Calculating Security Groups


How to configure the Eucalyptus configuration, security groups per user. 



Calculating security groups per user is an important part of the Eucalyptus configuration. This can be a  confusing area to many cloud administrators. This article is intended to help clear up some of that confusion.

As far as an easy way to calculate this out, typically online tools such as IP calculator help out with this. An example of such a tool such is as folllows:


You need to put in the value for VNET_SUBNET for the "Address", and the value for VNET_NETMASK in the text box entitled "Netmask". Once you hit the "Calculate" button, it will give you all the information pertaining to that network. The "Hosts/Net" value is what you will need. That value needs to be divided by VNET_ADDRSPERNET. This will give you the maximum number of simultaneous active named networks that can be used at one time (also remember Eucalyptus uses 1 - 11, therefore, subtract the value you get after doing the division by 11).

So for example, this is how it would look based upon the information from the eucalyptus.conf that you have here:


 # The address and network mask of the network the cloud should use for
 # instances' private IP addresses.
 # Networking modes: Static, Managed, Managed (No VLAN)

 # The number of IP addresses to allocate to each security group.
 # Specify a power of 2 between 16 and 2048.
 # Networking modes: Managed, Managed (No VLAN)

Number of Hosts/Net (by using ip calculator):  (2^(n bits))-2) or (2^ 16 bits)-2 = 65534

VNET_ADDRSPERNET= 128,                  65534 / 128 = 512

512 - 11 (this is the number that Eucalyptus uses internally) = 501

This is the number that you will use to determine how many active security groups per user that you can have. So, if you have say 50 users. To figure out the number of active security groups per user, you would do this:

501 / 50 = 10.02 which means 10 active security groups per user.


To correctly activate your VNET changes, restart the system as follows;

  1. Terminate all instances
  2. Clean stop the CC
  3. Stop the CLC
  4. Start the CLC
  5. Cleanstart the CC
  6. Run fresh instances as needed.

Have more questions? Submit a request


Powered by Zendesk