Skip to main content

Typical Network Configuration

This article introduces several typical private cloud network configurations.

(Single NIC Classic Network) computing node single NIC, virtual machine using Multi-VLAN classic network

In this scenario, each computing node only has one NIC (which can be Bonding) that serves both as a management port and a business port. The business traffic between virtual machines is forwarded by the host to the Layer 3 switch.

VPC Configuration

Use Default VPC.

Layer-2 Network Configuration

Create a layer-2 network bcast0 in Default VPC.

IP Subnet Configuration

Create at least 2 IP subnets in the layer-2 network bcast0, one of which is used for the host management port and needs to include the IP of the host management port. The other subnet is used for the virtual machine. More IP subnets can be configured for virtual machines, and these virtual machines can be configured with different VLAN IDs (VLAN IDs other than 1). The gateway and corresponding VLAN of these IP subnets need to be configured on the Layer 3 switch connected to the physical machine.

Host Configuration

The host port on the switch needs to be configured in trunk mode, and the default VLAN ID must be used for the host management port. By default, the VLAN ID is 1. But currently, the switch also supports setting a VLAN ID other than 1 for the TRUNK port. Please refer to the switch configuration manual for details.

The networks configuration of the host.conf file:

networks:
- <host_ifname>/br0/<host_management_ip>

For example:

networks:
- eth0/br0/10.168.20.2

How to configure if the host management port uses a VLAN ID other than 1 and the switch does not support setting the default VLAN ID for TRUNK port?

A VLAN subinterface needs to be set up for the host, and the host uses this VLAN subinterface as the management port, and the virtual machine switch needs to be bridged to the main interface. Take the host main interface bond0 and the VLAN ID of the host management port 3001 as an example:

  1. Configure VLAN subinterface bond0.3001 for the host, as follows:
# /etc/sysconfig/network-scripts/ifcfg-bond0.3001
VLAN=yes
NAME=bond0.3001
DEVICE=bond0.3001
IPADDR=<management_ip>
PREFIX=<prefix>
DEFROUTE=yes
ONBOOT=yes
  1. Modify /etc/yunion/host.conf and set it as follows:
listen_interface: bond0.3001
networks:
- bond0/br0/bcast0

Note that in this configuration, virtual machines cannot use the same VLAN ID as the host (in this case, 3001).

EIP Configuration

In classic network mode, external entities can directly access virtual machine IPs without configuring EIP.

(Single NIC VPC Network) computing node single NIC, virtual machine using VPC network

In this scenario, each computing node host has only one NIC as the management port. The management port also carries business traffic, but the business traffic between virtual machines is encapsulated by the OVN Geneve tunnel.

Host Network Configuration

The host's management port still accesses the classic network.

Create a layer-2 network bcast0 in Default VPC, and in this layer-2 network, configure the IP subnet used by the host management port.

The host.conf networks configuration is the same as the Single NIC Classic Network mode.

For example, if the host IP subnet is 10.128.26.2, the configuration is also:

networks:
- eth0/br0/10.128.26.2

Virtual Machine Network Configuration

The virtual machine's network is managed by VPC. Users can create any VPC and allocate any IP subnet in the VPC. IP subnets between different VPCs are isolated from each other and cannot be accessed. IP subnets within the same VPC are not isolated from each other.

EIP Configuration

In this mode, EIP needs to be configured to access virtual machines in the VPC from outside the cloud platform.

The simplest EIP configuration is to select a host, modify /etc/yunion/host.conf, and set sdn_enable_eip_man to true. For more specific configuration methods, please refer to the documentation. The first host installed in the ALL IN ONE mode automatically enables sdn_enable_eip_man.

EIP Gateway Routing ConfigurationTo use EIP, you also need to add an IP subnet for EIP under the platform bcast0 (Note that the EIP subnet should avoid being in the same subnet as the host's management IP, that is, the network address needs to be different. For example, if the host's management NIC is 10.168.22.2/24, then the EIP subnet is 10.168.23.0/24). Add a static route for the EIP subnet on the switch, with the NextHop set to the management port IP address of the first host in the ALL IN ONE deployment.

(Dual NIC Classic Network) Compute node with two NICs, virtual machines use Multi-VLAN Classic Network

In this scenario, each compute node has two NICs, one for management and the other for business. Business traffic between virtual machines is forwarded by a Layer 3 switch that connects to the host's business NIC. However, some virtual machines need to connect to the management NIC.

VPC Configuration

Use the Default VPC.

Layer-2 Network Configuration

Create two Layer-2 networks in the Default VPC: bcast0 (management) and bcast1 (business).

IP Subnet Configuration

Create at least two IP subnets on bcast0, with one IP subnet used for the host's management NIC, which needs to include the host's management NIC IP address. The other subnet is used for virtual machines that require a connection to the management network.

Create 1 or more IP subnets on bcast1 for virtual machine use, and these subnets can be configured with different VLAN IDs (VLAN ID other than 1). The gateways and corresponding VLANs for these subnets need to be configured on the corresponding Layer 3 switches connected to the physical machine.

Host Configuration

The host's management NIC needs to be configured with a management IP address and set to Access mode on the switch.

The host's business NIC does not need to be configured with an IP address, but the business NIC needs to be configured in Trunk mode on the switch.

The host's /etc/yunion/host.conf file needs to have two entries, one for the management NIC and one for the business NIC:

networks:
- <host_ifname0>/br0/<host_management_ip>
- <host_ifname1>/br1/bcast1

For example:

networks:
- eth0/br0/10.168.20.2
- eth1/br1/bcast1

EIP Configuration

In this mode, virtual machines' IPs can be directly accessed from the outside without the need to configure EIP.

(Dual NIC VPC Network) Compute node with two NICs, virtual machines use VPC Network

In this scenario, each compute node's host has two NICs: one for management, which carries management traffic, and another for business, which carries business traffic. Business traffic between virtual machines is encapsulated in an ovn-geneve tunnel, and then forwarded through the host's business NIC.

Host Network Configuration

Similarly, the host's management NIC uses a classic network. You need to configure a Layer-2 network bcast0 under Default VPC, and configure the IP subnet used by the host's management NIC under that Layer-2 network.

For example, the host's IP subnet is 10.128.26.2. The host's /etc/yunion/host.conf configuration should be:

networks:
- eth0/br0/10.128.26.2

Also, the host's business NIC needs to be configured with an IP address, and the IP used by the business NIC should not be in the same Layer-2 network as the IP used by the management NIC.

To ensure ovn traffic between virtual machines is forwarded through the business NIC, you need to configure the ovn_encap_ip in /etc/yunion/host.conf to the IP address of the host's business NIC.

For example, if the host's management NIC IP is 10.128.26.2/24 and the business NIC IP is 10.129.26.2/24, the /etc/yunion/host.conf file should be configured as follows:

ovn_encap_ip: 10.129.26.2
networks:
- eth0/br0/10.128.26.2
- eth1/br1/10.129.26.2

After the configuration is complete, ovn traffic between virtual machines will be encapsulated as geneve traffic, with source and destination IP addresses being in the business network range. Network intercommunication between business NICs is not affected by business NIC VLAN mode, whether TRUNK or Access.

Virtual Machine Network Configuration

Similarly, in this mode, the virtual machine network is managed by the VPC Network, and users can create VPCs and assign any IP subnet in VPC. IP subnets between different VPCs are isolated and cannot be accessed. IP subnets in the same VPC are not isolated. As the ovn_encap_ip is configured to the host's business NIC IP address, ovn traffic between virtual machines is forwarded through the host's business NIC.

EIP Configuration

In VPC network mode, you need to configure EIP for external access to specific internal virtual machines. Similarly, EIP gateway and subnet need to be configured.

EIP Gateway Routing Configuration

Unlike the Single NIC VPC Network case, in order to ensure EIP traffic also passes through the business NIC, the following two configurations need to be met:

When configuring NextHop for the EIP subnet, on the switch, it is necessary to use the IP address of the node's business NIC on which the EIP gateway is located as the NextHop IP (to ensure that the incoming traffic to the EIP traffic goes through the business NIC).* On the node where the EIP gateway is located, the business port needs to be set as the default route for outbound traffic. (Ensure that the traffic flowing out of the EIP goes through the business port)