Versions Compared

Old Version 12

changes.mady.by.user W.Erber

Saved on

compared with

New Version 13

changes.mady.by.user W.Erber

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: L2 clarification

...

  1. Internal virtual bridge on the host system:
    Such a bridge has several TAP interfaces. The host and the guest systems are connected to this bridge and can communicate directly to one another using L3 or L2 protocols. Such a communication also allows L2 traffic and modifications to the MAC address. The bridge uses its own IP subnet that can be defined by the user. Setting up such a configuration is supported by the Charon Manager.
  2. Communication via the AWS subnet LAN:
    In this case, a second interface is added to the Charon host system. The second interface is then assigned to the emulated guest system. After the correct configuration, the host and guest can communicate across the AWS LAN using IP. L2 protocols or any protocols that require changing the MAC address to something different than the MAC address assigned to the second interface by AWS will not work.
    To connect the guest system to the LAN, the following basic configuration steps must be performed:
    • Add the additional interface to the Charon host system.
    • Create a configuration file for the additional interface.
    • Remove the private IP address assigned to the second interface by AWS from the Linux configuration.
    • Use Charon Manager to assign the interface to the emulated SPARC system.
    • Use Charon Manager to set the MAC address of the emulated SPARC system to the same value as the one used on the host system Ethernet interface.
    • On the Solaris system, configure the private IP address that was previously assigned to the second interface on Linux.
    • Additional steps may be required:
      • If the primary interface has an automatically assigned IP address, this will be released after the first network restart with two interfaces. Hence the configuration must be changed to use a persistent Elastic IP address first to maintain reachability of the host system.
      • If both the primary and the second interface only have private IP addresses or both interfaces have public addresses (Elastic IP) assigned, separate routing tables must be created for both interfaces to enable proper routing.

...

To ensure data traffic between the Charon host and guest systems and the customer network is encrypted, it is strongly recommended to use a VPN connection. An example of a simple VPN connection based on an SSH tunnel is described in SSH VPN - Connecting Charon Host and Guest to Customer Network. This connection is based on a bridge between Charon host and guest system and (via an encrypted SSH tunnel) the remote end-point in the customer network. The connection supports L3 and L2 protocols.

AWS also provides a VPN gateway instance that can be added to the customer VPC to connect the VPC to the customer network (for a charge).

...

This not a recommended standard solution for security reasons. Should However, should it be required for some reasons, two interfaces with public IP addresses can be assigned to the Charon host.
One of these interfaces is then dedicated to the guest system which uses the private interface address and the MAC address assigned to the Charon host by AWS (similar to point 2 in section Host to Guest Communication Considerations above). In addition, correct routing for both interfaces has to be configured (separate routing tables).

...