root / README @ cf51ea5b
History | View | Annotate | Download (1.7 kB)
1 |
This source tree aims to provide networking funtionality for synnefo and |
---|---|
2 |
Ganeti. |
3 |
|
4 |
Gather existing software components and introduce additions and modifications |
5 |
that take full advantage of the new network design and implementation of |
6 |
Ganeti. |
7 |
|
8 |
In general Ganeti and synnefo will support three main configurations for the |
9 |
VMs residing in the cluster: |
10 |
|
11 |
- VMs with public IPs whose packets are routed though their hosts |
12 |
using IP-less routing and proxy ARP. |
13 |
|
14 |
- VMs with public IPs whose tap interfaces are bridged on a host interface. |
15 |
|
16 |
- VMs with private IPs whose tap interfaces are bridged on vlans and the host |
17 |
acts as gateway and does the masqeurading needed for internet connection. |
18 |
|
19 |
- VMs with private IPs residing in the same ethernet collision domain. |
20 |
|
21 |
|
22 |
|
23 |
|
24 |
GRNET's specific routed mode: |
25 |
|
26 |
|
27 |
* Proxy ARP: |
28 |
|
29 |
* IP-less routing: |
30 |
|
31 |
|
32 |
Single bridge setup. Private IPs. Masquerade: |
33 |
|
34 |
For security and not being able to change ip-mac-tap key: |
35 |
# ebtables -N FROMTAP0 |
36 |
# ebtables -A FROMTAP0 --ip-source \! 192.168.100.2 -p ipv4 -j DROP |
37 |
# ebtables -A FROMTAP0 -s \! aa:00:00:8c:d3:a4 -j DROP |
38 |
# ebtables -A INPUT -i tap0 -j FROMTAP0 (for masquerading) |
39 |
# ebtables -A FORWARD -i tap0 -j FROMTAP0 (for private lans) |
40 |
# ebtables -N TOTAP0 |
41 |
# ebtables -A FORWARD -o tap0 -j TOTAP0 |
42 |
# ebtables -A OUTPUT -o tap0 -j TOTAP0 |
43 |
# ebtables -A TOTAP0 -s 6e:10:e1:a0:c3:0f -j ACCEPT (from gateway) |
44 |
# ebtables -A TOTAP0 -s \! aa:0:0:8c:d3:a4/ff:ff:ff:ff:0:0 -j DROP |
45 |
|
46 |
|
47 |
Private LANs: |
48 |
|
49 |
- Create separete vlans on primary interface of every host. |
50 |
- Define new private network in Ganeti without gateway. |
51 |
- Bridge any tap interface belonging in the network. |
52 |
- Trunk all vlans in cluster switch. |
53 |
|
54 |
|
55 |
|
56 |
nfdhcpd: |
57 |
|
58 |
* NFQUEUE |
59 |
|
60 |
* ferm |