Versions Compared

Old Version 26

changes.mady.by.user W.Erber

Saved on

compared with

New Version 27

changes.mady.by.user W.Erber

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
TOC
TOC
Include Page
KBCOMMON:KB-CSSstyle
KBCOMMON:KB-CSSstyle

...

(info) NetworkManager is disabled on Charon-SSP AWS. Therefore, the interface configuration relies on ifcfg-files in /etc/sysconfig/network-scripts.

(warning) The information in this chapter is not comprehensive. Please refer to the Amazon AWS documentation for up-to-date and comprehensive information.

...

Instance: An instance is a virtual machine that is launched into a VPC. It is associated with an image (e.g., Charon-SSW SSP AMI) and a certain instance type representing the virtual hardware.

...

  • If the instance has only one network interface, it is automatically assigned a private IP address and a public IP address from the address range assigned to the public subnet and a public IP address. This network interface is the primary network interface. It is called eth0 on the AWS level (please refer to the interface naming section to learn about the interface names presented to the operating system).
  • If the instance has more than one network interface, it is automatically assigned a private IP address for each of the network interfaces - but no public IP address.

...

  1. Internal virtual bridge on the host system:
    Such a bridge has several TAP interfaces. The host and the guest systems are connected to this bridge and can communicate directly to one another using L3 and L2 protocols. The bridge uses its own IP subnet that can be defined by the user. Setting up such a configuration is supported by the Charon Manager.
  2. Communication via the AWS subnet LAN:
    In this case, a second interface is added to the Charon host system. The second interface is then assigned to the emulated guest system. After the correct configuration, the host and guest can communicate across the AWS LAN using IP. L2 protocols or any protocols that require changing the MAC address to something different than the MAC address assigned to the second interface by AWS will not work.
    To connect the guest system to the LAN, the following basic configuration steps must be performed:
    • Add the additional interface to the Charon host system.
    • Create a configuration file for the additional interface.
    • Remove the private IP address assigned to the second interface by AWS from the Linux configuration (if it has been configured).
    • Use the Charon Manager to assign the interface to the emulated SPARC system.
    • Use the Charon Manager to set the MAC address of the emulated SPARC system to the same value as the one used on the host system Ethernet interface.
    • On the Solaris system, configure the private IP address that was previously assigned to the second interface on Linux and configure the appropriate default route for the LAN.
    • Additional steps may be required:
      • If the primary interface has an automatically assigned public IP address, this will be released when the instance is stopped and restarted. Hence the configuration must be changed to use a persistent Elastic IP address first to maintain reachability of the host system.

...

If a Charon host system is to be used as a router (for example as shown in Example of a More Complex Network Configuration or to provide Internet connectivity to other Charon host and guest systems), it is not sufficient to configure Linux for IP forwarding.

...

For each interface, the source/destination check has to be disabled. Unless this is configured correctly, traffic from and to and an AWS instance will only be allowed if either source or destination address belongs to the instance. Transit traffic destined to be forwarded by the router, would be discarded.

...

  1. Create a configuration file (/etc/sysconfig/network-scripts/ifcfg-<interface-name>) for the second interface (if there is no configuration file for the primary interface, create it as well).
  2. Set the correct interface for default route in /etc/sysconfig/network (example: GATEWAYDEV=eth0).
  3. To prevent the cloud-init from resetting your custom network configurations, add the following lines to the /etc/cloud/cloud.cfg file:
    network:
      ; config: disabled
  4. Restart the network.
  5. Create an additional routing table (use the command: ip route add <path> dev <interface-name> table <table-id>). There must be an entry for every IP address assigned to the second interface and any other route to be used.
  6. Set rules in the Routing Policy Database (use the command: ip rule add from <ip-address-of-second-interface> lookup <table-id>)
  7. Create a static route file (/etc/sysconfig/network-scripts/route-<interface-name>)
  8. Create a static rule file (/etc/sysconfig/network-scripts/rule-<interface-name>)

...