...
If the Charon host is configured with more than one active IP interface, asymmetric routing can cause connectivity problems. In such cases, policy-based routing (per interface routing tables with associated IP rules) is required.
Only IP unicast traffic is supported. Non-IP traffic or multicast/broadcast traffic is not supported and requires traffic tunneling.
- Promiscuous interface mode is not supported.
- Only traffic with the MAC address assigned by the cloud provider is allowed across an interface.
Routing requires special configuration steps (source/destination check disabling) on the cloud instances. Enabling IP forwarding on the Linux host is not enough.
Cloud specific security rules must allow the relevant traffic. Configuring the Linux firewall correctly is not enough.
If a host NIC is dedicated to a guest system, the MAC address and IP address assigned to the interface by the cloud provider must be used by the guest.
Div | ||
---|---|---|
| ||
Basic Configuration Components
...