/README - Annotate - snf-network - Greek Research and Technology Network's projects

root / README @ cf51ea5b

History | View | Annotate | Download (1.7 kB)

1	d07b449f	Dimitris Aragiorgis	This source tree aims to provide networking funtionality for synnefo and
2	d07b449f	Dimitris Aragiorgis	Ganeti.
3	d07b449f	Dimitris Aragiorgis
4	d07b449f	Dimitris Aragiorgis	Gather existing software components and introduce additions and modifications
5	d07b449f	Dimitris Aragiorgis	that take full advantage of the new network design and implementation of
6	d07b449f	Dimitris Aragiorgis	Ganeti.
7	d07b449f	Dimitris Aragiorgis
8	d07b449f	Dimitris Aragiorgis	In general Ganeti and synnefo will support three main configurations for the
9	d07b449f	Dimitris Aragiorgis	VMs residing in the cluster:
10	d07b449f	Dimitris Aragiorgis
11	d07b449f	Dimitris Aragiorgis	- VMs with public IPs whose packets are routed though their hosts
12	d07b449f	Dimitris Aragiorgis	using IP-less routing and proxy ARP.
13	d07b449f	Dimitris Aragiorgis
14	d07b449f	Dimitris Aragiorgis	- VMs with public IPs whose tap interfaces are bridged on a host interface.
15	d07b449f	Dimitris Aragiorgis
16	d07b449f	Dimitris Aragiorgis	- VMs with private IPs whose tap interfaces are bridged on vlans and the host
17	d07b449f	Dimitris Aragiorgis	acts as gateway and does the masqeurading needed for internet connection.
18	d07b449f	Dimitris Aragiorgis
19	d07b449f	Dimitris Aragiorgis	- VMs with private IPs residing in the same ethernet collision domain.
20	d07b449f	Dimitris Aragiorgis
21	d07b449f	Dimitris Aragiorgis
22	d07b449f	Dimitris Aragiorgis
23	d07b449f	Dimitris Aragiorgis
24	d07b449f	Dimitris Aragiorgis	GRNET's specific routed mode:
25	d07b449f	Dimitris Aragiorgis
26	d07b449f	Dimitris Aragiorgis
27	d07b449f	Dimitris Aragiorgis	* Proxy ARP:
28	d07b449f	Dimitris Aragiorgis
29	d07b449f	Dimitris Aragiorgis	* IP-less routing:
30	d07b449f	Dimitris Aragiorgis
31	d07b449f	Dimitris Aragiorgis
32	d07b449f	Dimitris Aragiorgis	Single bridge setup. Private IPs. Masquerade:
33	d07b449f	Dimitris Aragiorgis
34	d07b449f	Dimitris Aragiorgis	For security and not being able to change ip-mac-tap key:
35	cf51ea5b	Dimitris Aragiorgis	# ebtables -N FROMTAP0
36	cf51ea5b	Dimitris Aragiorgis	# ebtables -A FROMTAP0 --ip-source \! 192.168.100.2 -p ipv4 -j DROP
37	cf51ea5b	Dimitris Aragiorgis	# ebtables -A FROMTAP0 -s \! aa:00:00:8c:d3:a4 -j DROP
38	cf51ea5b	Dimitris Aragiorgis	# ebtables -A INPUT -i tap0 -j FROMTAP0 (for masquerading)
39	cf51ea5b	Dimitris Aragiorgis	# ebtables -A FORWARD -i tap0 -j FROMTAP0 (for private lans)
40	cf51ea5b	Dimitris Aragiorgis	# ebtables -N TOTAP0
41	cf51ea5b	Dimitris Aragiorgis	# ebtables -A FORWARD -o tap0 -j TOTAP0
42	cf51ea5b	Dimitris Aragiorgis	# ebtables -A OUTPUT -o tap0 -j TOTAP0
43	cf51ea5b	Dimitris Aragiorgis	# ebtables -A TOTAP0 -s 6e:10:e1:a0:c3:0f -j ACCEPT (from gateway)
44	cf51ea5b	Dimitris Aragiorgis	# ebtables -A TOTAP0 -s \! aa:0:0:8c:d3:a4/ff:ff:ff:ff:0:0 -j DROP
45	d07b449f	Dimitris Aragiorgis
46	d07b449f	Dimitris Aragiorgis
47	d07b449f	Dimitris Aragiorgis	Private LANs:
48	d07b449f	Dimitris Aragiorgis
49	d07b449f	Dimitris Aragiorgis	- Create separete vlans on primary interface of every host.
50	d07b449f	Dimitris Aragiorgis	- Define new private network in Ganeti without gateway.
51	d07b449f	Dimitris Aragiorgis	- Bridge any tap interface belonging in the network.
52	d07b449f	Dimitris Aragiorgis	- Trunk all vlans in cluster switch.
53	d07b449f	Dimitris Aragiorgis
54	d07b449f	Dimitris Aragiorgis
55	d07b449f	Dimitris Aragiorgis
56	d07b449f	Dimitris Aragiorgis	nfdhcpd:
57	d07b449f	Dimitris Aragiorgis
58	d07b449f	Dimitris Aragiorgis	* NFQUEUE
59	d07b449f	Dimitris Aragiorgis
60	d07b449f	Dimitris Aragiorgis	* ferm

Synnefo » snf-network

root / README @ cf51ea5b