vcl-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mani Shafa'atDoost" <mani.do...@gmail.com>
Subject Re: Additional VM Networks in Virtual Host profile
Date Thu, 02 Aug 2012 14:54:02 GMT
Hi Dimitri,

I had some difficulties to understand what are you going to do. But, as far
as I understood, you are planing to add more than 2 NICs on each VM(
depends on preconfigured network information) and then assign these NICs to
special VLAN group.
I was thinking to use the same method but there are some problem of using
of just VLans:
1. You can't make a communication between two VMs which are located over
the router by using Vlan.
2. You can't control traffic and make special rules for traffic of each VM.
3. This solution isn't extendable if you want to extend VCL in near future.
So I came with the following solution :
http://users.cis.fiu.edu/~mshaf012/pdf/OpenVswitch.pdf

BTW, I can't see your attachment, it would be better to upload it somewhere.

Best Regards
Mani

On Thu, Aug 2, 2012 at 10:29 AM, Dmitri Chebotarov <dchebota@gmu.edu> wrote:

> Hi
>
> I would like to share a method of adding custom networks per a VCL image.
> This solution is based on the code already present in VCL.
>
> This solution is not end-user/student oriented. There is no option to
> specify networks during reservation.
> Network(s) and VM hosts needs to be preconfigured before custom networks
> can be used.
> Switch Local VLAN IDs can be used to create isolated networks for VCL.
> Global VLAN IDs can be used to give VCL reservations access to different
> networks.
>
> Isolated network use example would be a security class where malicious
> traffic needs to be generated and analyzed. Running such class on
> public/private VCL network is not desirable, so an isolated VCL network can
> be used in this case. In case with isolated networks a DHCP server needs to
> be present to provide IP addresses on isolated networks. The DHCP server
> can be part of VCL infrastructure or be a very-long-term server reservation
> (the new feature in VCL 2.3).
>
> Global use example would be a VCL reservation which needs access to a
> department network or lab environment. It allows to connect VCL
> reservations to existing infrastructure.
>
> It's different from CS/OS implementation as it doesn't give any control
> over networking to end-user, hence no security concerns about VCL end-users
> getting unwanted access to a custom network(s).
> Since custom network(s) is part of the image properties, only groups/users
> who allowed to make reservation based on the image will have access to
> specified networks.
>
> Below is PDF file with code changes. I've tested it in sandbox env and it
> seems to be working well.
>
>
>
>
> Thanks.
>
> On Jul 31, 2012, at 13:16 , Mani Shafa'atDoost <mani.doost@gmail.com>
> wrote:
>
> > Hi  Dmitri,
> >
> > This seems interesting to me.  I am planing to do a contribution on VCL
> > project which allow you to make a network topology of VMs and load this
> > topology instead of one VM. For this reason I need to add more NIC on
> some
> > images and also I need to make a mechanism for this communication.
> > I have read a lot about this and I think the best option is using Open
> > Vswitch on VCL which has a strong support on networking part and allow
> you
> > to do many things on network side. Currently I am making some documents
> and
> > I will post it here. I would be happy to see some other people from this
> > group to work on networking part.
> >
> >
> > On Tue, Jul 31, 2012 at 12:55 PM, Dmitri Chebotarov <dchebota@gmu.edu
> >wrote:
> >
> >> Hi
> >>
> >> Looks like VMware.pm already has a code to add custom networking based
> on
> >> project name:
> >>
> >>        # Add additional Ethernet interfaces if the image project name is
> >> not vcl
> >>        if ($image_project !~ /^vcl$/i &&
> >> $self->api->can('get_network_names')) {
> >>                notify($ERRORS{'DEBUG'}, 0, "image project is:
> >> $image_project, checking if additional network adapters should be
> >> configured");
> >>
> >>                # Get a list of all the network names configured on the
> >> VMware host
> >>                my @network_names = $self->api->get_network_names();
> >>                notify($ERRORS{'DEBUG'}, 0, "retrieved network names
> >> configured on the VM host: " . join(", ", @network_names));
> >>
> >>                # Check each network name
> >>                # Begin the index at 2 for additional interfaces added
> >> because ethernet0 and ethernet1 have already been added
> >>                for my $network_name (@network_names) {
> >>                        if ($network_name =~ /$image_project/i ||
> >> $image_project =~ /$network_name/i) {
> >>                                notify($ERRORS{'DEBUG'}, 0, "network name
> >> ($network_name) and image project name ($image_project) intersect,
> adding
> >> network interface to VM for network $network_name");
> >>                                %vmx_parameters = (%vmx_parameters,
> >> %{$self->get_generated_ethernet_vmx_definition($interface_index,
> >> $network_name)});
> >>                                $interface_index++;
> >>                        }
> >>                        else {
> >>                                notify($ERRORS{'DEBUG'}, 0, "network name
> >> ($network_name) and image project name ($image_project) do not
> intersect,
> >> network interface will not be added to VM for network $network_name");
> >>                        }
> >>                }
> >>
> >>        }
> >>        else {
> >>                notify($ERRORS{'DEBUG'}, 0, "image project is:
> >> $image_project, additional network adapters will not be configured");
> >>        }
> >>
> >> By default all image has project as 'vcl'.
> >> Currently project name can only be in ('vcl','hpc','vclhpc').
> >> Will it be OK to remove ENUM on project column, create corresponding
> >> additional networks on ESXi servers and use this option to add custom
> >> networks?
> >>
> >> I've also tested how additional VM networks in Virtual Host profile
> work.
> >> Once I configured profile with additional networks, these networks are
> >> added to each reservation which starts on corresponding VM host.
> >> This may not be what I'm looking for, as I don't need all these networks
> >> on each image.
> >>
> >> Thank you.
> >>
> >> On Jul 31, 2012, at 11:39 , Dmitri Chebotarov <dchebota@gmu.edu> wrote:
> >>
> >>> Hi
> >>>
> >>> VCL 2.3 has added two more VM Networks in Virtual Host profile.
> >>> Can I use these networks (all at once or selectively) in images?
> >>>
> >>> I'm looking to add custom network interface to a Linux image (in
> >> addition to default Private/Public).
> >>>
> >>> --
> >>> Thank you,
> >>>
> >>> Dmitri Chebotarov
> >>> Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging
> >>> 223 Aquia Building, Ffx, MSN: 1B5
> >>> Phone: (703) 993-6175
> >>> Fax: (703) 993-3404
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >> --
> >> Thank you,
> >>
> >> Dmitri Chebotarov
> >> Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging
> >> 223 Aquia Building, Ffx, MSN: 1B5
> >> Phone: (703) 993-6175
> >> Fax: (703) 993-3404
> >>
> >>
> >>
> >>
> >>
> >
> >
> > --
> > Best Regards
> > Mani
>
>
>
> --
> Thank you,
>
> Dmitri Chebotarov
> Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging
> 223 Aquia Building, Ffx, MSN: 1B5
> Phone: (703) 993-6175
> Fax: (703) 993-3404
>
>
>
>
>
>


-- 
Best Regards
Mani

Mime
View raw message