Versions Compared

Old Version 16

changes.mady.by.user W.Erber

Saved on

compared with

New Version 17

changes.mady.by.user W.Erber

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added asymmetric routing information added

Anchor
TOC
TOC
Include Page
KBCOMMON:KB-CSSstyle
KBCOMMON:KB-CSSstyle

...

  1. Internal virtual bridge on the host system:
    Such a bridge has several TAP interfaces. The host and the guest systems are connected to this bridge and can communicate directly to one another using L3 and L2 protocols. The bridge uses its own IP subnet that can be defined by the user. Setting up such a configuration is supported by the Charon Manager.
  2. Communication via the AWS subnet LAN:
    In this case, a second interface is added to the Charon host system. The second interface is then assigned to the emulated guest system. After the correct configuration, the host and guest can communicate across the AWS LAN using IP. L2 protocols or any protocols that require changing the MAC address to something different than the MAC address assigned to the second interface by AWS will not work.
    To connect the guest system to the LAN, the following basic configuration steps must be performed:
    • Add the additional interface to the Charon host system.
    • Create a configuration file for the additional interface.
    • Remove the private IP address assigned to the second interface by AWS from the Linux configuration (if it has been configured).
    • Use Charon Manager to assign the interface to the emulated SPARC system.
    • Use Charon Manager to set the MAC address of the emulated SPARC system to the same value as the one used on the host system Ethernet interface.
    • On the Solaris system, configure the private IP address that was previously assigned to the second interface on Linux and configure the appropriate default route for the LAN.
    • Additional steps may be required:
      • If the primary interface has an automatically assigned IP address, this will be released when the instance is stopped and restarted. Hence the configuration must be changed to use a persistent Elastic IP address first to maintain reachability of the host system.Separate routing tables and routing rules may have to be created to enable proper routing for both interfaces.

(info) The section Example of a More Complex Network Configuration provides some hints on how to configure the second interface in the different situations. Please refer to the AWS documentation for up-to-date comprehensive information.

...

Should L2 protocols be required between two guest systems on different host systems, a bridge/tunnel solution similar to the one described in SSH VPN - Connecting Charon Host and Guest to Customer Network must be set up between the two host systems to allow the L2 traffic to pass.

Asymmetric Routing Considerations

From the AWS documentation (https://aws.amazon.com/premiumsupport/knowledge-center/ec2-ubuntu-secondary-network-interface/):

"Adding a secondary network interface to a non-Amazon Linux EC2 instance causes traffic flow issues. These issues occur because both the primary and the secondary network interfaces are in the same subnet, and there is only one routing table with one gateway. Traffic that comes into the secondary network interface leaves the instance using the primary network interface. But this isn't allowed, because the secondary IP address doesn't belong to the MAC address of the primary network interface.

To make the secondary interface work, create a secondary network configuration file, configure the routing table, and then set up rules in the custom routing table policy database so that traffic for the secondary interface uses the new routing table."

(warning) The above documentation only describes the required steps for Ubuntu. An earlier article for CentOS and Red Hat was removed from the AWS site. So the information presented here may change in the near future.

When adding a second IP interface (for example eth1) to the same subnet as the first on the Charon-SSP host, the routing problems described above can occur. To solve them, perform the following basic steps.

  1. Create a configuration file (/etc/sysconfig/network-scripts/ifcfg-<interface-name>) for the second interface (if there is no configuration file for the primary interface, create it as well).
  2. Set the correct interface for default route in /etc/sysconfig/network (example: GATEWAYDEV=eth0).
  3. To prevent the cloud-init from resetting your custom network configurations, add the following lines to the /etc/cloud/cloud.cfg file:
    network:
      ; config: disabled
  4. Restart the network.
  5. Create an additional routing table (use the command: ip route add <path> dev <interface-name> table <table-id>). There must be an entry for every IP address assigned to the second interface and any other route to be used.
  6. Set rules in the Routing Policy Database (use the command: ip rule add from <ip-address-of-second-interface> lookup <table-id>)
  7. Create a static route file (/etc/sysconfig/network-scripts/route-<interface-name>)
  8. Create a static rule file (/etc/sysconfig/network-scripts/rule-<interface-name>)

(info) Please refer to the Linux man pages for ip rule and ip route for more information. The AWS example for Ubuntu may also provide helpful hints.

Further Information

The following sections show sample network configurations:

Child pages (Children Display)
alltrue

...