cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ahmad Emneina <>
Subject Re: SSVM Network Configuration
Date Thu, 04 Oct 2012 17:07:19 GMT
On 10/4/12 9:16 AM, "John Burwell" <> wrote:

>I am a bit confused about how secstorage.allowed.internal.sites is used
>which stems to lack of knowledge regarding the devcloud network
>configuration.  Also, is there documentation available for setting up
>such a NAT? 
>As a point of clarification to my original question, I am working in the
>devcloud environment (using the OVA downloaded from the wiki) where I
>need to get the SSVM to connect to S3 or to a local VirtualBox VM running
>an S3-compatible object store.  Thus far, I have been unable to get
>devcloud to bring up a second NIC on a host-only network.  I have
>attempted to setup an advanced network configuration as follows:
>Physical Network with VLAN isolation method
>Management Server: -> Gateway:
>Storage Network: -> Gateway on VLAN0
>Management Network: -> Gateway
>Public Network: -> VLAN0

The issue that gets created here is you get system vm's that are
multi-homed. Your system vm's get a nic (leg) on each network... But that
network is one and the same. Why this is an issue is rp_filter is enabled
by default on the system vm's, message comes in on one of those nics, but
it's default route out is another nic... Thus blocking the response.

Ideally you'd use a basic zone for this kind of configuration, or else
you'll end up having to log into the system vm's every time a new one is
spawned and disabling rp_filter for the nics. You might want to test this,
by logging in and disabling rp_filter on the nics and see if things start
working as expected.

>Obviously, my network configuration is incorrect, but I have the reached
>the limits of my CloudStack and Xen knowledge to identify the problem(s).
>Given this information, what is the best way to give the SSVM access to
>the Internet and/or a VirtualBox host-only network?
>Thank you for your help,
>On Oct 3, 2012, at 10:39 PM, "Kelceydamage@bbits" <> wrote:
>> The the secondary storage VM can be NATed to from any network router,
>>however the console proxy does not work over NAT.
>> Sent from my iPhone
>> On Oct 3, 2012, at 7:32 PM, Edison Su <> wrote:
>>> System vm will have 4 nics, eth2 is on the public network, eth1 is the
>>>private(mgt) network.
>>> The IP address of eth2 is got from pod configuration: in one of IP
>>>address range ["startip", "endip"] in createPod API.
>>> The IP address of eth1 is got from guest network, if it's basic
>>>network mode, this IP range is configured by createVlanIpRanges API
>>> SSVM will connect to mgt server through eth1(mgt server's ip address
>>>is configured to route through eth1), and download template from eth2.
>>> What's your specific issue about network configuration?
>>>> -----Original Message-----
>>>> From: John Burwell []
>>>> Sent: Wednesday, October 03, 2012 7:11 PM
>>>> To:
>>>> Subject: SSVM Network Configuration
>>>> All,
>>>> How do you configure networking to permit the SSVM to connect to the
>>>> public Internet or another internal network?  I have been trying to
>>>> understand the network configuration from the documentation, but am
>>>> missing something in my configuration attempt.
>>>> Thank you for your assistance,
>>>> -John


View raw message