. After you do that create a new
>guest network using that network offering / vlan.
>
>
>On Thu, Mar 7, 2013 at 8:58 AM, Wei Leong
><wl...@blackducksoftware.com>>wrote:
>
>Is there an easy way from the UI to create a network without using the
>virtual router? I'm running configured cloudstack with basic networking
>and
>the cloudstack server sits in our network that already has a dhcp/server
>setup. I would like my guest VMs to just that instead of the virtual
>router.
>
>According to this blog it is possible but only through the API, is there
>an alternative?
>
>http://blog.remibergsma.com/2012/03/10/howto-create-a-network-in-cloudstac
>k-without-a-virtual-router/
>
>

Re: Guest network without virtual router

[Wei Leong <wl...@blackducksoftware.com>]

It seems I am having a lot of trouble setting up even the simplest of cloudstack networking configurations.

A quick background on my setup:

The kvm host is part of a network of machines that gets their IPs from the router. I intend to set up cloudstack to extend our development infrastructure, VMs in the cloud will function just like physical machines on the network and depend on the router for dhcp and dns. My intention is to have cloudstack manage the provisioning of VMs and provide analysis of the cloud resources (memory, storage etc). Pretty straightforward stuff here.

My initial setup actually worked out ok - I created a zone with basic networking (DefaultSharedNetworkOfferingWithSGService) and guest VMs were assigned IPs according to the range I specified. The VMs had access to the internet and were able to connect to other machines on the network, but DNS did not work. My sys admin was also curious about whether the virtual router was leasing out IPs to physical machines on the network, could this happen? Is is better for hosts to have static IP addresses?

I then scratched the initial setup and created a new network offering without DHCP, and used that instead. For this configuration, no virtual router came up, VMs seem to be getting IPs from the external router, but none of them can connect to physical machines on the network/the internet.

I feel like i'm close to getting the right configuration, and might just be missing a small detail. I'm not ready to give up yet, even though I'm out of ideas at this point. Any suggestions/help is much appreciated. Thanks for reading!

Wei


On Mar 7, 2013, at 6:22 PM, Bryan Whitehead <dr...@megahappy.net>> wrote:

Create a new network offering without DHCP. After you do that create a new
guest network using that network offering / vlan.


On Thu, Mar 7, 2013 at 8:58 AM, Wei Leong <wl...@blackducksoftware.com>>wrote:

Is there an easy way from the UI to create a network without using the
virtual router? I'm running configured cloudstack with basic networking and
the cloudstack server sits in our network that already has a dhcp/server
setup. I would like my guest VMs to just that instead of the virtual router.

According to this blog it is possible but only through the API, is there
an alternative?

http://blog.remibergsma.com/2012/03/10/howto-create-a-network-in-cloudstack-without-a-virtual-router/

Re: Guest network without virtual router

[Bryan Whitehead <dr...@megahappy.net>]

Create a new network offering without DHCP. After you do that create a new
guest network using that network offering / vlan.


On Thu, Mar 7, 2013 at 8:58 AM, Wei Leong <wl...@blackducksoftware.com>wrote:

> Is there an easy way from the UI to create a network without using the
> virtual router? I'm running configured cloudstack with basic networking and
> the cloudstack server sits in our network that already has a dhcp/server
> setup. I would like my guest VMs to just that instead of the virtual router.
>
> According to this blog it is possible but only through the API, is there
> an alternative?
>
> http://blog.remibergsma.com/2012/03/10/howto-create-a-network-in-cloudstack-without-a-virtual-router/
>