In Managed (No VLAN) mode, Eucalyptus fully manages the local VM
instance network and provides all of the networking features
Eucalyptus currently supports, including security groups, elastic
IPs, etc. However, it does not provide VM network isolation.
VLAN isolation at the bridge level, it is possible in Managed (No
VLAN) mode for a root user on one VM to snoop and/or interfere with
the ethernet traffic of other VMs running on the same layer 2
Tip: In Managed (No VLAN) mode, VM isolation is provided by
having different security groups on different subnets—this
translates into Layer-3 only VM isolation.
Managed (No VLAN) Mode Requirements
- There must be an available range of IP addresses for the
virtual subnets. This range must not interfere with the
physical network. Typically these IP addresses are selected
from the private IP ranges: 192.168.x.x, 10.x.x.x, etc.
- Any firewall running on the Cluster Controller must be
compatible with the dynamic changes performed by Eucalyptus
when working with security groups. (Note that Eucalyptus
will flush the 'filter' and 'nat' tables upon boot).
- A range of public IP addresses must be available for use by
- The CC must have a DHCP server daemon installed that is
compatible with ISC DHCP Daemon version 3.0.X.
- If you plan to set up more than one cluster, you need to have a bridge for security groups
to span the clusters.
Managed (No VLAN) Mode Limitations
- Limited (Layer-3) VM isolation.