Multi Node Site Network Setup Using Fleet

Objective

This guide provides instructions on how to setup networking configuration for each node in a multi-node site using Volterra fleet. All the multi-node sites belonging to the fleet will be configured equally and you can further enhance its security by adding network firewall to the fleet, to ensure consistent security policy across all the sites in the fleet. These instructions cover the following:

  • IP address management of outgoing interfaces (towards internet).
  • IP address management of interfaces towards inside networks.
  • Segmentation of subnets using VLANs.
  • For information on how to use networking in Volterra, see Networking.
  • For information on how to create a fleet, see Create Fleet.
  • For information on how to create and manage sites, see Site Management.

Prerequisites

Note: In case you do not have an account, see Create a Volterra Account.

  • Volterra Multi-Node site.

Configuration

The following image shows an example topology for the use case presented in this guide:

top uc new
Figure: Sample Network Topology

The example in this topology sets up a multi node Volterra site as a network gateway for inside networks. The gateway has 3 master nodes and a Layer 2 switch with 3 VLANs for segmentation of employee workstations, development servers, and test servers. To setup this topology, you need to configure the following in the fleet object:

  • 2 virtual networks - one outside network and one inside network. This example creates inside and outside networks as part of fleet.
  • Setup the following network interfaces:

    • Dedicated Interfaces on the Site Local Outside (WAN).
    • Note: The IP addressing must be static or a Fixed DHCP lease from an upstream DHCP server. Changing of SLO IP addresses in a multi-cluster setup is currently not support.
    • Ethernet Interface for the Site Local Inside Network. We will configure Static Node Address, a DHCP Server, and DHCP Fixed Leases for internal hosts such as printers.
  • Setup a site local breakout from the Inside to Outside network using the network connector with SNAT.
  • Finally apply the fleet with the above objects to your multi node site to enable the network connectivity.

Create Fleet

Step 1: Log into the VoltConsole and start fleet configuration.

Select Manage from the configuration menu in the system namespace. Select Site Management -> Fleet from the options. Click Add fleet.

image4
Figure: Fleet Configuration

Step 2: Configure Fleet label.

After configuring a name in your Fleet object, configure the fleet label value. This value can be the same as the name.

Step 3: Configure virtual networks.

Go to Fleet Configuration section and perform the following:

  • Click on Select Outside virtual network object and click Add new virtual network. Enter a name and select Site Local (Outside) Network for the Select Type of Network field. Click Continue.
  • Click on Select Inside virtual network object and click Add new virtual network. Enter a name and select Site Local Inside Network for the Select Type of Network field.
  • Optionally, specify list of static routes on this network. This example sets static route to 192.168.12.0/24 network with the next-hop as 192.168.2.254.
  • Click Continue.

sl inside nw
Figure: Inside Virtual Network to add to a fleet

Step 4: Configure network interfaces.

Go to Network Interfaces section and perform the following:

Step 4.1: Configure dedicated interface towards ISP.
  • Select Create new interface in the network interface drop-down menu.
  • Enter a name and select Direct Interface for the Interface Config Type field.
  • Select eth0 in the Interface Device field.
  • Click Continue.

ni wan
Figure: Inside Virtual Network to add to a fleet

Note: WAN IP address configuration is out of scope of this document.

Step 4.2: Configure inside interface for the development network.

You can configure the inside interfaces in the following methods:

  • Interface with DHCP Server - This enables you to specify the DHCP pool settings. You can also statically map IP address based on hostname or MAC address.
  • Interface with DHCP Client - This enables the interface to obtain IP addresses from a DHCP server.
  • Interface with Static Mapping - This enables you to manually assign IP addresses to nodes.

Note: This example shows static mapping and DHCP server method for the development VLAN.

Interfaces with DHCP Server Method:
  • Click Add item in the network interfaces section.
  • Select Create new interface in the network interface drop-down menu.
  • Enter a name in the Name field. This example configures subnet-servers-vlan100 representing the development subnet.
  • Select Ethernet Interface for the Interface Config Type field.
  • Select Configure in the Interface Device field.
  • Select from the drop down or enter a name for the Ethernet Device field and click Add item to add the name. This example enters eth3.100 as the Ethernet device.
  • Select VLAN ID for the Select Untagged or VLAN tagged field and enter a VLAN ID. This example configures 100 for development environment.

eth3 100
Figure: Ethernet Interface Configuration for VLAN 100

  • Select DHCP server for the Select Interface Address Method field and click Edit for DHCP server configuration.
  • Click Edit on the DHCP Networks field and configure the following DHCP settings.

    • Select Network Prefix for the Select Network Prefix Method field ans enter a prefix for the Network Prefix field.
    • Select Include IP Addresses from the DHCP Pools for DHCP Pool Settings.
    • Enter Starting IP and Ending IP as per your choice.
    • Set the default gateway and DNS server addresses as per your choice. Click Apply.

eth3 100 dhcp
Figure: DHCP Configuration for VLAN 100

  • Enable Show Advanced Fields in the interface configuration. Select Configured for the Select Interface Addressing field.
  • Configure node to IP static mapping for the Site:Node to IP Mapping field. You can add more static mappings using the Add item option. This is the interface configuration from the master nodes towards the development subnet.
  • Optionally, you can assign IP addresses to devices based on the MAC addresses. Scroll down to Fixed IP Assignments for Clients section and add MAC to IPv4 mappings. You can add more static mappings using the Add item option.

eth3 100 static new
Figure: Static IP Configuration for VLAN 100

  • Click Apply to apply ethernet interface configuration to network interface configuration.
  • Click Continue to create the interface and add to fleet.
Interfaces with Static Mapping Method:
  • Click Add item in the network interfaces section.
  • Select Create new interface in the network interface drop-down menu.
  • Enter a name and select Ethernet Interface for the Interface Config Type field.
  • Select Configure in the Interface Device field.
  • Select from the drop down or enter a name for the Ethernet Device field.

    Note: When entering a name, type the name and click Add item to add the name. This example enters eth3.100 as the Ethernet device.

  • Select Cluster, All Nodes of the Site for the Configuration for Cluster or Specific Node field.
  • Select VLAN Id option for the Select Untagged or VLAN tagged field and enter a VLAN ID in the VLAN Id field. This example configures 100 for development environment.

ni stat 1 new
Figure: Static Interface Configuration

  • Click Show Advanced Fields option to enable the advanced fields in the IP Configuration section.
  • Select Static IP for the Select Interface Address Method field.
  • Select Cluster, All Nodes of the Site option for the Select Static IP Configuration field.
  • Click Add item under the Node to IP Mapping field. Select a node in the Enter node field.

    Note: You can also type a hostname in the Enter node field and click Add item to add the hostname.

  • Enter an IP address in the IP address/Prefix Length field. Optionally, set default gateway IP address and DNS server address in their respective fields.
  • Click Add item and configure the IP addresses for the other nodes.
  • Select Site Local Network Inside for the Select Virtual Network field.

ni stat 2 new
Figure: Specific Node to IP Mapping

  • Click Apply to apply ethernet interface configuration to network interface configuration.
  • Click Continue to create the interface and add to fleet.
Step 4.3: Configure inside interface towards workstations and test servers subnetworks.

Follow same steps as that of Step 4.2 with the IP addresses of node interfaces towards the other 2 subnetworks and DHCP pool settings for the clients. The following are the example images for the segmented VLANs.

Note: The following examples show interface configuration in the DHCP server mode. Static mapping is not shown. In case you are using static mapping, follow the instructions of Interfaces with Static Mapping Method in Step 4.2. Create interfaces for each VLANs with node to IP address mapping. For this example, there are 3 VLANs and 3 nodes so 3 interface objects are required to be created with each interface consisting of 3 IP mappings.

DHCP Network Settings for VLAN 191 (interface name subnet-clients-vlan191):

eth3 191 dhcp
Figure: DHCP Configuration for VLAN 191

Static mappings for VLAN 191:

eth3 191 static new
Figure: Static IP Configuration for VLAN 191

DHCP Network Settings for VLAN 192 (interface name subnet-vmware-vlan192):

eth3 192 dhcp
Figure: DHCP Configuration for VLAN 192

Static mappings for VLAN 192:

eth3 192 static new
Figure: Static IP Configuration for VLAN 192

Step 5: Create Network Connectors for your fleet.

Go to Network Connectors section and perform the following:

  • Click on Select network connector object and click Add new Network Connector.
  • Enter a name for the network connector and click Continue to add the network connector to the fleet. This sets the network connector to function in the default SNAT mode that connects site local inside network to site local outside network.
Step 6: Complete creating fleet.

fleet final
Figure: Fleet Created

Click Save and Exit.


Apply Fleet to the Site

When your Fleet is configured, you will need to apply it on your multi-node site so that the nodes on that site are configured with the settings you just created.

Perform the following to apply the Fleet label to a site:

Step 1:Add fleet label to site configuration.
  • Navigate to Sites -> Site List, find your site object and click ... -> Edit to edit your site properties.
  • Locate the Labels box form and insert the key-value pair that represents your fleet. The key should be ves.io/fleet and value should be the label of your fleet configured in Step 2 of the Create Fleet chapter.

fleet to site
Figure: Fleet Label Addition to Site Configuration

  • Click Save and Exit to save Changes.
Step 2: Verify the configuration

Your multi node site is now part of the fleet that you configured. You can verify the configuration in one of the following ways:

  • Navigate to Sites -> Site List and click on your site from the displayed list. This opens the site dashboard. Click on the Nodes tab and click on a node to open the node dashboard. Click Hardware Information and scroll down to Network Devices to check the device name and its IP address.

node eths
Figure: Node Ethernet Interface Details

  • Log on to the site local UI dashboard using the https://<ip-address>:65500 URL with your user credentials and scroll down to the Network Information section to check the Ethernet device details.

local ui eths
Figure: Node Ethernet Interface Details from Local Dashboard

  • Add a client to one of the subnets using your network authentication mechanism (like SSID and network key). Check that the client is assigned with a DHCP IP address from the allocated pool or static (as per the MAC mapping) address for that subnet as per your fleet configuration.

Concepts


API References