问题

多层2网络

G
徽章 +1
我们正在尝试将网络与Nutanix分开。我们正在运行AHV。我们的目标是使所有内部流量通过2 10G NIC和我们的所有外部流量通过1G NIC进行路由。这是我们环境中不同子网的两个独立网络。我们将两个10G NIC附加到BR0上的第2层开关上,并带有VLAN和2 1G NIC,并在其他网络上的BR1上附加到其他第2层开关。我们为1G NIC创建了一个桥(BR1),并创建了一个VLAN。我们已将10G NIC绑定到BR0,将1G NIC绑定到BR1。我们的内部网络运行良好,但我们的外部网络却不能。这是两个完全不同的网络。一个是10.x.x.x另一个142.x.x.x。
我是Nutanix的新手,希望我在正确的位置要求。
任何帮助,将不胜感激。
    \r\nI am new to Nutanix and hope I am asking in the correct place.
    \r\nAny help would be appreciated.","quoteUsername":"Gottabme","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

    7个答复

    j
    UserLevel 7
    徽章 +25
    @aluciani看起来像是一个商业问题?

    听起来像Nutanix会在双臂模型中坐在伪造的DMZ中,因此不会轻易采取任何措施。节点/AHV及其CVM需要留在内部网络上。因此,如果戴上另一个上行链路,允许客人拥有外部IP的目标是吗?

    如果是这样的话,下面的事情可能会起作用。如果您双重房屋,您的托管VM会非常了解创建桥梁的安全风险。
    https://portal.nutanix.com/#/page/docs/details?targetID=AHV_ADMIN-ACR_V4_6:AHV_1GBE_CONFIGURE_FOR_GUEST_VOR_GUEST_VMS_VMS_T.HTML
    @aluciani<\/user-mention> looks like a commercial question I think?
    \r\n
    \r\nSounds like nutanix would be sitting as a psuedo dmz in a dual arm model so not something to take lightly. The node\/AHV and it's CVM would need to stay on the internal network. So is the goal to allow guests to have an external IP if put on the other uplink?
    \r\n
    \r\nIf so something like the below might work. If you dual home your hosted VMs just be VERY aware of the security risks there of creating a bridge.
    \r\nhttps:\/\/portal.nutanix.com\/#\/page\/docs\/details?targetId=AHV_Admin-Acr_v4_6:ahv_1gbe_configure_for_guest_vms_t.html","quoteUsername":"jrack","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    G
    徽章 +1
    谢谢您,但我一直没有成功。我似乎无法将网络分开。如果我使用IP 10.x.x.x创建VM,并将其放入我在BR0上创建的VLAN中,则可以正常工作。BR0通过我已更新上行链接的10G卡连接到我们的10.x.x.x网络。如果我在BR1上使用IP 142.x.x.x连接到我们的142.x.x.x.x网络的IP 142.x.x.x在BR1上创建的VLAN创建VM,则它与网络没有连接。我也更新了BR1上的上行链接
    这是我实际CVM之一的照片
    https://两个10G NIC连接到我们的10.x.x.x网络上的开关。两个1G NIC连接到我们的142.x.x.x网络上的开关
    \r\nHere is a pic from one of my actual CVM's of how I set the bridges up
    \r\nhttps:\/\/The two 10G nics are connected to a switch on our 10.x.x.x network. The two 1G nics are connected to a switch on our 142.x.x.x network","quoteUsername":"Gottabme","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    j
    UserLevel 7
    徽章 +25
    因此,如果您玩过的W ovs,您也许可以发挥更多的创意。您可以使用OVS-ofctl垃圾箱来查看整个VSWITCH上的情况。

    在这种情况下,我假设每个都是一个普通的上行链路或一个路线W,将路由作为默认VLAN。

    未标记的流量应从访客VM的TAP上滚动到BR1等。确保它不会陷入错误的出口或其他东西。

    这是用于商业安装吗?如果是这样,则使用该支持,因为您为此付费。
    \r\n
    \r\nIn this case I assume each is a plain uplink or a trunk w that route as the default VLAN.
    \r\n
    \r\nThe untagged traffic should roll its way through from the tap for the guest VM onto br1 etc. Make sure that it isn't getting stuck on the wrong egress or something.
    \r\n
    \r\nIs this for a commercial install? If so use that support since you paid for it.","quoteUsername":"jrack","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    G
    徽章 +1
    不幸的是,我们通过戴尔购买了该系统。我们无法直接访问Nutanix的支持。我们必须打电话给戴尔。我们得到的答复是戴尔没有通过电话提供初始设置的这种支持。他们告诉我们,他们仅提供初始设置的现场服务付费。
    我们一直在建立这个网络已经挣扎了两个星期。我们一遍又一遍地摧毁了我们的集群并重新开始。在Hyper-V中设置这种类型的网络大约需要2秒钟。在AHV中不应该这么困难。现在,我们已经聘请了一名顾问来帮助我们。
    感谢您的输入。
    G
    \r\nWe have been struggling with this network set up for two weeks now. We have destroyed our cluster over and over and restarted. Setting up this type of networking in Hyper-V takes about 2 seconds. It should not be this difficult in AHV. We have now hired a consultant to come and help us.
    \r\nThanks for your input.
    \r\nG","quoteUsername":"Gottabme","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    j
    UserLevel 7
    徽章 +25
    @aluciani觉得如果戴尔不能照顾他们应该升级吗?可能只是一段时间以来就没有比赛,但是支持团队可以提供帮助?

    是的,OVS可以处理这个问题,因此不确定问题,但不是在论坛中进行调试的最容易的问题。
    @aluciani<\/user-mention> feels like Dell should have escalated if they couldn't take care of it? May be just out of the game for a while, but maybe the support team could help out?
    \r\n
    \r\nYeah ovs can handle this so not sure the issue, but not the easiest to debug in a forum.","quoteUsername":"jrack","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    UPX
    UserLevel 2
    徽章 +4
    嗨,Gottabme
    您用哪个CMD创建新桥?

    如果您使用过这个:
    OVS-VSCTL ADD-BR BR1

    卸下桥梁,尝试使用此桥梁:
    manage_ovs -bridge_name br1 create_single_bridge

    让我知道它是否有帮助
    准备工作是出色工作的起点!
    \r\nwhich cmd have you used to create the new bridge?
    \r\n
    \r\nif you have used this one:
    \r\novs-vsctl add-br br1
    \r\n
    \r\nremove the bridge and try using this one:
    \r\nmanage_ovs --bridge_name br1 create_single_bridge
    \r\n
    \r\nlet me know if it helps please","quoteUsername":"UPX","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    G
    徽章 +1
    以防万一其他人遇到此解决方案,一旦我得到它,解决方案就很简单。我要做的就是为每层连接创建一个网络,并将它们都留在默认的VLAN0中。默认情况下,路由由OVS处理。

    回复


    Baidu