On 23/01/14 18:35, Itamar Heim wrote: > On 01/23/2014 05:59 PM, Assaf Muller wrote: >> If you enable VLAN tagging on the management network, which is configured >> on eth0 (Which also provides internet access from my understanding) then >> you will connectivity as (I assume) your physical switches aren't >> configured >> for VLANs. >> >> For an all-in-one, what I would suggest is the following procedure: >> On your PC, create a dummy NIC via: >> sudo ip link add dev dummy_0 type dummy >> sudo ip link set dev dummy_0 up >> >> It's important that the name will be in the dummy_* format. >> >> Following that, go back to the GUI, select the host and hit Refresh >> Host Capabilities. >> >> You should see the new dummy_0 device as a host NIC. >> >> Create a VM network, and under the host Network Interfaces tab hit >> Setup Host Networks. >> >> Drag and drop the new VM network on dummy_0 (Don't give dummy_0 a boot >> protocol or an IP address >> in the edit network dialog). >> >> At this point you should be able to attach VM vNICs' to the new VM >> network and they won't >> be physically connected to any other network, but they'll be able to >> talk amongst themselves. >> >> >> The "private network" feature is planned* for oVirt 3.5, so in the >> future you'll be able >> to just define a network as a private one and everything will work >> automatically. >> >> * No promises! >> >> >> Assaf Muller, Cloud Networking Engineer >> Red Hat >> >> ----- Original Message ----- >> From: "Robert Story" <[email protected]> >> To: "users" <[email protected]> >> Sent: Thursday, January 23, 2014 5:44:25 PM >> Subject: [Users] networking: basic vlan help >> >> Hello again, >> >> I'm new to VLANs and have a few questions. Right now I just have the mgmt >> interface (bridged with eth0) on my all-in-one oVirt test setup. I >> want to >> separate some VMs from the public facing net, which I think means that >> they >> need to be on a different VLAN. I created two new networks, pubX and >> privY, with vlan ids X and Y, but couldn't assign them to eth0 because >> the >> current mgmt network is non-VLAN. I was about to enable VLAN tagging >> on the >> mgmt network, but I wanted to make sure that doing so wouldn't do >> anything >> to eth0 that would disrupt access to it (I only have remote access and >> don't >> want to lock myself out). Also, if it is safe, does the mgmt vlan tag id >> matter? is 0 the right value? >> >> Any/all help, hints, tips or references to examples/links greatly >> appreciated. >> >> >> Robert >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.ovirt.org/mailman/listinfo/users >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.ovirt.org/mailman/listinfo/users >> > > wouldn't disabling 'vm network' on the mgmt network to simply allow the > VLAN'd networks for VMs be simpler?
Yes, this is an alternative to VLAN-tagging the mgmt network. And segregation from the "outer world" could be achieved as proposed by Robert using VLANs, if switches are configured properly. > also, since this question/use-case came up several times past 2 weeks - > do we have a good enough user feedback on why user can't attach a > logical network to the same interface, suggesting there is a non-vlan'd > network visible to VMs, and that if they want to use VLAN'd networks on > the same nic, they should disable the 'vm network' role on the > non-vlan'd network? > When trying to put such networks together via the Setup Networks dialog, users are currently informed that non-tagged VM networks can't exist on the same interface as tagged VM networks, and are advised to detach the non-tagged network. If this appears to be insufficient, I could replace it by a suggestion to configure it as non-VM, or add that to the existing suggestion, but we're kinda short on real-estate in the status panel of that dialog (and that's a lot of information to absorb in one error). _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
