Difference between revisions of "UEC: Manajemen Network"
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
Line 1: | Line 1: | ||
− | |||
==System== | ==System== | ||
Line 6: | Line 5: | ||
Mode ini sangat mudah untuk di setup karena tidak membutuhkan banyak persyaratan dalam hal networking, kecuali menjalankan DHCP server di jaringan enterprise. Teknik ini sangat baik untuk mulai menjalankan Eucalyptus, terutama jika kita ingin mensetup di laptop / desktop untuk dapat mengerti cara kerja Eucalyptus. | Mode ini sangat mudah untuk di setup karena tidak membutuhkan banyak persyaratan dalam hal networking, kecuali menjalankan DHCP server di jaringan enterprise. Teknik ini sangat baik untuk mulai menjalankan Eucalyptus, terutama jika kita ingin mensetup di laptop / desktop untuk dapat mengerti cara kerja Eucalyptus. | ||
− | + | Mode ini mirip dengan "Bridged Networking” yang biasanya digunakan oleh hypervisor seperti VMware, VirtualBox dll. yang memberikan atau seperti “tap” networking oleh KVM/Qemu. | |
− | == | + | ==Mode Statik== |
− | + | Mode statik memberikan administrator Eucalyptus kontrol yang lebih mudah pada alokasi VM IP address daripada mode System. Pada mode ini, administrator akan mengkonfigurasi Eucalyptus untuk melakukan pemetaan antara pasangan MAC address/IP Address di CC. | |
Before requesting NC to raise an instance, CC sets up a static entry within a Eucalyptus controlled DHCP server, takes the next free MAC/IP pair, and passes on to NC, which attaches the virtual NIC of the instance to the physical NIC of the Node through a bridge similar to how it is handled in ‘System’ mode. | Before requesting NC to raise an instance, CC sets up a static entry within a Eucalyptus controlled DHCP server, takes the next free MAC/IP pair, and passes on to NC, which attaches the virtual NIC of the instance to the physical NIC of the Node through a bridge similar to how it is handled in ‘System’ mode. |
Revision as of 07:25, 30 December 2010
System
Pada System mode, CC akan membuat dan mengalokasikan MAC address random ke VM instance sambil meminta NC untuk menjalankan instance. NC akan menempelkan VM instance virtual NIC ke NIC fisik di node melalui bridge. Pada mode ini, membutuhkan node yang terhubung langsung ke jaringan enterprise. Instance memperoleh IP address menggunakan DHCP, seperti semua mesin yang ada di jaringan.
Mode ini sangat mudah untuk di setup karena tidak membutuhkan banyak persyaratan dalam hal networking, kecuali menjalankan DHCP server di jaringan enterprise. Teknik ini sangat baik untuk mulai menjalankan Eucalyptus, terutama jika kita ingin mensetup di laptop / desktop untuk dapat mengerti cara kerja Eucalyptus.
Mode ini mirip dengan "Bridged Networking” yang biasanya digunakan oleh hypervisor seperti VMware, VirtualBox dll. yang memberikan atau seperti “tap” networking oleh KVM/Qemu.
Mode Statik
Mode statik memberikan administrator Eucalyptus kontrol yang lebih mudah pada alokasi VM IP address daripada mode System. Pada mode ini, administrator akan mengkonfigurasi Eucalyptus untuk melakukan pemetaan antara pasangan MAC address/IP Address di CC.
Before requesting NC to raise an instance, CC sets up a static entry within a Eucalyptus controlled DHCP server, takes the next free MAC/IP pair, and passes on to NC, which attaches the virtual NIC of the instance to the physical NIC of the Node through a bridge similar to how it is handled in ‘System’ mode.
This mode of networking is similar to “Bridged Networking” that hypervisors like VMware, VirtualBox etc. offer or like “tap” networking offered by KVM/Qemu.
This mode is useful for administrators who have a pool of MAC/IP addresses that they wish to always assign to their instances without relying on the DHCP server running in the enterprise network.
Note – Running Eucalyptus in System or Static mode disables some of the following key functionalities that would make an enterprise deployment more manageable:
- Ingress filtering for the instances ( Security Groups )
- User Controlled dynamic assignment of IPs to instances ( Elastic IPs )
- Isolation of network traffic between instances VMs
- Availability of the meta-data service (use of the http://169.254.169.254/ URL to obtain instance specific information)
Managed
Managed mode is the most feature rich mode offered by Eucalyptus. In this mode, the Eucalyptus administrator defines a large network (usually private and unroutable) from which VM instances will draw their IP addresses. As with Static mode, CC will maintain a DHCP server with static mappings for each instance that is raised and allocate the right IPs at the time of requesting an NC to raise the instance.
Managed mode implements ‘security groups’ for ingress filtering and isolation of instances. The user specifies a security group to which the new instance should be associated with, at the time of requesting a new instance. CC allocates a subset of the entire range of IPs to each security group in such a way that all the instances raised to be a part of the same security group use IPs from the same subset.
The user can define ingress filtering rules at the ‘security group’ level. More on this in the chapter on Security. In addition, the administrator can specify a pool of public IP addresses that users may allocate, either while raising the instances or later at run-time. This functionality is similar to ‘elastic IPs’ of AWS.
Eucalyptus administrators who need to implement require security groups, elastic IPs, and VM network isolation must use this mode.
Managed NOVLAN
This mode is identical to MANAGED mode in terms of features (dynamic IPs and security groups), but does not provide VM network isolation. Eucalyptus administrators who want dynamic assignable IPs and the security groups, but are not in a position to run on a network that allows VLAN tagged packets or those who do not have a need for VM network isolation can use this mode. Comparison of Eucalyptus Networking Modes
Sl.No Networking Type DHCP Server running on the network CC runs its own DHCP server Instance Isolation Private IPs Ingress Filtering 1. System Required No No No No 2. Static No Yes No No No 3. Managed No Yes Yes Yes Yes 4. Managed-NOVLAN No Yes No Yes Yes
Configurations
For the sake of convenience, the following network setup is assumed.
Managed and Managed-NOVLAN
CC – two interfaces eth0 and eth1. eth1 is connected to internet and eth0 is connected to NC. NC – one interface eth0, which is part of bridge br0 and this is connected to CC.
System and Static Mode
CC – one interfaces eth0 connected to the enterprise network. NC – One interface eth0, which is part of bridge br0 connected to the enterprise network.
The following settings have to be made in /etc/eucalyptus/eucalyptus.conf file on CC and NC to configure the corresponding networking mode.
Daftar Perintah
Untuk melihat daftar dari IP address publik yang di alokasikan untuk instance menggunakan perintah berikut
uecadmin@client1:~$ euca-describe-addresses ADDRESS 192.168.10.200 nobody ADDRESS 192.168.10.201 nobody ADDRESS 192.168.10.202 nobody ADDRESS 192.168.10.203 nobody ADDRESS 192.168.10.204 nobody ADDRESS 192.168.10.205 nobody ADDRESS 192.168.10.206 nobody ADDRESS 192.168.10.207 nobody ADDRESS 192.168.10.208 nobody ADDRESS 192.168.10.209 nobody ADDRESS 192.168.10.210 nobody ADDRESS 192.168.10.211 nobody ADDRESS 192.168.10.212 nobody ADDRESS 192.168.10.213 nobody ADDRESS 192.168.10.214 nobody ADDRESS 192.168.10.215 nobody ADDRESS 192.168.10.216 nobody ADDRESS 192.168.10.217 nobody ADDRESS 192.168.10.218 nobody ADDRESS 192.168.10.219 nobody ADDRESS 192.168.10.220 nobody
Untuk mengalokasikan sebuah IP address publik untuk user tertentu:
uecadmin@client1:~$ euca-allocate-address ADDRESS 192.168.10.200
Untuk melepaskan IP address publik dari user tertentu:
uecadmin@client1:~$ euca-release-address 192.168.10.200
Untuk mengasosiasikan sebuah IP address publik ke instance yang sedang berjalan
uecadmin@client1:~$ euca-associate-address -i i-4799086D 192.168.10.200
Untuk men-disasosiasi-kan sebuah IP address publik dari Instance yang sedang berjalan
uecadmin@client1:~$ euca-disassociate-address 192.168.10.200