You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Maurice Lawler <ma...@me.com> on 2013/04/04 06:36:56 UTC
Reaching for the Stars: Secondary IP assignment!
Hello Cloud Stack Family,
I have attempted to the best of my ability to set this up. I have an instance (actually two) I would like to toss one additional IP address to two different instances. Cloud Stack 4.0.1 is proving to be rather difficult to accomplish this in.
Here is my set-up:
Single Server | CentOS 6.3 | KVM | CS 4.0.1
Yesterday, I was provided a helpful link: http://markmail.org/message/bt7pqnen26v2o63k
However, I am not making much sense out of that.
If ANYONE has ANY experience adding a secondary IP address -- please feel free to rescue me from the quick sand I am slowly sinking in!
I would greatly appreciate any and ALL help!
Thanks again!
- Maurice (aka: daoenix)
Re: Reaching for the Stars: Secondary IP assignment!
Posted by Jayapal Reddy Uradi <ja...@citrix.com>.
You need to update the anti spoofing rules.
update iptables filter rules which drop by comparing NOT vm mac and ip on <vmchain>_default chain.
Also in 'arptables' update the anti spoofing rules on vmchain_default chain.
Thanks,
Jayapal
On 05-Apr-2013, at 9:44 AM, Kirk Kosinski <ki...@gmail.com>
wrote:
> Adding a third IP works fine for me after deleting the DROP rules for
> non-CloudStack IPs.
>
> Best regards,
> Kirk
>
> On 04/04/2013 06:46 PM, Maurice Lawler wrote:
>> Actually, I disabled ebtables. That seemed to clear the issue. However,
>> what is the proper way to add yet another IP address; when ebtables is
>> online.
>>
>> - Maurice
>>
>> On Apr 04, 2013, at 09:39 PM, Maurice Lawler <ma...@me.com> wrote:
>>
>>> One more thing,
>>>
>>> Your assistance was great, let me ask you this. I wanted to test to
>>> see how far I can push this. While I was able to have one primary IP
>>> addressed assigned by Cloud Stack and working with the ebtables I was
>>> then able to add a secondary IP address; however, adding a third IP
>>> address as I did the secondary IP address however, it fails; why is this?
>>>
>>>
>>>
>>> On Apr 04, 2013, at 09:30 PM, Maurice Lawler <ma...@me.com>
>>> wrote:
>>>
>>>> Kirk,
>>>>
>>>> THANK YOU THANK YOU THANK YOU !
>>>>
>>>> That worked PERFECTLY !!!!
>>>>
>>>> Appreciate your help GREATLY!
>>>>
>>>>
>>>> Now if you or ANYONE can assist, a windows instance -- attaching a
>>>> secondary virtual drive on it; I was given an exe and an ISO to
>>>> install drivers; but I am not 100%
>>>>
>>>> - Maurice
>>>>
>>>> On Apr 04, 2013, at 07:14 PM, Kirk Kosinski <ki...@gmail.com>
>>>> wrote:
>>>>
>>>>> Hi, Maurice. The message you linked is about XenServer and not
>>>>> applicable to KVM. One of the main purposes of security groups is to
>>>>> prohibit exactly what you are trying to do. You may want to use a basic
>>>>> zone without security groups if you routinely need to bypass their
>>>>> functionality, or use an advanced zone to get full support for using
>>>>> multiple guest networks, or wait for official support for multiple IPs
>>>>> per NIC which seems to be coming in CloudStack 4.2 [1].
>>>>>
>>>>> Anyway if this is a one-off case, one solution that seems to work is to
>>>>> delete the ebtables DROP rules on the host for IPs not assigned to the
>>>>> VM by CloudStack. There are inbound and outbound chains in the nat
>>>>> table for each VM. For example, list the rules:
>>>>>
>>>>> ebtables -t nat -L i-2-3-VM-in --Ln
>>>>>
>>>>> And delete the DROP rule for the IP:
>>>>>
>>>>> ebtables -t nat -D i-2-3-VM-in 4
>>>>>
>>>>> Do the same for the i-2-3-VM-out chain, and redo these steps any time
>>>>> the VM migrates to a different host or is stopped and started. If you
>>>>> generally want to use security groups but don't mind if VMs use
>>>>> additional IPs, it should be possible to hack security_group.py on the
>>>>> hosts to prevent the DROP rules from being created in the first place.
>>>>>
>>>>> Best regards,
>>>>> Kirk
>>>>>
>>>>> [1] https://issues.apache.org/jira/browse/CLOUDSTACK-24
>>>>>
>>>>> On 04/04/2013 01:23 PM, Maurice Lawler wrote:
>>>>>> Hello Kirk,
>>>>>>
>>>>>> Yes, I am; the default security group settings in the basic mode.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Apr 04, 2013, at 04:06 PM, Kirk Kosinski
>>>>> <kirkkosinski@gmail.com <ma...@gmail.com>> wrote:
>>>>>>
>>>>>>> Are you using security groups in your basic zone?
>>>>>>>
>>>>>>> Kirk
>>>>>>>
>>>>>>> On 04/04/2013 10:23 AM, Maurice Lawler wrote:
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>>
>>>>>>>> Thank you so very much for the replies. I am using Basic Zone right
>>>>>>> now and yes, I would like the ability to assign a secondary IP
>>>>> address
>>>>>>> to any instance (should the instances I a hosting request them) at
>>>>>>> this point one has requested a secondary IP address.
>>>>>>>>
>>>>>>>> So the previous response, would that work in basic mode, how should
>>>>>>> I proceed?
>>>>>>>>
>>>>>>>> - Maurice
>>>>>>>>
>>>>>>>>
>>>>>>>> On Apr 4, 2013, at 10:29 AM, Ahmad Emneina <aemneina@gmail.com
>>>>> <ma...@gmail.com>
>>>>>>> <mailto:aemneina@gmail.com <ma...@gmail.com>>> wrote:
>>>>>>>>
>>>>>>>>> Dropping -dev as to not cross post. Just to clear things up...
>>>>>>>>> Maurice: this is for guests to have multiple ip's in a vm, right?
>>>>>>> Would these ip's be on the same subnet or a different network. I
>>>>> think
>>>>>>> Chiradeep posted a way to technically get around this. Also for
>>>>>>> further clarification, what cloudstack zone type are you working
>>>>> with?
>>>>>>>>>
>>>>>>>>> Ahmad
>>>>>>>>>
>>>>>>>>> On Apr 3, 2013, at 9:36 PM, Maurice Lawler
>>>>> <maurice.lawler@me.com <ma...@me.com>
>>>>>>> <mailto:maurice.lawler@me.com <ma...@me.com>>> wrote:
>>>>>>>>>
>>>>>>>>>> Hello Cloud Stack Family,
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> I have attempted to the best of my ability to set this up. I have
>>>>>>> an instance (actually two) I would like to toss one additional IP
>>>>>>> address to two different instances. Cloud Stack 4.0.1 is proving
>>>>> to be
>>>>>>> rather difficult to accomplish this in.
>>>>>>>>>>
>>>>>>>>>> Here is my set-up:
>>>>>>>>>>
>>>>>>>>>> Single Server | CentOS 6.3 | KVM | CS 4.0.1
>>>>>>>>>>
>>>>>>>>>> Yesterday, I was provided a helpful link:
>>>>>>> http://markmail.org/message/bt7pqnen26v2o63k
>>>>>>>>>>
>>>>>>>>>> However, I am not making much sense out of that.
>>>>>>>>>>
>>>>>>>>>> If ANYONE has ANY experience adding a secondary IP address --
>>>>>>> please feel free to rescue me from the quick sand I am slowly
>>>>> sinking in!
>>>>>>>>>>
>>>>>>>>>> I would greatly appreciate any and ALL help!
>>>>>>>>>>
>>>>>>>>>> Thanks again!
>>>>>>>>>>
>>>>>>>>>> - Maurice (aka: daoenix)
>>>>>>>>
Re: Reaching for the Stars: Secondary IP assignment!
Posted by Kirk Kosinski <ki...@gmail.com>.
Adding a third IP works fine for me after deleting the DROP rules for
non-CloudStack IPs.
Best regards,
Kirk
On 04/04/2013 06:46 PM, Maurice Lawler wrote:
> Actually, I disabled ebtables. That seemed to clear the issue. However,
> what is the proper way to add yet another IP address; when ebtables is
> online.
>
> - Maurice
>
> On Apr 04, 2013, at 09:39 PM, Maurice Lawler <ma...@me.com> wrote:
>
>> One more thing,
>>
>> Your assistance was great, let me ask you this. I wanted to test to
>> see how far I can push this. While I was able to have one primary IP
>> addressed assigned by Cloud Stack and working with the ebtables I was
>> then able to add a secondary IP address; however, adding a third IP
>> address as I did the secondary IP address however, it fails; why is this?
>>
>>
>>
>> On Apr 04, 2013, at 09:30 PM, Maurice Lawler <ma...@me.com>
>> wrote:
>>
>>> Kirk,
>>>
>>> THANK YOU THANK YOU THANK YOU !
>>>
>>> That worked PERFECTLY !!!!
>>>
>>> Appreciate your help GREATLY!
>>>
>>>
>>> Now if you or ANYONE can assist, a windows instance -- attaching a
>>> secondary virtual drive on it; I was given an exe and an ISO to
>>> install drivers; but I am not 100%
>>>
>>> - Maurice
>>>
>>> On Apr 04, 2013, at 07:14 PM, Kirk Kosinski <ki...@gmail.com>
>>> wrote:
>>>
>>>> Hi, Maurice. The message you linked is about XenServer and not
>>>> applicable to KVM. One of the main purposes of security groups is to
>>>> prohibit exactly what you are trying to do. You may want to use a basic
>>>> zone without security groups if you routinely need to bypass their
>>>> functionality, or use an advanced zone to get full support for using
>>>> multiple guest networks, or wait for official support for multiple IPs
>>>> per NIC which seems to be coming in CloudStack 4.2 [1].
>>>>
>>>> Anyway if this is a one-off case, one solution that seems to work is to
>>>> delete the ebtables DROP rules on the host for IPs not assigned to the
>>>> VM by CloudStack. There are inbound and outbound chains in the nat
>>>> table for each VM. For example, list the rules:
>>>>
>>>> ebtables -t nat -L i-2-3-VM-in --Ln
>>>>
>>>> And delete the DROP rule for the IP:
>>>>
>>>> ebtables -t nat -D i-2-3-VM-in 4
>>>>
>>>> Do the same for the i-2-3-VM-out chain, and redo these steps any time
>>>> the VM migrates to a different host or is stopped and started. If you
>>>> generally want to use security groups but don't mind if VMs use
>>>> additional IPs, it should be possible to hack security_group.py on the
>>>> hosts to prevent the DROP rules from being created in the first place.
>>>>
>>>> Best regards,
>>>> Kirk
>>>>
>>>> [1] https://issues.apache.org/jira/browse/CLOUDSTACK-24
>>>>
>>>> On 04/04/2013 01:23 PM, Maurice Lawler wrote:
>>>> > Hello Kirk,
>>>> >
>>>> > Yes, I am; the default security group settings in the basic mode.
>>>> >
>>>> >
>>>> >
>>>> > On Apr 04, 2013, at 04:06 PM, Kirk Kosinski
>>>> <kirkkosinski@gmail.com <ma...@gmail.com>> wrote:
>>>> >
>>>> >> Are you using security groups in your basic zone?
>>>> >>
>>>> >> Kirk
>>>> >>
>>>> >> On 04/04/2013 10:23 AM, Maurice Lawler wrote:
>>>> >> > Hello,
>>>> >> >
>>>> >> >
>>>> >> > Thank you so very much for the replies. I am using Basic Zone right
>>>> >> now and yes, I would like the ability to assign a secondary IP
>>>> address
>>>> >> to any instance (should the instances I a hosting request them) at
>>>> >> this point one has requested a secondary IP address.
>>>> >> >
>>>> >> > So the previous response, would that work in basic mode, how should
>>>> >> I proceed?
>>>> >> >
>>>> >> > - Maurice
>>>> >> >
>>>> >> >
>>>> >> > On Apr 4, 2013, at 10:29 AM, Ahmad Emneina <aemneina@gmail.com
>>>> <ma...@gmail.com>
>>>> >> <mailto:aemneina@gmail.com <ma...@gmail.com>>> wrote:
>>>> >> >
>>>> >> >> Dropping -dev as to not cross post. Just to clear things up...
>>>> >> >> Maurice: this is for guests to have multiple ip's in a vm, right?
>>>> >> Would these ip's be on the same subnet or a different network. I
>>>> think
>>>> >> Chiradeep posted a way to technically get around this. Also for
>>>> >> further clarification, what cloudstack zone type are you working
>>>> with?
>>>> >> >>
>>>> >> >> Ahmad
>>>> >> >>
>>>> >> >> On Apr 3, 2013, at 9:36 PM, Maurice Lawler
>>>> <maurice.lawler@me.com <ma...@me.com>
>>>> >> <mailto:maurice.lawler@me.com <ma...@me.com>>> wrote:
>>>> >> >>
>>>> >> >>> Hello Cloud Stack Family,
>>>> >> >>>
>>>> >> >>>
>>>> >> >>> I have attempted to the best of my ability to set this up. I have
>>>> >> an instance (actually two) I would like to toss one additional IP
>>>> >> address to two different instances. Cloud Stack 4.0.1 is proving
>>>> to be
>>>> >> rather difficult to accomplish this in.
>>>> >> >>>
>>>> >> >>> Here is my set-up:
>>>> >> >>>
>>>> >> >>> Single Server | CentOS 6.3 | KVM | CS 4.0.1
>>>> >> >>>
>>>> >> >>> Yesterday, I was provided a helpful link:
>>>> >> http://markmail.org/message/bt7pqnen26v2o63k
>>>> >> >>>
>>>> >> >>> However, I am not making much sense out of that.
>>>> >> >>>
>>>> >> >>> If ANYONE has ANY experience adding a secondary IP address --
>>>> >> please feel free to rescue me from the quick sand I am slowly
>>>> sinking in!
>>>> >> >>>
>>>> >> >>> I would greatly appreciate any and ALL help!
>>>> >> >>>
>>>> >> >>> Thanks again!
>>>> >> >>>
>>>> >> >>> - Maurice (aka: daoenix)
>>>> >> >
Re: Reaching for the Stars: Secondary IP assignment!
Posted by Maurice Lawler <ma...@me.com>.
Actually, I disabled ebtables. That seemed to clear the issue. However, what is the proper way to add yet another IP address; when ebtables is online.
- Maurice
On Apr 04, 2013, at 09:39 PM, Maurice Lawler <ma...@me.com> wrote:
> One more thing,
>
> Your assistance was great, let me ask you this. I wanted to test to see how far I can push this. While I was able to have one primary IP addressed assigned by Cloud Stack and working with the ebtables I was then able to add a secondary IP address; however, adding a third IP address as I did the secondary IP address however, it fails; why is this?
>
>
>
> On Apr 04, 2013, at 09:30 PM, Maurice Lawler <ma...@me.com> wrote:
>
>> Kirk,
>>
>> THANK YOU THANK YOU THANK YOU !
>>
>> That worked PERFECTLY !!!!
>>
>> Appreciate your help GREATLY!
>>
>>
>> Now if you or ANYONE can assist, a windows instance -- attaching a secondary virtual drive on it; I was given an exe and an ISO to install drivers; but I am not 100%
>>
>> - Maurice
>>
>> On Apr 04, 2013, at 07:14 PM, Kirk Kosinski <ki...@gmail.com> wrote:
>>
>>> Hi, Maurice. The message you linked is about XenServer and not
>>> applicable to KVM. One of the main purposes of security groups is to
>>> prohibit exactly what you are trying to do. You may want to use a basic
>>> zone without security groups if you routinely need to bypass their
>>> functionality, or use an advanced zone to get full support for using
>>> multiple guest networks, or wait for official support for multiple IPs
>>> per NIC which seems to be coming in CloudStack 4.2 [1].
>>>
>>> Anyway if this is a one-off case, one solution that seems to work is to
>>> delete the ebtables DROP rules on the host for IPs not assigned to the
>>> VM by CloudStack. There are inbound and outbound chains in the nat
>>> table for each VM. For example, list the rules:
>>>
>>> ebtables -t nat -L i-2-3-VM-in --Ln
>>>
>>> And delete the DROP rule for the IP:
>>>
>>> ebtables -t nat -D i-2-3-VM-in 4
>>>
>>> Do the same for the i-2-3-VM-out chain, and redo these steps any time
>>> the VM migrates to a different host or is stopped and started. If you
>>> generally want to use security groups but don't mind if VMs use
>>> additional IPs, it should be possible to hack security_group.py on the
>>> hosts to prevent the DROP rules from being created in the first place.
>>>
>>> Best regards,
>>> Kirk
>>>
>>> [1] https://issues.apache.org/jira/browse/CLOUDSTACK-24
>>>
>>> On 04/04/2013 01:23 PM, Maurice Lawler wrote:
>>> > Hello Kirk,
>>> >
>>> > Yes, I am; the default security group settings in the basic mode.
>>> >
>>> >
>>> >
>>> > On Apr 04, 2013, at 04:06 PM, Kirk Kosinski <ki...@gmail.com> wrote:
>>> >
>>> >> Are you using security groups in your basic zone?
>>> >>
>>> >> Kirk
>>> >>
>>> >> On 04/04/2013 10:23 AM, Maurice Lawler wrote:
>>> >> > Hello,
>>> >> >
>>> >> >
>>> >> > Thank you so very much for the replies. I am using Basic Zone right
>>> >> now and yes, I would like the ability to assign a secondary IP address
>>> >> to any instance (should the instances I a hosting request them) at
>>> >> this point one has requested a secondary IP address.
>>> >> >
>>> >> > So the previous response, would that work in basic mode, how should
>>> >> I proceed?
>>> >> >
>>> >> > - Maurice
>>> >> >
>>> >> >
>>> >> > On Apr 4, 2013, at 10:29 AM, Ahmad Emneina <aemneina@gmail.com
>>> >> <ma...@gmail.com>> wrote:
>>> >> >
>>> >> >> Dropping -dev as to not cross post. Just to clear things up...
>>> >> >> Maurice: this is for guests to have multiple ip's in a vm, right?
>>> >> Would these ip's be on the same subnet or a different network. I think
>>> >> Chiradeep posted a way to technically get around this. Also for
>>> >> further clarification, what cloudstack zone type are you working with?
>>> >> >>
>>> >> >> Ahmad
>>> >> >>
>>> >> >> On Apr 3, 2013, at 9:36 PM, Maurice Lawler <maurice.lawler@me.com
>>> >> <ma...@me.com>> wrote:
>>> >> >>
>>> >> >>> Hello Cloud Stack Family,
>>> >> >>>
>>> >> >>>
>>> >> >>> I have attempted to the best of my ability to set this up. I have
>>> >> an instance (actually two) I would like to toss one additional IP
>>> >> address to two different instances. Cloud Stack 4.0.1 is proving to be
>>> >> rather difficult to accomplish this in.
>>> >> >>>
>>> >> >>> Here is my set-up:
>>> >> >>>
>>> >> >>> Single Server | CentOS 6.3 | KVM | CS 4.0.1
>>> >> >>>
>>> >> >>> Yesterday, I was provided a helpful link:
>>> >> http://markmail.org/message/bt7pqnen26v2o63k
>>> >> >>>
>>> >> >>> However, I am not making much sense out of that.
>>> >> >>>
>>> >> >>> If ANYONE has ANY experience adding a secondary IP address --
>>> >> please feel free to rescue me from the quick sand I am slowly sinking in!
>>> >> >>>
>>> >> >>> I would greatly appreciate any and ALL help!
>>> >> >>>
>>> >> >>> Thanks again!
>>> >> >>>
>>> >> >>> - Maurice (aka: daoenix)
>>> >> >
Re: Reaching for the Stars: Secondary IP assignment!
Posted by Maurice Lawler <ma...@me.com>.
One more thing,
Your assistance was great, let me ask you this. I wanted to test to see how far I can push this. While I was able to have one primary IP addressed assigned by Cloud Stack and working with the ebtables I was then able to add a secondary IP address; however, adding a third IP address as I did the secondary IP address however, it fails; why is this?
On Apr 04, 2013, at 09:30 PM, Maurice Lawler <ma...@me.com> wrote:
> Kirk,
>
> THANK YOU THANK YOU THANK YOU !
>
> That worked PERFECTLY !!!!
>
> Appreciate your help GREATLY!
>
>
> Now if you or ANYONE can assist, a windows instance -- attaching a secondary virtual drive on it; I was given an exe and an ISO to install drivers; but I am not 100%
>
> - Maurice
>
> On Apr 04, 2013, at 07:14 PM, Kirk Kosinski <ki...@gmail.com> wrote:
>
>> Hi, Maurice. The message you linked is about XenServer and not
>> applicable to KVM. One of the main purposes of security groups is to
>> prohibit exactly what you are trying to do. You may want to use a basic
>> zone without security groups if you routinely need to bypass their
>> functionality, or use an advanced zone to get full support for using
>> multiple guest networks, or wait for official support for multiple IPs
>> per NIC which seems to be coming in CloudStack 4.2 [1].
>>
>> Anyway if this is a one-off case, one solution that seems to work is to
>> delete the ebtables DROP rules on the host for IPs not assigned to the
>> VM by CloudStack. There are inbound and outbound chains in the nat
>> table for each VM. For example, list the rules:
>>
>> ebtables -t nat -L i-2-3-VM-in --Ln
>>
>> And delete the DROP rule for the IP:
>>
>> ebtables -t nat -D i-2-3-VM-in 4
>>
>> Do the same for the i-2-3-VM-out chain, and redo these steps any time
>> the VM migrates to a different host or is stopped and started. If you
>> generally want to use security groups but don't mind if VMs use
>> additional IPs, it should be possible to hack security_group.py on the
>> hosts to prevent the DROP rules from being created in the first place.
>>
>> Best regards,
>> Kirk
>>
>> [1] https://issues.apache.org/jira/browse/CLOUDSTACK-24
>>
>> On 04/04/2013 01:23 PM, Maurice Lawler wrote:
>> > Hello Kirk,
>> >
>> > Yes, I am; the default security group settings in the basic mode.
>> >
>> >
>> >
>> > On Apr 04, 2013, at 04:06 PM, Kirk Kosinski <ki...@gmail.com> wrote:
>> >
>> >> Are you using security groups in your basic zone?
>> >>
>> >> Kirk
>> >>
>> >> On 04/04/2013 10:23 AM, Maurice Lawler wrote:
>> >> > Hello,
>> >> >
>> >> >
>> >> > Thank you so very much for the replies. I am using Basic Zone right
>> >> now and yes, I would like the ability to assign a secondary IP address
>> >> to any instance (should the instances I a hosting request them) at
>> >> this point one has requested a secondary IP address.
>> >> >
>> >> > So the previous response, would that work in basic mode, how should
>> >> I proceed?
>> >> >
>> >> > - Maurice
>> >> >
>> >> >
>> >> > On Apr 4, 2013, at 10:29 AM, Ahmad Emneina <aemneina@gmail.com
>> >> <ma...@gmail.com>> wrote:
>> >> >
>> >> >> Dropping -dev as to not cross post. Just to clear things up...
>> >> >> Maurice: this is for guests to have multiple ip's in a vm, right?
>> >> Would these ip's be on the same subnet or a different network. I think
>> >> Chiradeep posted a way to technically get around this. Also for
>> >> further clarification, what cloudstack zone type are you working with?
>> >> >>
>> >> >> Ahmad
>> >> >>
>> >> >> On Apr 3, 2013, at 9:36 PM, Maurice Lawler <maurice.lawler@me.com
>> >> <ma...@me.com>> wrote:
>> >> >>
>> >> >>> Hello Cloud Stack Family,
>> >> >>>
>> >> >>>
>> >> >>> I have attempted to the best of my ability to set this up. I have
>> >> an instance (actually two) I would like to toss one additional IP
>> >> address to two different instances. Cloud Stack 4.0.1 is proving to be
>> >> rather difficult to accomplish this in.
>> >> >>>
>> >> >>> Here is my set-up:
>> >> >>>
>> >> >>> Single Server | CentOS 6.3 | KVM | CS 4.0.1
>> >> >>>
>> >> >>> Yesterday, I was provided a helpful link:
>> >> http://markmail.org/message/bt7pqnen26v2o63k
>> >> >>>
>> >> >>> However, I am not making much sense out of that.
>> >> >>>
>> >> >>> If ANYONE has ANY experience adding a secondary IP address --
>> >> please feel free to rescue me from the quick sand I am slowly sinking in!
>> >> >>>
>> >> >>> I would greatly appreciate any and ALL help!
>> >> >>>
>> >> >>> Thanks again!
>> >> >>>
>> >> >>> - Maurice (aka: daoenix)
>> >> >
Re: Reaching for the Stars: Secondary IP assignment!
Posted by Maurice Lawler <ma...@me.com>.
Kirk,
THANK YOU THANK YOU THANK YOU !
That worked PERFECTLY !!!!
Appreciate your help GREATLY!
Now if you or ANYONE can assist, a windows instance -- attaching a secondary virtual drive on it; I was given an exe and an ISO to install drivers; but I am not 100%
- Maurice
On Apr 04, 2013, at 07:14 PM, Kirk Kosinski <ki...@gmail.com> wrote:
> Hi, Maurice. The message you linked is about XenServer and not
> applicable to KVM. One of the main purposes of security groups is to
> prohibit exactly what you are trying to do. You may want to use a basic
> zone without security groups if you routinely need to bypass their
> functionality, or use an advanced zone to get full support for using
> multiple guest networks, or wait for official support for multiple IPs
> per NIC which seems to be coming in CloudStack 4.2 [1].
>
> Anyway if this is a one-off case, one solution that seems to work is to
> delete the ebtables DROP rules on the host for IPs not assigned to the
> VM by CloudStack. There are inbound and outbound chains in the nat
> table for each VM. For example, list the rules:
>
> ebtables -t nat -L i-2-3-VM-in --Ln
>
> And delete the DROP rule for the IP:
>
> ebtables -t nat -D i-2-3-VM-in 4
>
> Do the same for the i-2-3-VM-out chain, and redo these steps any time
> the VM migrates to a different host or is stopped and started. If you
> generally want to use security groups but don't mind if VMs use
> additional IPs, it should be possible to hack security_group.py on the
> hosts to prevent the DROP rules from being created in the first place.
>
> Best regards,
> Kirk
>
> [1] https://issues.apache.org/jira/browse/CLOUDSTACK-24
>
> On 04/04/2013 01:23 PM, Maurice Lawler wrote:
> > Hello Kirk,
> >
> > Yes, I am; the default security group settings in the basic mode.
> >
> >
> >
> > On Apr 04, 2013, at 04:06 PM, Kirk Kosinski <ki...@gmail.com> wrote:
> >
> >> Are you using security groups in your basic zone?
> >>
> >> Kirk
> >>
> >> On 04/04/2013 10:23 AM, Maurice Lawler wrote:
> >> > Hello,
> >> >
> >> >
> >> > Thank you so very much for the replies. I am using Basic Zone right
> >> now and yes, I would like the ability to assign a secondary IP address
> >> to any instance (should the instances I a hosting request them) at
> >> this point one has requested a secondary IP address.
> >> >
> >> > So the previous response, would that work in basic mode, how should
> >> I proceed?
> >> >
> >> > - Maurice
> >> >
> >> >
> >> > On Apr 4, 2013, at 10:29 AM, Ahmad Emneina <aemneina@gmail.com
> >> <ma...@gmail.com>> wrote:
> >> >
> >> >> Dropping -dev as to not cross post. Just to clear things up...
> >> >> Maurice: this is for guests to have multiple ip's in a vm, right?
> >> Would these ip's be on the same subnet or a different network. I think
> >> Chiradeep posted a way to technically get around this. Also for
> >> further clarification, what cloudstack zone type are you working with?
> >> >>
> >> >> Ahmad
> >> >>
> >> >> On Apr 3, 2013, at 9:36 PM, Maurice Lawler <maurice.lawler@me.com
> >> <ma...@me.com>> wrote:
> >> >>
> >> >>> Hello Cloud Stack Family,
> >> >>>
> >> >>>
> >> >>> I have attempted to the best of my ability to set this up. I have
> >> an instance (actually two) I would like to toss one additional IP
> >> address to two different instances. Cloud Stack 4.0.1 is proving to be
> >> rather difficult to accomplish this in.
> >> >>>
> >> >>> Here is my set-up:
> >> >>>
> >> >>> Single Server | CentOS 6.3 | KVM | CS 4.0.1
> >> >>>
> >> >>> Yesterday, I was provided a helpful link:
> >> http://markmail.org/message/bt7pqnen26v2o63k
> >> >>>
> >> >>> However, I am not making much sense out of that.
> >> >>>
> >> >>> If ANYONE has ANY experience adding a secondary IP address --
> >> please feel free to rescue me from the quick sand I am slowly sinking in!
> >> >>>
> >> >>> I would greatly appreciate any and ALL help!
> >> >>>
> >> >>> Thanks again!
> >> >>>
> >> >>> - Maurice (aka: daoenix)
> >> >
Re: Reaching for the Stars: Secondary IP assignment!
Posted by Kirk Kosinski <ki...@gmail.com>.
Hi, Maurice. The message you linked is about XenServer and not
applicable to KVM. One of the main purposes of security groups is to
prohibit exactly what you are trying to do. You may want to use a basic
zone without security groups if you routinely need to bypass their
functionality, or use an advanced zone to get full support for using
multiple guest networks, or wait for official support for multiple IPs
per NIC which seems to be coming in CloudStack 4.2 [1].
Anyway if this is a one-off case, one solution that seems to work is to
delete the ebtables DROP rules on the host for IPs not assigned to the
VM by CloudStack. There are inbound and outbound chains in the nat
table for each VM. For example, list the rules:
ebtables -t nat -L i-2-3-VM-in --Ln
And delete the DROP rule for the IP:
ebtables -t nat -D i-2-3-VM-in 4
Do the same for the i-2-3-VM-out chain, and redo these steps any time
the VM migrates to a different host or is stopped and started. If you
generally want to use security groups but don't mind if VMs use
additional IPs, it should be possible to hack security_group.py on the
hosts to prevent the DROP rules from being created in the first place.
Best regards,
Kirk
[1] https://issues.apache.org/jira/browse/CLOUDSTACK-24
On 04/04/2013 01:23 PM, Maurice Lawler wrote:
> Hello Kirk,
>
> Yes, I am; the default security group settings in the basic mode.
>
>
>
> On Apr 04, 2013, at 04:06 PM, Kirk Kosinski <ki...@gmail.com> wrote:
>
>> Are you using security groups in your basic zone?
>>
>> Kirk
>>
>> On 04/04/2013 10:23 AM, Maurice Lawler wrote:
>> > Hello,
>> >
>> >
>> > Thank you so very much for the replies. I am using Basic Zone right
>> now and yes, I would like the ability to assign a secondary IP address
>> to any instance (should the instances I a hosting request them) at
>> this point one has requested a secondary IP address.
>> >
>> > So the previous response, would that work in basic mode, how should
>> I proceed?
>> >
>> > - Maurice
>> >
>> >
>> > On Apr 4, 2013, at 10:29 AM, Ahmad Emneina <aemneina@gmail.com
>> <ma...@gmail.com>> wrote:
>> >
>> >> Dropping -dev as to not cross post. Just to clear things up...
>> >> Maurice: this is for guests to have multiple ip's in a vm, right?
>> Would these ip's be on the same subnet or a different network. I think
>> Chiradeep posted a way to technically get around this. Also for
>> further clarification, what cloudstack zone type are you working with?
>> >>
>> >> Ahmad
>> >>
>> >> On Apr 3, 2013, at 9:36 PM, Maurice Lawler <maurice.lawler@me.com
>> <ma...@me.com>> wrote:
>> >>
>> >>> Hello Cloud Stack Family,
>> >>>
>> >>>
>> >>> I have attempted to the best of my ability to set this up. I have
>> an instance (actually two) I would like to toss one additional IP
>> address to two different instances. Cloud Stack 4.0.1 is proving to be
>> rather difficult to accomplish this in.
>> >>>
>> >>> Here is my set-up:
>> >>>
>> >>> Single Server | CentOS 6.3 | KVM | CS 4.0.1
>> >>>
>> >>> Yesterday, I was provided a helpful link:
>> http://markmail.org/message/bt7pqnen26v2o63k
>> >>>
>> >>> However, I am not making much sense out of that.
>> >>>
>> >>> If ANYONE has ANY experience adding a secondary IP address --
>> please feel free to rescue me from the quick sand I am slowly sinking in!
>> >>>
>> >>> I would greatly appreciate any and ALL help!
>> >>>
>> >>> Thanks again!
>> >>>
>> >>> - Maurice (aka: daoenix)
>> >
Re: Reaching for the Stars: Secondary IP assignment!
Posted by Maurice Lawler <ma...@me.com>.
Hello Kirk,
Yes, I am; the default security group settings in the basic mode.
On Apr 04, 2013, at 04:06 PM, Kirk Kosinski <ki...@gmail.com> wrote:
> Are you using security groups in your basic zone?
>
> Kirk
>
> On 04/04/2013 10:23 AM, Maurice Lawler wrote:
> > Hello,
> >
> >
> > Thank you so very much for the replies. I am using Basic Zone right now and yes, I would like the ability to assign a secondary IP address to any instance (should the instances I a hosting request them) at this point one has requested a secondary IP address.
> >
> > So the previous response, would that work in basic mode, how should I proceed?
> >
> > - Maurice
> >
> >
> > On Apr 4, 2013, at 10:29 AM, Ahmad Emneina <ae...@gmail.com> wrote:
> >
> >> Dropping -dev as to not cross post. Just to clear things up...
> >> Maurice: this is for guests to have multiple ip's in a vm, right? Would these ip's be on the same subnet or a different network. I think Chiradeep posted a way to technically get around this. Also for further clarification, what cloudstack zone type are you working with?
> >>
> >> Ahmad
> >>
> >> On Apr 3, 2013, at 9:36 PM, Maurice Lawler <ma...@me.com> wrote:
> >>
> >>> Hello Cloud Stack Family,
> >>>
> >>>
> >>> I have attempted to the best of my ability to set this up. I have an instance (actually two) I would like to toss one additional IP address to two different instances. Cloud Stack 4.0.1 is proving to be rather difficult to accomplish this in.
> >>>
> >>> Here is my set-up:
> >>>
> >>> Single Server | CentOS 6.3 | KVM | CS 4.0.1
> >>>
> >>> Yesterday, I was provided a helpful link: http://markmail.org/message/bt7pqnen26v2o63k
> >>>
> >>> However, I am not making much sense out of that.
> >>>
> >>> If ANYONE has ANY experience adding a secondary IP address -- please feel free to rescue me from the quick sand I am slowly sinking in!
> >>>
> >>> I would greatly appreciate any and ALL help!
> >>>
> >>> Thanks again!
> >>>
> >>> - Maurice (aka: daoenix)
> >
Re: Reaching for the Stars: Secondary IP assignment!
Posted by Kirk Kosinski <ki...@gmail.com>.
Are you using security groups in your basic zone?
Kirk
On 04/04/2013 10:23 AM, Maurice Lawler wrote:
> Hello,
>
>
> Thank you so very much for the replies. I am using Basic Zone right now and yes, I would like the ability to assign a secondary IP address to any instance (should the instances I a hosting request them) at this point one has requested a secondary IP address.
>
> So the previous response, would that work in basic mode, how should I proceed?
>
> - Maurice
>
>
> On Apr 4, 2013, at 10:29 AM, Ahmad Emneina <ae...@gmail.com> wrote:
>
>> Dropping -dev as to not cross post. Just to clear things up...
>> Maurice: this is for guests to have multiple ip's in a vm, right? Would these ip's be on the same subnet or a different network. I think Chiradeep posted a way to technically get around this. Also for further clarification, what cloudstack zone type are you working with?
>>
>> Ahmad
>>
>> On Apr 3, 2013, at 9:36 PM, Maurice Lawler <ma...@me.com> wrote:
>>
>>> Hello Cloud Stack Family,
>>>
>>>
>>> I have attempted to the best of my ability to set this up. I have an instance (actually two) I would like to toss one additional IP address to two different instances. Cloud Stack 4.0.1 is proving to be rather difficult to accomplish this in.
>>>
>>> Here is my set-up:
>>>
>>> Single Server | CentOS 6.3 | KVM | CS 4.0.1
>>>
>>> Yesterday, I was provided a helpful link: http://markmail.org/message/bt7pqnen26v2o63k
>>>
>>> However, I am not making much sense out of that.
>>>
>>> If ANYONE has ANY experience adding a secondary IP address -- please feel free to rescue me from the quick sand I am slowly sinking in!
>>>
>>> I would greatly appreciate any and ALL help!
>>>
>>> Thanks again!
>>>
>>> - Maurice (aka: daoenix)
>
Re: Reaching for the Stars: Secondary IP assignment!
Posted by Maurice Lawler <ma...@me.com>.
Hello,
Thank you so very much for the replies. I am using Basic Zone right now and yes, I would like the ability to assign a secondary IP address to any instance (should the instances I a hosting request them) at this point one has requested a secondary IP address.
So the previous response, would that work in basic mode, how should I proceed?
- Maurice
On Apr 4, 2013, at 10:29 AM, Ahmad Emneina <ae...@gmail.com> wrote:
> Dropping -dev as to not cross post. Just to clear things up...
> Maurice: this is for guests to have multiple ip's in a vm, right? Would these ip's be on the same subnet or a different network. I think Chiradeep posted a way to technically get around this. Also for further clarification, what cloudstack zone type are you working with?
>
> Ahmad
>
> On Apr 3, 2013, at 9:36 PM, Maurice Lawler <ma...@me.com> wrote:
>
>> Hello Cloud Stack Family,
>>
>>
>> I have attempted to the best of my ability to set this up. I have an instance (actually two) I would like to toss one additional IP address to two different instances. Cloud Stack 4.0.1 is proving to be rather difficult to accomplish this in.
>>
>> Here is my set-up:
>>
>> Single Server | CentOS 6.3 | KVM | CS 4.0.1
>>
>> Yesterday, I was provided a helpful link: http://markmail.org/message/bt7pqnen26v2o63k
>>
>> However, I am not making much sense out of that.
>>
>> If ANYONE has ANY experience adding a secondary IP address -- please feel free to rescue me from the quick sand I am slowly sinking in!
>>
>> I would greatly appreciate any and ALL help!
>>
>> Thanks again!
>>
>> - Maurice (aka: daoenix)
Re: Reaching for the Stars: Secondary IP assignment!
Posted by Ahmad Emneina <ae...@gmail.com>.
Dropping -dev as to not cross post. Just to clear things up...
Maurice: this is for guests to have multiple ip's in a vm, right? Would these ip's be on the same subnet or a different network. I think Chiradeep posted a way to technically get around this. Also for further clarification, what cloudstack zone type are you working with?
Ahmad
On Apr 3, 2013, at 9:36 PM, Maurice Lawler <ma...@me.com> wrote:
> Hello Cloud Stack Family,
>
>
> I have attempted to the best of my ability to set this up. I have an instance (actually two) I would like to toss one additional IP address to two different instances. Cloud Stack 4.0.1 is proving to be rather difficult to accomplish this in.
>
> Here is my set-up:
>
> Single Server | CentOS 6.3 | KVM | CS 4.0.1
>
> Yesterday, I was provided a helpful link: http://markmail.org/message/bt7pqnen26v2o63k
>
> However, I am not making much sense out of that.
>
> If ANYONE has ANY experience adding a secondary IP address -- please feel free to rescue me from the quick sand I am slowly sinking in!
>
> I would greatly appreciate any and ALL help!
>
> Thanks again!
>
> - Maurice (aka: daoenix)
RE: Reaching for the Stars: Secondary IP assignment!
Posted by Oliver Leach <Ol...@tatacommunications.com>.
If I understand you correctly, you would like to add an additional IP address to you current running instances? Firstly, It is not possible to add a nic to a current running instance. One way of doing this would be to add a new network offering and then add a new network for the account, template the current running instance and redeploy a new instance from the template, selecting the 2 networks you have set up (the original one and the new one you have set up). This would in effect give you 2 network interfaces with a dhcp address for each interface (providing you have dhcp as part of your network offering).
If you want to assign another IP to you current interface, you should be able to create an alias for your adapter. For centos, go to you network-script folder and run cp ifcfg-eth0 ifcfg-eth0:0. Then edit ifcfg-eth0:0 so it looks something like this:
# Xen Virtual Ethernet
DEVICE=eth0:0
BOOTPROTO=static
ONBOOT=yes
IPADDR="10.1.1.100"
NETMASK="255.255.255.0
Make sure you use an IP address and netmask in your ip schema assigned by the domain router to eth0 and change the BOOTPROTO to static. You may hit issues if your DHCP server assigns 10.1.1.100 someday. This setting is persistent across reboots & stop / starts too. That should help you get on your way hopefully. There are some other things which you might need to take in to account but see how you go first.
-Oli
From: Maurice Lawler [mailto:maurice.lawler@me.com]
Sent: Thursday, April 04, 2013 5:37 AM
To: Cloud Dev
Cc: users@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Reaching for the Stars: Secondary IP assignment!
Hello Cloud Stack Family,
I have attempted to the best of my ability to set this up. I have an instance (actually two) I would like to toss one additional IP address to two different instances. Cloud Stack 4.0.1 is proving to be rather difficult to accomplish this in.
Here is my set-up:
Single Server | CentOS 6.3 | KVM | CS 4.0.1
Yesterday, I was provided a helpful link: http://markmail.org/message/bt7pqnen26v2o63k
However, I am not making much sense out of that.
If ANYONE has ANY experience adding a secondary IP address -- please feel free to rescue me from the quick sand I am slowly sinking in!
I would greatly appreciate any and ALL help!
Thanks again!
- Maurice (aka: daoenix)
RE: Reaching for the Stars: Secondary IP assignment!
Posted by Oliver Leach <Ol...@tatacommunications.com>.
If I understand you correctly, you would like to add an additional IP address to you current running instances? Firstly, It is not possible to add a nic to a current running instance. One way of doing this would be to add a new network offering and then add a new network for the account, template the current running instance and redeploy a new instance from the template, selecting the 2 networks you have set up (the original one and the new one you have set up). This would in effect give you 2 network interfaces with a dhcp address for each interface (providing you have dhcp as part of your network offering).
If you want to assign another IP to you current interface, you should be able to create an alias for your adapter. For centos, go to you network-script folder and run cp ifcfg-eth0 ifcfg-eth0:0. Then edit ifcfg-eth0:0 so it looks something like this:
# Xen Virtual Ethernet
DEVICE=eth0:0
BOOTPROTO=static
ONBOOT=yes
IPADDR="10.1.1.100"
NETMASK="255.255.255.0
Make sure you use an IP address and netmask in your ip schema assigned by the domain router to eth0 and change the BOOTPROTO to static. You may hit issues if your DHCP server assigns 10.1.1.100 someday. This setting is persistent across reboots & stop / starts too. That should help you get on your way hopefully. There are some other things which you might need to take in to account but see how you go first.
-Oli
From: Maurice Lawler [mailto:maurice.lawler@me.com]
Sent: Thursday, April 04, 2013 5:37 AM
To: Cloud Dev
Cc: users@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Reaching for the Stars: Secondary IP assignment!
Hello Cloud Stack Family,
I have attempted to the best of my ability to set this up. I have an instance (actually two) I would like to toss one additional IP address to two different instances. Cloud Stack 4.0.1 is proving to be rather difficult to accomplish this in.
Here is my set-up:
Single Server | CentOS 6.3 | KVM | CS 4.0.1
Yesterday, I was provided a helpful link: http://markmail.org/message/bt7pqnen26v2o63k
However, I am not making much sense out of that.
If ANYONE has ANY experience adding a secondary IP address -- please feel free to rescue me from the quick sand I am slowly sinking in!
I would greatly appreciate any and ALL help!
Thanks again!
- Maurice (aka: daoenix)
Re: Reaching for the Stars: Secondary IP assignment!
Posted by Nux! <nu...@li.nux.ro>.
On 04.04.2013 05:36, Maurice Lawler wrote:
> Hello Cloud Stack Family,
>
>
> I have attempted to the best of my ability to set this up. I have an
> instance (actually two) I would like to toss one additional IP address
> to two different instances. Cloud Stack 4.0.1 is proving to be rather
> difficult to accomplish this in.
What I did to overcome this limitation is to route the additional IP(s)
to the existing IP on the VM. This needs to be done from your network's
gateway, as such Cloudstack will not be able to account for these IPs so
you'll have to do it on your own. But it works. :)
HTH
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro