Virtual Router 3.6
This guide describes how to use the Virtual Router in OpenNebula.
When instantiated in a network, this appliance provides the following services for other Virtual Machines running in the same network:
A big advantage of using this appliance is that Virtual Machines can be run in the same network without being contextualized for OpenNebula.
This appliance is controlled via CONTEXT
. More information in the following
sections.
This is a 64-bit appliance and will run both in KVM
and Xen
environments. It will run with any
network driver.
Since each virtual router will start a DHCP server and it's not recommended to have more than one DHCP server per network, it's recommend to use it along network isolation drivers if you're going to deploy two or more router instances in your environment:
RANGED
network and not FIXED
.
The appliance is based on archlinux. There's only
one user account: root
. The default password for the root user is
router
. This can be changed using CONTEXT
along with root's public key.
openssl passwd -1
. To disable password login set: !
The virtual router can be used in two ways:
Only one interface. Useful if you only want DHCP or NTP.
To enable this you need to add the following context to the VM:
<xterm> TARGET = “hdb” PRIVNET = “$NETWORK[TEMPLATE, NETWORK=\”private_network_name\“]”, TEMPLATE = “$TEMPLATE” DHCP = “YES|NO” NTP = “YES|NO” </xterm>
If you're going to a use a netmask different to '255.255.255.0' you will have to add the following to the private network's template:
<xterm> NETWORK_MASK = 255.255.255.254 </xterm>
In this case, the Virtual Machine will need two network interfaces: a private
and a public one. The public one will be masqueraded. In this mode you can also
configure a DNS server by setting the DNS
and optionally the SEARCH
attribute (useful for domain searches in /etc/resolv.conf
). This mode also
includes all the attributes related to the previous section, i.e. DHCP and NTP
servers.
This is an example context for the router mode:
<xterm> TARGET = “hdb” PRIVNET = “$NETWORK[TEMPLATE, NETWORK=\”private_network\“]”, PUBNET = “$NETWORK[TEMPLATE, NETWORK=\”public_network\“]”, TEMPLATE = “$TEMPLATE” DHCP = “YES|NO” NTP = “YES|NO” DNS = “8.8.4.4 8.8.8.8” SEARCH = “local.domain” FORWARDING = “8080:10.0.10.10:80 10.0.10.10:22” </xterm>
DNS
This attribute expects a list of dns servers separated by spaces.
FORWARDING
This attribute expects a list of forwarding rules separated by spaces. Each rule has either 2 or 3 components separated by :
. If only two components are specified, the first is the IP to forward the port to, and the second is the port number. If there are three components, the first is the port in the router, the second the IP to forward to, and the third the port in the forwarded Virtual Machine. Examples:
8080:10.0.10.10:80
This will forward the port 8080 in the router to the port 80 to the VM with IP 10.0.10.10.10.0.10.10:22
This will forward the port 22 in the router to the port 22 to the VM with IP 10.0.10.10.
If the public network uses a netmask different to 255.255.255.0
or if the
gateway is not the ip's network with one as the last byte: x.y.z.1
it can be
explicitely set adding the following attributes to the public network's
template:
<xterm> GATEWAY = “192.168.1.100” NETWORK_MASK = “255.255.254.0” </xterm>