Product Documentation and Knowledge Base - HomeDocumentation


Charon-SSP


Host System Network Configuration

Owned by W.Erber
Last updated: Sept 09, 2019
8 min read

Contents

Overview

Charon-SSP Manager provides features to configure the following host system network configuration aspects:

  • Configuring host system network interface settings.

  • Adding a virtual bridge, i.e., a collection of virtual network tap (TAP) devices that constitute a host-attached virtual LAN. A virtual bridge can be connected to the customer network or be internal to the host system.

  • Adding VLAN interfaces to a parent Ethernet interface. This allows the host system to participate in the specified VLAN in the customer network.


To open the network settings window, click on Tools > Network Settings. This will open a window similar to the ones shown below:

Content of the network settings window:

  • Left-hand side: list of available host system network interfaces (including bridge and VLAN interfaces created previously).

  • Right-hand side: settings of the currently selected interface.

  • Apply button: confirms any configuration changes made for the selected interface.

  • Add button: opens a submenu where you can select to add a virtual bridge or a VLAN interface.

  • Remove button: allows to remove the selected virtual bridge or VLAN interface.

Please refer to the next sections for a detailed description of the network configuration options.

Managing Host System Network Interfaces

The AWS EC2 environment has specific characteristics that could conflict with interface configurations made via the Charon Manager. Please refer to the Amazon AWS documentation and the sections Network Management and AWS Networking and Charon-SSP to understand the networking behavior of an AWS instance before you change any interface settings via the Charon Manager. In particular, if you added a second interface to the system, do not apply any changes via the Network Settings until you created a configuration file for the second interface and are sure both interfaces are working correctly.


Open the network settings window as described above by clicking on Tools > Network Settings

Using the network settings window, you can set up the existing host system network interfaces according to your requirements. The window also contains previously created bridge and VLAN interfaces.

First, select the interface that is to be configured.

After selecting an interface, you can then set the following host system network interface parameters:

  • IP setting: specify the method used for the IPv4 addressing of the interface. Options are Automatic (DHCP), Manual, and None.

  • IP address: if manual addressing is selected, the host IP address can be added in this field. The field is inactive if DHCP or None is selected.

  • Netmask: if manual addressing is selected, the netmask for the host IP address can be added in this field. The field is inactive if DHCP or None is selected.

  • Gateway: if manual addressing is selected, the default gateway for the host can be added in this field. The field is inactive if DHCP or None is selected.
    (warning) Be careful not to select a default gateway not matching the AWS subnet structure. Doing so may cause you to permanently lose access to your instance.
    (warning) In some cases when several network interfaces are configured on the Charon host, a second routing table has to be created on the Charon host. This is not supported by the Charon Manager and must be configured from the command-line. See AWS Networking and Charon-SSP for more information.

  • DNS server 1 and DNS server 2: if manual addressing is selected, enter the IP address of one or two DNS name servers. Inactive if DHCP or None is selected.

The Apply button confirms any changes made and Close discards them.


Managing Virtual Networks

Creating a Virtual Network

A virtual network can be used to create a virtual bridge on the host system with a number of virtual network interfaces attached to it. The virtual interfaces can be used to provide network interfaces for use by Charon-SSP instances. A virtual network can be connected to the external network using a so-called binding interface, or it can be internal to the host system.

To create a new virtual network, open the network settings window via Tools > Network Settings. Then follow the steps shown below:

  • Click on the Add button to open the submenu for selecting between virtual networks and VLANS.
  • Select Virtual Network.

This will open the virtual network configuration window as shown here.

Configure the virtual bridge. The configuration settings are described below.


Virtual bridge (i.e., virtual network) configuration options:

Virtual network configuration options

FieldDescription
Create for SSH VPNIf set to ON, a special virtual network will be created to be used as the basis for creating an SSH VPN tunnel as described in SSH VPN - Connecting Charon Host and Guest to Customer Network. This is the most relevant configuration mode for the Charon-SSP AWS product.

Binding interface

If set to ON, a physical interface can be selected from the Virtual bridge interface drop-down menu, on which the bridge is configured. The bridge is connected to the host system LAN. This option is listed for completeness. It is not suitable for Charon-SSP AWS.

If set to OFF, a user-defined name can be entered in the Virtual bridge name field. This name will be used in naming the bridge and TAP interfaces instead of using the physical interface name. The bridge is internal to the host system.

Always OFF if Create for SSH VPN is enabled.

STP for bridge

Enable or disable the Spanning Tree Protocol on the virtual bridge. Always OFF if binding interface is set to ON or SSH VPN is enabled.

Virtual bridge interface

Drop-down menu to select a physical interface that will provide an external network connection to the bridge. Inactive if the binding interface is disabled and if SSH VPN is enabled.

Virtual bridge name

Used to set a user-defined bridge name if the binding interface is disabled. This name will be used in place of the physical interface name when creating the bridge and TAP interfaces. Inactive if the binding interface is enabled. Fixed name vpnX for SSH VPN configuration (X = 0, 1, ...).

Number of virtual adapters

Specify how many virtual adapters are needed.

IP settings

Specify the method used for addressing the interface used to connect the host to the external network. Options are Automatic (DHCP), Manual, and None. If the binding interface is disabled, manual configuration is mandatory (to assign a configuration to the host-internal bridge interface).

IP address

If manual addressing is selected, the host IP address can be added in this field. The field is inactive if DHCP or None is selected.

Netmask

If manual addressing is selected, the netmask for the host IP address can be added in this field. The field is inactive if DHCP or None is selected.

Gateway

If manual addressing is selected, the default gateway for the host can be added in this field. The field is inactive if SSH VPN configuration, DHCP or None is selected.

(warning) Be careful not to select a default gateway not matching the AWS subnet structure. Doing so may cause you to permanently lose access to your instance. When you create a custom internal bridge, leave this field empty (the host default gateway will apply).

DNS server 1 and DNS server 2

If manual addressing is selected, you can add the IP address of one or two DNS name servers. Inactive if SSH VPN configuration is selected.


The virtual network connected to a binding interface consists of

  • a bridge device called br_<physical interface>, and

  • a series of TAP devices named tapX_<physical interface>.

If the binding interface is disabled, the virtual network consists of

  • a bridge called br_<bridgename>, and

  • a series of tapX_<bridgename> TAP devices.

If SSH VPN is enabled, the first virtual network created consists of 

  • a bridge called br_vpn0,
  • a tap0 interface, and
  • a series of tapX_vpn0 interfaces

X is a number from 0 up to the number of virtual adapters (0 to configured number minus 1) specified in Number of the virtual adapters. These devices can then be configured for use as virtual Ethernet controllers.


Deleting a Virtual Network

To delete a virtual network, follow the instructions listed below.

  1. Follow the menu path Tools > Network Settings to open the network settings window.

  2. Select the bridge you want to delete and click on the Remove button. This will open a confirmation window.

  3. To delete all virtual network interfaces associated with the selected bridge, click on YES.

Following the instructions above will immediately delete all TAP devices and the bridge.

Resizing a Virtual Network

To resize a virtual network, follow the instructions listed below:

  1. Shut down any running guest operating systems and stop all virtual machines connected to the virtual network TAP devices.

  2. Delete the current virtual network, using the instructions detailed in Deleting a Virtual Network.

  3. Re-create the virtual network using the instructions detailed in Creating a Virtual Network. Make sure to specify the new virtual network size in the Number of the virtual adapters field.

  4. Reconfigure the Ethernet configuration of the virtual machines. This step is only necessary if shrinking the virtual network and only if the virtual machines are configured for TAP devices that no longer exist.

  5. Start the attached virtual machines.

(warning) Shrinking a virtual network may make it necessary to adjust a number of virtual machine configurations because the name of their virtual Ethernet interface has changed.


Managing VLAN Interfaces

(info) This option is described for completeness. However, it is normally not relevant for the Charon-SSP AWS product.

Adding a VLAN Interface

  • Click on the Add button to open the submenu for selecting between virtual networks and VLANS.
  • Select VLAN.

This will open the VLAN configuration window as shown here.

Configure the VLAN interface. The configuration settings are described below.


VLAN configuration options:

VLAN configuration options

FieldDescription

Parent interface

Select the host system Ethernet interface that will serve as the base interface for the LAN connection.

VLAN ID

Enter the VLAN number matching the customer’s LAN configuration. Values: 2-4094.

The interface name of the new interface has the format: <parent-interface>.<vlan-id>

IP settings

Specify the method used for addressing the interface used to connect the host to the external network. Options are Automatic (DHCP), Manual, and None.

IP address

If manual addressing is selected, the host IP address can be added in this field. The field is inactive if DHCP or None is selected.

Netmask

If manual addressing is selected, the netmask for the host IP address can be added in this field. The field is inactive if DHCP or None is selected.

Gateway

If manual addressing is selected, the default gateway for the host can be added in this field. The field is inactive if DHCP or None is selected.

DNS server 1 and DNS server 2

If manual addressing is selected, you can add the IP address of one or two DNS name servers.

Deleting a VLAN Interface

To delete a VLAN interface, follow the instructions listed below:

  1. Follow the menu path Tools > Network Settings to open the network settings window.

  2. Select the VLAN interface you want to delete and click on the Remove button. This will open a confirmation window.

  3. To delete the VLAN interface, click on YES.

Following the instructions above will immediately delete the VLAN interface.



<Go to top>



© Stromasys, 1999-2024  - All the information is provided on the best effort basis, and might be changed anytime without notice. Information provided does not mean Stromasys commitment to any features described.