cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Phillips <mphilli7...@hotmail.com>
Subject RE: One last hurdle
Date Mon, 24 Feb 2014 15:35:34 GMT
That is a very clean format.....
To be honest, I actually thought about putting together some documentation and posting it
online.

> Subject: Re: One last hurdle
> From: runseb@gmail.com
> Date: Mon, 24 Feb 2014 03:26:41 -0500
> To: users@cloudstack.apache.org
> 
> 
> On Feb 22, 2014, at 8:13 PM, Michael Phillips <mphilli7823@hotmail.com> wrote:
> 
> > Figured it out....
> > Apparently by default outbound traffic is blocked by egress rule...implemented an
egress rule and it's working….
> 
> Do you feel like writing some documentation :)
> 
> We are moving to a new docs format and this:
> http://cloudstack-installation.readthedocs.org/en/latest/
> 
> needs a lot of love.
> 
> > 
> 
> >> From: mphilli7823@hotmail.com
> >> To: users@cloudstack.apache.org
> >> Subject: One last hurdle
> >> Date: Sat, 22 Feb 2014 18:37:45 -0600
> >> 
> >> 
> >> 
> >> 
> >> I am almost there to having a working config with advanced network on vsphere
5.1
> >> So I am using a pretty basic advanced network zone using vlan for isolation.
Details are below:
> >> Public range = x.x.233.0/24
> >> Guest cidr = 10.1.1.0/24
> >> VLAN range = 400-405
> >> 
> >> 1. I create an instance of the default centos5.3 template, choosing to create
a isolated network based on "DefaultIsolatedNetworkOfferingWithSourceNatService"
> >> 2. The system spawns a system router.
> >> 3. The system spawns the guest vm.
> >> 4. The router is made a part of the public vlan 233 and the isolated vlan 400
> >> 5. The guest vm is made a part of the isolated vlan 400.
> >> 6. The router is assigned an IP address on the isolated network of 10.1.1.1.
The router is able to get out to the internet fine, and is able to ping the guest instance.
> >> 7. The guest is assigned an ip address on the isolated network. The guest vm
is able to ping the router
> >> Network Topology would look as follows:
> >> guestvm ---> system router ---> firewall ---> router ---> internet
> >> Up to this point everything LOOKS perfect...BUT...my guest vm is not able to
get out to the internet.
> >> At first I thought my problem might be with the hop after the system router
which is my firewall. So what I did was to imitate what CS is doing, but with windows machines.
Basically I spawned two machines, one which acted as a guest vm, the other to act as a system
router. On the windows box, which I simulated the system router, I enabled routing and remote
access to enable NAT. In this configuration the guest vm was able to use the simulated system
router and browse the internet just fine. The test topology would look as follows:
> >> guest vm ---> simulated router running windows and NAT ---> firewall --->
router ---> internet
> >> So this leads me to believe that something is wrong with the system router and
how it is NAT'ing. Up to this point I have tried the default network service "DefaultIsolatedNetworkOfferingWithSourceNatService"
and created a new network offering using DNS,DHCP, and SourceNAT. 
> >> I think once I get past this hurdle I will be be good to go....any help is hugely
appreciated!!
> >> 
> >> 
> >> 
> >> 
> >> 		 	   		  
> > 		 	   		  
> 
 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message