Networking

For the networking in Cloud2 metacentrum, we need to distinguish the following scenarios

  • personal project
  • group project.

WARNING: Please read the following rules:

  1. If you are using a PERSONAL project you have to use the 78-128-250-pers-proj-net network to make your instance accessible from an external network (e.g. Internet). Use public-cesnet-78-128-250-PERSONAL for FIP allocation, FIPs from this pool will be periodically released.
  2. If you are using a GROUP project you may choose from the public-cesnet-78-128-251-GROUP, public-muni-147-251-124-GROUP or any other GROUP network for FIP allocation to make your instance accessible from external network (e.g. Internet).
  3. Violation of network usage may lead to resource removal and reduction of the quotas assigned.

Networking in the personal vs. group projects

Personal Project networking

Is currently limited to the common internal network. The network in which you should start your machine is called 78-128-250-pers-proj-net and is selected by default when using a dashboard to start a machine (if you do not have another network created). The floating IP address you need to access a virtual machine is located inpublic-cesnet-78-128-250-PERSONAL pool. Any other allocated floating IP address and external gateway will be deleted. You cannot use the router with the personal project and any previously created routers will be deleted.

Group project

In a group, the project situation is rather different. You cannot use the same approach as a personal project (resources allocated in previously mentioned networks will be periodically released). For FIP you need to allocate from pools with -GROUP suffix (namely public-cesnet-78-128-251-GROUP, public-muni-147-251-21-GROUP or public-muni-147-251-124-GROUP).

NOTICE

If you use a MUNI account, you can use private-muni-10-16-116 and log into the network via MUNI VPN or you can set up Proxy networking, which is described here

Virtual Networks

MetaCentrum Cloud offers software-defined networking as one of its services. Users can create their own networks and subnets, connect them with routers and set up tiered network topologies.

Prerequisites:

  • Basic understanding of routing
  • Basic understanding of TCP/IP

For details, refer to the official documentation.

Network creation

For a group project, you need to create an internal network first, you may use auto allocated pool for subnet auto-creation. Navigate yourself towards Network > Networks in the left menu and click on the Create Network on the right side of the window. This will start an interactive dialog for network creation. Inside the interactive dialog:

  1. Type in the network name
  2. Move to the Subnet section either by clicking next or by clicking on the Subnet tab. You may choose to enter the network range manually (recommended for advanced users to not interfere with the public IP address ranges), or select Allocate Network Address from a pool. In the Address pool section select a private-192-168. Select Network mask which suits your needs (27 as default can hold up to 29 machines, use IP calculator if you are not sure).
  3. For the last tab Subnet Details just check that a DNS is present and the DHCP box is checked, alternatively you can create the allocation pool or specify static routes in here (for advanced users).

NOTICE

If you want to use CLI to create network, please go here

Proxy networking

In your OpenStack instances, you can you private or public networks. If you use a private network and you need to access the internet for updates etc., you can visit following link, where it is explained, how to set up Proxy connection.

Setup Router gateway (Required for Group projects)

Completing Create Virtual Machine Instance created instance connected to a software-defined network represented by the internal network, subnet, and router. The router has by default a gateway address from External Network chosen by cloud administrators. You can change it to any External Network with GROUP suffix, that is visible to you (e.g. public-muni-147-251-124-GROUP or public-cesnet-78-128-251-GROUP). Usage of External Networks with suffix PERSONAL (e.g. public-cesnet-78-128-250-PERSONAL) is discouraged. IP addresses from PERSONAL segments will be automatically released from Group projects. For changing gateway IP address follow these steps:

  1. In Network > Routers, click the Set Gateway button next to the router. If the router exists with other settings, then use the button Clear Gateway and then confirm Clear Gateway. If the router isn’t set then use the button Create router and choose the network.

  2. From list of External Network choose public-cesnet-78-128-251-GROUP, public-muni-147-251-124-GROUP or any other GROUP network you see.

The router is set up with the persistent gateway.

Router creation

Navigate yourself towards Network > Routers in the left menu and click on the Create Router on the right side of the window. In the interactive dialog:

  1. Enter router name and select external gateway with the -GROUP suffix.

Now you need to attach your internal network to the router.

  1. Click on the router you just created.
  2. Move to the Interfaces tab and click on the Add interface.
  3. Select a previously created subnet and submit.

NOTICE

If you want to use CLI to manage routers, please go here

NOTICE

Routers can also be used to route traffic between internal networks. This is an advanced topic not covered in this guide.

Associate Floating IP

WARNING

There is a limited number of Floating IP addresses. So please before you ask for more Floating IP address, visit and read FAQ

To make an instance accessible from external networks (e.g., The Internet), a so-called Floating IP Address has to be associated with it.

  1. In Project > Network > Floating IPs, select Allocate IP to Project. Pick an IP pool from which to allocate the address. Click on Allocate IP.

NOTICE

In the case of group projects when picking an IP pool from which to allocate a floating IP address, please, keep in mind that you have to allocate an address in the pool connected to your virtual router.

WARNING Group projects can persistently allocate IPs only from External Network with GROUP suffix (e.g. public-muni-147-251-124-GROUP or public-cesnet-78-128-251-GROUP). IPs from External Networks with suffix PERSONAL (e.g. public-cesnet-78-128-250-PERSONAL) will be released automatically.
NOTICE Please, keep an eye on the number of allocated IPs in Project > Network > Floating IPs. IPs remain allocated to you until you explicitly release them in this tab. Detaching an IP from an instance is not sufficient and the IP in question will remain allocated to you and consume your Floating IP quota.
  1. In Project > Compute > Instances, select Associate Floating IP from the Actions drop-down menu for the given instance.

  2. Select an IP address and click on Associate.

NOTICE

If you want to use CLI to manage FIP, please go here.

Change external network in GUI

The following chapter covers the problem of changing the external network via GUI or CLI.

Existing Floating IP release

First, you need to release existing Floating IPs from your instances - go to Project > Compute > Instances. Click on the menu Actions on the instance you wish to change and Disassociate Floating IP and specify that you wish to Release Floating IP WARN: After this action, your project will no longer be able to use the floating IP address you released. Confirm that you wish to disassociate the floating IP by clicking on the Disassociate button. When you are done with all instances connected to your router you may continue with the next step.

Clear Gateway

Now, you should navigate yourself to the Project > Network > Routers. Click on the action Clear Gateway of your router. This action will disassociate the external network from your router, so your machines will no longer be able to access the Internet. If you get an error go back to step 1 and Disassociate your Floating IPs.

Set Gateway

  1. Now, you can set your gateway by clicking Set Gateway.

  2. Choose the network you desire to use (e.g. public-cesnet-78-128-251) and confirm.

Allocate new Floating IP(s)

WARNING The new floating IP address for the router must be from the same network pool which was selected as the new gateway.
  1. Go to Project > Network > Floating IPs and click on the Allocate IP to Project button. Select Pool with the same value as the network you chose in the previous step and confirm it by clicking Allocate IP

  2. Now click on the Associate button next to the Floating IP you just created. Select Port to be associated with the desired instance. Confirm with the Associate button. Repeat this section for all your machines requiring a Floating IP.