I am trying to perform a POC,
I have configured a virtual ip ( implemented by keepalived) that will be moving from vm1 to vm2 in case vm1 in not avilbale.
Details:
vm1 - 10.0.0.1(internal), 192.168.10.10(floating ip)
vm1 - 10.0.0.2(internal), 192.168.10.11(floating ip)
vip - 10.0.0.110(virtual ip -internal)
vipEXT - 192.168.10.13(virtual ip -floating)
The internal part is working fine, I followed the instruction and was able to make the vip-10.0.0.110 address to migrate from vm1 to vm2 in case vm1 fails,
I have created a floating ip with 192.168.10.13 address and assoicated with the vip port but still cant access to vip(10.0.0.110) from vipEXT(192.168.10.13).
The status of the of this floating ip is Down,
Do you have any sugestions?
I was able to solve it by following this blog:
[https://blog.codecentric.de/en/2016/11/highly-available-vips-openstack-vmsrrp
This setup was working only after I created a new Router using the '--centralized' flag instead the '--distributed' that come as default in my case.
Related
I have created a firewall rule in VPC network for port 22 by assigning an IP with the port e.g (192.168.xx.yy) instead of 0.0.0.0/0 in the rules. Now, when I create a compute engine VM instance in Google Cloud Platform and SSH into it, it states that "cannot connect to port 22".
I don't want the port tcp:22 to have ip range 0.0.0.0/0 but only have a single ip as stated above? How can I solve this issue?
The 192.168.x.x is an internal IP address, and in your situation would apply to a VM instance within the same network as the instance you want to connect to.
If you want to connect from outside that network, you'll need to set the source of the firewall rule to the external IP of the instance/machine you want to connect from. You can get your external IP by going to https://whatismyipaddress.com for example.
The firewall rule setting would be something like this:
Direction of traffic: Ingress
Action on match: Allow
Targets: Specified target tags (for example)
Source filter: IP ranges
Source IP ranges: x.x.x.x/32 (your external IP)
If you would not like to have your GCE instance's port 22 open to internet, but you would like to connect to it, I propose you 2 different solutions:
Create a bastion host. This VM is a proxy to access to your GCE instances. You log into the bastion and then you can perform a ssh hop to your GCE instance. Only the bastion host is opened to internet on port 22. And you can start this Bastion VM only when you need to connect to your others GCE instances, that increase the security and decrease the risk of attack on this "backdoor" instance.
For both the bastion and for directly reaching your VM on port 22, you can limit the source IP of your firewall rule to your current IP.
But remember, the IP is not a source of truth.
I am facing a strange issue these days. I have a list of IP addresses which I want to connect to during the deployment using Jenkins. Now what is happening is, if I am deploying at one IP address (remote machine but in same location) in my local location server, I can successfully do that. But If I am trying to deploy to an IP address (remote machine in other country/region) It is throwing the error, saying
Error : Ip address XYZ is not reachable or is invalid.
Please be notified that I am able to get the response from the machine when I ping it using:
ping XYZ
But while trying to deploy on it using Jenkins, I am not.
Please let me know if there's any solution for this problem.
There isn't enough data points but you can look for these things
1. IP address, Check if all three machines are in same n/w (Jenkins Server, target and your machine)
You can check it with IP address of each machine
2. check Gateway set for Jenkins server
3. Best way if feasible is to ssh / rdp to your Jenkins server and try running your command manually that will give you
Local machine get loopback address(127.0.0.1), so it will be reachable or any local machine having IP address with same subnet mask thats called LAN.
When you are reaching out to remote machine, either it should be public IP address(visible to everyone in the world) or you must have connect to that Area-Network via VPN, this is called tunnelling to remote over the WAN (wide area network). Their(remote location) again, you will notice that all the IP address have same subnet mask as you have on the local machine.
So their could be be IP address duplication case in VPN scenario, where you are bale to ping but not able to reach. This is because, IP address is assigned to other machine but not you yours and ping responses are coming from that other machine. That means your machine is in failed to resolve ARP and in dormant state.
I have installed Xen4Centos on Centos7, having single NIC with bridge network and have two VMs on that.
In one VM, I want to add two static IP one for webserver and one for mail server.
So I have created IP alias in guest VM, it was created but it was not pinging from outside public network or from the host.
So if you have any idea how to add second IP in the guest VM then please let me know.
I have searched on Google but most of the tutorials had given example for one IP only.
I have figure out the way to listen the second IP from public network.
I have added second interface in the VM configuration file with MAC address, so inside VM it looks like eth0 and eth1.
Then I have created a routing table for eth1 and added default gateway to eth1. [ ip route add default via XXX.XX.XXX.112 dev eth1 table eth1].
So doing this way second IP in VM was reachable from public network.
Running a Centos 5.11 machine with two network cards.
One is facing the internal network (private IP), the other the Internet (public IP).
Because we had some issues lately with it (ARP collision - but that's not the point here!), I started verifying its config. And I find out the broadcast set for the public IP is wrong.
IP is xxx.xxx.xxx.25
Subnet is 255.255.255.240
So basically we should have:
Network xxx.xxx.xxx.16
First IP xxx.xxx.xxx.17
Last IP xxx.xxx.xxx.30
Broadcast xxx.xxx.xxx.31
But the broadcast is automatically set to last host xxx.xxx.xxx.30
If I change it using command line, it is reseted back to the same IP once I do a service network restart...
I had to edit /etc/sysconfig/network-scripts/ifcfg-eth0 for the broadcast to stick to what I wanted.
I am using a dedicated server with a certain wan ip / netmask / gateway / nameservers.
I got a second wan ip to use with virtualbox i installed on the server.
I want to use bridge connection in virtualbox because i use some "servers" in it and want them to be able to be seen from internet .
I created a virtual network interface on the server and assigned the second ip to it.
It works , meaning i can ping that ip from outside.I setup virtualbox to bridge to that interface but i am stuck at what settings i have to set up in the virtual guest so everything will work.
Second ip has netmask 255.255.255.255 so i assume its a single ip situation and probably using gateway and nameservers of the server because i was given none of them with it.
I have to mention that first ip and second ip are not in the same subnet , nor is the gateway (e.g. XX.YY.ZZ.WW , ZZ is different between first , second and gateway ip)
Thanks in advance.
You have to unbind TCP and all other protocols and services on the hosts NIC that you want to use in VBox. After that, you can configure a bridged network connection using that interface. After that, you can set the IP and network settings in your virtual system. This has also been addressed in this post: https://serverfault.com/questions/136969/dedicate-a-nic-to-a-virtualbox-vm