diff --git a/source/networking/virtual_private_cloud_config.rst b/source/networking/virtual_private_cloud_config.rst index 96ec786..6a9ffcf 100644 --- a/source/networking/virtual_private_cloud_config.rst +++ b/source/networking/virtual_private_cloud_config.rst @@ -1438,3 +1438,59 @@ Editing, Restarting, and Removing a Virtual Private Cloud :alt: button to remove a VPC .. |restart-vpc.png| image:: /_static/images/restart-vpc.png :alt: button to restart a VPC + +Dynamic Routing between VPCs +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +  Currently the inter VPC traffic has to go thru the public gateway. This means the traffic has to be NAT-ed across public internet via core-routers, which is inefficient in itself. A more efficient approach will be to route the traffic within cloudstack and even better if no NAT'ing is involved. + +| + +  OSPF provides a way to connect two VPCs using the optimal route between them without needing NAT-ing. OSPF achieves this by maintaining and advertising the most efficient routes between various OSPF enabled routers. When a new VPC is added its OSPF enabled router advertises the routes to other routers, thereby each of them learn to route traffic properly between them.  + +| + +Quagga implements OSPF (v2, v3) and is found suitable to run on Debian based VPC virtual router to provide dynamic routing. Quagga is an advanced software routing package that provides a suite of TCP/IP-based routing protocols and provides implementations of OSPFv2, OSPFv3, RIP v1 and v2, RIPng and BGP-4 for Unix-like platforms, particularly FreeBSD, Linux, Solaris and NetBSD. + +| + +Configuring dynamic VPCs +^^^^^^^^^^^^^^^^^^^^^^^^ + +- **Enable OSPF in the zone:** Login as admin and then goto: Infrastructure-Zones, select the zone in which you want to enable OSPF and click the tab 'Dynamically Routed'. Following are the options: + + + #. *Dynamic Routing Enabled:* true will enable the zone for dynamic routing . + #. *Dynamic Routing Protocol:* At this point only OSPF is supported. The other valid value is BGP.  + #. OSPF Area Id: The OSPF area id, will be set in quagga config. Default is ‘0’. + #. *Hello Interval:* Set number of seconds for HelloInterval timer value. Setting this value, Hello packet will be sent every timer value seconds on the specified interface. The default value is 10 seconds.  + #. *Dead Interval:* Set number of seconds for RouterDeadInterval timer value used for Wait Timer and Inactivity Timer. This value must be the same for all routers attached to a common network. The default value is 40 seconds. + #. *Retransmit Interval:* Set number of seconds for RxmtInterval timer value. This value is used when retransmitting Database Description and Link State Request packets. The default value is 5 seconds. + #. *Transit Delay:* Set number of seconds for InfTransDelay value. LSAs’ age should be incremented by this value when transmitting. The default value is 1 seconds. + #. *Authentication:* Dropdown with 2 options: MD5 or Text Plain + #. *Password:* The password for OSPF Area + #. *Zone Super CIDR:* For using dynamic routing a zone level super-cidr is required. This will be carved into network sub levels and into the created routed tiers. Default value is set to 200.100.0.0/16 + +| + +- **Create Dynamic VPC Service Offering:** Goto Service Offerings and then select VPC Offering. From here you can add VPC Offering. One of the supported services should be “VPCDynamicRouting” in order for the VPC to be dynamically routing enabled. An example set of enabled services on VPC are: DHCP, DNS, SourceNat, PortForwarding, Lb, UserData, StaticNat, VPCDynamicRouting + +| + +- **Create Dynamic VPC Network tier offering:** Goto Service Offerings and then select Network Offering. From here you can add Network Offering. Select “VPC” and add “VPCDynamicRouting” as one of the supported services. An example set of enabled services on VPC network are: DHCP, DNS, SourceNat, PortForwarding, Lb, UserData, StaticNat, NetworkACL, VPCDynamicRouting + +| + +- **Create VPCs:** Now you can create dynamically routed VPCs by selecting the dynamic service offering for VPC. In a regular VPC you need to provide a cidr, but since in dynamically routed VPC the VPCs will get a share from the zone level super cidr. So instead of a cidr you need to specify a netmask, cloudstack allocates a suitable subnet that caters to the netmask that you specified. In case no such range exists the VPC creation fails. + +| + +- **Create VPC tiers:** Create a dynamic VPC tier by selecting the dynamic network offering. + +| + +- **Create ACLs:** To provide access across tiers create appropriate ACL rules to allow traffic to the VMs. + +| + +- **Create VMs:** Create VMs in the dynamic tiers. These VMs can reach across VPCs given that the ACLs allow the traffic.