It does work in that way because it seems IPs are associated with randomly assigned MAC address assigned to a NIC. It means in gest OS, you can only use IPs which are reversed for a NIC on that VM. So bridge does not accept traffic from that IP it is used by another guest . It means there is a builtin MAC filter. So I am not able to freely use IPs on any VM I wish.
I a not sure if this behavior is related to security group or is a a default behavior of KVM or ACS On Fri, Nov 22, 2019 at 5:18 PM Andrija Panic <[email protected]> wrote: > you assign a single secondary IP for just one of the VMs (so it's reserved > and will not be assigned later to other VMs via ACS). This secondary IP is > NOT handled via DHCP, it is just reserved in DB as used. > > Now, go and manually use it inside both VMs. simple. > > its better question if VRRP heartbeat is allowed between 2 VMs > (protocol/port) and if you can allow traffic access to that secondary IP > address from outside. > > On Fri, 22 Nov 2019, 14:37 Fariborz Navidan, <[email protected]> > wrote: > > > The challenge is how can we assign a single iP as secondary IP on two or > > more VMs? > > > > On Fri, Nov 22, 2019 at 1:57 AM Andrija Panic <[email protected]> > > wrote: > > > > > VRRP is possible to configure anywhere - it's a different question > > whether > > > it will work due to firewall rules... > > > The simplest way to give yourself an answer is to test (allow all > > ingress, > > > all egress and test). > > > > > > On Thu, 21 Nov 2019 at 22:20, Fariborz Navidan <[email protected]> > > > wrote: > > > > > > > If security groups use ebtables, so why does my ebtables does not > have > > > any > > > > rule on the host? Default egress policy on my guest network is Allow > > and > > > I > > > > have added tcp/udp/icmp ingress rules to allow traffic go through. > > > > > > > > On Fri, Nov 22, 2019 at 12:03 AM Rohit Yadav < > > [email protected]> > > > > wrote: > > > > > > > > > VRRP is a network layer protocol, uses multicast address 224.0.0.18 > > and > > > > > protocol number 112. As long as SG can allow this, it's possible, > > > however > > > > > that may not be available out of the box. You can try some custom > > > > ebtables > > > > > rules on the KVM hosts. > > > > > > > > > > > > > > > Regards, > > > > > > > > > > Rohit Yadav > > > > > > > > > > Software Architect, ShapeBlue > > > > > > > > > > https://www.shapeblue.com > > > > > > > > > > ________________________________ > > > > > From: Fariborz Navidan <[email protected]> > > > > > Sent: Thursday, November 21, 2019 17:56 > > > > > To: [email protected] <[email protected]> > > > > > Subject: Is VRRP possible inside KVM/ACS > > > > > > > > > > Hello, > > > > > > > > > > Is it possible to configure VRRP inside KVM in a security group > > > enabled > > > > > advanced zone? Should I enable Promisscouous mode and forged > > transmit? > > > > > > > > > > [email protected] > > > > > www.shapeblue.com > > > > > Amadeus House, Floral Street, London WC2E 9DPUK > > > > > @shapeblue > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > Andrija Panić > > > > > >
