Thanks for your reply Jeromy. To be honest I doubt they will do that, there degree of helpfulness in the past hasn’t extended much beyond power cycling a box if required, they won’t even connect the second NIC on each box to a private VLAN for management traffic.
What ever solution I go with is basically constrained to software, which is why I was thinking a mesh VPN type setup, it’s not ideal but I’m not sure what other options I have. I have the most experience with Cisco and OpenVPN, but in this case I think something a bit more distributed would be better, also something that can handle multicast traffic which both Tinc and SoftEther clamed to do. I’ve also seen quite a few references to VDE2 in the libvirt documentation, but I haven’t had a chance to fully explore that yet. Finally I've seen a few blog posts recently around OVN from the OpenVSwitch team, which looks like it's perfectly suited to my use case, but I'm not sure how I'd go integrating it with CloudStack. https://www.sdxcentral.com/sdn/network-virtualization/definitions/what-is-open-virtual-network-ovn-how-it-works/ Thanks for your suggestions :) Ben On 2/21/17, Jeromy Grimmett <[email protected]> wrote: > Ben, > > Do you have the ability to tell the provider at the DC to make the 1 port > connected to the 1 NIC in the host a "trunk" port? > > If you are able to do get a couple of VLANs on that port, you can then > create subinterfaces on the single NIC on each host and move the traffic > across the VLANs as needed. > > Let me know the answer to that question, and maybe I can come up with > another idea for you if that won't work. > > j > > Jeromy Grimmett > P: 603.766.3625 > [email protected] > www.cloudbrix.com > > > -----Original Message----- > From: Ben Kincaid [mailto:[email protected]] > Sent: Tuesday, February 21, 2017 12:23 PM > To: [email protected] > Subject: Network implementation question > > Hi List, > > I am currently in the process of evaluating several KVM management packages > in order to replace some old Vsphere. > > I have been running up test labs with the following: > > * Cloudstack obviously > * oVirt > * OpenNebula > * Proxmox > * Ganeti > > While I am more than happy to script up a few CLI tools and interact with > Libvirt directly, that isn’t going to work for most end users of this > infrastructure. > > I am running in to a bit of a challenge around the networking aspect of what > I am trying to create here, since most of these management tools assume you > are building an all-in-one box deployment, or you manage your own network > infrastructure in your datacenter. > > > We have 6 soon to be 8 boxes in a remote DC, and we don’t have any > flexibility around the networking. > > Each box has one NIC, with a public IP, and we have a couple of /27 address > ranges to use. We need to specify which port on the switch that /27 will be > going to. > > So what I would like to do is build a private address network across all 8 > boxes, either using something like PeerVPN / Tinc or the new VPN features > built in to Vswitch, I would then put that on vmbr1 for example. > > Vmbr0 would be the public internet port on each box, and on one box I would > run up an instance of PFSense or similar in a VM which I would route the > /27’s to and then forward them to IPs on the internal IP pool. > > Does Cloudstack have the ability to manage a network structure such as this, > and if so how might I go about it? I must admit after reading the docs and > launching a test lab I couldn’t work out how to build such a structure. > > As a side note, I had extreme difficulties getting the packages to build on > Ubuntu 16.04 and ended up using the pre-built packages on Ubuntu 14.04 > instead, just to get a test environment set up, I see there is already a > ticket open against this issue though. > > Thanks for such a great peace of software, and I appreciate any suggestions > or advice anyone can offer on this issue. >
