hi,
I have an issue with one host at a customer's site. I think this cannot
work, but I would like to ask you just in case I am confused.
host:
eno1: 172.20.10.x/24 management interface gw 172.20.10.254
bridge-service: 0.0.0.0/24
tun0: openvpn tunnel to external data center
internal-bridge: x.x.x.x/28 ; routed subnet that goes to openvpn tun0
on vm:
eth0: x.x.x.x/28 on internal-bridge (default gw)
eth1: 172.20.10.x/24 bridge-service gw 172.20.10.254 (same as eno1)
Connectivity to and from openvpn (from and to datacenter) is perfect. All
vms are directly reachable from our management services, no natting.
From hypervisor I can ping the gw, from vm I cannot ping
172.20.10.254.
My gut feeling is that this cannot work because traffic for the hypervisor
for subnet 172.20.10.x/24 flows through eno1, but for vm through the
bridge-loggin interface. So that cannot work.
Should we just ask the customer to give us different subnets for the host
and the vm?
TIA.
--
regards,
Natxo