|Eucalyptus Installation / Configure the Runtime Environment|
In Managed and Managed (No VLAN) networking modes, you must configure the system with parameters that define how Eucalyptus will allocate and manage virtual machine ne
tworks. These virtual machine networks are known as security groups. The relevant parameters are set in the eucalyptus.conf on all machines running a CC. These parameters are:
The CC will read VNET_SUBNET and VNET_NETMASK to construct a range of IP addresses that are available to all security groups. This range will then be further divided into smaller networks based on the size specified in VNET_ADDRSPERNET. Note that Eucalyptus reserves eleven addresses per security group, so these networks will be smaller than the value specified in VNET_ADDRSPERNET.
The first time an instance runs in a given security group, Eucalyptus chooses an unused range of IPs of size specified in VNET_ADDRSPERNET. Eucalyptus then implements this network across all CCs. All instances that run within this given security group obtain a specific IP from this range.
In Managed mode, each security group network is assigned an additional parameter that is used as the VLAN tag. This parameter is added to all virtual machine traffic running within the security group. By default, Eucalyptus uses VLAN tags starting at 2, going to a maximum of 4094. The maximum is dependent on how many security group networks of the size specified in VNET_ADDRSPERNET fit in the network defined by VNET_SUBNET and VNET_NETMASK.
If your networking environment is already using VLANs for other reasons, Eucalyptus supports the definition of a smaller range of VLANs that are available to Eucalyptus. To configure Eucalyptus to use VLANs within a specified range:
euca-describe-properties | grep cluster.maxnetworktag euca-describe-properties | grep cluster.minnetworktag
euca-modify-property -p cloud.network.global_max_network_tag=<max_vlan_tag> euca-modify-property -p cloud.network.global_min_network_tag=<min_vlan_tag>This ensures that Eucalyptus will only use tags between 1024 and 2048, giving you a total of 1024 security groups, one VLAN per security group.