vcl-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Georgy Mathew Kallumkal <geo...@ncsu.edu>
Subject Re: Additional VM Networks in Virtual Host profile
Date Thu, 02 Aug 2012 15:22:26 GMT
Hi Dimitri,

I couldn't quite understand what you have done. And couldn't find the
attachment too.

-Georgy

On Thu, Aug 2, 2012 at 10:54 AM, Mani Shafa'atDoost <mani.doost@gmail.com>wrote:

> Hi Dimitri,
>
> I had some difficulties to understand what are you going to do. But, as far
> as I understood, you are planing to add more than 2 NICs on each VM(
> depends on preconfigured network information) and then assign these NICs to
> special VLAN group.
> I was thinking to use the same method but there are some problem of using
> of just VLans:
> 1. You can't make a communication between two VMs which are located over
> the router by using Vlan.
> 2. You can't control traffic and make special rules for traffic of each VM.
> 3. This solution isn't extendable if you want to extend VCL in near future.
> So I came with the following solution :
> http://users.cis.fiu.edu/~mshaf012/pdf/OpenVswitch.pdf
>
> BTW, I can't see your attachment, it would be better to upload it
> somewhere.
>
> Best Regards
> Mani
>
> On Thu, Aug 2, 2012 at 10:29 AM, Dmitri Chebotarov <dchebota@gmu.edu>
> wrote:
>
> > Hi
> >
> > I would like to share a method of adding custom networks per a VCL image.
> > This solution is based on the code already present in VCL.
> >
> > This solution is not end-user/student oriented. There is no option to
> > specify networks during reservation.
> > Network(s) and VM hosts needs to be preconfigured before custom networks
> > can be used.
> > Switch Local VLAN IDs can be used to create isolated networks for VCL.
> > Global VLAN IDs can be used to give VCL reservations access to different
> > networks.
> >
> > Isolated network use example would be a security class where malicious
> > traffic needs to be generated and analyzed. Running such class on
> > public/private VCL network is not desirable, so an isolated VCL network
> can
> > be used in this case. In case with isolated networks a DHCP server needs
> to
> > be present to provide IP addresses on isolated networks. The DHCP server
> > can be part of VCL infrastructure or be a very-long-term server
> reservation
> > (the new feature in VCL 2.3).
> >
> > Global use example would be a VCL reservation which needs access to a
> > department network or lab environment. It allows to connect VCL
> > reservations to existing infrastructure.
> >
> > It's different from CS/OS implementation as it doesn't give any control
> > over networking to end-user, hence no security concerns about VCL
> end-users
> > getting unwanted access to a custom network(s).
> > Since custom network(s) is part of the image properties, only
> groups/users
> > who allowed to make reservation based on the image will have access to
> > specified networks.
> >
> > Below is PDF file with code changes. I've tested it in sandbox env and it
> > seems to be working well.
> >
> >
> >
> >
> > Thanks.
> >
> > On Jul 31, 2012, at 13:16 , Mani Shafa'atDoost <mani.doost@gmail.com>
> > wrote:
> >
> > > Hi  Dmitri,
> > >
> > > This seems interesting to me.  I am planing to do a contribution on VCL
> > > project which allow you to make a network topology of VMs and load this
> > > topology instead of one VM. For this reason I need to add more NIC on
> > some
> > > images and also I need to make a mechanism for this communication.
> > > I have read a lot about this and I think the best option is using Open
> > > Vswitch on VCL which has a strong support on networking part and allow
> > you
> > > to do many things on network side. Currently I am making some documents
> > and
> > > I will post it here. I would be happy to see some other people from
> this
> > > group to work on networking part.
> > >
> > >
> > > On Tue, Jul 31, 2012 at 12:55 PM, Dmitri Chebotarov <dchebota@gmu.edu
> > >wrote:
> > >
> > >> Hi
> > >>
> > >> Looks like VMware.pm already has a code to add custom networking based
> > on
> > >> project name:
> > >>
> > >>        # Add additional Ethernet interfaces if the image project name
> is
> > >> not vcl
> > >>        if ($image_project !~ /^vcl$/i &&
> > >> $self->api->can('get_network_names')) {
> > >>                notify($ERRORS{'DEBUG'}, 0, "image project is:
> > >> $image_project, checking if additional network adapters should be
> > >> configured");
> > >>
> > >>                # Get a list of all the network names configured on the
> > >> VMware host
> > >>                my @network_names = $self->api->get_network_names();
> > >>                notify($ERRORS{'DEBUG'}, 0, "retrieved network names
> > >> configured on the VM host: " . join(", ", @network_names));
> > >>
> > >>                # Check each network name
> > >>                # Begin the index at 2 for additional interfaces added
> > >> because ethernet0 and ethernet1 have already been added
> > >>                for my $network_name (@network_names) {
> > >>                        if ($network_name =~ /$image_project/i ||
> > >> $image_project =~ /$network_name/i) {
> > >>                                notify($ERRORS{'DEBUG'}, 0, "network
> name
> > >> ($network_name) and image project name ($image_project) intersect,
> > adding
> > >> network interface to VM for network $network_name");
> > >>                                %vmx_parameters = (%vmx_parameters,
> > >> %{$self->get_generated_ethernet_vmx_definition($interface_index,
> > >> $network_name)});
> > >>                                $interface_index++;
> > >>                        }
> > >>                        else {
> > >>                                notify($ERRORS{'DEBUG'}, 0, "network
> name
> > >> ($network_name) and image project name ($image_project) do not
> > intersect,
> > >> network interface will not be added to VM for network $network_name");
> > >>                        }
> > >>                }
> > >>
> > >>        }
> > >>        else {
> > >>                notify($ERRORS{'DEBUG'}, 0, "image project is:
> > >> $image_project, additional network adapters will not be configured");
> > >>        }
> > >>
> > >> By default all image has project as 'vcl'.
> > >> Currently project name can only be in ('vcl','hpc','vclhpc').
> > >> Will it be OK to remove ENUM on project column, create corresponding
> > >> additional networks on ESXi servers and use this option to add custom
> > >> networks?
> > >>
> > >> I've also tested how additional VM networks in Virtual Host profile
> > work.
> > >> Once I configured profile with additional networks, these networks are
> > >> added to each reservation which starts on corresponding VM host.
> > >> This may not be what I'm looking for, as I don't need all these
> networks
> > >> on each image.
> > >>
> > >> Thank you.
> > >>
> > >> On Jul 31, 2012, at 11:39 , Dmitri Chebotarov <dchebota@gmu.edu>
> wrote:
> > >>
> > >>> Hi
> > >>>
> > >>> VCL 2.3 has added two more VM Networks in Virtual Host profile.
> > >>> Can I use these networks (all at once or selectively) in images?
> > >>>
> > >>> I'm looking to add custom network interface to a Linux image (in
> > >> addition to default Private/Public).
> > >>>
> > >>> --
> > >>> Thank you,
> > >>>
> > >>> Dmitri Chebotarov
> > >>> Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging
> > >>> 223 Aquia Building, Ffx, MSN: 1B5
> > >>> Phone: (703) 993-6175
> > >>> Fax: (703) 993-3404
> > >>>
> > >>>
> > >>>
> > >>>
> > >>
> > >>
> > >>
> > >> --
> > >> Thank you,
> > >>
> > >> Dmitri Chebotarov
> > >> Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging
> > >> 223 Aquia Building, Ffx, MSN: 1B5
> > >> Phone: (703) 993-6175
> > >> Fax: (703) 993-3404
> > >>
> > >>
> > >>
> > >>
> > >>
> > >
> > >
> > > --
> > > Best Regards
> > > Mani
> >
> >
> >
> > --
> > Thank you,
> >
> > Dmitri Chebotarov
> > Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging
> > 223 Aquia Building, Ffx, MSN: 1B5
> > Phone: (703) 993-6175
> > Fax: (703) 993-3404
> >
> >
> >
> >
> >
> >
>
>
> --
> Best Regards
> Mani
>

Mime
View raw message