Awesome, I learnt something here too. Glad it's working for you now.
KELCEY DAMAGE Infrastructure Systems Architect www.backbonetechnology.com ------------------------------------------------------------------------- kel...@bbits.ca address: 55 East 7th Ave, Vancouver, BC, V5T 1M4 tel: +1 604 713 8560 ext:114 fax: +1 604 605 0964 skype: kelcey.damage -----Original Message----- From: John Burwell [mailto:jburw...@basho.com] Sent: Thursday, October 04, 2012 2:39 PM To: cloudstack-dev@incubator.apache.org Subject: Re: SSVM Network Configuration Ahmad, You were correct on the rp_filter issue. Once disabled, the SSVM was able to connect outbound to S3, as well as, any host reachable from devcloud. I noticed that rp_filter is disabled in sysctl.conf yet it is somehow being enabled at runtime. Is this behavior intended? Thanks, -John On Oct 4, 2012, at 1:07 PM, Ahmad Emneina <ahmad.emne...@citrix.com> wrote: > On 10/4/12 9:16 AM, "John Burwell" <jburw...@basho.com> wrote: > >> Kelcey, >> >> I am a bit confused about how secstorage.allowed.internal.sites is >> used which stems to lack of knowledge regarding the devcloud network >> configuration. Also, is there documentation available for setting up >> such a NAT? >> >> As a point of clarification to my original question, I am working in >> the devcloud environment (using the OVA downloaded from the wiki) >> where I need to get the SSVM to connect to S3 or to a local >> VirtualBox VM running an S3-compatible object store. Thus far, I >> have been unable to get devcloud to bring up a second NIC on a >> host-only network. I have attempted to setup an advanced network >> configuration as follows: >> >> Physical Network with VLAN isolation method Management Server: >> 10.0.2.15 -> Gateway: 10.0.2.2 Storage Network: 10.0.2.50-10.0.2.59 >> -> Gateway 10.0.2.2 on VLAN0 Management Network: >> 10.0.2.200-10.0.2.220 -> Gateway 10.0.2.2 Public Network: >> 10.0.2.100-10.0.2.199 -> VLAN0 > > The issue that gets created here is you get system vm's that are > multi-homed. Your system vm's get a nic (leg) on each network... But > that network is one and the same. Why this is an issue is rp_filter is > enabled by default on the system vm's, message comes in on one of > those nics, but it's default route out is another nic... Thus blocking the > response. > > Ideally you'd use a basic zone for this kind of configuration, or else > you'll end up having to log into the system vm's every time a new one > is spawned and disabling rp_filter for the nics. You might want to > test this, by logging in and disabling rp_filter on the nics and see > if things start working as expected. > > >> >> Obviously, my network configuration is incorrect, but I have the >> reached the limits of my CloudStack and Xen knowledge to identify the >> problem(s). >> >> Given this information, what is the best way to give the SSVM access >> to the Internet and/or a VirtualBox host-only network? >> >> Thank you for your help, >> -John >> >> On Oct 3, 2012, at 10:39 PM, "Kelceydamage@bbits" <kel...@bbits.ca> wrote: >> >>> The the secondary storage VM can be NATed to from any network >>> router, however the console proxy does not work over NAT. >>> >>> Sent from my iPhone >>> >>> On Oct 3, 2012, at 7:32 PM, Edison Su <edison...@citrix.com> wrote: >>> >>>> System vm will have 4 nics, eth2 is on the public network, eth1 is >>>> the >>>> private(mgt) network. >>>> The IP address of eth2 is got from pod configuration: in one of IP >>>> address range ["startip", "endip"] in createPod API. >>>> The IP address of eth1 is got from guest network, if it's basic >>>> network mode, this IP range is configured by createVlanIpRanges API >>>> SSVM will connect to mgt server through eth1(mgt server's ip >>>> address is configured to route through eth1), and download template from >>>> eth2. >>>> What's your specific issue about network configuration? >>>> >>>>> -----Original Message----- >>>>> From: John Burwell [mailto:jburw...@basho.com] >>>>> Sent: Wednesday, October 03, 2012 7:11 PM >>>>> To: cloudstack-dev@incubator.apache.org >>>>> Subject: SSVM Network Configuration >>>>> >>>>> All, >>>>> >>>>> How do you configure networking to permit the SSVM to connect to >>>>> the public Internet or another internal network? I have been >>>>> trying to understand the network configuration from the >>>>> documentation, but am missing something in my configuration attempt. >>>>> >>>>> Thank you for your assistance, >>>>> -John >> >> > > > -- > Æ > > >
