Advanced Networking

Modified on Wed, 10 May, 2023 at 12:49 PM

Index

OVERVIEW
ADVANCED NETWORK AVAILABILITY
NETWORKING CONCEPTS
FAQ

Overview

Previously, instances on the Nectar Research cloud were limited to a single network type called Classic Networking. Each compute instance was attached to the public internet via a single network interface and assigned a fixed publicly routable IP address. Compute instances in the QRIScloud availability zone had an additional non-routed network interface (qld-data network) for communicating with RDS storage.


With the introduction of Advanced Networking, users of the Nectar Research Cloud now have the ability to create private networks within their respective projects (subject to quota allowance). 


Private networks have the following features: 

  • They are completely isolated and are unique to the project in which they are created.
  • Each private network can contain multiple private subnets.
  • Each private network can span supporting sites across the Nectar Research Cloud, meaning that compute instances from multiple availability zones can be connected together over a private link; removing the need for network traffic to travel over the public internet.
Advanced Networking also allows the use of Floating IP addresses. Floating IP addresses are IP addresses dedicated to a project (subject to quota allowance) and can be attached to an instance that is part of a private network in order to create a public presence for that instance. Because Floating IP addresses are dedicated to a project, it makes it possible to maintain a public IP address for an instance after termination. 

Instances belonging to a project with a private network can have a network interface created and attached to that private network and assigned a private IP address from a network subnet. Multiple network interfaces can be attached to a single instance. While these interfaces can be a mix of classic networking and private network interfaces, it is recommended that only one routed network is attached to an instance.


Advanced Network Availability

Advanced networking is available at all Nectar sites. Note that the following networks having Floating IPs available:

  • ardc-mel-1
  • auckland
  • melbourne
  • monash
  • QRIScloud
  • swinburne
  • tasmania

You can reproduce this list with the OpenStack client command:

openstack network list --external --tags nectar:floating

Networking Concepts

IPv4 Address - A 32 bit number that represents a computer connected to a network, such as the public internet or a private local network. IPv4 addresses usually displayed in human readable format as 4 numbers between 0-255 separated by a dot.


Example 1: 192.168.0.1


Subnet - A logical subdivision of a network. A subnet contains a certain amount of IP addresses depending on its size (IP addresses ending in 0 and 255 are reserved). Computers in the same subnet do not need to use a router to communicate. Think of subnets as streets - each street has a set of houses (IPv4 addresses) belonging to it. On the public internet, street names are unique however in private networks they are not. In fact, there are 3 subnets that are reserved specifically for use in private networks, and NeCTAR strongly encourages using those subnets when creating Private Networks. Subnets can be expressed using a network address and a subnet mask or using CIDR notation.


Example 2: 192.168.100.0,255.255.255.0 is a subnet expressed using a network address and a subnet mask. This subnet contains the following usable IP addresses: 192.168.100.1 -> 192.168.100.254


Example 3: 192.168.100.0/24 is a subnet equivalent to Example 2, expressed using CIDR notation. CIDR notation uses a slightly different way to define the subnet mask. 255.255.255.0 converted to binary is 11111111.11111111.11111111.00000000 and 24 simply dictates the numbers of 1's on the left.


Example 4: 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 are subnets reserved for use in private networks containing 16777214, 1048574 and 65,534 usable IP addresses respectively.


Router - A device that routes network traffic between subnets so that machines on different subnets are able to communicate. Routers generally do this by doing lookups in the router's routing table.


Routing table - A list stored on a computer or a routing device that contains routes which the computer or routing device is aware of.


Route - a rule which contains the next routing device to send a packet to so that it gets forwarded to its destination outside of the local subnet. Routes are specified based on destination network. In OpenStack Private Networks, "Route", "Static Route" and "Host Route" are used interchangeably.


Gateway (Default Route)- a route which is taken by default if the routing table does not contain a route for a particular destination. This is the "else clause" of routing.


NAT (Network Address Translation) - a method of remapping a source or destination address in a network packet to a different address as the packet passes through a router. NAT allows multiple computers on a private network to simultaneously communicate with computers on the internet. NAT is commonly a feature of routers.


Network Interface (Port) - point of interconnection between a computer and a network. Interfaces can be physical: in the form of a computer network card; or virtual: in the form of a connection between an instance and a virtual OpenStack router.


DNS (Domain Name System) - A protocol for translating domains into IP addresses. For example, www.nectar.org.au is translated to 180.235.129.121 by a DNS Server.


DNS Server (Name Server) - A service which utilises the DNS protocol to translate domains into IP addresses. There are many free public DNS servers, such as 8.8.8.8 and 8.8.4.4.


DHCP (Dynamic Host Configuration Protocol) -  a protocol for dynamically assigning IP addresses and routing information on a subnet. If a DHCP service is not present on a subnet, then an IP address and a subnet has to be manually set on each computer (static IP). If a DHCP service is present on a subnet, then the DHCP server decides what IP address (dynamic IP) to distribute to computers as they join the network. A DHCP allocation pool is a range of IP addresses that can be distributed to computers on the network.


Private Network - A private subnet or subnets that are commonly used in local area networks. A private subnet is only able to communicate with public subnets via a router that performs source Source NAT (SNAT). Typically, the router replaces the private source IP address with the address of the router, however, in the case of an OpenStack floating IP the private address is replaced with either the floating IP address, or if no floating IP is attached, the address of the external network attached to the virtual router.


Network Packet - A formatted unit of data sent over the Internet. Communication between computers is achieved by sending/receiving one or more packets.



FAQ

Q: I want a private network for my instances to communicate with each other but I want to use classic networking for outside communication. How do I do that?

A: When creating the subnet, ensure you disable the gateway otherwise you will have two default routes in your instance and you may not be able to communicate with it. When launching an instance, add both Classic Provider and your private network to the list.


Q: I have a private network with more than one subnet. How do I connect my instance to more than one subnet from the same network? Only the first subnet is connected.

A: When launching an instance, OpenStack will only connect your first subnet of your private network to your instance. To connect more subnets, please create a port for the additional subnets (Network -> Networks -> {Your Private Network} -> Ports -> Create Port) by selecting "Subnet" under "Specify IP address or subnet" and selecting your additional subnet under "Subnet". All other fields can be left blank. After this, you can attach this subnet to your instance (Compute -> Instances -> Attach Interface) by selecting "by Port" under" The way to specify an interface" and selecting your newly created port.


Q: I want a private network for my instances to communicate with each other but I also want to be able to communicate with RDS storage from my instance in Queensland. How do I do that?

A: You can launch an instance with the private network only, wait for instance to boot then from the Dashboard attach the Classic Provider interface (Instance Actions -> Attach Interface -> ...), then detach the public port from the instance (Instance Actions -> Detach Interface -> 203.101.xxx.xxx). Inside the instance, configure the second interface to use DHCP and reboot your instance. You should then have your private network alongside the qld-data network. You can also add the qld-data network by using the following command:

nova interface-attach --net-id=00691b0f-69c3-444b-85ea-262dd6909052 <instance_id>

Q: How do I create multiple networks that communicate with each other?

A: There are two ways to approach this: a) one network, multiple subnets within one network or b) multiple networks, one subnet per each network. Option b) is recommended because option a) does not allow the user to use the Dashboard to attach a second subnet to an instance, only the first. Option b) involves creating multiple networks, one subnet for every network, a virtual router, then attaching every subnet to the router. The virtual router will automatically route between the subnets attached to it. When creating instances / attaching networks to existing instances, you can select the network which contains the desired subnet from the list (which is not an available function if using option a)). If you are using option b) and you need to attach a second subnet to an instance, you can do so using the following commands:

neutron port-create --fixed-ip subnet_id=<subnet_id> <network_id> #create a port on the desired subnet
nova interface-attach --port-id <port_id> <instance_id> #attach port to instance
openstack server create \ #or create a net instance
--flavor <flavor> \
--image <image> \
--key-name <key> \
--security-group ssh_icmp_http_https \
--availability-zone QRIScloud \
--nic port-id=<port_id>
<instance_name>


Q: Can I associate a floating IP from Availability Zone "A" to an instance in Availability Zone "B"?

A: As long as the external network of your router belongs to the same Availability Zone as the Floating IP, the instance that is connected to this router via a network can have the Floating IP associated with it. Otherwise, you will get an error.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article