[pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ?

Alexandre DERUMIER aderumier at odiso.com
Fri Jan 26 09:45:46 CET 2018 

> >>Sorry, too much information for me. Please can you explain why we need 
> >>a floating IP?
> 
> floating ip are simply public ip which are used to do nat 1:1.
> (internet->public ip -->nat 1:1-> private ip)
> (they call them floating, because you can reassign them to another private ip
> on the fly ..but it's just nat).

>>But why do we need it? Can't we use the host IP to masquerade private ip?

This is not masquerade (s-nat, multiple private ip -> 1 public ip), this is nat 1:1 (the reverse way, internet->multiple vm ip public).

host: 89.248.0.1 -> vm1 192.168.0.1
host: 89.248.0.2 -> vm2 192.168.0.2
host: 89.248.0.3 -> vm3 192.168.0.3

iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.1 -j SNAT --to-source 89.248.0.1
iptables -t nat -A PREROUTING -i eth0 -d 89.248.0.1 -j DNAT --to-destination 192.168.0.1





>>I would like to have the distributed gateway. Routing from external is done by 
>>using arp-proxy? 
>>
>>https://assafmuller.com/category/dvr/ 

don't known if you need arp-proxy (as all gateways need to have the same mac address for vm live migration).

if you have only private ip in your vm, and manage nat 1:1 + s-nat, I think it's trivial, because your router known
the mac address of the public ip, you need to simple layer2 interconnect (don't need to known the mac of the vms).

if you have public ip in your vm + the same public anycast gateway, I don't known if it can work, with proxy-arp ?
(maybe if the router have a vxlan interface too ? (I'm sure it's working with vxlan-ebgp, but this is because of routing protocol behind)



I can do some tests today if you want.


----- Mail original -----
De: "dietmar" <dietmar at proxmox.com>
À: "Alexandre Derumier" <aderumier at odiso.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Vendredi 26 Janvier 2018 07:48:04
Objet: Re: [pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ?

> >>Sorry, too much information for me. Please can you explain why we need 
> >>a floating IP? 
> 
> floating ip are simply public ip which are used to do nat 1:1. 
> (internet->public ip -->nat 1:1-> private ip) 
> (they call them floating, because you can reassign them to another private ip 
> on the fly ..but it's just nat). 

But why do we need it? Can't we use the host IP to masquerade private ip? 

> >>I thought we can use a special static IP on each 
> >>virtual bridge, something like: 
> >> 
> >>https://networkop.co.uk/blog/2016/10/13/os-dvr/ 
> >> 
> >>Requires to block some ARP traffic on the vxlan. 
> 
> This depend which model you want to implement: 
> 
> 1 central gateway (with failover if possible): works with simple layer2 
> network, vlan network, ovn. 
> 
> 1 distributed gateway:(same ip/mac on same vmbr on all host, works with ovn 
> dvr, vxlan-ebgp out of the box, and maybe vxlan without bgp but I'm not sure 
> how routing is done from external network) 

I would like to have the distributed gateway. Routing from external is done by 
using arp-proxy? 

https://assafmuller.com/category/dvr/

More information about the pve-devel mailing list