UEC 网络模式

Luo Weifeng 2011-4-17

From:UEC 网络模式

System Mode

In System mode, CC generates and assigns a random MAC address to the VM instance while requesting NC to bring up the instance. NC attaches the VM instance's virtual NIC to the physical NIC on the node through a bridge. This mode requires that the Nodes are connected to the enterprise network directly. Instances obtain an IP address using DHCP, just as physical machines on the network do. This mode is very easy to setup as it does not have any additional prerequisites in terms of networking, except for a running DHCP server on enterprise network. It is a good way to get started with Eucalyptus, particularly if you want to set it up on your laptop/desktop to get a basic understanding.

This mode of networking is similar to Bridged Networking that hypervisors like VMware, VirtualBox etc. offer or like /tap" networking offered by KVM/Qemu.

Static Mode

Static mode offers the Eucalyptus administrator more control over VM IP address assignment than System mode does. In this mode, the administrator configures Eucalyptus with a map of MAC address/IP address pairs on CC. Before requesting NC to raise an instance, CC sets up a static entry within a Eucalyptus controlled DHCP server, takes the next free MAC/IP pair, and passes on to NC, which attaches the virtual NIC of the instance to the physical NIC of the Node through a bridge similar to how it is handled in System mode. This mode of networking is similar to Bridged Networking that hypervisors like VMware, VirtualBox etc. o_er or like /tap" networking o_ered by KVM/Qemu.

This mode is useful for administrators who have a pool of MAC/IP addresses that they wish to always assign to their instances without relying on the DHCP server running in the enterprise network. Note { Running Eucalyptus in System or Static mode disables some of the following key functionalities that would make an enterprise deployment more manageable:

. Ingress filtering for the instances (Security Groups)

. User Controlled dynamic assignment of IPs to instances (Elastic IPs)

. Isolation of network traffic between instances VMs

. Availability of the metadata service (use of the http://169.254.169.254/ URL to obtain instance specific information)

Managed Mode

Managed mode is the most feature-rich mode offered by Eucalyptus. In this mode, the Eucalyptus administrator defines a large network (usually private and unroutable) from which VM instances will draw their IP addresses. As with Static mode, CC will maintain a DHCP server with static mappings for each instance that is raised and allocate the right IPs at the time of requesting an NC to raise the instance. Managed mode implements security groups for ingress filtering and isolation of instances. The user specifies a security group to which the new instance should be associated with, at the time of requesting a new instance. CC allocates a subset of the entire range of IPs to each security group in such a way that all the instances raised to be a part of the same security group use IPs from the same subset. The user can define ingress filtering rules at the security group level.

In addition, the administrator can specify a pool of public IP addresses that users may allocate, either while raising the instances or later at run-time. This functionality is similar to elastic IPs of AWS. Eucalyptus administrators who need to implement require security groups, elastic IPs, and VM network isolation must use this mode.

Managed NOVLAN Mode

This mode is identical to MANAGED mode in terms of features (dynamic IPs and security groups), but does not provide VM network isolation. Eucalyptus administrators who want dynamic assignable IPs and the security groups, but are not in a position to run on a network that allows VLAN tagged packets or those who do not have a need for VM network isolation can use this mode.

Comparison

Note: Every instance (at least in managed* mode) starts with a private and a public IP: the private is the one seen by the instance itself, by the instances in its security groups, and you should be able to use it also from the CC machine itself.