OpenNebula + KVM + Open VSwitch

OpenNebula + KVM + Open vSwitch

I’m trying to use OpenNebula + KVM and Open vSwitch, the issue that I have is that the VM are not eble to reach Internet.

I’m using the following software versions:
OS: CentOS 7
OpenNebula: 5.4.6
Open vSwitch: 2.9.0

Steps to reproduce:

Here are the steps to set up the network on physical machine, I’ve created a OVS bridge:

cat /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
DEVICETYPE=ovs
TYPE=OVSBridge
IPADDR=1.2.3.4
BROADCAST=1.2.3.255
GATEWAY=1.2.3.254
DNS1=4.5.6.7
DNS2=4.5.6.8
PREFIX=24
ONBOOT=yes
HOTPLUG=no
USERCTL=no
DELAY=0

Physical interface configuration

cat /etc/sysconfig/network-scripts/ifcfg-eno1
DEVICE=eno1
TYPE=OVSPort
HWADDR=e8:39:35:3f:43:26
ONBOOT=yes
BOOTPROTO=none
NAME=eno1
NETBOOT=yes
DEVICETYPE=ovs
OVS_BRIDGE=br0
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes

The OpenNebula Vitual Network Template is:

BRIDGE = “br0”
CLUSTERS = “production”
DESCRIPTION = “network for testing purposes”
DNS = “130.10.10.1”
GATEWAY = “130.10.10.1”
NETWORK_ADDRESS = “130.10.10.0”
PHYDEV = “”
SECURITY_GROUPS = “0”
VLAN_ID = “10”
VN_MAD = “ovswitch”

Current results:
One the NIC is attached to VM, the port is added to OVS.

ovs-vsctl show
3e695423-3c1c-46c8-9135-69ffd205801a
Bridge “br0”
Port "one-8-0"
tag: 10
Interface "one-8-0"
Port “eno1”
Interface “eno1”
Port “br0”
Interface “br0”
type: internal
ovs_version: “2.9.0”

This is the output of “ifconfig” of the new port added… This step is automatically done by OpenNebula

ifconfig one-8-0
one-8-0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fc10:10ff:fe00:0 prefixlen 64 scopeid 0x20
ether fe:10:10:00:00:00 txqueuelen 1000 (Ethernet)
RX packets 20 bytes 1152 (1.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 23 bytes 2136 (2.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

The routing in the physical machine.

route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 148.204.63.254 0.0.0.0 UG 0 0 0 br0
148.204.63.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eno1
169.254.0.0 0.0.0.0 255.255.0.0 U 1033 0 0 br0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0

As I can see there is no route for the new VLAN. Where and How should I set up the GW?, Because from my VM I can’t reach the GW.

Expected results:
I’m expecting network isolation, at the same time internet connectivity thru this network. My end escenario will have a lot of VLAN’ isolated.