In Managed and Managed (No VLAN) networking modes, you must configure
the system with parameters that define how Eucalyptus will allocate
and manage virtual machine networks. These virtual machine networks
are known as security groups. The relevant parameters are set in the
eucalyptus.conf on all machines running a
CC. These parameters are:
- VNET_SUBNET
- VNET_NETMASK
- VNET_ADDRSPERNET
The CC will read VNET_SUBNET and
VNET_NETMASK to construct a range of IP
addresses that are available to all security groups. This range will
then be further divided into smaller networks based on the size
specified in VNET_ADDRSPERNET. Note that Eucalyptus
reserves eleven addresses per security group, so these networks will
be smaller than the value specified in
VNET_ADDRSPERNET.
The first time an instance runs in a given security group, Eucalyptus
chooses an unused range of IPs of size specified in
VNET_ADDRSPERNET. Eucalyptus then implements
this network across all CCs. All instances that run within this
given security group obtain a specific IP from this range.
 |
Tip
Eleven of the IP addresses within each security group
network are reserved for Eucalyptus to use as gateway addresses,
broadcast address, etc. For example, if you set
VNET_ADDRSPERNET to 32, there
will be 21 free IPs that are available for instances running in that
security group.
|
In Managed mode, each security group network is assigned an
additional parameter that is used as the VLAN tag. This parameter is
added to all virtual machine traffic running within the security
group. By default, Eucalyptus uses VLAN tags starting at 2, going to
a maximum of 4094. The maximum is dependent on how many security
group networks of the size specified in
VNET_ADDRSPERNET fit in the network defined by
VNET_SUBNET and VNET_NETMASK.
If your networking environment is already using VLANs for other
reasons, Eucalyptus supports the definition of a smaller range of
VLANs that are available to Eucalyptus. To configure Eucalyptus to
use VLANs within a specified range:
- Choose your range (a contiguous range of VLANs between 2 and
4095).
- Configure your cluster controllers with a
VNET_SUBNET/VNET_NETMASK/VNET_ADDRSPERNET that is large enough
to encapsulate your desired range. For example, for a VLAN range
of 1024-2048, you could set VNET_NETMASK to 255.254.0.0 to get a
large enough network (131072 addresses), and VNET_ADDRSPERNET to
64, to give 2048 possible VLANs.
- Configure your cloud controller to work within that range. Use
the following commands to verify that the range is now set to be
2-2048, a superset of the desired range.
euca-describe-properties | grep cluster.maxnetworktag
euca-describe-properties | grep cluster.minnetworktag
- Constrict the range to be within the range that the CC can
support as follows:
euca-modify-property -p cloud.network.global_max_network_tag=<max_vlan_tag>
euca-modify-property -p cloud.network.global_min_network_tag=<min_vlan_tag>
This ensures that Eucalyptus will only use tags between 1024 and
2048, giving you a total of 1024 security groups, one VLAN per
security group.
|
Tip
If VMs are already running in the system using a VLAN
tag that is outside the range specified by
global_min_network_tag-global_max_network_tag, that network will
continue to run until all VMs within the network are terminated and
the system removes reference to that network. Best practice is to
configure these values in advance of running virtual machines.
|
