-
Switching
Network is a key element in IT infrastructure. It transfers data between virtual and physical objects and integrates them into a functioning system. An incorrectly selected type of network configuration, an error in the configuration of clusters, nodes or virtual machines can significantly complicate matters for the IT department in the future: increase labor costs, jeopardize uninterrupted operation, or make scaling impossible. That is why in the sixth version of the VMmanager platform we have made managing networks simpler. Several ready-made configuration options are available:
- Switching
- Routing
- IP fabric
These solutions cover most tasks.
Network settings are implemented at the cluster level.Consistency of cluster network configurations ensures maximum automation of processes. This helps to avoid unforeseen errors that may affect business processes of the company.
Three types of network configuration in VMmanager: switching, routing and IP fabricLet us now review each type of network configuration separately.
Switching
This scheme is the easiest to implement and it is well suited for building a small IT infrastructure on your own equipment, or equipment rented from a data center. In this scheme, the newly created VMs behave as if they are directly connected to the network. To the network, each VM appears as having its own MAC address. It functions as a virtual unmanaged switch that connects all the VMs into the network with the servers. In fact, one or two Linux bridges are provided for all virtual machines on the server. In VMmanager, IP addresses are assigned to the entire cluster for convenience of managing them in the Networks section.
To use the configuration, simply create a new cluster and select Switching under Network configuration type.
Let us look at the three cases that are best suited for the Switching network configuration.
Cluster with connection via public IP addresses
The Switching network configuration is suitable for a cluster with a connection via a public IP address. Both virtual machines and hypervisor have transparent access to the external network, which is connected through the physical network adapter of the node. This scheme is the most popular because it allows you to provide easy access to virtual machines as ordinary nodes on the local network.
Suppose we rent several empty servers in a Moscow data center. They are accessed via a public IP address. To start working, you need to:
- add servers to the platform,
- combine them into one cluster using the Switching configuration in VMmanager,
- specify the assigned pool of IP addresses for VMs in the control panel.
VMmanager will perform all the required actions on servers automatically.
Connection via a public address — cluster for virtualization on servers rented from a Moscow data centerCluster with an isolated network
In this case, several servers are located on the premises of the company: e.g. in the next room. The Switching network configuration is equally good for such cases.
The network engineer connects the servers to the internal network. At the same time, virtual machines are expected to use a public IP address. This configuration requires at least two network interfaces on the servers and isolation of the hypervisor from the external network and virtual machines.
When it can be useful to have a cluster with an isolated network
- For virtualization of a terminal device such as a gateway.
- If virtual machines are outside the trusted network and access to the hypervisor must be blocked according to corporate security rules.
You do not necessarily have to assign a public IP address to the node's network interface — the scheme will be functional also without a configured TCP/IP on the public server’s interface. VMs on the node will be accessible from the Internet via their own IP address. This allows saving IP addresses. VNC access to virtual machines is provided in this scheme through noVNC directly from VMmanager by proxying through the master node.
Isolated network — a cluster for hosting based on your own serversVirtualization cluster for user's own projects
In this case, the connection scheme is almost identical to the previous example. The difference is that you need to create a cluster with two interfaces. When adding servers to such a cluster, VMmanager will scan all physical interfaces and offer to choose which one to add to the main network and which one – to the additional network. After that, you can create virtual machines included in one or both networks at the same time. This is convenient for setting up internal services, for which you need to configure user access flexibly.
Cluster for own projects from user's infrastructure serversThe Switching network configuration type allows you to easily configure the network without changing the settings of the network equipment. This is suitable for own or rented medium size infrastructure, but not for servers rented from Hetzner, myLoc or OVH data centers.
Complexity level: low
Routing
Routing network type can be used if:
- you rent servers from a data center without access to the network equipment;
- IP address routing on the node is arranged via /32 mask;
- port-security technology is used on network equipment ports, which allows to reject packets from unknown MAC addresses.
This configuration can be found in data centers such as Hetzner, myLoc, OVH and others, for which this configuration has been developed.
Features of Routing configuration:
- routing on the node;
- due to routing via /32 mask, IP addresses are assigned to a particular node;
- live migration is prohibited in the cluster.
Routing — a cluster for virtualization based on rented serversThe Routing network configuration type works out-of-the-box at Hetzner and OVH data centers. In a user's own infrastructure, it requires to pre-configure routing on equipment manually.
Complexity level: low
IP-fabric
Using IP fabric, you can set up a cluster of virtual machines with public IP addresses on top of the private local network of your organization.
Features of IP fabric
- The hypervisor works without a Linux bridge.
- Virtual machines are assigned IP addresses with the /32 mask.
- A separate virtual interface is a default gateway for each virtual machine.
- The nodes function as routers.
- Exchange of iBGP routes between the physical server and the adjacent Route Reflectors.
- Routes to virtual machines are updated in real time via the iBGP protocol.
- Public IP addresses are placed on top of the private network infrastructure.
IP fabric operating algorithm
- Virtual machines are created on the node via libvirt.
- Routing on the node is set up and the Bird service is configured.
- Bird announces the new route to the virtual machine via iBGP to the Route Reflector.
- The Route Reflector passes this route via iBGP further onto the Core Gateway.
- Core Gateway receives the information about the route to the new virtual machine and is able to process its traffic in both directions.
IP fabric allows migrating the virtual machine along with its IP address to a new node. In case of live migration, the virtual machine remains unavailable for 3-5 seconds. Route Reflectors are not necessarily involved in routing of the traffic. They can be BGP intermediaries between the nodes and the Core Gateway. This way, both simple physical servers with Bird on board and routers can be used as RRs.
IP fabric — a cluster for virtualization on user's own infrastructure in St. PetersburgAdvantages of IP fabric:
- reduced service and broadcast traffic,
- saving IP addresses,
- isolation of virtual machines,
- IP addresses are not bound to nodes.
To use this scheme, create a new cluster with the IP fabric network configuration type. Specify the IP and MAC address of the VM gateway or leave the generated default values. Then enter the BGP community string, the value of the autonomous system and BGP sessions configuration parameters (to be provided by your network engineer). To exchange routes between the node and the network equipment on the hypervisor nodes, the pre-configured Bird service is used.
Configuring IP fabric in the interfaceThe IP fabric network configuration can be used in a small test project. All it requires is the ability to configure BGP sessions on the Core Gateway side.
IP fabric network configuration is suitable for an own data center. It requires pre-configured exchange of BGP routes on network equipment and only works with CentOS 8.
Complexity level: medium
Coming up soon
In 4Q 2020, we will add support of yet another network scheme to VMmanager. The new scheme will support aggregated trunk ports of network interfaces on the node with VLAN deployed on a virtual machine.
What is your preferred method of configuring networks in your projects?
We recommend using VMmanager in combination with DCImanager to configure physical networks and manage VLANs on network equipment and servers.
10 September 2020
Reading time: 10 minutes