4 virtual router cloudstack developer day
Post on 19-Oct-2014
2.155 views
DESCRIPTION
4 virtual router CloudStack Developer Day By Alex Huang Architect, Cloud Platforms Group, Citrix Systems Inc.TRANSCRIPT
CloudStack Virtual Router
Alex Huang
November 5 2012
CloudStack Virtual Router (Virtual Router)
• The Virtual Router will be deployed once (when the first instance is deployed in a Zone) when a Shared Network is used providing DHCP and DNS services for the Zone’s Instances (IPs will be allocated from the Public IP Range entered in CloudStack)
• When Advanced is used the Router will be deployed Per-Account (and Per Unique Isolated Guest Network)
• Virtual Router can serve and isolate VMs even if deployed on a different Hypervisor
CloudStack Virtual Router
• The Virtual Router will have 3 NICs: – Eth0 will be connected to the Isolated Guest Network (for Advanced VLAN). It will have the first IP in
the CIDR (for example10.1.1.1) and it will be the DNS, DHCP and Gateway for the Instances in the Private Guest Network.
– Eth1 resides on local-link network (only for KVM and XenServer) or the Management Network (on VMware) and is used by CloudStack to configure the virtual router. On VMware it will use an IPs from the Management Network IP Range (e.g. Pod Private Range)
– Eth2 resides on the Public Network and assigned with a Public IP from the range entered in CloudStack (users can ‘Acquire New IPs’ if needed)
• In the default Isolated Mode - Source NAT is automatically configured on the virtual router to forward outbound traffic for all guest VMs and block all incoming traffic (users can manage incoming rules from UI)
Virtual Router Information (applies to all Sys. VMs)
• Debian 6.0 ("Squeeze"), 2.6.32 kernel with the latest security patches from the Debian security APT repository. No extraneous accounts
• 32-bit for enhanced performance on Xen/VMWare
• Only essential software packages are installed. Services such as, printing, ftp, telnet, X, kudzu, dns, sendmail are not installed.
• SSHd only listens on the private/link-local interface. SSH port has been changed to a non-standard port. SSH logins only using keys (keys are generated at install time and are unique for every customer)
• pvops kernel with Xen paravirt drivers + KVM virtio drivers + VMware tools for optimum performance on all hypervisors. Xen tools inclusion allows performance monitoring
• Template is built from scratch and is not polluted with any old logs or history
• Latest versions of haproxy, iptables, ipsec, apache from debian repository ensures improved security and speed
• Latest version of jre from Oracle ensures improved security and speed