Has anyone successfully used an Alpine vrouter with Sunstone 5.0.3 ? I’ve been trying a few days and finally the Alpine VM does start, but no traffic seems to go through it.
I can’t see in the doc where I should define the gateway and the dns when using a router.
Here is my virtual topology:
- VNetwork_WAN ----
| | | |
| VrouterA VM1 VM2
| | | |
VM3 VM11 VM12
VM3 pings all VMs OK as it’s on both networks, VM1-3 all have internet connectivity.
VM 11 and 12 can not access the internet.
Q1: where to define the gateway for those VM ?
Q2: where to define name servers for these VMs ?
All VMs are contextualized so I guess I could define everything in Sunstone, but don’t really know where…
I used bridge network wit 802.q VLAN tagging.
Thank you !!
the answer to Q1 and Q2 is pretty same, you should define the gateway and nameservers as attributes in the network (https://docs.opennebula.org/5.4/operation/network_management/manage_vnets.html#virtual-network-definition-example).
Now, you should decide which network interfaces the router will have and their order. Let’s say, 1st interface up to the VNetwork_WAN, 2nd down to the VNetwork_LAN1. You have to edit the router template and add into
CONTEXT=[…] section following parameter:
GATEWAY_IFACE=‘ETH0’. The default gateway will be set only for the uplink interface and will be ignored for any other.
Then, when starting the router instance via Instantiate Virtual Router Template wizard, you should enforce the gateway IPs on the networks (option Force IPv4: on each added network). And on VM1,2,3 add routes to the VNetwork_LAN1 via VrouterA IP address. This should be enough for the start, but in real use it would be better to have all router IP addresses also a subnet gateways.
Thank you for the guidance. I’ve applied but faced again this error:
alpine router console boot log shows that no networks is starting. It throws the error: ifup: too few parameters for line “iface”
The good news I could solve this one by forcing all interface hardware to virtio in the router template and try again your suggestions (I guess there was a wrong default driver in this version I use) …
Then, my router finally boots with network, hurray ! And pings from both WAN and LAN sides.
However I test my routing setup by doing a “wget yahoo.com” which works great when logged as root on the alpine router, but not on the VMs in the LAN, like VM11 on my chart above.
It throws a:
Resolving yahoo.com (yahoo.com)… failed: Temporary failure in name resolution.
However, the /etc/resolv.conf is set properly by contextualization.
So my questions are:
Is my setup wrong: the internet gw is not set right for VM11 ?
- …or is my expectation wrong: the alpine router is a router but not a real internet gw capable of routing/natting traffic from LAN1 to the internet via the WAN and its internet gw. I was under the assumption that as the router can access the internet, it is also capable to route access to the internet for the VMs in the LAN.
- If 2, then how could I provide internet access to all VMs on LAN1
- I would like to avoid setting up a firewall VM, can security groups rules in LAN1 definition help pass selectively the internet traffic from WAN to at least one dedicated VM in LAN1 (like a LB for example), and how to set this up in Sunstone ?
Thanks a 1000 for your help.