| <?xml version="1.0" encoding="UTF-8"?> |
| <!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ |
| <!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> |
| %BOOK_ENTITIES; |
| <!ENTITY % xinclude SYSTEM "http://www.docbook.org/xml/4.4/xinclude.mod"> |
| %xinclude; |
| ]> |
| <!-- Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| http://www.apache.org/licenses/LICENSE-2.0. |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| <section id="plugin-vxlan-config-hypervisor"> |
| <title>Configure hypervisor</title> |
| <section id="plugin-vxlan-config-hypervisor-kvm"> |
| <title>Configure hypervisor: KVM</title> |
| <para> |
| In addition to "KVM Hypervisor Host Installation" in "&PRODUCT; Installation Guide", you have to configure the following item on the host. |
| </para> |
| <section id="plugin-vxlan-config-hypervisor-kvm-bridge"> |
| <title>Create bridge interface with IPv4 address</title> |
| <para> |
| This plugin requires an IPv4 address on the KVM host to terminate and originate VXLAN traffic. |
| The address should be assinged to a physical interface or a bridge interface bound to a physical interface. |
| Both a private address or a public address are fine for the purpose. |
| It is not required to be in the same subnet for all hypervisors in a zone, but they should be able to reach each other via IP multicast with UDP/8472 port. |
| A name of a physical interface or a name of a bridge interface bound to a physical interface can be used as a traffic label. |
| Physical interface name fits for almost all cases, but if physical interface name differs per host, you may use a bridge to set a same name. |
| If you would like to use a bridge name as a traffic label, you may create a bridge in this way. |
| </para> |
| <para> |
| Let <parameter>cloudbr1</parameter> be the bridge interface for the instances' private network. |
| </para> |
| <section id="plugin-vxlan-config-hypervisor-kvm-bridge-rhel"> |
| <title>Configure in RHEL or CentOS</title> |
| <para> |
| When you configured the <parameter>cloudbr1</parameter> interface as below, |
| </para> |
| <programlisting language="Bash">$ sudo vi /etc/sysconfig/network-scripts/ifcfg-cloudbr1 |
| </programlisting> |
| <programlisting language="Bash">DEVICE=cloudbr1 |
| TYPE=Bridge |
| ONBOOT=yes |
| BOOTPROTO=none |
| IPV6INIT=no |
| IPV6_AUTOCONF=no |
| DELAY=5 |
| STP=yes |
| </programlisting> |
| <para> |
| you would change the configuration similar to below. |
| </para> |
| <programlisting language="Bash">DEVICE=cloudbr1 |
| TYPE=Bridge |
| ONBOOT=yes |
| BOOTPROTO=static |
| IPADDR=192.0.2.X |
| NETMASK=255.255.255.0 |
| IPV6INIT=no |
| IPV6_AUTOCONF=no |
| DELAY=5 |
| STP=yes |
| </programlisting> |
| |
| </section> |
| <section id="plugin-vxlan-config-hypervisor-kvm-bridge-ubuntu"> |
| <title>Configure in Ubuntu</title> |
| <para> |
| When you configured <parameter>cloudbr1</parameter> as below, |
| </para> |
| <programlisting language="Bash">$ sudo vi /etc/network/interfaces |
| </programlisting> |
| <programlisting language="Bash">auto lo |
| iface lo inet loopback |
| |
| # The primary network interface |
| auto eth0.100 |
| iface eth0.100 inet static |
| address 192.168.42.11 |
| netmask 255.255.255.240 |
| gateway 192.168.42.1 |
| dns-nameservers 8.8.8.8 8.8.4.4 |
| dns-domain lab.example.org |
| |
| # Public network |
| auto cloudbr0 |
| iface cloudbr0 inet manual |
| bridge_ports eth0.200 |
| bridge_fd 5 |
| bridge_stp off |
| bridge_maxwait 1 |
| |
| # Private network |
| auto cloudbr1 |
| iface cloudbr1 inet manual |
| bridge_ports eth0.300 |
| bridge_fd 5 |
| bridge_stp off |
| bridge_maxwait 1 |
| </programlisting> |
| <para> |
| you would change the configuration similar to below. |
| </para> |
| <programlisting language="Bash">auto lo |
| iface lo inet loopback |
| |
| # The primary network interface |
| auto eth0.100 |
| iface eth0.100 inet static |
| address 192.168.42.11 |
| netmask 255.255.255.240 |
| gateway 192.168.42.1 |
| dns-nameservers 8.8.8.8 8.8.4.4 |
| dns-domain lab.example.org |
| |
| # Public network |
| auto cloudbr0 |
| iface cloudbr0 inet manual |
| bridge_ports eth0.200 |
| bridge_fd 5 |
| bridge_stp off |
| bridge_maxwait 1 |
| |
| # Private network |
| auto cloudbr1 |
| iface cloudbr1 inet static |
| addres 192.0.2.X |
| netmask 255.255.255.0 |
| bridge_ports eth0.300 |
| bridge_fd 5 |
| bridge_stp off |
| bridge_maxwait 1 |
| </programlisting> |
| </section> |
| </section> |
| <section id="plugin-vxlan-config-hypervisor-kvm-iptables"> |
| <title>Configure iptables to pass XVLAN packets</title> |
| <para> |
| Since VXLAN uses UDP packet to forward encapsulated the L2 frames, UDP/8472 port must be opened. |
| </para> |
| <section id="plugin-vxlan-config-hypervisor-kvm-iptables-rhel"> |
| <title>Configure in RHEL or CentOS</title> |
| <para> |
| RHEL and CentOS use iptables for firewalling the system, you can open extra ports by executing the following iptable commands: |
| </para> |
| <programlisting language="Bash">$ sudo iptables -I INPUT -p udp -m udp --dport 8472 -j ACCEPT |
| </programlisting> |
| <para> |
| These iptable settings are not persistent accross reboots, we have to save them first. |
| </para> |
| <programlisting language="Bash">$ sudo iptables-save > /etc/sysconfig/iptables |
| </programlisting> |
| <para> |
| With this configuration you should be able to restart the network, although a reboot is recommended to see if everything works properly. |
| </para> |
| <programlisting language="Bash">$ sudo service network restart |
| $ sudo reboot |
| </programlisting> |
| <warning> |
| <para> |
| Make sure you have an alternative way like IPMI or ILO to reach the machine in case you made a configuration error and the network stops functioning! |
| </para> |
| </warning> |
| </section> |
| <section id="plugin-vxlan-config-hypervisor-kvm-iptables-ubuntu"> |
| <title>Configure in Ubuntu</title> |
| <para> |
| The default firewall under Ubuntu is UFW (Uncomplicated FireWall), which is a Python wrapper around iptables. |
| </para> |
| <para> |
| To open the required ports, execute the following commands: |
| </para> |
| <programlisting language="Bash">$ sudo ufw allow proto udp from any to any port 8472 |
| </programlisting> |
| <note> |
| <para> |
| By default UFW is not enabled on Ubuntu. Executing these commands with the firewall disabled does not enable the firewall. |
| </para> |
| </note> |
| <para> |
| With this configuration you should be able to restart the network, although a reboot is recommended to see if everything works properly. |
| </para> |
| <programlisting language="Bash">$ sudo service networking restart |
| $ sudo reboot |
| </programlisting> |
| <warning> |
| <para> |
| Make sure you have an alternative way like IPMI or ILO to reach the machine in case you made a configuration error and the network stops functioning! |
| </para> |
| </warning> |
| </section> |
| </section> |
| </section> |
| </section> |