[fedora-virt] Routed networking in libvirt

[Kenni Lund]

2010/5/22 Anders Rayner-Karlsson <anders+fedora-virt at trudheim.co.uk>:
> * Kenni Lund <kenni at kelu.dk> [20100520 17:42]:
>> 2010/5/20 Kenni Lund <kenni at kelu.dk>:
>> > 2010/5/20 Dennis J. <dennisml at conversis.de>:
>> >> On 05/20/2010 12:05 PM, Kenni Lund wrote:
>> >>> Hello
>> >>>
>> >>> I just bought a new hosted server in a data center, which I'm going to
>> >>> run a few virtual machines on with libvirt/KVM.
>> >>>
>> >>> The server have 4 public IP addresses, but due to the data center,
>> >>> bridges are not an option.
>> >>
>> >> Why exactly is that? I don't see what one has to do with the other?
>> >
>> > I'm actually not exactly sure, but I think it is because a bridge
>> > needs to have a valid MAC-address? And the datacenter doesn't allow
>> > (eg. they block) data from unknown sources/MAC addresses. That said, I
>> > haven't tested it, but their documentation mentions the use of a
>> > routed network in virtual environments, as bridges will not work.
>>
>> Or perhaps it's even more simple; The host and the additional
>> addresses are not on the same subnet, eg. a bridge working at the
>> datalink layer is unaware of the procedures performed on the upper
>> level protocols, like IP addressing, while a router takes care of
>> this.
>
> Or you could use 1:1 NAT and use all three extra addresses for your
> VM's. Might take some fiddling with the iptables setup on the
> phys-host, but should be doable.

Good idea, but this will not work in some cases, or will at least give
me some new funny issues, with protocols which includes the IP address
in the application layer (FTP) or protocols like IPSEC, etc.

Anyway, I consider this issue resolved - Thinking about it, the guests
do of course require a gateway in the same subnet, eg. the extra
IP-address is needed for the gateway. For some reason I missed that
the guests DID use the extra IP address as a gateway, when I looked at
it to begin with. Duh

Best Regards
Kenni