I am looking for some suggestions on the best way to structure the network on a new OpenNebula installation.
I am running OpenNebula 5.2 on Ubuntu 16.04 with one front-end node and four compute nodes.
The servers are hosted at OVH and each server has an additional 8 IPs, each of those IP addresses are tied to a virtual MAC address supplied by OVH. IPs can not move between servers.
I was planning on setting up an internal private network 172.16.x.x which guests would be provisioned on, and then doing NAT from the public IPs to an internal private IP, that way the VMs could still be migrated for resource distribution, but the public IPs could remain tied to their physical hosts.
I’m not sure what would be the best way to configure this type of structure in OpenNebula though.
As far as the private IP address space I was considering something like PeerVPN or Tinc to create one large internal address space, or possibly something like Ubuntu Fan.
Has anyone had to configure a network topology like this before, and if so your feedback would be very much appreciated.
I would like to help, but do not really understand what your question is.
I just give it a quick shot. The private addresses are not really important. You can of course use some more ranges.
I would recommend using two networks, separate via VLAN. One for the traffic from Internet, where the hosts can not talk to each other. And one net for the ‘Management’ traffic. So you have the productive traffic not mixed up.
Makes it easier to troubleshoot.
I have not understood, what you mean with the VPN.
OK, to start with each server only has one NIC with a public IP address on it.
For the private address space I would either need to use a VPN so VMs on the private address ranges can talk to each other, or something like GRE tunnels or OpenVSwitch ‘s new Open Virtual Networks.
OK so if I had a private network structured like this:
And if all hosts had routes on them so VMs can talk to each other no matter what host they are on, what is the best way to represent that in OpenNebula.
Secondly if I have public IPs on each server but the public IPs can’t move servers, I would want to NAT them to a private address on the above ranges.
So say on Host 1 I have public IP 5.6.7.8 and I want to NAT that to a VM running on host 2 with a private IP of 10.1.2.50, I am guessing I would do that with virtual routers some how, but I’m not entirely sure how.
If you think of this in AWS terms, each host has a /29 on it and I want to use these /29’s like elastic IPs with SNAT to a private address somewhere on the 10.1.0.0/16 network.
If the VM moves and gets a new IP, for example if I move the VM to host 3 and it’s internal IP changes to 10.1.3.99 then I would need some way to update the public IP so it maps to the correct internal IP.
Hopefully this makes some sense, or am I overcomplicating things?