cloudstack icon indicating copy to clipboard operation
cloudstack copied to clipboard

Published 20 hours ago verified publisher icon apache

NFS mounting on VM

Open Noelantogerorge opened this issue 10 months ago • 2 comments

ISSUE TYPE
  • Other
COMPONENT NAME

UI

CLOUDSTACK VERSION

14.19.1

CONFIGURATION

Advance networking

OS / ENVIRONMENT

Ubuntu 22.04 and using KVM hypervisor

SUMMARY

I am trying to get NFS storage on the ACS VM. But VM virtual routers don't have a route or interface to that. I am running the environment as below: ACS Portal: 10.10.40.252 NFS server: 10.10.40.250 KVM host: 172.16.0.100 (Have to NIC 1 for local and 1 for public configured as cloudbr0 for private and cloudbr1 as public.)

ACS Management Range: 172.16.0.10–172.16.0.50 (cloudbr0) ACS Public Range: 232.28.15.16 - 232.28.15.23 (cloudbr1)

I had trunked KVM Privet NIC to talk to the ACS and NFS subnets. So through 172.16.0.0, I can communicate with the 10.10.40.0 network.

I bring up a VM with isolated network 10.1.1.5 and it creates VR with 10.1.1.1 and 232.28.15.19. I am getting internet, and the rest is fine. I need to mount NFS server with this VM. While checking the VR route, I can see the default route to the public NIC. Through that NIC, I won't get the 10.10.40.250 system as it passed out from KVM through cloudbr1.

It is not advised to trunk KVM host cloudbr1 NIC and allow 10.10.40.250 traffic to route through the public network. What will be the best solution for this in this case?

EXPECTED RESULTS

Most of the production environment ACS will be running on a DC, which will have a NAS or SAN for NFS storage and which will be on some other LAN vlan. I can see an option like configuring VPC and adding site-site VPN. But in most cases, all devices have the same DC, which will affect NFS performance when traffic moves out and in through a VPN. So CloudStack should have some option to add this storage to VMs and Kubernetes clusters.

Noelantogerorge avatar Apr 26 '24 11:04 Noelantogerorge

@Noelantogerorge is 10.10.40.0/24 in your "public" network? i.e. can you VM reach your ACS Portal.

I don't think there is an option to allow "internal" IP ranges to be accessible to VMs.

DaanHoogland avatar Apr 29 '24 13:04 DaanHoogland

@Noelantogerorge the only sensible way to achieve this would be to add an interface to your NFS server in the same VLAN and subnet as your ACS network. In general you should route NFS and definitely not have it going through a NATed IP, unless you don't care much about performance.

alexandremattioli avatar Apr 29 '24 14:04 alexandremattioli