Virtual Machines Networking on

Overview

Mon, 17 Feb 2025 00:00:00 +0000

This section contains documentation on how to create and manage Virtual Networks and their related objects.

How Should I Read This Chapter

Before reading this section , you should have already installed and configured your cloud.

Virtual Networks Templates explains how to create networks.

The Self Provision section details how regular users can self-provision virtual networks for their use.

You will also find information on Security Groups, to easily define firewall rules.

Additionally you will learn on how to manage Virtual Routers which are an OpenNebula resource that provide routing across Virtual Networks.

Hypervisor Compatibility

Virtual Networks are common to all hypervisors.

Virtual Network Templates

Mon, 17 Feb 2025 00:00:00 +0000

The Virtual Network Templates allow the end user to create Virtual Networks without knowing the details of the underlying infrastructure. Typically the administrator sets up the templates with the required physical attributes, e.g., driver or physical device information and lets the end user add all the logic information like address ranges or gateway.

Virtual Network Templates can be instantiated several times and shared between multiple users.

Security Groups

Mon, 17 Feb 2025 00:00:00 +0000

Security Groups define firewall rules to be applied to Virtual Machines.

Warning

Security groups are not supported for OpenvSwitch.

Defining a Security Group

A Security Group is composed of several Rules. Each Rule is defined with the following attributes:

Attribute	Type	Meaning	Values
PROTOCOL	Mandatory	Defines the protocol of the rule	ALL, TCP, UDP, ICMP, IPSEC
RULE_TYPE	Mandatory	Defines the traffic direction	INBOUND, OUTBOUND
IP	Optional	If the rule only applies to a specific net. This is the first IP of the consecutive set of IPs. Must be used with SIZE.	A valid IP
SIZE	Optional	If the rule only applies to a net. The number of total consecutive IPs of the network. Use always with IP.	An integer >= 1
RANGE	Optional	A Port Range to filter specific ports. Only works with TCP and UDP.	(iptables syntax) multiple ports or port ranges are separated using a comma, and a port range is specified using a colon. Example: `22,53,80:90,110,1024:65535`
ICMP_TYPE	Optional	Specific ICMP type of the rule. If a type has multiple codes, it includes all the codes within. This can only be used with ICMP. If omitted the rule will affect the whole ICMP protocol.	0,3,4,5,8,9,10,11,12,13,14,17,18
NETWORK_ID	Optional	Specify a network ID to which this Security Group will apply	A valid networkd ID

Note

When using IPSEC value for PROTOCOL, rules for the Encapsulating Security Payload (ESP) protocol of IPSec are set.

To create a Security Group, use the Sunstone UI Interface or create a template file following this example:

Self Provision

Mon, 17 Feb 2025 00:00:00 +0000

End users can create their own Virtual Networks in two different ways:

making a reservation

instantiating a Virtual Network Template.

Reservations

Reservations allow users to create their own networks consisting of portions of an existing Virtual Network. Each portion is called a Reservation. To implement this you need to:

Define a VNET with the desired ARs and configuration attributes. These attributes will be inherited by any Reservation, so the final users do not need to deal with low-level networking details.
Set up access. In order to make a Reservation, users need USE rights on the Virtual Network, just as if they would use it to directly provision IPs from it.
Make Reservations. Users can easily request specific addresses or a number of addresses from a network. Reservations are placed in a new Virtual Network for the user.
Use Reservations. Reservations are Virtual Networks and offer the same interface, so simply point any Virtual Machine to them. The number of addresses and usage stats are also shown in the same way.

Make and Delete Reservations

To make reservations just choose the source Virtual Network, the number of addresses, and the name of the reservation. For example, to reserve 10 addresses from Private and place them on MyVNET just:

Virtual Routers

Mon, 17 Feb 2025 00:00:00 +0000

Virtual Routers provide routing across Virtual Networks. The administrators can easily connect Virtual Networks from Sunstone and the CLI. The routing itself is implemented with a Virtual Machine appliance available though the Marketplace. This Virtual Machine can be seamlessly deployed in high availability mode.

Download the Virtual Router Appliance

OpenNebula provides an appliance which implements various Virtual Network Functions (VNFs), including the Virtual Router. The Virtual Router image is prepared to run in an HA mode and process the context information from OpenNebula. In this way, its base capabilities can be easily extended. Continue to the VNF appliance documentation for more details about the advanced usage and other implemented functions.

Transparent Proxies

Mon, 17 Feb 2025 00:00:00 +0000

Transparent Proxies make it possible to connect to management services, such as OneGate, by implicitly using the existing data center backbone networking. The OneGate service usually runs on the leader Front-end machine, which makes it difficult for Virtual Machines running in isolated Virtual Networks to contact it. This situation forces OpenNebula users to design virtual networking in advance, to ensure that VMs can securely reach OneGate. Transparent Proxies have been designed to remove that requirement.