I am unable to use the NAT networking of docker in my setup.
Instead i wan't to use DHCP configured IPs or allow docker to dynamically choose an IP from a preconfigured range.
Is this possible?
I think NAT is a very bad idea und should not be used in production.
No, this is not possible today, but is planned for the 1.0 release via a plugin.
Related
I have the following topology:
Basically 2 subnets, 10.0.27.0 and 192.168.0.0.
I have a floating ip that I assign to one of the machines using the interface in the 10.0.27.0 subnetwork, and it works fine. I added the rules for allowing the ssh traffic. However, when I try to do the same for the interface in the subnet 192.168.0.0, it doesn't work. After a nmap I can see that the port is closed, so I don't know what is happening. Any help is appreciated.
So many possible reason,
Did subnet 192.168.0.0 has opened port? did you test it first?
Did you try to change the subnet into 192.168.0.1? test by changing the subnet into that first. Using default subnet end with 0.0 or 1.1 value sometimes in different environment cause a problem.
You may share what environment you setup this topology and how you do this?
Is it through virtualised network environment or using physical network (switches or router).
I'm looking to use custom VPC and not the default ones while making a cluster setup of Ant Media Server on AWS using the cloudformation.
Could you please let me know how can I create custom VPC or if there's something critical that should be kept in mind while creating custom VPC to go with cloudformation!
Thanks.
One thing to keep in mind is that let's say you created a vpc with 10.0.0.0/16 IP addresses, you need to create two subnets for example 10.0.0.0/24 and 10.0.1.0/24 ,then you should create a internet gateway for those subnets to make them available: ( https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html )
You should also check the routing table if the subnet has internet gateway:
Also in the subnets, you should double check if Auto-assign public IP addresses is enabled. It is not going to work if there is no auto-assigned public IP on the instances.
Then it should be fine with these adjustments.
Cheers
We are creating a Console to administer, view logs and metrics, create resources on Kubernetes in a multicloud environment.
The Console ( a web app ) is deployed on GKE in GCP, but we can't figure out how we can connect and reach K8S Api-Servers in multiple VPC with overlapping IPs, without exposing them on public IP.
I draw a little diagram to expose the problem.
Are there some products or best practice to perform this securely?
Product vendors for example Mongo Atlas or Confluent Cloud seems to have solved this issue, they can create infrastructure in multiple cloud and administer them.
It's not possible to connect two overlapping networks with VPN even if they're in different clouds (GCP & AWS).
I'd suggest to use NAT translation on both sides and connect networks using VPN.
Here's some documentation that may help you. Unfortunatelly it's quite a bit of reading and setting up. Not the easiest solution but it has the benefit of being reliable and it's a quite old and tested approach.
General docs
Configure NAT to Enable Communication Between Overlapping Networks
Using NAT in Overlapping Networks
GCP side
Cloud NAT overview
Using Cloud NAT
AWS side
NAT instances
Comparison of NAT instances and NAT gateways
You second option is to split the original networks in smaller chunks so they wold not overlap but that's not always possible (due to network being small enough already and many IP's are used up...).
It depends on couple factors in the environments.
To access an overlapping network you need some form of gateway.
it can be some kind of proxy socks/http/other or a router/gw(with nat..).
If you can access the 192.168.23.0/24 or any other subnet that can connect to the aws 192.168.2.0/24 subnet from gcp then you can use either one of the solutions.
I assume that aws and gcp can provide the tunnel between the gw/proxy network.
If you don't need security layer for the tunnel you can use a vxlan tunnel and secure the tcp/other app protocol.
Using Google Cloud VPN with AWS Virtual Private Gateway you can accomplish such a thing. A detailed description by Google is given in this documentation.
It describes two VPN topologies:
A site-to-site Route-based IPsec VPN tunnel configuration.
A site-to-site IPsec VPN tunnel configuration using Google Cloud Router and dynamic routing with the BGP protocol.
Additionally, when CIDR-ranges overlap. You would need to create a new VPC/CIDR ranges that are non-overlapping. Otherwise, you could never connect to instances that have IP-addresses in both AWS and GCP.
I want to assign a domain name to an internal openstack floating ip, to access the instance over the internet.
I checked that you can set dnsmasq_dns_servers = 1.1.1.1 and configure dhcp_agent.ini accordingly, it seems to be a step in the right direction, but i couldn't find a way to allocate domain name to openstack instance (via horizon or cli).
The dnsmasq server that is managed by the DHCP agent is used to implement DHCP in subnets where DHCP is enabled. It does not resolve hostnames. If you want to be able to resolve hostnames internally, you could look into running a DNS server in your subnet or maintaning a hostfile on each instance that needs to communicate with the instance.
You could look at Designate. That is the DNS as a Service component of OpenStack. It is also possible to integrate Designate with an external service to manage external DNS.
See SysEleven's How to set up DNS for a Server/Website.
It walks you through the process of:
Creating the zone,
adding the DNS record, and finally
making the zone authoritative in global DNS.
It assumes you can use the OpenStack CLI, but there's also documentation on doing the same thing with Terraform, which I'd recommend as it fully automates the entire infrastructure with infrastructure as code (IaC).
It should apply to any OpenStack provider.
We're currently looking to migrate an old and buggy eucalyptus cloud to openstack. We have ~15 machines that are all on the same office-internal network. The instances get their network configuration from an external (not eucalyptus) DHCP server. We run both linux and windows images. The cloud is used exclusively for platform testing from Jenkins.
Looking into openstack, it seems that out of the three supported networking modes, none really fit our environment. What we are looking for is something like an "unmanaged mode" where openstack launches an instance that is hooked up to eth0 interface on the instances' compute node and which will receive its network configuration from the external DHCP on boot. I.e. the VM's, guest hosts and clients (jenkins) are all on the same network, managed by an external DHCP server.
Is a scenario like this possible to set up in OpenStack?
It's not commonly used, but the Networking setup that will fit your needs the best is FlatNetworking (not FlatDHCPNetworking). There isn't stellar documentation on configuring that setup to work through your environment, and some pieces (like the nova-metadata service) may be a bit tricky to manage with it, but that should accomplish allowing you to run an OpenStack cloud with an external DHCP provider.
I wrote up the wiki page http://wiki.openstack.org/UnderstandingFlatNetworking some time ago to explain the setup of the various networks and how they operate with regards to NICs on hosting systems. FlatNetworking is effectively the same as FlatDHCPNetworking except that OpenStack doesn't try and run the DHCP service for you.
Note that with this mode, all the VM instances will be on the same network with your OpenStack infrastructure - there's no separation of networks at all.