-This source tree aims to provide networking funtionality for synnefo and
-Ganeti.
+This package provides:
+- kvm-vif-bridge for providing network connectivity to VMs
+- mac2eui64 for getting IPv6 address from a mac
+- vmrouter if-up/down scripts that prepare routing tables and ip rules needed for GRNET setup
+- prv-net-helper for creating bridged pools
+- clear-proxy-ndp for removing stale entries
+
+
+
+
+# /etc/network/interfaces examples
+
+###############
+# GRNET SETUP #
+###############
+# IP-less routing / proxy arp interfaces examples:
+# This vlan is used for internet connection of the VMs
+# The gateway is a router that connects all nodes VLANs
+# snf_public should be an existing routing table (in /etc/iproute/rt_tables)
+# The values of ip-routes and ip-gateway must be the same
+# decrared in ganeti network related to this routing table.
+# gnt-network add --network=62.217.123.128/27 --gateway=62.217.123.129
+# --network6=2001:648:2ffc:1201::/64 --gateway6=2001:648:2ffc:1201::1
+# --network-type=public --tags=nfdhcpd,ip-less-routed snf-net-1
+# gnt-network connect snf-net-1 all routed snf_public
+
+auto eth0.201
+iface eth0.201 inet manual
+ ip-routing-table snf_public
+ ip-routes 62.217.123.128/27
+ ip-gateway 62.217.123.129
+ ip-forwarding 1
+ ip-proxy-arp 1
+ arp-ip 62.217.123.158
+
+iface eth0.201 inet6 manual
+ ip-routing-table snf_public
+ ip-routes 2001:648:2ffc:1201::/64
+ ip-gateway 2001:648:2ffc:1201::1
+ ip-forwarding 1
+ ip-proxy-ndp 1
+
+# A bridge pool to connect tap devices of private networks
+# A private network uses explicitly one vlan
+# prv1 8000.e4115bb2925c no eth0.2991
+# prv2 8000.e4115bb2925c no eth0.2992
+# prv3 8000.e4115bb2925c no eth0.2993
+# prv4 8000.e4115bb2925c no eth0.2994
+# prv5 8000.e4115bb2925c no eth0.2995
+auto prv
+iface prv inet manual
+ up prv-net-helper up eth0 1 5 2990 prv
+ down prv-net-helper down eth0 1 5 2990 prv
+
+# A bridge to connect tap devices of private networks
+# All private networks use this bridge
+# Isolation is provided with ebtables and MAC filtering
+# prv0 8000.e4115bb2925c no eth0.2990
+auto prv0
+iface prv0 inet manual
+ bridge_ports eth0.2990
+ bridge_stp off
+ bridge_fd 2
+ post-up ip link set prv0 address e4:11:5b:b2:92:5c
+
+
+#################
+# GENERIC SETUP #
+#################
+# All taps bridged on this bridged
+# eth0 is the node's primary interface
+# 62.217.123.132/27 is the node's primary address
+# 62.217.123.129 is the node's primary Gateway
+# aa:00:00:32:50:51 is the node's primary MAC address
+auto br0
+iface br0 inet manual
+ bridge_ports eth0
+ bridge_stp off
+ bridge_fd 2
+ up for ip in 62.217.123.132/27; do ip addr add $ip dev br0; done
+ up ip route add default via 62.217.123.129 dev br0
+ post-up ip link set br0 address aa:00:00:32:50:51
-Gather existing software components and introduce additions and modifications
-that take full advantage of the new network design and implementation of
-Ganeti.
-In general Ganeti and synnefo will support three main configurations for the
-VMs residing in the cluster:
-
-- VMs with public IPs whose packets are routed though their hosts
-using IP-less routing and proxy ARP.
-
-- VMs with public IPs whose tap interfaces are bridged on a host interface.
-
-- VMs with private IPs whose tap interfaces are bridged on vlans and the host
-acts as gateway and does the masqeurading needed for internet connection.
-
-- VMs with private IPs residing in the same ethernet collision domain.
-
-
-
-
-GRNET's specific routed mode:
-
-
-* Proxy ARP:
-
-* IP-less routing:
-
-
-Single bridge setup. Private IPs. Masquerade:
-
-For security and not being able to change ip-mac-tap key:
-# ebtables -t filter -D INPUT -i tap0 -j TAP0
-# ebtables -t filter -D FORWARD -i tap0 -j TAP0
-# ebtables -t filter -X TAP0
-# ebtables -t filter -N TAP0
-# ebtables -t filter -A TAP0 --ip-source \! 192.168.100.2 -p ipv4 -j DROP
-# ebtables -t filter -A TAP0 -s \! aa:00:00:8c:d3:a4 -j DROP
-# ebtables -t filter -A INPUT -i tap0 -j TAP0 (for masquerading)
-# ebtables -t filter -A FORWARD -i tap0 -j TAP0 (for private lans)
-
-
-
-Private LANs:
-
-- Create separete vlans on primary interface of every host.
-- Define new private network in Ganeti without gateway.
-- Bridge any tap interface belonging in the network.
-- Trunk all vlans in cluster switch.
-
-
-
-nfdhcpd:
-
-* NFQUEUE
-
-* ferm
python-daemon(>=1.5.2-1), python-pyinotify(>=0.7.1-1),
python-ipy(>=1:0.62-1), nfqueue-bindings-python(>=0.3-2),
python-cap-ng(>=0.6.0-1), python(>=2.4), python-configobj(>= 4.5.2-1),
- iptables, arptables, ipcalc, ebtables, ferm, tcpdump, nfdhcpd(>=0.7-1)
+ iptables, arptables, ipcalc, ebtables, tcpdump, nfdhcpd(>=0.7-1)
Description: Networking support for VMs inside the Ganeti Cluster.
This package provides the following utilities:
* vlan handling forGRNET's specific IP-less routing and proxy ARP
-var/lib/snf-network
etc/snf-network
etc/ganeti/hooks
-etc/ganeti/hooks/cluster-init-post.d
-etc/ganeti/hooks/instance-add-post.d
etc/ganeti/hooks/instance-failover-post.d
etc/ganeti/hooks/instance-migrate-post.d
-etc/ganeti/hooks/instance-modify-post.d
-etc/ganeti/hooks/instance-reboot-post.d
etc/ganeti/hooks/instance-remove-post.d
-etc/ganeti/hooks/instance-start-post.d
etc/ganeti/hooks/instance-stop-post.d
-etc/ganeti/hooks/network-connect-post.d
-etc/ganeti/hooks/network-disconnect-post.d
-etc/ganeti/hooks/node-add-post.d
kvm-vif-bridge etc/ganeti
-hooks etc/ganeti/
-
-conf/snf-network.conf etc/snf-network
-conf/grnet.conf etc/snf-network
-conf/generic.conf etc/snf-network
-
-snf-network-build-node-infra usr/bin
-
-snf-network-get-network-env usr/bin
-
-snf-network-configure-interfaces usr/bin
-snf-network-unconfigure-interfaces usr/bin
-
-snf-network-masq-on usr/bin
-snf-network-masq-off usr/bin
-
-snf-network-ipless-routing-on usr/bin
-snf-network-ipless-routing-off usr/bin
-
-snf-network-mac-prefix usr/bin
clear-proxy-ndp usr/bin
-log-env usr/bin
clear-tap usr/bin
/usr/bin/clear-proxy-ndp /etc/ganeti/hooks/instance-migrate-post.d/clear-proxy-ndp
/usr/bin/clear-proxy-ndp /etc/ganeti/hooks/instance-stop-post.d/clear-proxy-ndp
/usr/bin/clear-proxy-ndp /etc/ganeti/hooks/instance-failover-post.d/clear-proxy-ndp
-
-
-/usr/bin/log-env /etc/ganeti/hooks/cluster-init-post.d/log-env
-/usr/bin/log-env /etc/ganeti/hooks/instance-add-post.d/log-env
-/usr/bin/log-env /etc/ganeti/hooks/instance-failover-post.d/log-env
-/usr/bin/log-env /etc/ganeti/hooks/instance-migrate-post.d/log-env
-/usr/bin/log-env /etc/ganeti/hooks/instance-modify-post.d/log-env
-/usr/bin/log-env /etc/ganeti/hooks/instance-reboot-post.d/log-env
-/usr/bin/log-env /etc/ganeti/hooks/instance-remove-post.d/log-env
-/usr/bin/log-env /etc/ganeti/hooks/instance-start-post.d/log-env
-/usr/bin/log-env /etc/ganeti/hooks/instance-stop-post.d/log-env
-/usr/bin/log-env /etc/ganeti/hooks/network-add-post.d/log-env
-/usr/bin/log-env /etc/ganeti/hooks/network-connect-post.d/log-env
-/usr/bin/log-env /etc/ganeti/hooks/network-disconnect-post.d/log-env
-/usr/bin/log-env /etc/ganeti/hooks/network-modify-post.d/log-env
-/usr/bin/log-env /etc/ganeti/hooks/network-remove-post.d/log-env
-/usr/bin/log-env /etc/ganeti/hooks/node-add-post.d/log-env
-DEFAULT=/etc/default/snf-network
-
-CONF=/etc/snf-network/snf-network.conf
-
-INFRA=/etc/snf-network/generic.conf
+MAC_MASK=ff:ff:ff:00:00:00
--- /dev/null
+###############
+# GRNET SETUP #
+###############
+# IP-less routing / proxy arp interfaces examples:
+# This vlan is used for internet connection of the VMs
+# The gateway is a router that connects all nodes VLANs
+# snf_public should be an existing routing table (in /etc/iproute/rt_tables)
+# The values of ip-routes and ip-gateway must be the same
+# decrared in ganeti network related to this routing table.
+# gnt-network add --network=62.217.123.128/27 --gateway=62.217.123.129
+ --network6=2001:648:2ffc:1201::/64 --gateway6=2001:648:2ffc:1201::1
+ --network-type=public --tags=nfdhcpd,ip-less-routed snf-net-1
+# gnt-network connect snf-net-1 all routed snf_public
+
+auto eth0.201
+iface eth0.201 inet manual
+ ip-routing-table snf_public
+ ip-routes 62.217.123.128/27
+ ip-gateway 62.217.123.129
+ ip-forwarding 1
+ ip-proxy-arp 1
+ arp-ip 62.217.123.158
+
+iface eth0.201 inet6 manual
+ ip-routing-table snf_public
+ ip-routes 2001:648:2ffc:1201::/64
+ ip-gateway 2001:648:2ffc:1201::1
+ ip-forwarding 1
+ ip-proxy-ndp 1
+
+# A bridge pool to connect tap devices of private networks
+# A private network uses explicitly one vlan
+# prv1 8000.e4115bb2925c no eth0.2991
+# prv2 8000.e4115bb2925c no eth0.2992
+# prv3 8000.e4115bb2925c no eth0.2993
+# prv4 8000.e4115bb2925c no eth0.2994
+# prv5 8000.e4115bb2925c no eth0.2995
+auto prv
+iface prv inet manual
+ up prv-net-helper up eth0 1 5 2990 prv
+ down prv-net-helper down eth0 1 5 2990 prv
+
+# A bridge to connect tap devices of private networks
+# All private networks use this bridge
+# Isolation is provided with ebtables and MAC filtering
+# prv0 8000.e4115bb2925c no eth0.2990
+auto prv0
+iface prv0 inet manual
+ bridge_ports eth0.2990
+ bridge_stp off
+ bridge_fd 2
+ post-up ip link set prv0 address e4:11:5b:b2:92:5c
+
+
+#################
+# GENERIC SETUP #
+#################
+# All taps bridged on this bridged
+# eth0 is the node's primary interface
+# 62.217.123.132/27 is the node's primary address
+# 62.217.123.129 is the node's primary Gateway
+# aa:00:00:32:50:51 is the node's primary MAC address
+auto br0
+iface br0 inet manual
+ bridge_ports eth0
+ bridge_stp off
+ bridge_fd 2
+ up for ip in 62.217.123.132/27; do ip addr add $ip dev br0; done
+ up ip route add default via 62.217.123.129 dev br0
+ post-up ip link set br0 address aa:00:00:32:50:51
+
+
projects / snf-network / commitdiff