CSS Corp Open Source Services

[Eucalyptus Beginner’s Guide – UEC edition] Chapter 7 – Network Management

with 3 comments

Chapter 6
Storage Management
Chapter 8
Security

Eucalyptus Networking

System

In System mode, CC generates and assigns a random MAC address to the VM instance while requesting NC to bring up the instance. NC attaches the VM instance’s virtual NIC to the physical NIC on the node through a bridge. This mode requires that the Nodes are connected to the enterprise network directly. Instances obtain an IP address using DHCP, just as physical machines on the network do.

This mode is very easy to setup as it does not have any additional prerequisites in terms of networking, except for a running DHCP server on enterprise network, and is a good way to get started with Eucalyptus, particularly if you want to set it up on your laptop/desktop to get a basic understanding.

This mode of networking is similar to “Bridged Networking” that hypervisors like VMware, VirtualBox etc. offer or like “tap” networking offered by KVM/Qemu.

Static

Static mode offers the Eucalyptus administrator more control over VM IP address assignment than System mode does. In this mode, the administrator configures Eucalyptus with a ‘map’ of MAC address/IP Address pairs on CC.

Before requesting NC to raise an instance, CC sets up a static entry within a Eucalyptus controlled DHCP server, takes the next free MAC/IP pair, and passes on to NC, which attaches the virtual NIC of the instance to the physical NIC of the Node through a bridge similar to how it is handled in ‘System’ mode.

This mode of networking is similar to “Bridged Networking” that hypervisors like VMware, VirtualBox etc. offer or like “tap” networking offered by KVM/Qemu.

This mode is useful for administrators who have a pool of MAC/IP addresses that they wish to always assign to their instances without relying on the DHCP server running in the enterprise network.

Note – Running Eucalyptus in System or Static mode disables some of the following key functionalities that would make an enterprise deployment more manageable:

  • Ingress filtering for the instances ( Security Groups )
  • User Controlled dynamic assignment of IPs to instances ( Elastic IPs )
  • Isolation of network traffic between instances VMs
  • Availability of the meta-data service (use of the http://169.254.169.254/ URL to obtain instance specific information)

Managed

Managed mode is the most feature rich mode offered by Eucalyptus. In this mode, the Eucalyptus administrator defines a large network (usually private and unroutable) from which VM instances will draw their IP addresses. As with Static mode, CC will maintain a DHCP server with static mappings for each instance that is raised and allocate the right IPs at the time of requesting an NC to raise the instance.

Managed mode implements ‘security groups’ for ingress filtering and isolation of instances. The user specifies a security group to which the new instance should be associated with, at the time of requesting a new instance. CC allocates a subset of the entire range of IPs to each security group in such a way that all the instances raised to be a part of the same security group use IPs from the same subset.

The user can define ingress filtering rules at the ‘security group’ level. More on this in the chapter on Security. In addition, the administrator can specify a pool of public IP addresses that users may allocate, either while raising the instances or later at run-time. This functionality is similar to ‘elastic IPs’ of AWS.

Eucalyptus administrators who need to implement require security groups, elastic IPs, and VM network isolation must use this mode.

Managed NOVLAN

This mode is identical to MANAGED mode in terms of features (dynamic IPs and security groups), but does not provide VM network isolation. Eucalyptus administrators who want dynamic assignable IPs and the security groups, but are not in a position to run on a network that allows VLAN tagged packets or those who do not have a need for VM network isolation can use this mode.

Comparison of Eucalyptus Networking Modes

Sl.No Networking Type DHCP Server running on the network CC runs its own DHCP server Instance Isolation Private IPs Ingress Filtering
1. System Required No No No No
2. Static No Yes No No No
3. Managed No Yes Yes Yes Yes
4. Managed-NOVLAN No Yes No Yes Yes

Configurations

For the sake of convenience, the following network setup is assumed.

Managed and Managed-NOVLAN

CC – two interfaces eth0 and eth1. eth0 is connected to internet and eth1 is connected to NC.
NC – one interface eth0, which is part of bridge br0 and this is connected to CC.

System and Static Mode

CC – one interfaces eth0 connected to the enterprise network.
NC – One interface eth0, which is part of bridge br0 connected to the enterprise network.

The following settings have to be made in /etc/eucalyptus/eucalyptus.conf file on CC and NC to configure the corresponding networking mode.

Eucalyptus Networking Configuration

Commands

To list the range of public ip addresses allocated for instances:

uecadmin@client1:~$ euca-describe-addresses
ADDRESS 192.168.10.200    nobody
ADDRESS 192.168.10.201    nobody
ADDRESS 192.168.10.202    nobody
ADDRESS 192.168.10.203    nobody
ADDRESS 192.168.10.204    nobody
ADDRESS 192.168.10.205    nobody
ADDRESS 192.168.10.206    nobody
ADDRESS 192.168.10.207    nobody
ADDRESS 192.168.10.208    nobody
ADDRESS 192.168.10.209    nobody
ADDRESS 192.168.10.210    nobody
ADDRESS 192.168.10.211    nobody
ADDRESS 192.168.10.212    nobody
ADDRESS 192.168.10.213    nobody
ADDRESS 192.168.10.214    nobody
ADDRESS 192.168.10.215    nobody
ADDRESS 192.168.10.216    nobody
ADDRESS 192.168.10.217    nobody
ADDRESS 192.168.10.218    nobody
ADDRESS 192.168.10.219    nobody
ADDRESS 192.168.10.220    nobody

To allocate a public ip address for a specify user:

uecadmin@client1:~$ euca-allocate-address
ADDRESS 192.168.10.200

To release a public ip address from a specify user:

uecadmin@client1:~$ euca-release-address 192.168.10.200

To associate a public ip address to a running instance

uecadmin@client1:~$ euca-associate-address -i i-4799086D 192.168.10.200

To disassociate a public ip address from a running instance

uecadmin@client1:~$ euca-disassociate-address 192.168.10.200
Chapter 6
Storage Management
Chapter 8
Security
Advertisements

3 Responses

Subscribe to comments with RSS.

  1. Hi,

    Great book! Exactly what cloud newbies like me need. So, thanks for your efforts!

    I’m going through this chapter, and I’m a bit puzzled by this sentence “CC – two interfaces eth0 and eth1. eth1 is connected to the Internet and eth0 is connected to NC.” That, however, does not correspond to what I see in Table 7.2 where it says that VNET_PUBINTERFACE in Managed mode is on eth0, while VNET_PRIVINTERFACE is on eth1.

    Which one is right, assuming that I understand it correctly?

    Thanks again!

    Anton

    February 4, 2011 at 8:41 pm

    • Hi,

      Thanks for pointing out the mistake in the book. It has been rectified in the blog. The PDF versions will be rectified in the next versions.

      cssoss

      February 15, 2011 at 12:42 pm

  2. Hi!,

    I have a problem. I installed Eucalyptus 2 on Debian Squeeze as described in their site. http://open.eucalyptus.com/wiki/EucalyptusInstallationDebian_v2.0

    Since this is my home PC and only I have a singal PC, I had to install the NC also in the same machine. After the installation the dhcp server which is installed with the eucalyptus, didn’t started and all the time it has failed. And I’m using MANAGED mode with my installation.

    First I want to know is there any conflicts when installing NC with other components in the same machine?

    And my major problem is I can’t assign public IP’s to my instances. Even all the commands ran without any errors (euca-associate-address -i #### #.#.#.# also worked without any error) the IP address is not assigned. When I check for a euca-describe-instances, it’s showing 0.0.0.0 0.0.0.0 for IP addresses.

    And the other thing is the instance is in pending status and after some time it is terminated. Not going to running state. What would be the reasons for these issues? If could please help me.

    Thanks!

    chaminda

    March 20, 2011 at 11:22 am


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: