[pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ?

Alexandre DERUMIER aderumier at odiso.com
Fri Jan 26 10:19:22 CET 2018


>>Why does the VM not use the public IP directly? 

yes, they can.

but if you want to communicate with private network + public network,
you need 2 interfaces, with a default gw to public router and a static route to the private router.

for example:

vm1: (private only - tenantnetwork1): 192.168.0.1  : default gw 192.168.0.254(vmbr tenantnetwork1 anycast) --> internet with s-nat)

vm2: (private - tenantnetwork1) : 192.168.0.1  -> route add 192.168.0.0/16 gw 192.168.0.254)(vmbr tenantnetwork1 anycast)
   : public (89.248.0.1) : -> default gw 89.248.0.1 (vmbr public anycast)

vm3: (private - tenantnetwork2) : 192.168.1.1 -> defaultgw 192.168.1.254 (vmbr tenantnetwork2 anycast)


So, it's just less configuration for user.


But also, I'm not sure it can work with DVR, if you have have the same anycast public ip on your proxmox. 
Need to test proxy-arp, but it's the same mac address(vmbr public),I don't think it'll work.
or maybe with different mac address, and some garp when vm is migrated.







----- Mail original -----
De: "dietmar" <dietmar at proxmox.com>
À: "Alexandre Derumier" <aderumier at odiso.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Vendredi 26 Janvier 2018 09:53:39
Objet: Re: [pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ?

> On January 26, 2018 at 9:45 AM Alexandre DERUMIER <aderumier at odiso.com> wrote: 
> 
> 
> > >>Sorry, too much information for me. Please can you explain why we need 
> > >>a floating IP? 
> > 
> > floating ip are simply public ip which are used to do nat 1:1. 
> > (internet->public ip -->nat 1:1-> private ip) 
> > (they call them floating, because you can reassign them to another private 
> > ip 
> > on the fly ..but it's just nat). 
> 
> >>But why do we need it? Can't we use the host IP to masquerade private ip? 
> 
> This is not masquerade (s-nat, multiple private ip -> 1 public ip), this is 
> nat 1:1 (the reverse way, internet->multiple vm ip public). 
> 
> host: 89.248.0.1 -> vm1 192.168.0.1 
> host: 89.248.0.2 -> vm2 192.168.0.2 
> host: 89.248.0.3 -> vm3 192.168.0.3 
> 
> iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.1 -j SNAT --to-source 
> 89.248.0.1 
> iptables -t nat -A PREROUTING -i eth0 -d 89.248.0.1 -j DNAT --to-destination 
> 192.168.0.1 

Why does the VM not use the public IP directly? 




More information about the pve-devel mailing list