KVM & Networking
-
Even better is to set up an ovs bridge. That way you can leverage VXLAN for separate networks between hosts.
-
This is the aforementioned thread:
https://mangolassi.it/topic/16744/networking-and-1u-colocation/ -
thanks for your replies, What i understand is, that don't want to run anything on the host, and bridge the host to another VM which you would use as firewall, router etc. So if you had 2 Vm's to run ( 1 as an web server and a 2nd as a mail server), you would still need NAT, given that you have only 1 static/routable ip address.
-
@pattonb said in KVM & Networking:
So if you had 2 Vm's to run ( 1 as an web server and a 2nd as a mail server), you would still need NAT, given that you have only 1 static/routable ip address.
Why do you have only one static IP?
-
because they aren't free, (possibly only 1 static IP is available, although I think that would be rare) I was just putting out that scenario, to ensure I understand a prudent network layout for virtualization, when you want to have some VM's available to the 'outside'. If the VM's were not 'big' production type servers (where the volume/traffic is low),Using 1 static makes more sense (of course I think, I understand the arguments that could be made against such a notion). In the case I mentioned, or constraints you have to work with, would that be a sensical way of doing it ? I can see that if the VM's are only to be accessed from within a local LAN, you could have a number of setups. However, is it still a good idea to not run anything on the host, that is not necessary, much like the advice given for using XS.
-
@pattonb said in KVM & Networking:
because they aren't free, (possibly only 1 static IP is available, although I think that would be rare)
Oh, you are talking about your WAN link, not the IPs on your LAN.
-
correct.
-
In that case, typically, you'd have the NAT on your firewall, not on your KVM host. So you'd be back to bridging on the KVM host.
-
I have currently maybe 65 VMs on my KVM host, they each have their own IPs and are bridged. But there is a firewall and NAT sitting in front of all of it.
-
@scottalanmiller said in KVM & Networking:
I have currently maybe 65 VMs on my KVM host, they each have their own IPs and are bridged. But there is a firewall and NAT sitting in front of all of it.
This is really how it is most cases regardless of hypervisor.
The only exception is in non-production when dealing with KVM + Wireless NIC... I haven't had time to see if I could get it to bridge somehow, so I'm stuck with NAT on my laptop. But, this is not an issue with servers, as they don't use wireless and this seems to be specific to wireless.