I am trying to understand VXLAN functionalities.
All cases related to VM communication through VXLAN that I can find on Google are related to the interconnection of VMs on the same subnet.
My case study would be 2 hosts, each one hosting 1 VM.
VM1 on host1 has IP is 10.200.1.2/24, and VM2 on host2 has IP is 10.200.2.2/24
Can I make the two VMs communicate through a VXLAN?
VXLAN is layer-2 tunneling across IP featuring virtually unlimited subtunnels (VLANs).
If you want to connect two nodes (virtual or physical) in different subnets you use a router. If you can't route them directly (e.g. private IP addresses across public IP network) you use layer-3 tunneling or VPN.
With both end nodes in different subnets there's no point using VXLAN.
Related
We are using a setup of Openstack-Train through a Packstack installation and Openvswitch as the backend of neutron.
We have created an external network (10.5.0.0/22), which is an internal network of our org. and an private network (10.3.0.0/22) linked via a router.
Our org. network is connected with a Pfsense firewall which has been given permission to connect the network 10.5.0.0/22 to 10.3.0.0/22 of openstack and vice versa.
In the security group of openstack, we have added the egress and ingress rule to allow traffic between the two networks.
However, we are unable to ping or SSH any VMs that are built on the private network (10.3.0.0/22) from our org. network (10.5.0.0/22).
VMs on the private network have internet connectivity and can ping google and ssh into our org. machines that are on the 10.5.0.0/22 ip range.
The only way to SSH into private network VMs seem to via a floating IP.
Is there a way to directly SSH into the private network VMs without using the floating IP?
Or is this part of openstack design?
Thank you
Do you have any physical network hardware like Switches that are configured to only allow a specific VLAN or subnet traffic?
Can you also share how your subnet is configured "openstack subnet show"
Security does isolate traffic outside a subnet so floating IP is alternative way in, but it's possible to have multiple ports on a vm with different subnets and access.
I have 3 internet networks from 3 routers. I have 1 static IP from each network. Can I make one static IP as Virtual IP (cluster IP for load balancing) and other 2 static IPs as physical IP address (2 node servers) ? If yes, any ports should be enabled? Any help?
I have researched and found that different SubNet IPs load balancing not possible with Windows OS NLB feature, but possible with any other LoadBalancer which is not related to Windows OS NLB.
I'm not sure if I understand the purpose of OpenStack Neutron management subnet right.
OpenStack docs suggest that it is a VLAN that is created to let OpenStack components to talk to each other and also allows me to SSH into the host (physical machine).
I assumed that upon splitting a network interface into VLANs for OpenStack, I abandon the IP address, assigned to that physical interface in untagged l3 network (say, 10.100.70.), and instead split it into 3 VLANs, and again get an IP address from my provider infrastructure in another provider subnet on this logical interface (say, 10.100.71.).
But here is a page that explains how to install OpenStack with InfiniBand, and it makes use of both management VLAN and PXE/admin interface. So I keep an IP in the untagged PXE network and also create a tagged management VLAN and get IP addresses on both.
Aren't PXE/admin network and management VLAN network redundant here?
I have created two network in openstack (Hawana -ubuntu 12.04 LTS) (192.168.1.0/28, 192.168.1.16/28) and both network have their instances. Instances can ping the gateway of another network
but instance can not ping another instance in that network.
for example Network one: 192.168.1.0/28 gateway is 192.168.1.1 and Instance ip 192.168.1.2
network two: 192.168.1.16/28 gateway is 192.168.1.17 and instance ip is 192.168.1.18
now 192.168.1.18 machine can ping 192.168.1.1 but not 192.168.1.2
please tell me the exact problem of it.
The two networks (subnets, actually) should be connected via a single router for instances on the networks to reach each other.
And as #Brenne mentioned, ICMP packets (ping) have to be explicitly enabled in the security group. By default, they are not allowed.
I have 2 machine. One's IP is 169.254.41.172 and the other is 169.254.72.175. They are both connected to the same router. Why is the 'subnet?' different? I'm referring to the 3rd number between 41 and 72.
These are linklocal addresses, they use 255.255.0.0 as subnet mask, so both addresses are in the same subnet.
These addresses are generated automatically, if you want more control over them you will either need a DHCP server, or configure static IP addresses.
Your router is not acting as a DHCP server it seems.
169.254 is a special range usually for Windows machines when they can't obtain an IP address automatically.
From: http://packetlife.net/blog/2008/sep/24/169-254-0-0-addresses-explained/
Occasionally you may encounter a host which has somehow assigned
itself an IP address in the 169.254.0.0/16 range. This is a
particularly common symptom of Windows machines which have been
configured for DHCP but for whatever reason are unable to contact a
DHCP server. When a host fails to dynamically acquire an address, it
can optionally assign itself a link-local IPv4 address in accordance
with RFC 3927. Microsoft's term for this is Automatic Private Internet
Protocol Addressing (APIPA).
These machines are not getting an IP address. The beginning octets of "169.254" identify these addresses as "link-local".
http://en.wikipedia.org/wiki/Link-local_address
For what it's worth, the addresses are not on different subnets as the full link-local definition is 169.254.0.0/16, or a "Class B" subnet. That being said though, there's no way you'll be getting these computers to communicate any time soon. Is the router powered on, are the cables connected and are there uplink lights on the actual RJ45 jacks on both the router and computers? Is DHCP enabled on the router?