cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fariborz Navidan <mdvlinqu...@gmail.com>
Subject Re: Is VRRP possible inside KVM/ACS
Date Fri, 22 Nov 2019 16:29:59 GMT
You mean IPs are not constrained by MAC?

On Fri, Nov 22, 2019 at 7:56 PM Andrija Panic <andrija.panic@gmail.com>
wrote:

> Er... not sure what MAC address has to do with the secondary IP -
> secondary IP is just an "alias IP" for the existing NIC, having the same
> MAC address as the main NIC (since it's an additional IP for that NIC) -
> unless something is broken
>
> On Fri, 22 Nov 2019 at 16:50, Fariborz Navidan <mdvlinquest@gmail.com>
> wrote:
>
> > It does work in that way because it seems IPs are associated with
> randomly
> > assigned MAC address assigned to a NIC. It means in gest OS, you can only
> > use IPs which are reversed for a NIC on that VM. So bridge does not
> accept
> > traffic from that IP it is used by another guest . It means there is a
> > builtin MAC filter. So I am not able to freely use IPs on any VM I wish.
> >
> > I a not sure if this behavior is related to  security group or is a a
> > default behavior of KVM or ACS
> >
> > On Fri, Nov 22, 2019 at 5:18 PM Andrija Panic <andrija.panic@gmail.com>
> > wrote:
> >
> > > you assign a single secondary IP for just one of the VMs (so it's
> > reserved
> > > and will not be assigned later to other VMs via ACS). This secondary IP
> > is
> > > NOT handled via DHCP, it is just reserved in DB as used.
> > >
> > > Now, go and manually use it inside both VMs. simple.
> > >
> > > its better question if VRRP heartbeat is allowed between 2 VMs
> > > (protocol/port) and if you can allow traffic access to that secondary
> IP
> > > address from outside.
> > >
> > > On Fri, 22 Nov 2019, 14:37 Fariborz Navidan, <mdvlinquest@gmail.com>
> > > wrote:
> > >
> > > > The challenge is how can we assign a single iP as secondary IP on two
> > or
> > > > more VMs?
> > > >
> > > > On Fri, Nov 22, 2019 at 1:57 AM Andrija Panic <
> andrija.panic@gmail.com
> > >
> > > > wrote:
> > > >
> > > > > VRRP is possible to configure anywhere - it's a different question
> > > > whether
> > > > > it will work due to firewall rules...
> > > > > The simplest way to give yourself an answer is to test (allow all
> > > > ingress,
> > > > > all egress and test).
> > > > >
> > > > > On Thu, 21 Nov 2019 at 22:20, Fariborz Navidan <
> > mdvlinquest@gmail.com>
> > > > > wrote:
> > > > >
> > > > > > If security groups use ebtables, so why does my ebtables does
not
> > > have
> > > > > any
> > > > > > rule on the host? Default egress policy on my guest network
is
> > Allow
> > > > and
> > > > > I
> > > > > > have added tcp/udp/icmp ingress rules to allow traffic go
> through.
> > > > > >
> > > > > > On Fri, Nov 22, 2019 at 12:03 AM Rohit Yadav <
> > > > rohit.yadav@shapeblue.com>
> > > > > > wrote:
> > > > > >
> > > > > > > VRRP is a network layer protocol, uses multicast address
> > 224.0.0.18
> > > > and
> > > > > > > protocol number 112. As long as SG can allow this, it's
> possible,
> > > > > however
> > > > > > > that may not be available out of the box. You can try some
> custom
> > > > > > ebtables
> > > > > > > rules on the KVM hosts.
> > > > > > >
> > > > > > >
> > > > > > > Regards,
> > > > > > >
> > > > > > > Rohit Yadav
> > > > > > >
> > > > > > > Software Architect, ShapeBlue
> > > > > > >
> > > > > > > https://www.shapeblue.com
> > > > > > >
> > > > > > > ________________________________
> > > > > > > From: Fariborz Navidan <mdvlinquest@gmail.com>
> > > > > > > Sent: Thursday, November 21, 2019 17:56
> > > > > > > To: users@cloudstack.apache.org <users@cloudstack.apache.org>
> > > > > > > Subject: Is VRRP possible inside KVM/ACS
> > > > > > >
> > > > > > > Hello,
> > > > > > >
> > > > > > > Is it possible to configure VRRP  inside KVM in a security
> group
> > > > > enabled
> > > > > > > advanced zone? Should I enable Promisscouous mode and forged
> > > > transmit?
> > > > > > >
> > > > > > > rohit.yadav@shapeblue.com
> > > > > > > www.shapeblue.com
> > > > > > > Amadeus House, Floral Street, London  WC2E 9DPUK
> > > > > > > @shapeblue
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > >
> > > > > Andrija Panić
> > > > >
> > > >
> > >
> >
>
>
> --
>
> Andrija Panić
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message