cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrija Panic <andrija.pa...@gmail.com>
Subject Re: Is VRRP possible inside KVM/ACS
Date Fri, 22 Nov 2019 13:47:44 GMT
you assign a single secondary IP for just one of the VMs (so it's reserved
and will not be assigned later to other VMs via ACS). This secondary IP is
NOT handled via DHCP, it is just reserved in DB as used.

Now, go and manually use it inside both VMs. simple.

its better question if VRRP heartbeat is allowed between 2 VMs
(protocol/port) and if you can allow traffic access to that secondary IP
address from outside.

On Fri, 22 Nov 2019, 14:37 Fariborz Navidan, <mdvlinquest@gmail.com> wrote:

> The challenge is how can we assign a single iP as secondary IP on two or
> more VMs?
>
> On Fri, Nov 22, 2019 at 1:57 AM Andrija Panic <andrija.panic@gmail.com>
> wrote:
>
> > VRRP is possible to configure anywhere - it's a different question
> whether
> > it will work due to firewall rules...
> > The simplest way to give yourself an answer is to test (allow all
> ingress,
> > all egress and test).
> >
> > On Thu, 21 Nov 2019 at 22:20, Fariborz Navidan <mdvlinquest@gmail.com>
> > wrote:
> >
> > > If security groups use ebtables, so why does my ebtables does not have
> > any
> > > rule on the host? Default egress policy on my guest network is Allow
> and
> > I
> > > have added tcp/udp/icmp ingress rules to allow traffic go through.
> > >
> > > On Fri, Nov 22, 2019 at 12:03 AM Rohit Yadav <
> rohit.yadav@shapeblue.com>
> > > wrote:
> > >
> > > > VRRP is a network layer protocol, uses multicast address 224.0.0.18
> and
> > > > protocol number 112. As long as SG can allow this, it's possible,
> > however
> > > > that may not be available out of the box. You can try some custom
> > > ebtables
> > > > rules on the KVM hosts.
> > > >
> > > >
> > > > Regards,
> > > >
> > > > Rohit Yadav
> > > >
> > > > Software Architect, ShapeBlue
> > > >
> > > > https://www.shapeblue.com
> > > >
> > > > ________________________________
> > > > From: Fariborz Navidan <mdvlinquest@gmail.com>
> > > > Sent: Thursday, November 21, 2019 17:56
> > > > To: users@cloudstack.apache.org <users@cloudstack.apache.org>
> > > > Subject: Is VRRP possible inside KVM/ACS
> > > >
> > > > Hello,
> > > >
> > > > Is it possible to configure VRRP  inside KVM in a security group
> > enabled
> > > > advanced zone? Should I enable Promisscouous mode and forged
> transmit?
> > > >
> > > > rohit.yadav@shapeblue.com
> > > > www.shapeblue.com
> > > > Amadeus House, Floral Street, London  WC2E 9DPUK
> > > > @shapeblue
> > > >
> > > >
> > > >
> > > >
> > >
> >
> >
> > --
> >
> > Andrija Panić
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message