Trying to understand a SDN "virtual private network"


I’m getting some connection problems. I have configure a small OpenNebula cluster with two nodes: a head server, that acts also as KVM, and a second server that acts only as KVM node. Head node has two interfaces: a public interface and a private interface. KVM node has only one interface: private interface. This “private interface” is the network where head node and KVM one interconnects.

After reading OpenNebula 6.4.0 documentation, I want to create a shared “Virtual Network” across all of my KVM nodes: head server (also KVM) and node KVM.

I understand that my eth0 in each node, that have private IPs, that be reconfigured as “bridge” in both nodes (br0, for example). Then, I would have a bridge in each node, as documentation says… But I have one question, one important question (and, of course, sorry about my network SDN knowledges…). If my virtual network is, for example, 10.10.10.x/24, I supose is mandatory to specify a network gateway, isn’t it? In this case, for example, gateway could be… but… where is “located” this gateway??? This is a gateway from the virtual network, but this virtual network is shared across all my KVM nodes (in my scenario, two nodes), because if I instantiate two machines, one in “head node” and a second one in “KVM node”, both VMs will have a IP from the same virtual network and, I suppose I could ping from one to other and viceversa, isn’t it?

In this case, where and how I attach this IP?


Hi @Daniel_Ruiz_Molina,

A gateway is only necessary if you want your VMs to be able to reach other networks. If you just want a private network for inter VM communication you don’t need any gateway.

If you do need a gateway (e.g because you need the VMs to reach the nternet) you just need to define the gateway IP and ensure that this IP is reachable within the private network. This mean that it must be something (either another VM or a physical server) within your private network holding that IP.

For example if you want to use one of your KVM nodes as a gateway, you can just configure an IP address in the bridge of that KVM node and use that IP as your gateway (make sure the IP is excluded from the AR of your OpenNebula Virtual Network to avoid collisions).

1 Like

Hi @cgonzalez (by the moment :wink: )

I know all concepts you have explained me… Only I had that “doubt” because in an SDN I didn’t know “where” I needed to locate/ubicate gateway host because the SDN is shared across/along all KVM nodes and, of course, with frontend server.

Finally, what I have configured in my small OpenNebula cluster is:

  1. Front-end has its eth0 without IP address

  2. I have created a “br0” bridge and, then, I have configured it with IP from the phisycal network

  3. I have created a new bridge interface “br0:0” with IP (gateway in my SDN)

  4. Because I have two more SDNs without internet connection (in my SDN 10.10.10./24 I run "iptables -A POSTROUTING -j MASQUERADE) with values and, I have also created two bridges interfaces br0:1 and br0:2 with that values. Because, really, that interfaces are virtual and they were already connected to br0 via br0:0, I have modified daemon script “network” to allow “ifup” in “ExecStartPost”.

With this confguration, I have got my desired internet connection: only from but allowed between my two KVM nodes for all VMs running networks 10, 20 or 30.

Thanks @cgonzalez

Hi @Daniel_Ruiz_Molina,

It sounds good to me, as mentioned before there’s no really one answer to “where to put the gateway?” question, it really depends on your physical network and on the use case you’re trying to achieve.