Private Network Provisioning in Managed/Managed-NOVLAN

Follow

Eucalyptus Versions: 3.0 - 4.0.x

Private Network Provisioning in Managed/Managed-NOVLAN

In Managed/Managed-NOVLAN, there are three key configuration variables in the /etc/eucalyptus/eucalyptus.conf file on the Cluster Controller (CC) that determines how the private subnetwork is partitioned for instances.  These variables are as follows:

  • VNET_SUBNET - subnet to be used for instance addresses.
  • VNET_NETMASK - netmask informing the size of the subnet.
  • VNET_ADDRSPERNET - defines how the subnet will be sub-divided into network segments (i.e. the number of instances allowed per security group).

As mentioned in the Eucalyptus documentation regarding setting up security groups, Eucalyptus will use a certain number of the IP addresses (10 to be exact) within each security group network are reserved for Eucalyptus to use as gateway addresses, broadcast address, etc.  For example, if VNET_ADDRSPERNET is 64, 54 IP addresses are available for a given security group - which maps directly to an internal index used by Eucalyptus.  In Managed mode, this index is mapped to a VLAN ID.  The following example will explain the mapping between index and VLAN ID for Managed mode.  

Managed Networking Mode Example

Let's say that a cloud administrator defines the following for VNET_SUBNET, VNET_NETMASK, and VNET_ADDRSPERNET:

  • VNET_SUBNET => 192.168.0.0
  • VNET_NETMASK => 255.255.252.0
  • VNET_ADDRSPERNET => 32

With this information, the private network layout that will be defined by the Cluster Controller (CC) is as follows:

Idx|VLAN| Segment ID | CC Gateway Start | CC Gateway End | VM Segment Start | VM Segment End| Segment Broadcast |
--------------------------------------------------------------------- ---------------------------------------------------
0 | 2| 192.168.0.0 | 192.168.0.1 | 192.168.0.8 | 192.168.0.9 | 192.168.0.30 | 192.168.0.31 |
1 | 3| 192.168.0.32 | 192.168.0.33 | 192.168.0.40 | 192.168.0.41 | 192.168.0.62 | 192.168.0.63 |
2 | 4| 192.168.0.64 | 192.168.0.65 | 192.168.0.72 | 192.168.0.73 | 192.168.0.94 | 192.168.0.95 |
3 | 5| 192.168.0.96 | 192.168.0.97 | 192.168.0.104 | 192.168.0.105 | 192.168.0.126 | 192.168.0.127 |
4 | 6| 192.168.0.128 | 192.168.0.129 | 192.168.0.136 | 192.168.0.137 | 192.168.0.158 | 192.168.0.159 |
5 | 7| 192.168.0.160 | 192.168.0.161 | 192.168.0.168 | 192.168.0.169 | 192.168.0.190 | 192.168.0.191 |
6 | 8| 192.168.0.192 | 192.168.0.193 | 192.168.0.200 | 192.168.0.201 | 192.168.0.222 | 192.168.0.223 |
7 | 9| 192.168.0.224 | 192.168.0.225 | 192.168.0.232 | 192.168.0.233 | 192.168.0.254 | 192.168.0.255 |
8 | 10| 192.168.1.0 | 192.168.1.1 | 192.168.0.8 | 192.168.1.9 | 192.168.1.30 | 192.168.1.31 |
9 | 11| 192.168.1.32 | 192.168.1.33 | 192.168.0.40 | 192.168.1.41 | 192.168.1.62 | 192.168.1.63 |
10 | 12| 192.168.1.64 | 192.168.1.65 | 192.168.0.72 | 192.168.1.73 | 192.168.1.94 | 192.168.1.95 |
11 | 13| 192.168.1.96 | 192.168.1.97 | 192.168.0.104 | 192.168.1.105 | 192.168.1.126 | 192.168.1.127 |
12 | 14| 192.168.1.128 | 192.168.1.129 | 192.168.0.136 | 192.168.1.137 | 192.168.1.158 | 192.168.1.159 |
13 | 15| 192.168.1.160 | 192.168.1.161 | 192.168.0.168 | 192.168.1.169 | 192.168.1.190 | 192.168.1.191 |
14 | 16| 192.168.1.192 | 192.168.1.193 | 192.168.0.200 | 192.168.1.201 | 192.168.1.222 | 192.168.1.223 |
15 | 17| 192.168.1.224 | 192.168.1.225 | 192.168.0.232 | 192.168.1.233 | 192.168.1.254 | 192.168.1.255 |
16 | 18| 192.168.2.0 | 192.168.2.1 | 192.168.0.8 | 192.168.2.9 | 192.168.2.30 | 192.168.2.31 |
17 | 19| 192.168.2.32 | 192.168.2.33 | 192.168.0.40 | 192.168.2.41 | 192.168.2.62 | 192.168.2.63 |
18 | 20| 192.168.2.64 | 192.168.2.65 | 192.168.0.72 | 192.168.2.73 | 192.168.2.94 | 192.168.2.95 |
19 | 21| 192.168.2.96 | 192.168.2.97 | 192.168.0.104 | 192.168.2.105 | 192.168.2.126 | 192.168.2.127 |
20 | 22| 192.168.2.128 | 192.168.2.129 | 192.168.0.136 | 192.168.2.137 | 192.168.2.158 | 192.168.2.159 |
21 | 23| 192.168.2.160 | 192.168.2.161 | 192.168.0.168 | 192.168.2.169 | 192.168.2.190 | 192.168.2.191 |
22 | 24| 192.168.2.192 | 192.168.2.193 | 192.168.0.200 | 192.168.2.201 | 192.168.2.222 | 192.168.2.223 |
23 | 25| 192.168.2.224 | 192.168.2.225 | 192.168.0.232 | 192.168.2.233 | 192.168.2.254 | 192.168.2.255 |
24 | 26| 192.168.3.0 | 192.168.3.1 | 192.168.0.8 | 192.168.3.9 | 192.168.3.30 | 192.168.3.31 |
25 | 27| 192.168.3.32 | 192.168.3.33 | 192.168.0.40 | 192.168.3.41 | 192.168.3.62 | 192.168.3.63 |
26 | 28| 192.168.3.64 | 192.168.3.65 | 192.168.0.72 | 192.168.3.73 | 192.168.3.94 | 192.168.3.95 |
27 | 29| 192.168.3.96 | 192.168.3.97 | 192.168.0.104 | 192.168.3.105 | 192.168.3.126 | 192.168.3.127 |
28 | 30| 192.168.3.128 | 192.168.3.129 | 192.168.0.136 | 192.168.3.137 | 192.168.3.158 | 192.168.3.159 |
29 | 31| 192.168.3.160 | 192.168.3.161 | 192.168.0.168 | 192.168.3.169 | 192.168.3.190 | 192.168.3.191 |
30 | 32| 192.168.3.192 | 192.168.3.193 | 192.168.0.200 | 192.168.3.201 | 192.168.3.222 | 192.168.3.223 |
31 | 33| 192.168.3.224 | 192.168.3.225 | 192.168.0.232 | 192.168.3.233 | 192.168.3.254 | 192.168.3.255 |

A few things to note here:

  • The 'Idx' (index) starts at 0 and is directly mapped to the starting 'VLAN ID' value of 2
  • The IPs reserved in each index (i.e. security group) for Eucalyptus:
    • Segment ID
    • CC Gateway Start
    • CC Gateway End
    • Segment Broadcast
  • The IPs reserved in each index (i.e. security group) for instances:
    • VM Segment Start
    • VM Segment End

To summarize, each segment will have 10 addresses reserved for the segment ID, leaving 22 addresses per segment for instance private IPs.  Since each segment (Idx - index) represents a security group, this means that in the example above, the cloud administrator could potentially have up to 32 active security groups at one time on a Eucalyptus cloud.

Difference Between Managed and Managed-NOVLAN

Using the example above, there are a couple of differences between Managed and Managed-NOVLAN.  

  1. VLAN IDs do not apply in Managed-NOVLAN.  The 'Idx' is still used since it references the security groups, but the 'VLAN' column is ignored.
  2. The cloud properties 'cloud.network.global_max_network_tag' and 'cloud.network.global_min_network_tag' only apply in Managed networking mode.  

Viewing the Cluster Controller Private Networking Logic

To get a better understanding as to how the Cluster Controller has carved up the network for instances running on a given cloud using Managed or Managed-NOVLAN networking mode, the cloud administrator only needs to change the logging level (LOGLEVEL) in the CC's eucalyptus.conf file to DEBUG:

LOGLEVEL="DEBUG"

This will dynamically change the logging to show DEBUG level messages.  The cloud administrator can then just view the /var/log/eucalyptus/cc.log file to see mappings associated with each running instance.  Here is an example from a Eucalyptus 4.0.1 cloud in Managed mode (depending upon the version of Eucalyptus, the output may vary):

2014-08-30 06:51:10 DEBUG 000018555 instIpSync | instanceId=i-DCE77C88 CCpublicIp=10.104.6.231 CCprivateIp=172.18.249.51 CCprivateMac=D0:0D:DC:E7:7C:88 CCvlan=998 CCnetworkIndex=51 NCpublicIp=10.104.6.231 NCprivateIp=172.18.249.51 NCprivateMac=D0:0D:DC:E7:7C:88 NCvlan=998 NCnetworkIndex=51
2014-08-30 06:51:10 DEBUG 000018555 instIpSync | instanceId=i-F1DCC860 CCpublicIp=10.104.6.234 CCprivateIp=172.18.249.22 CCprivateMac=D0:0D:F1:DC:C8:60 CCvlan=998 CCnetworkIndex=22 NCpublicIp=10.104.6.234 NCprivateIp=172.18.249.22 NCprivateMac=D0:0D:F1:DC:C8:60 NCvlan=998 NCnetworkIndex=22
2014-08-30 06:51:10 DEBUG 000018555 instIpSync | instanceId=i-2ED96834 CCpublicIp=10.104.6.230 CCprivateIp=172.18.237.243 CCprivateMac=D0:0D:2E:D9:68:34 CCvlan=953 CCnetworkIndex=51 NCpublicIp=10.104.6.230 NCprivateIp=172.18.237.243 NCprivateMac=D0:0D:2E:D9:68:34 NCvlan=953 NCnetworkIndex=51
2014-08-30 06:51:10 DEBUG 000018555 instIpSync | instanceId=i-BB7086C2 CCpublicIp=10.104.6.232 CCprivateIp=172.18.223.222 CCprivateMac=D0:0D:BB:70:86:C2 CCvlan=897 CCnetworkIndex=30 NCpublicIp=10.104.6.232 NCprivateIp=172.18.223.222 NCprivateMac=D0:0D:BB:70:86:C2 NCvlan=897 NCnetworkIndex=30
2014-08-30 06:51:10 DEBUG 000018555 instIpSync | instanceId=i-668A67A8 CCpublicIp=10.104.6.233 CCprivateIp=172.18.223.211 CCprivateMac=D0:0D:66:8A:67:A8 CCvlan=897 CCnetworkIndex=19 NCpublicIp=10.104.6.233 NCprivateIp=172.18.223.211 NCprivateMac=D0:0D:66:8A:67:A8 NCvlan=897 NCnetworkIndex=19
2014-08-30 06:51:10 DEBUG 000018555 instIpSync | instanceId=i-73572564 CCpublicIp=10.104.6.235 CCprivateIp=172.18.223.227 CCprivateMac=D0:0D:73:57:25:64 CCvlan=897 CCnetworkIndex=35 NCpublicIp=10.104.6.235 NCprivateIp=172.18.223.227 NCprivateMac=D0:0D:73:57:25:64 NCvlan=897 NCnetworkIndex=35

As you can see, each 'instIpSync' call displays the following:

  • instanceId
  • CCpublicIp
  • CCprivateIp
  • CCprivateMac
  • CCvlan
  • CCnetworkIndex
  • NCpublicIp
  • NCprivateIp
  • NCprivateMac 
  • NCvlan
  • NCnetworkIndex

For more information regarding how this relates to bridge information for instances in Managed networking modes, check out an earlier Knowledge Base article entitled 'Understanding Bridge and VLAN Management in Eucalyptus Managed Networking Mode'.

Have more questions? Submit a request

Comments

Powered by Zendesk