Return-Path: X-Original-To: apmail-cloudstack-users-archive@www.apache.org Delivered-To: apmail-cloudstack-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 74B1310090 for ; Tue, 4 Nov 2014 12:28:08 +0000 (UTC) Received: (qmail 44495 invoked by uid 500); 4 Nov 2014 12:28:07 -0000 Delivered-To: apmail-cloudstack-users-archive@cloudstack.apache.org Received: (qmail 44451 invoked by uid 500); 4 Nov 2014 12:28:07 -0000 Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cloudstack.apache.org Delivered-To: mailing list users@cloudstack.apache.org Received: (qmail 44438 invoked by uid 99); 4 Nov 2014 12:28:06 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Nov 2014 12:28:06 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [81.20.94.239] (HELO mx-relay03.cloudservice.ag) (81.20.94.239) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Nov 2014 12:27:38 +0000 Received: from fw1.hostedoffice.ag ([81.20.90.82]) by mx-gate03.cloudservice.ag; Tue, 04 Nov 2014 13:27:25 +0100 Received: from EX10HUB2.hosting.inetserver.de (unknown [10.20.10.70]) by qhexrelay2.hosting.inetserver.de (Postfix) with ESMTP id C549418706F for ; Tue, 4 Nov 2014 13:27:24 +0100 (CET) Received: from [10.14.6.141] (93.212.95.206) by mail.hostedoffice.ag (10.20.10.202) with Microsoft SMTP Server (TLS) id 14.3.181.6; Tue, 4 Nov 2014 13:27:24 +0100 Message-ID: <5458C62B.1090200@empolis.com> Date: Tue, 4 Nov 2014 13:27:23 +0100 From: Martin Emrich User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: Subject: Re: GRE isolated network: wrong interface? References: <54589D2F.3090807@empolis.com> <5458A12C.8040203@niif.hu> <5458A4C0.9000303@empolis.com> <5458BCB3.7080205@niif.hu> In-Reply-To: <5458BCB3.7080205@niif.hu> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [93.212.95.206] X-EXCLAIMER-MD-CONFIG: e299f49b-79fd-4cde-afcd-99df35de8a6e X-cloud-security-sender: martin.emrich@empolis.com X-cloud-security-recipient: users@cloudstack.apache.org X-cloud-security-Virusscan: CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mx-gate03 with 0505C12B4002 X-cloud-security-connect: fw1.hostedoffice.ag[81.20.90.82], TLS=, IP=81.20.90.82 X-cloud-security: scantime:.2373 X-Virus-Checked: Checked by ClamAV on apache.org Hi! Am 04.11.2014 12:46, schrieb Erdősi Péter: > Hmm.. you mean isolated guest network right? > If yes, the IP subnet can be changed, if the user define guest network > (not auto, when first vm started) > There is an option to: Guest Gateway, and Guest Netmask, and if it > filled, the sysvm will use that subnet... No, I do not mean the guest network (which works fine). I mean the network between the XenServers, where the guest traffic is carried. My XenServers have the following interfaces: - MANAGEMENT - GUEST (which should be used for GRE-encapsulated private traffic) - PUBLIC - ISCSI1 - ISCSI2 All except PUBLIC have IP addresses: MANAGEMENT obviously for XenCenter and XAPI, ISCSI1/2 for the multipathed shared storage, and GUEST (intended for GRE traffic, although it is nowhere mentioned that the interface must have IP addresses). The intended behaviour is that Cloudstack instructs the OpenVSwitches within the XenServer nodes to build the GRE tunnels between VMs within the same Cloudstack isolated Network across the GUEST interface. But CloudStack chooses one of the other interfaces (MANAGEMENT or ISCSI) to carry the GRE traffic. You can see this with "ovs-vsctl show" on one of the XenServers with currently running instances: # ovs-vsctl show ... Bridge "xapi4" fail_mode: standalone Port "vif1.0" Interface "vif1.0" Port "t1074-8-9" Interface "t1074-8-9" type: gre options: {key="1074", remote_ip="10.33.1.5"} Port "xapi4" Interface "xapi4" type: internal ... Here you see the remote IP of the other XenServer for the GRE tunnel. But the IP is wrong, it is on the first ISCSI network. This works, but of course we want to isolate storage traffic from guest traffic, so Cloudstack should do as expected and use the "GUEST" interface ip of the peer XenServer as remote_ip. Ciao Martin