[pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ?
Alexandre DERUMIER
aderumier at odiso.com
Fri Jan 26 12:12:10 CET 2018
I have talked with my network engineer,
he's only see 2 possibility:
1 use floating-ip/nat 1:1 on compute node and translate to vm private address
(so external router see mac-adress of compute node for the floating ip)
or
if vm have public ip directly, a vxlan need to be done between the compute node and the external router(so the router see the vm mac address directly).
This can be done with a physical router (if it support vxlan), or another proxmox "network" node gateway (with a default gateway to external router)
----- Mail original -----
De: "Alexandre Derumier" <aderumier at odiso.com>
À: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Vendredi 26 Janvier 2018 10:40:23
Objet: Re: [pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ?
found this:(don't have read it yet)
http://dbaxps.blogspot.fr/2015/12/running-dvr-with-external-network.html
----- Mail original -----
De: "Alexandre Derumier" <aderumier at odiso.com>
À: "dietmar" <dietmar at proxmox.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Vendredi 26 Janvier 2018 10:19:22
Objet: Re: [pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ?
>>Why does the VM not use the public IP directly?
yes, they can.
but if you want to communicate with private network + public network,
you need 2 interfaces, with a default gw to public router and a static route to the private router.
for example:
vm1: (private only - tenantnetwork1): 192.168.0.1 : default gw 192.168.0.254(vmbr tenantnetwork1 anycast) --> internet with s-nat)
vm2: (private - tenantnetwork1) : 192.168.0.1 -> route add 192.168.0.0/16 gw 192.168.0.254)(vmbr tenantnetwork1 anycast)
: public (89.248.0.1) : -> default gw 89.248.0.1 (vmbr public anycast)
vm3: (private - tenantnetwork2) : 192.168.1.1 -> defaultgw 192.168.1.254 (vmbr tenantnetwork2 anycast)
So, it's just less configuration for user.
But also, I'm not sure it can work with DVR, if you have have the same anycast public ip on your proxmox.
Need to test proxy-arp, but it's the same mac address(vmbr public),I don't think it'll work.
or maybe with different mac address, and some garp when vm is migrated.
----- Mail original -----
De: "dietmar" <dietmar at proxmox.com>
À: "Alexandre Derumier" <aderumier at odiso.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Vendredi 26 Janvier 2018 09:53:39
Objet: Re: [pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ?
> On January 26, 2018 at 9:45 AM Alexandre DERUMIER <aderumier at odiso.com> wrote:
>
>
> > >>Sorry, too much information for me. Please can you explain why we need
> > >>a floating IP?
> >
> > floating ip are simply public ip which are used to do nat 1:1.
> > (internet->public ip -->nat 1:1-> private ip)
> > (they call them floating, because you can reassign them to another private
> > ip
> > on the fly ..but it's just nat).
>
> >>But why do we need it? Can't we use the host IP to masquerade private ip?
>
> This is not masquerade (s-nat, multiple private ip -> 1 public ip), this is
> nat 1:1 (the reverse way, internet->multiple vm ip public).
>
> host: 89.248.0.1 -> vm1 192.168.0.1
> host: 89.248.0.2 -> vm2 192.168.0.2
> host: 89.248.0.3 -> vm3 192.168.0.3
>
> iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.1 -j SNAT --to-source
> 89.248.0.1
> iptables -t nat -A PREROUTING -i eth0 -d 89.248.0.1 -j DNAT --to-destination
> 192.168.0.1
Why does the VM not use the public IP directly?
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list