Upload File

eucalyptus 3 networking options - lightning webinar series #4

  • Home
  • Technology
  • Eucalyptus 3 Networking Options - Lightning Webinar Series #4
16
© 2012 Eucalyptus Systems, Inc. Eucalyptus 3 Lightning Webinar: Networking Options 1 Steve Bradshaw Sr. Technical Trainer

Upload: eucalyptus-systems-inc

Post on 20-Aug-2015

1.581 views

Category:

Technology


1 download

Report

Tags:

TRANSCRIPT

Page 1: Eucalyptus 3 Networking Options - Lightning Webinar Series #4

© 2012 Eucalyptus Systems, Inc.

Eucalyptus 3 Lightning Webinar: Networking Options

1

Steve Bradshaw Sr. Technical Trainer

Page 2: Eucalyptus 3 Networking Options - Lightning Webinar Series #4

© 2012 Eucalyptus Systems, Inc.

Network Modes

• Eucalyptus supports four network modes

– SYSTEM (default)

– STATIC

– MANAGED

– MANAGED-NOVLAN

• Configured in /etc/eucalyptus/eucalyptus.conf

– On cluster and node controllers

– Look for the VNET_*= entries

• Choice depends on two factors:

– Eucalyptus features you require or desire

• Security groups, elastic IPs, VLAN network isolation

– Level of control over the underlying physical network

2

Page 3: Eucalyptus 3 Networking Options - Lightning Webinar Series #4

© 2012 Eucalyptus Systems, Inc.

SYSTEM – Logical View

Walrus storage

cloud controller

cluster controller

storage controller

corporate LAN

corporate DHCP server

Node Controlle

r

Node Controlle

r

Node Controlle

r VM

VM

VM Br

Page 4: Eucalyptus 3 Networking Options - Lightning Webinar Series #4

© 2012 Eucalyptus Systems, Inc.

SYSTEM – Characteristics and Features

DHCP Server External to Eucalyptus

Elastic IPs Not available

Security Groups Not available

VLAN Isolation Not available

Page 5: Eucalyptus 3 Networking Options - Lightning Webinar Series #4

© 2012 Eucalyptus Systems, Inc.

STATIC – Logical View

Walrus storage

cloud controller

cluster controller

storage controller

corporate LAN

provides DHCP for virtual machines

(MAC-to-IP)

VM

VM

VM Br Node

Controller

Node Controlle

r

Node Controlle

r node

controller

Page 6: Eucalyptus 3 Networking Options - Lightning Webinar Series #4

© 2012 Eucalyptus Systems, Inc.

STATIC – Characteristics and Features

DHCP Server Cluster Controller

Elastic IPs Not available

Security Groups Not available

VLAN Isolation Not available

Page 7: Eucalyptus 3 Networking Options - Lightning Webinar Series #4

© 2012 Eucalyptus Systems, Inc.

MANAGED(-NOVLAN) Characteristics and Features

DHCP Server Cluster Controller

Elastic IPs Available

Security Groups Available

VLAN Isolation MANAGED mode only

Page 8: Eucalyptus 3 Networking Options - Lightning Webinar Series #4

© 2012 Eucalyptus Systems, Inc.

MANAGED(-NOVLAN) – Logical View

Walrus storage

cloud controller cluster

controller

storage controller

Node Controlle

r

Node Controlle

r

Node Controlle

r node

controller

corporate LAN

provides DHCP for virtual machines

switch

subnet boundary

corporate DHCP server

Page 9: Eucalyptus 3 Networking Options - Lightning Webinar Series #4

© 2012 Eucalyptus Systems, Inc.

IP Network Ranges

• In MANAGED(-NOVLAN) mode, virtual machines use two IP address ranges. Why?

• Each virtual machine is assigned two IP addresses

– A private IP address on the virtual subnet (VM-to-VM)

– A public IP address for external communication

• Cluster controller maps private IP addresses to public IP addresses

– In iptables ‘nat’ table

9

CLC

CC

NC NC

VM VM VM VM VM VM VM VM VM VM

public IP

range

private

virtual IP

range

public

switch

private

switch

Eucalyptus physical hosts

also require IP addresses

Page 10: Eucalyptus 3 Networking Options - Lightning Webinar Series #4

© 2012 Eucalyptus Systems, Inc.

Private Virtual IP Subnets

• Private virtual IP range for virtual machines is divided into subnets by Eucalyptus

• Address range, number of subnets, and number of virtual machines per subnet is controlled by parameters in /etc/eucalyptus/eucalyptus.conf

10

CC NCs

VM public IP

addresses

VM private IP

addresses

.

.

.

virtual

subnet

virtual

subnet

virtual

subnet

VM

VM

VM

VM

VM

VM

private

virtual

IP range

iptables’

network

address

translation

Page 11: Eucalyptus 3 Networking Options - Lightning Webinar Series #4

© 2012 Eucalyptus Systems, Inc.

Virtual Private Subnets • Virtual subnet configuration determines:

– Maximum number of security groups (one per subnet)

– Maximum number of instances per security group (subnet)

• 10 IP addresses reserved per subnet (not available for VMs)

– network number, broadcast address, eight gateway addresses

• 4095 possible VLAN IDs, Eucalyptus can use 2-4094

16 subnet bits = 65,536 possible addresses

VNET_SUBNET=“192.168.0.0”

VNET_NETMASK=“255.255.0.0”

VNET_ADDRSPERNET=“32” 65,536 / 32 = 2048 possible subnets

min of(4092, 2048) = 2048 actual subnets

32 ADDRSPERNET – 10 = 22 instances per subnet

eucalyptus.conf

Page 12: Eucalyptus 3 Networking Options - Lightning Webinar Series #4

© 2012 Eucalyptus Systems, Inc.

MANAGED-NOVLAN VM Isolation

• VM isolation is managed only at the IP layer through security groups.

– Entries in iptables ‘filter’ table

• Multiple subnets but a single LAN

– An instance in one virtual subnet could network sniff an instance in another virtual subnet.

192.168.1.1 192.168.1.2 192.168.2.2 192.168.2.1

Security Group A

IP subnet 1

LAN

Security Group B

IP subnet 2

firewall rules firewall rules

Page 13: Eucalyptus 3 Networking Options - Lightning Webinar Series #4

© 2012 Eucalyptus Systems, Inc.

MANAGED VM Isolation

• VM isolation is managed at the IP layer through security groups (iptables ‘filter’ table) and VLANs (one security group per VLAN)

– An instance in one virtual subnet cannot network sniff an instance in another virtual subnet

192.168.1.1 192.168.1.2 192.168.2.2 192.168.2.1

Security Group A

IP subnet 1

VLAN 1

Security Group B

IP subnet 2

firewall rules firewall rules

VLAN 2

Page 14: Eucalyptus 3 Networking Options - Lightning Webinar Series #4

© 2012 Eucalyptus Systems, Inc.

Network Modes

DHCP Server Corporate Yes Yes Yes

Elastic IPs No No Yes Yes

Security Groups No No Yes Yes

Isolation of VMs No No No Layer 2

STATIC SYSTEM MANAGED-

NOVLAN MANAGED

Page 15: Eucalyptus 3 Networking Options - Lightning Webinar Series #4

© 2012 Eucalyptus Systems, Inc.

Q & A

• Do you have any questions?

Page 16: Eucalyptus 3 Networking Options - Lightning Webinar Series #4

Eucalyptus Nitens

Eucalyptus 3 (&3.1). Eucalyptus 3 Product Overview – Govind Rangasamy

Makalah Eucalyptus

Laminate flooring eucalyptus

Eucalyptus Jastuk

Project Rehabilitation Plan · Eucalyptus salmonophloia, Eucalyptus loxophleba, Eucalyptus erythronema, Eucalyptus salubris, Allocasuarina heugeliana, Melaleuca acuminata, Maireana

Eucalyptus advent-calendar2014

Eucalyptus Newsletter nº 45 Fevereiro de 2014...3 Eucalyptus Newsletter nº 45 – Fevereiro de 2014 Os Amigos do Eucalyptus Engenheiro Florestal Edgard Campinhos Júnior A Eucalyptus

Eucalyptus, Nimbus & OpenNebula

Eucalyptus Administrator

What is Eucalyptus?

Eucalyptus Farming

Silvicultura Eucalyptus globulus.pdf

Operações de silvicultura e colheita de espécies ... · eucalipto são o Eucalyptus grandis e o Eucalyptus urograndis (híbrido de Eucalyptus grandis com Eucalyptus urophylla

© 2012 Eucalyptus Systems, Inc. Eucalyptus Internals Release 3.2 Rich Wolski CTO Eucalyptus Systems

Eucalyptus gnuNify 2012

Amazon EC2 / Eucalyptus

Eucalyptus Guidelines

Fertilization in Eucalyptus urophylla plantations in ... · Fertilization in Eucalyptus urophylla plantations in Guangxi, southern China ... Fertilization in Eucalyptus urophylla

Eucalyptus основные особенности

Eucalyptus oil

Eucalyptus Identity and Access Management (IAM) in the Enterprise - Lightning Webinar #2

Rainbow eucalyptus

Eucalyptus eurograndis 23.06.3012

PURE AUSTRALIAN LEMON SCENTED EUCALYPTUS OIL (EUCALYPTUS CITRIODORA)€¦ ·  · 2017-07-14PURE AUSTRALIAN LEMON SCENTED EUCALYPTUS OIL (EUCALYPTUS CITRIODORA) 12:+HDOWK*URXS Version

Eucalyptus 4.4.3 Administration Guide · Eucalyptus | Contents | 2 Contents Management Overview.....5

Eucalyptus Show

Eucalyptus Cloud Configuration

Mixtures of Eucalyptus Grandis x Eucalyptus Urophylla … euca and pine.pdf · This work investigates the effects of Eucalyptus grandis x Eucalyptus urophylla and Pinus taeda wood

Eucalyptus Riograndense Eucalyptus, Eucalyptus

Eucalyptus infra technology

Eucalyptus - Cirad

Eucalyptus on OpenStack

Eucalyptus Forest - Brazil

Eucalyptus hybrid