How does the VMs in OpenStack will communicate with each other? Is there any switch per subnet where any traffic from any of the VMs are destined?
Related
We are using a setup of Openstack-Train through a Packstack installation and Openvswitch as the backend of neutron.
We have created an external network (10.5.0.0/22), which is an internal network of our org. and an private network (10.3.0.0/22) linked via a router.
Our org. network is connected with a Pfsense firewall which has been given permission to connect the network 10.5.0.0/22 to 10.3.0.0/22 of openstack and vice versa.
In the security group of openstack, we have added the egress and ingress rule to allow traffic between the two networks.
However, we are unable to ping or SSH any VMs that are built on the private network (10.3.0.0/22) from our org. network (10.5.0.0/22).
VMs on the private network have internet connectivity and can ping google and ssh into our org. machines that are on the 10.5.0.0/22 ip range.
The only way to SSH into private network VMs seem to via a floating IP.
Is there a way to directly SSH into the private network VMs without using the floating IP?
Or is this part of openstack design?
Thank you
Do you have any physical network hardware like Switches that are configured to only allow a specific VLAN or subnet traffic?
Can you also share how your subnet is configured "openstack subnet show"
Security does isolate traffic outside a subnet so floating IP is alternative way in, but it's possible to have multiple ports on a vm with different subnets and access.
I have built two VM, and both use the same network configuration which are NAT for the first network adapter, and Host only Ethernet Adapter for the second adapter.
This is my network configuration for both VM :
First VM
eth0 : dhcp
eth1 : 10.0.0.10 255.255.255.0
Second VM
eth0 : dhcp
eth1 : 10.0.0.20 255.255.255.0
How to solve the problem? should i do or reconfigure something?
In VMWare, Host-Only mean VM's can ONLY network with the host, not other vm's. but in Parallel Desktop and VirtualBox it work.
So in a simple way, if you want to block the network between Second VM and Internet, you could choose NAT and set some firewall with iptable on host.
In VMWare website, you should route between Two Host-Only Networks like this link.
There is more information about Host Only Network.
I am trying to understand VXLAN functionalities.
All cases related to VM communication through VXLAN that I can find on Google are related to the interconnection of VMs on the same subnet.
My case study would be 2 hosts, each one hosting 1 VM.
VM1 on host1 has IP is 10.200.1.2/24, and VM2 on host2 has IP is 10.200.2.2/24
Can I make the two VMs communicate through a VXLAN?
VXLAN is layer-2 tunneling across IP featuring virtually unlimited subtunnels (VLANs).
If you want to connect two nodes (virtual or physical) in different subnets you use a router. If you can't route them directly (e.g. private IP addresses across public IP network) you use layer-3 tunneling or VPN.
With both end nodes in different subnets there's no point using VXLAN.
I am running proxmox 4 with around 10 KVM and 14LXC.
I can configure ips and network from web GUI for LXC container.
I want to configure the Network interface For KVM without accessing the VM.
Is is possible to configure Network interface without accessing the VM.
As far as I know you can't configure the IP address in proxmox for a KVM vm (only for the lxc container you can define the ip address). For a KVM vm you can configure if the network connection is in Bridged mode or NAT.
For LXC containers you can use the pct command to set network for the container. More info about that on the Proxmox WIKI (scroll down to the Network section) - https://pve.proxmox.com/wiki/Linux_Container
What you could do for KVM would be to use a local DHCP server (you can install one on your proxmox if you want (apt-get install isc-dhcp-server). You have to define an ip address pool that will be assigned to your vms by the dhcp server.
Then configure the kvm machine using: qm command
qm set vmid options
From a man qm you discover this:
-net[n] [model=]<enum> [,bridge=<bridge>] [,firewall=<1|0>] [,link_down=<1|0>] [,macaddr=<XX:XX:XX:XX:XX:XX>] [,queues=<integer>]
[,rate=<number>] [,tag=<integer>] [,trunks=<vlanid[;vlanid...]>] [,<model>=<macaddr>]
So basically you can define the network for your kvm vm, say if it's bridged, set a specific mac address for that card.
If you want to add a specific ip to that vm you can do it based on its mac address (you have to configure in the dhcp server that a specific ip address is assigned to the desired mac address).
I have two Ubuntu virtual machines X and Y.
x has Open vSwitch and floodlight running on it and the Y vm acts as a host.
I have a Host-Only adapter and a NAT adapter attached to X vm. and the Y vm has only a Host-Only adapter.
the host only adapters of X and Y vm's are in the same subnet.
now I want to connect the Y vm to the internet through the OVS running on X vm.
is it possible?
if yes, how?
To get internet connectivity to the host machines only through the Open vSwitch,
USING DHCP
1: add the interface connected to internet(say eth0) on the OVS machine to the OVS bridge.
2: change the ip address of eth0 interface to 0 and get a dhcp ip to the bridge interface using dhclient
3: add the interfaces that are connected to the hosts to the OVS bridge
4: get dhcp ip's to the hosts by using dhclient on the host machines
USING custom IP addresses
1: add the interfaces connected to the hosts and the interface connected to the internet to the OVS bridge
2: make the internet interface ip as 0
3: set the bridge ip address to the ip address that was previously assigned to the internet interface
4: make sure you have the host ip addresses in the same network address range as the bridge IP address.
The easiest way to test openflow servces is to use mininet emulator. Here is a tutorial on how to use it.
http://mininet.org/walkthrough/