You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Chris Watts <ch...@theintertubes.ca> on 2016/03/14 15:22:43 UTC
Advanced networking with VLANs under KVM
Hi Everyone, I having a helluva time trying to understand how cloudstack
wants
todo networking. Specifically when it comes to adding your zones/physical
networks.
My KVM hosts have 2 physical nics, bonded together as bond0, and
they are VLAN trunk ports with about 30 VLANs coming in
I have bond0 as a member of a bridge, br0
I assign public/guest/management traffic to the physical network,
management has
no label (native vlan) then guest/public get br0
Adding guest/public networks using the vlan ID's
but nothing seems to work when the system VM's try to spin up....so I'm
assuming I'm probably not following how cloudstack wants to interface with
the
physical network..but I'm suck.
I need my cloudstack VM's to sit directly on the VLANs so they can talk to
my
other physical hosts.
I've seen references to creating physical interfaces/bridges for each VLAN
on the hypervisor (IE br0.111 for vlan 111, br0.112 etc) and using those,
but I figured there was probably a better way.
My assumption would be that I'd be able to tell cloudstack/KVM that the
bridge is really a trunk and that cloudstack would take care of the tagging
of traffic etc.
Thanks
RE: Advanced networking with VLANs under KVM
Posted by Sanjeev Neelarapu <sa...@accelerite.com>.
Hi Chris,
Traffic labels that you have specified for each traffic type seems okay. As Paul mentioned, there won’t be access to guest network from system vms. However, you should be able to reach any external network(provided you have access to external network from the gateway) from system vms through the public interface i.e. eth2.
Thanks,
Sanjeev
-----Original Message-----
From: Chris Watts [mailto:chris@theintertubes.ca]
Sent: Tuesday, March 15, 2016 12:19 AM
To: users@cloudstack.apache.org
Subject: Re: Advanced networking with VLANs under KVM
Hi Simon,
For the traffic labels, I assign then bridge.
Physical Bond Bridge
Eth1 -------> Bond0 -------> br0
/ Bond0.534 -> br0.534
Eth2 ---- /
eth1/2 are connected to trunk ports on my switch, bond0.534 is my management VLAN/IP so the KVM host gets bond0.534 for ssh/management/storage traffic.
When setting up the zone in CloudStack, assign the traffic label of "bond0.534" for management, then for both Public and Guest, the label "br0". Then I go create a shared guest network, provide the VLAN number and IP addressing scheme.
I can get to the point of the System VMs running, however, they are never able to talk to anything on the public or guest networks.
On Mon, Mar 14, 2016 at 1:44 PM, Simon Weller <sw...@ena.com> wrote:
> C hris,
>
> What do you define as the traffic labels when you configured the
> network within the Cloudstack zone wizard?
> Can you provide some more information on what you setup?
>
> - Si
> ________________________________________
> From: Chris Watts <ch...@theintertubes.ca>
> Sent: Monday, March 14, 2016 9:22 AM
> To: users@cloudstack.apache.org
> Subject: Advanced networking with VLANs under KVM
>
> Hi Everyone, I having a helluva time trying to understand how
> cloudstack wants todo networking. Specifically when it comes to adding
> your zones/physical networks.
>
> My KVM hosts have 2 physical nics, bonded together as bond0, and they
> are VLAN trunk ports with about 30 VLANs coming in I have bond0 as a
> member of a bridge, br0
>
> I assign public/guest/management traffic to the physical network,
> management has no label (native vlan) then guest/public get br0
>
> Adding guest/public networks using the vlan ID's but nothing seems to
> work when the system VM's try to spin up....so I'm assuming I'm
> probably not following how cloudstack wants to interface with the
> physical network..but I'm suck.
>
> I need my cloudstack VM's to sit directly on the VLANs so they can
> talk to my other physical hosts.
>
> I've seen references to creating physical interfaces/bridges for each
> VLAN on the hypervisor (IE br0.111 for vlan 111, br0.112 etc) and
> using those, but I figured there was probably a better way.
>
> My assumption would be that I'd be able to tell cloudstack/KVM that
> the bridge is really a trunk and that cloudstack would take care of
> the tagging of traffic etc.
>
> Thanks
>
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
RE: Advanced networking with VLANs under KVM
Posted by Paul Angus <pa...@shapeblue.com>.
Hi Chris,
You wouldn't expect the systems vms (ssvm or cpvm) to connect to anything on the guest network.
The system VMs don't use any network that you create on the public side, they just get an IP on the public network and expect to be able to route directly via your next hop gateway.
If you told CloudStack that the public VLAN was 111, then you'd expect to see a bridge br0.111 created on the host(s) running the cpvm and ssvms.
In the public network section of the wizard, you set the range of IPs which the system VMs can use on the public interfaces and the gateway which is their next hop.
[ShapeBlue]<http://www.shapeblue.com>
Paul Angus
VP Technology , ShapeBlue
d: +44 203 617 0528 | s: +44 203 603 0540<tel:+44%20203%20617%200528%20|%20s:%20+44%20203%20603%200540> | m: +44 7711 418784<tel:+44%207711%20418784>
e: paul.angus@shapeblue.com | t: @cloudyangus<ma...@cloudyangus> | w: www.shapeblue.com<http://www.shapeblue.com>
a: 53 Chandos Place, Covent Garden London WC2N 4HS UK
[cid:imagef0c556.png@a885ce55.4497b2b7]
Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error.
-----Original Message-----
From: Chris Watts [mailto:chris@theintertubes.ca]
Sent: Monday, March 14, 2016 6:49 PM
To: users@cloudstack.apache.org
Subject: Re: Advanced networking with VLANs under KVM
Hi Simon,
For the traffic labels, I assign then bridge.
Physical Bond Bridge
Eth1 -------> Bond0 -------> br0
/ Bond0.534 -> br0.534
Eth2 ---- /
eth1/2 are connected to trunk ports on my switch, bond0.534 is my management VLAN/IP so the KVM host gets bond0.534 for ssh/management/storage traffic.
When setting up the zone in CloudStack, assign the traffic label of "bond0.534" for management, then for both Public and Guest, the label "br0". Then I go create a shared guest network, provide the VLAN number and IP addressing scheme.
I can get to the point of the System VMs running, however, they are never able to talk to anything on the public or guest networks.
On Mon, Mar 14, 2016 at 1:44 PM, Simon Weller <sw...@ena.com> wrote:
> C hris,
>
> What do you define as the traffic labels when you configured the
> network within the Cloudstack zone wizard?
> Can you provide some more information on what you setup?
>
> - Si
> ________________________________________
> From: Chris Watts <ch...@theintertubes.ca>
> Sent: Monday, March 14, 2016 9:22 AM
> To: users@cloudstack.apache.org
> Subject: Advanced networking with VLANs under KVM
>
> Hi Everyone, I having a helluva time trying to understand how
> cloudstack wants todo networking. Specifically when it comes to adding
> your zones/physical networks.
>
> My KVM hosts have 2 physical nics, bonded together as bond0, and they
> are VLAN trunk ports with about 30 VLANs coming in I have bond0 as a
> member of a bridge, br0
>
> I assign public/guest/management traffic to the physical network,
> management has no label (native vlan) then guest/public get br0
>
> Adding guest/public networks using the vlan ID's but nothing seems to
> work when the system VM's try to spin up....so I'm assuming I'm
> probably not following how cloudstack wants to interface with the
> physical network..but I'm suck.
>
> I need my cloudstack VM's to sit directly on the VLANs so they can
> talk to my other physical hosts.
>
> I've seen references to creating physical interfaces/bridges for each
> VLAN on the hypervisor (IE br0.111 for vlan 111, br0.112 etc) and
> using those, but I figured there was probably a better way.
>
> My assumption would be that I'd be able to tell cloudstack/KVM that
> the bridge is really a trunk and that cloudstack would take care of
> the tagging of traffic etc.
>
> Thanks
>
Find out more about ShapeBlue and our range of CloudStack related services:
IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> | CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> | CloudStack Software Engineering<http://shapeblue.com/cloudstack-software-engineering/>
CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/> | CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/>
Re: Advanced networking with VLANs under KVM
Posted by Chris Watts <ch...@theintertubes.ca>.
Hi Simon,
For the traffic labels, I assign then bridge.
Physical Bond Bridge
Eth1 -------> Bond0 -------> br0
/ Bond0.534 -> br0.534
Eth2 ---- /
eth1/2 are connected to trunk ports on my switch, bond0.534 is my
management VLAN/IP so the KVM host gets bond0.534 for
ssh/management/storage traffic.
When setting up the zone in CloudStack, assign the traffic label of
"bond0.534" for management, then for both Public and Guest, the label
"br0". Then I go create a shared guest network, provide the VLAN number and
IP addressing scheme.
I can get to the point of the System VMs running, however, they are never
able to talk to anything on the public or guest networks.
On Mon, Mar 14, 2016 at 1:44 PM, Simon Weller <sw...@ena.com> wrote:
> C hris,
>
> What do you define as the traffic labels when you configured the network
> within the Cloudstack zone wizard?
> Can you provide some more information on what you setup?
>
> - Si
> ________________________________________
> From: Chris Watts <ch...@theintertubes.ca>
> Sent: Monday, March 14, 2016 9:22 AM
> To: users@cloudstack.apache.org
> Subject: Advanced networking with VLANs under KVM
>
> Hi Everyone, I having a helluva time trying to understand how cloudstack
> wants
> todo networking. Specifically when it comes to adding your zones/physical
> networks.
>
> My KVM hosts have 2 physical nics, bonded together as bond0, and
> they are VLAN trunk ports with about 30 VLANs coming in
> I have bond0 as a member of a bridge, br0
>
> I assign public/guest/management traffic to the physical network,
> management has
> no label (native vlan) then guest/public get br0
>
> Adding guest/public networks using the vlan ID's
> but nothing seems to work when the system VM's try to spin up....so I'm
> assuming I'm probably not following how cloudstack wants to interface with
> the
> physical network..but I'm suck.
>
> I need my cloudstack VM's to sit directly on the VLANs so they can talk to
> my
> other physical hosts.
>
> I've seen references to creating physical interfaces/bridges for each VLAN
> on the hypervisor (IE br0.111 for vlan 111, br0.112 etc) and using those,
> but I figured there was probably a better way.
>
> My assumption would be that I'd be able to tell cloudstack/KVM that the
> bridge is really a trunk and that cloudstack would take care of the tagging
> of traffic etc.
>
> Thanks
>
Re: Advanced networking with VLANs under KVM
Posted by Simon Weller <sw...@ena.com>.
C hris,
What do you define as the traffic labels when you configured the network within the Cloudstack zone wizard?
Can you provide some more information on what you setup?
- Si
________________________________________
From: Chris Watts <ch...@theintertubes.ca>
Sent: Monday, March 14, 2016 9:22 AM
To: users@cloudstack.apache.org
Subject: Advanced networking with VLANs under KVM
Hi Everyone, I having a helluva time trying to understand how cloudstack
wants
todo networking. Specifically when it comes to adding your zones/physical
networks.
My KVM hosts have 2 physical nics, bonded together as bond0, and
they are VLAN trunk ports with about 30 VLANs coming in
I have bond0 as a member of a bridge, br0
I assign public/guest/management traffic to the physical network,
management has
no label (native vlan) then guest/public get br0
Adding guest/public networks using the vlan ID's
but nothing seems to work when the system VM's try to spin up....so I'm
assuming I'm probably not following how cloudstack wants to interface with
the
physical network..but I'm suck.
I need my cloudstack VM's to sit directly on the VLANs so they can talk to
my
other physical hosts.
I've seen references to creating physical interfaces/bridges for each VLAN
on the hypervisor (IE br0.111 for vlan 111, br0.112 etc) and using those,
but I figured there was probably a better way.
My assumption would be that I'd be able to tell cloudstack/KVM that the
bridge is really a trunk and that cloudstack would take care of the tagging
of traffic etc.
Thanks