Return-Path: X-Original-To: apmail-vcl-user-archive@www.apache.org Delivered-To: apmail-vcl-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 74151D223 for ; Thu, 2 Aug 2012 15:22:55 +0000 (UTC) Received: (qmail 86638 invoked by uid 500); 2 Aug 2012 15:22:55 -0000 Delivered-To: apmail-vcl-user-archive@vcl.apache.org Received: (qmail 86619 invoked by uid 500); 2 Aug 2012 15:22:55 -0000 Mailing-List: contact user-help@vcl.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@vcl.apache.org Delivered-To: mailing list user@vcl.apache.org Received: (qmail 86609 invoked by uid 99); 2 Aug 2012 15:22:55 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 02 Aug 2012 15:22:55 +0000 X-ASF-Spam-Status: No, hits=0.6 required=5.0 tests=FSL_RCVD_USER,HTML_MESSAGE,RCVD_IN_DNSWL_MED,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [74.125.149.82] (HELO na3sys009aog133.obsmtp.com) (74.125.149.82) by apache.org (qpsmtpd/0.29) with SMTP; Thu, 02 Aug 2012 15:22:50 +0000 Received: from mail-we0-f170.google.com ([74.125.82.170]) (using TLSv1) by na3sys009aob133.postini.com ([74.125.148.12]) with SMTP ID DSNKUBqbNI3fiUFhbZawBmX3X2xO74M3xStt@postini.com; Thu, 02 Aug 2012 08:22:29 PDT Received: by weyr1 with SMTP id r1so11089589wey.1 for ; Thu, 02 Aug 2012 08:22:26 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=932CZLTFOQdqXPWqSPyr3xHdV8sAXwdbAsagRK7b7+0=; b=LP0Y8gDN2xKFLkw4YUaYKlxWA0cuxzYez7V6/o/Q73WplMK6AYV4806wxwzg6KY3BU MgtzYuc6RmZA95mZU+cdR0K4VeeaMVYD4+XgAUDQ2hh0CsioeM5akdjqHX23pJjJ9bRU BlmR9HVYpsjvDBXjeCsWQpvRmm+j+DhamfQpR9qDcdh6/XsGX641zp37nqC9fnyK4aUS oWT1Is6R2OEFEE8rlz0k2+A7/eWASboaSN3MK6tFLYnEaY/DOnAQpy5poOm3U1NWoX3n KeeM5muSyjfopsVxgTCxR3zOGy6VftXPV3Iuh0pIs6JVJKnpZWBdb+iisPUGqYESY7o4 /8Qg== MIME-Version: 1.0 Received: by 10.180.100.37 with SMTP id ev5mr5618313wib.5.1343920946519; Thu, 02 Aug 2012 08:22:26 -0700 (PDT) Received: by 10.216.205.7 with HTTP; Thu, 2 Aug 2012 08:22:26 -0700 (PDT) In-Reply-To: References: <203FAB11-73BD-431D-AAF8-57E3764ED8D1@gmu.edu> <2BB26496-2097-446E-B6AA-1EF0D5C690F6@gmu.edu> <50C69D36-6DE3-4186-8687-5F8B33FFB777@gmu.edu> Date: Thu, 2 Aug 2012 11:22:26 -0400 Message-ID: Subject: Re: Additional VM Networks in Virtual Host profile From: Georgy Mathew Kallumkal To: dev@vcl.apache.org Cc: "user@vcl.apache.org" Content-Type: multipart/alternative; boundary=f46d041826d69fa00a04c649facd X-Gm-Message-State: ALoCoQnjExRm1N0zObaI2bB6XGoqtJ9m1uZAS2lLSsQywKFrnFFN548RNHNmbNKLmiiROlGWYxg2 X-Virus-Checked: Checked by ClamAV on apache.org --f46d041826d69fa00a04c649facd Content-Type: text/plain; charset=ISO-8859-1 Hi Dimitri, I couldn't quite understand what you have done. And couldn't find the attachment too. -Georgy On Thu, Aug 2, 2012 at 10:54 AM, Mani Shafa'atDoost wrote: > Hi Dimitri, > > I had some difficulties to understand what are you going to do. But, as far > as I understood, you are planing to add more than 2 NICs on each VM( > depends on preconfigured network information) and then assign these NICs to > special VLAN group. > I was thinking to use the same method but there are some problem of using > of just VLans: > 1. You can't make a communication between two VMs which are located over > the router by using Vlan. > 2. You can't control traffic and make special rules for traffic of each VM. > 3. This solution isn't extendable if you want to extend VCL in near future. > So I came with the following solution : > http://users.cis.fiu.edu/~mshaf012/pdf/OpenVswitch.pdf > > BTW, I can't see your attachment, it would be better to upload it > somewhere. > > Best Regards > Mani > > On Thu, Aug 2, 2012 at 10:29 AM, Dmitri Chebotarov > wrote: > > > Hi > > > > I would like to share a method of adding custom networks per a VCL image. > > This solution is based on the code already present in VCL. > > > > This solution is not end-user/student oriented. There is no option to > > specify networks during reservation. > > Network(s) and VM hosts needs to be preconfigured before custom networks > > can be used. > > Switch Local VLAN IDs can be used to create isolated networks for VCL. > > Global VLAN IDs can be used to give VCL reservations access to different > > networks. > > > > Isolated network use example would be a security class where malicious > > traffic needs to be generated and analyzed. Running such class on > > public/private VCL network is not desirable, so an isolated VCL network > can > > be used in this case. In case with isolated networks a DHCP server needs > to > > be present to provide IP addresses on isolated networks. The DHCP server > > can be part of VCL infrastructure or be a very-long-term server > reservation > > (the new feature in VCL 2.3). > > > > Global use example would be a VCL reservation which needs access to a > > department network or lab environment. It allows to connect VCL > > reservations to existing infrastructure. > > > > It's different from CS/OS implementation as it doesn't give any control > > over networking to end-user, hence no security concerns about VCL > end-users > > getting unwanted access to a custom network(s). > > Since custom network(s) is part of the image properties, only > groups/users > > who allowed to make reservation based on the image will have access to > > specified networks. > > > > Below is PDF file with code changes. I've tested it in sandbox env and it > > seems to be working well. > > > > > > > > > > Thanks. > > > > On Jul 31, 2012, at 13:16 , Mani Shafa'atDoost > > wrote: > > > > > Hi Dmitri, > > > > > > This seems interesting to me. I am planing to do a contribution on VCL > > > project which allow you to make a network topology of VMs and load this > > > topology instead of one VM. For this reason I need to add more NIC on > > some > > > images and also I need to make a mechanism for this communication. > > > I have read a lot about this and I think the best option is using Open > > > Vswitch on VCL which has a strong support on networking part and allow > > you > > > to do many things on network side. Currently I am making some documents > > and > > > I will post it here. I would be happy to see some other people from > this > > > group to work on networking part. > > > > > > > > > On Tue, Jul 31, 2012 at 12:55 PM, Dmitri Chebotarov > >wrote: > > > > > >> Hi > > >> > > >> Looks like VMware.pm already has a code to add custom networking based > > on > > >> project name: > > >> > > >> # Add additional Ethernet interfaces if the image project name > is > > >> not vcl > > >> if ($image_project !~ /^vcl$/i && > > >> $self->api->can('get_network_names')) { > > >> notify($ERRORS{'DEBUG'}, 0, "image project is: > > >> $image_project, checking if additional network adapters should be > > >> configured"); > > >> > > >> # Get a list of all the network names configured on the > > >> VMware host > > >> my @network_names = $self->api->get_network_names(); > > >> notify($ERRORS{'DEBUG'}, 0, "retrieved network names > > >> configured on the VM host: " . join(", ", @network_names)); > > >> > > >> # Check each network name > > >> # Begin the index at 2 for additional interfaces added > > >> because ethernet0 and ethernet1 have already been added > > >> for my $network_name (@network_names) { > > >> if ($network_name =~ /$image_project/i || > > >> $image_project =~ /$network_name/i) { > > >> notify($ERRORS{'DEBUG'}, 0, "network > name > > >> ($network_name) and image project name ($image_project) intersect, > > adding > > >> network interface to VM for network $network_name"); > > >> %vmx_parameters = (%vmx_parameters, > > >> %{$self->get_generated_ethernet_vmx_definition($interface_index, > > >> $network_name)}); > > >> $interface_index++; > > >> } > > >> else { > > >> notify($ERRORS{'DEBUG'}, 0, "network > name > > >> ($network_name) and image project name ($image_project) do not > > intersect, > > >> network interface will not be added to VM for network $network_name"); > > >> } > > >> } > > >> > > >> } > > >> else { > > >> notify($ERRORS{'DEBUG'}, 0, "image project is: > > >> $image_project, additional network adapters will not be configured"); > > >> } > > >> > > >> By default all image has project as 'vcl'. > > >> Currently project name can only be in ('vcl','hpc','vclhpc'). > > >> Will it be OK to remove ENUM on project column, create corresponding > > >> additional networks on ESXi servers and use this option to add custom > > >> networks? > > >> > > >> I've also tested how additional VM networks in Virtual Host profile > > work. > > >> Once I configured profile with additional networks, these networks are > > >> added to each reservation which starts on corresponding VM host. > > >> This may not be what I'm looking for, as I don't need all these > networks > > >> on each image. > > >> > > >> Thank you. > > >> > > >> On Jul 31, 2012, at 11:39 , Dmitri Chebotarov > wrote: > > >> > > >>> Hi > > >>> > > >>> VCL 2.3 has added two more VM Networks in Virtual Host profile. > > >>> Can I use these networks (all at once or selectively) in images? > > >>> > > >>> I'm looking to add custom network interface to a Linux image (in > > >> addition to default Private/Public). > > >>> > > >>> -- > > >>> Thank you, > > >>> > > >>> Dmitri Chebotarov > > >>> Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging > > >>> 223 Aquia Building, Ffx, MSN: 1B5 > > >>> Phone: (703) 993-6175 > > >>> Fax: (703) 993-3404 > > >>> > > >>> > > >>> > > >>> > > >> > > >> > > >> > > >> -- > > >> Thank you, > > >> > > >> Dmitri Chebotarov > > >> Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging > > >> 223 Aquia Building, Ffx, MSN: 1B5 > > >> Phone: (703) 993-6175 > > >> Fax: (703) 993-3404 > > >> > > >> > > >> > > >> > > >> > > > > > > > > > -- > > > Best Regards > > > Mani > > > > > > > > -- > > Thank you, > > > > Dmitri Chebotarov > > Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging > > 223 Aquia Building, Ffx, MSN: 1B5 > > Phone: (703) 993-6175 > > Fax: (703) 993-3404 > > > > > > > > > > > > > > > -- > Best Regards > Mani > --f46d041826d69fa00a04c649facd Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi Dimitri,

I couldn't quite understand what you hav= e done. And couldn't find the attachment too.

= -Georgy

On Thu, Aug 2, 2012 at 10:54 AM, = Mani Shafa'atDoost <mani.doost@gmail.com> wrote:
Hi Dimitri,

I had some difficulties to understand what are you going to do. But, as far=
as I understood, you are planing to add more than 2 NICs on each VM(
depends on preconfigured network information) and then assign these NICs to=
special VLAN group.
I was thinking to use the same method but there are some problem of using of just VLans:
1. You can't make a communication between two VMs which are located ove= r
the router by using Vlan.
2. You can't control traffic and make special rules for traffic of each= VM.
3. This solution isn't extendable if you want to extend VCL in near fut= ure.
So I came with the following solution :
http://users.cis.fiu.edu/~mshaf012/pdf/OpenVswitch.pdf

BTW, I can't see your attachment, it would be better to upload it somew= here.

Best Regards
Mani

On Thu, Aug 2, 2012 at 10:29 AM, Dmitri Chebotarov <dchebota@gmu.edu> wrote:

> Hi
>
> I would like to share a method of adding custom networks per a VCL ima= ge.
> This solution is based on the code already present in VCL.
>
> This solution is not end-user/student oriented. There is no option to<= br> > specify networks during reservation.
> Network(s) and VM hosts needs to be preconfigured before custom networ= ks
> can be used.
> Switch Local VLAN IDs can be used to create isolated networks for VCL.=
> Global VLAN IDs can be used to give VCL reservations access to differe= nt
> networks.
>
> Isolated network use example would be a security class where malicious=
> traffic needs to be generated and analyzed. Running such class on
> public/private VCL network is not desirable, so an isolated VCL networ= k can
> be used in this case. In case with isolated networks a DHCP server nee= ds to
> be present to provide IP addresses on isolated networks. The DHCP serv= er
> can be part of VCL infrastructure or be a very-long-term server reserv= ation
> (the new feature in VCL 2.3).
>
> Global use example would be a VCL reservation which needs access to a<= br> > department network or lab environment. It allows to connect VCL
> reservations to existing infrastructure.
>
> It's different from CS/OS implementation as it doesn't give an= y control
> over networking to end-user, hence no security concerns about VCL end-= users
> getting unwanted access to a custom network(s).
> Since custom network(s) is part of the image properties, only groups/u= sers
> who allowed to make reservation based on the image will have access to=
> specified networks.
>
> Below is PDF file with code changes. I've tested it in sandbox env= and it
> seems to be working well.
>
>
>
>
> Thanks.
>
> On Jul 31, 2012, at 13:16 , Mani Shafa'atDoost <mani.doost@gmail.com>
> wrote:
>
> > Hi =A0Dmitri,
> >
> > This seems interesting to me. =A0I am planing to do a contributio= n on VCL
> > project which allow you to make a network topology of VMs and loa= d this
> > topology instead of one VM. For this reason I need to add more NI= C on
> some
> > images and also I need to make a mechanism for this communication= .
> > I have read a lot about this and I think the best option is using= Open
> > Vswitch on VCL which has a strong support on networking part and = allow
> you
> > to do many things on network side. Currently I am making some doc= uments
> and
> > I will post it here. I would be happy to see some other people fr= om this
> > group to work on networking part.
> >
> >
> > On Tue, Jul 31, 2012 at 12:55 PM, Dmitri Chebotarov <dchebota@gmu.edu
> >wrote:
> >
> >> Hi
> >>
> >> Looks like VMware.pm already has a code to add custom network= ing based
> on
> >> project name:
> >>
> >> =A0 =A0 =A0 =A0# Add additional Ethernet interfaces if the im= age project name is
> >> not vcl
> >> =A0 =A0 =A0 =A0if ($image_project !~ /^vcl$/i &&
> >> $self->api->can('get_network_names')) {
> >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0notify($ERRORS{'DEBUG'= }, 0, "image project is:
> >> $image_project, checking if additional network adapters shoul= d be
> >> configured");
> >>
> >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0# Get a list of all the networ= k names configured on the
> >> VMware host
> >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0my @network_names =3D $self-&g= t;api->get_network_names();
> >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0notify($ERRORS{'DEBUG'= }, 0, "retrieved network names
> >> configured on the VM host: " . join(", ", @net= work_names));
> >>
> >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0# Check each network name
> >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0# Begin the index at 2 for add= itional interfaces added
> >> because ethernet0 and ethernet1 have already been added
> >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0for my $network_name (@network= _names) {
> >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0if ($network_n= ame =3D~ /$image_project/i ||
> >> $image_project =3D~ /$network_name/i) {
> >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0notify($ERRORS{'DEBUG'}, 0, "network name
> >> ($network_name) and image project name ($image_project) inter= sect,
> adding
> >> network interface to VM for network $network_name");
> >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0%vmx_parameters =3D (%vmx_parameters,
> >> %{$self->get_generated_ethernet_vmx_definition($interface_= index,
> >> $network_name)});
> >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0$interface_index++;
> >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0}
> >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0else {
> >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0notify($ERRORS{'DEBUG'}, 0, "network name
> >> ($network_name) and image project name ($image_project) do no= t
> intersect,
> >> network interface will not be added to VM for network $networ= k_name");
> >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0}
> >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0}
> >>
> >> =A0 =A0 =A0 =A0}
> >> =A0 =A0 =A0 =A0else {
> >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0notify($ERRORS{'DEBUG'= }, 0, "image project is:
> >> $image_project, additional network adapters will not be confi= gured");
> >> =A0 =A0 =A0 =A0}
> >>
> >> By default all image has project as 'vcl'.
> >> Currently project name can only be in ('vcl','hpc= ','vclhpc').
> >> Will it be OK to remove ENUM on project column, create corres= ponding
> >> additional networks on ESXi servers and use this option to ad= d custom
> >> networks?
> >>
> >> I've also tested how additional VM networks in Virtual Ho= st profile
> work.
> >> Once I configured profile with additional networks, these net= works are
> >> added to each reservation which starts on corresponding VM ho= st.
> >> This may not be what I'm looking for, as I don't need= all these networks
> >> on each image.
> >>
> >> Thank you.
> >>
> >> On Jul 31, 2012, at 11:39 , Dmitri Chebotarov <dchebota@gmu.edu> wrote:
> >>
> >>> Hi
> >>>
> >>> VCL 2.3 has added two more VM Networks in Virtual Host pr= ofile.
> >>> Can I use these networks (all at once or selectively) in = images?
> >>>
> >>> I'm looking to add custom network interface to a Linu= x image (in
> >> addition to default Private/Public).
> >>>
> >>> --
> >>> Thank you,
> >>>
> >>> Dmitri Chebotarov
> >>> Virtual Computing Lab Systems Engineer, TSD - Ent Servers= & Messaging
> >>> 223 Aquia Building, Ffx, MSN: 1B5
> >>> Phone: (703) 993-6175
> >>> Fax: (703) 993-3404
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >> --
> >> Thank you,
> >>
> >> Dmitri Chebotarov
> >> Virtual Computing Lab Systems Engineer, TSD - Ent Servers &am= p; Messaging
> >> 223 Aquia Building, Ffx, MSN: 1B5
> >> Phone: (703) 993-6175
> >> Fax: (703) 993-3404
> >>
> >>
> >>
> >>
> >>
> >
> >
> > --
> > Best Regards
> > Mani
>
>
>
> --
> Thank you,
>
> Dmitri Chebotarov
> Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messag= ing
> 223 Aquia Building, Ffx, MSN: 1B5
> Phone: (703) 993-6175
> Fax: (703) 993-3404
>
>
>
>
>
>


--
Best Regards
Mani

--f46d041826d69fa00a04c649facd--