Multi Node Site Network Setup Using Fleet

Objective

This guide provides instructions on how to setup networking configuration for each node in a multi-node site using Volterra fleet. All the multi-node sites belonging to the fleet will be configured equally and you can further enhance its security by adding network firewall to the fleet, to ensure consistent security policy across all the sites in the fleet. These instructions cover the following:

  • IP address management of outgoing interfaces (towards internet).
  • IP address management of interfaces towards inside networks.
  • Segmenting subnets using VLANs.
  • For information on how to use networking in Volterra, see Networking.
  • For information on how to create a fleet, see Create Fleet.
  • For information on how to create and manage sites, see Site Management.

Prerequisites

Note: In case you do not have an account, see Create a Volterra Account.

  • Volterra Multi-Node site.

Configuration

The following image shows an example topology for the use case preneted in this guide:

top uc
Figure: Sample Network Topology

The example in this topology sets up a multi node Volterra site as a network gateway for private networks of an organization. The gateway has 3 master nodes and a Layer 2 switch with 3 VLANs for segmentation of employee workstations, development servers, and test servers. To setup this topology, you need to configure the following in fleet:

  • Set up 2 virtual networks - one outside network and one inside network. This example creates inside and outside networks as part of fleet.
  • Setup the following network interfaces:

    • A dedicated interface towards ISP
    • Ethernet interfaces for inside subnets with static IP mapping for specific devices and DHCP assignment for rest of the devices. Optionall, you can also configure static IP to MAC address mapping.
  • Setup a network connector with SNAT from inside to outside network.

Finally apply the fleet with the above objects to your multi node site to enable the network connectivity.

Create Fleet

Step 1: Log into the VoltConsole and start fleet configuration.

Select Manage from the configuration menu in the system namespace. Select Site Management -> Fleet from the options. Click Add fleet.

image4
Figure: Fleet Configuration

Step 2: Configure Fleet label. After configuring a name in your Fleet object, configure the `fleet label value`. This value can be the same as the name.
Step 3: Configure virtual networks.

Go to Fleet Configuration section and perform the following:

  • Click on Select Outside virtual network object and click Add new virtual network. Enter a name and select Site Local (Outside) Network for the Select Type of Network field. Click Continue.
  • Click on Select Inside virtual network object and click Add new virtual network. Enter a name and select Site Local Inside Network for the Select Type of Network field.
  • Optionally, specify list of static routes on this network. This example sets static route to 192.168.12.0/24 network with the next-hop as 192.168.2.254.
  • Click Continue.

sl inside nw
Figure: Inside Virtual Network to add to a fleet

Step 4: Configure network interfaces.

Go to Network Interfaces section and perform the following:

Step 4.1: Configure dedicated interface towards ISP.
  • Select Create new interface in the network interface drop-down menu.
  • Enter a name and select Direct Interface for the Interface Config Type field.
  • Select eth0 in the Interface Device field.
  • Click Continue.

ni wan
Figure: Inside Virtual Network to add to a fleet

Note: WAN IP addresse configuration is out of scope of this document.

Step 4.2: Configure inside interface for the different VLANs.

You can configure the inside interfaces in the following methods:

  • Interface with DHCP Server - This enables you to specify the DHCP pool settings. You can also statically map IP address based on hostname or MAC address.
  • Interface with DHCP Client - This enables the interface to obtain IP addresses from a DHCP server.
  • Interface with Static Mapping - This enables you to manually assign IP addresses to nodes.

Note: This example shows static mapping and DHCP server method.

Interfaces with DHCP Server Method:
  • Click Add item in the network interfaces section.
  • Select Create new interface in the network interface drop-down menu.
  • Enter a name in the Name field. This example configures subnet-servers-vlan100 representing the development subnet.
  • Select Ethernet Interface for the Interface Config Type field.
  • Select Configure in the Interface Device field.
  • Select from the drop down or enter a name for the Ethernet Device field and click Add item to add the name. This example enters eth3.100 as the Ethernet device.
  • Select VLAN ID for the Select Untagged or VLAN tagged field and enter a VLAN ID. This example configures 100 for development environment.

eth3 100
Figure: Ethernet Interface Configuration for VLAN 100

  • Select DHCP server for the Select Interface Address Method field and click Edit for DHCP server configuration.
  • Click Edit on the DHCP Networks field and configure the following DHCP settings.

    • Select Network Prefix for the Select Network Prefix Method field ans enter a prefix for the Network Prefix field.
    • Select Include IP Addresses from the DHCP Pools for DHCP Pool Settings.
    • Enter Starting IP and Ending IP as per your choice.
    • Set the default gateway and DNS server addresses as per your choice. Click Apply.

eth3 100 dhcp
Figure: DHCP Configuration for VLAN 100

  • Enable Show Advanced Fields in the interface configuration. Select Configured for the Select Interface Addressing field.
  • Configure node to IP static mapping for the Site:Node to IP Mapping field. You can add more static mappings using the Add item option. This is the interface configuration from the master nodes towards the development subnet.
  • Optionally, you can assign IP addresses to devices based on the MAC addresses. Scroll down to Fixed IP Assignments for Clients section and add MAC to IPv4 mappings. You can add more static mappings using the Add item option.

eth3 100 static new
Figure: Static IP Configuration for VLAN 100

  • Click Apply to apply ethernet interface configuration to network interface configuration.
  • Click Continue to create the interface and add to fleet.
Interfaces with Static Mapping Method:
  • Click Add item in the network interfaces section.
  • Select Create new interface in the network interface drop-down menu.
  • Enter a name and select Ethernet Interface for the Interface Config Type field.
  • Select Configure in the Interface Device field.
  • Select from the drop down or enter a name for the Ethernet Device field and click Add item to add the name. This example enters eth3.100 as the Ethernet device.
  • Select Specific Node for the Configuration for Cluster or Specific Node field.
  • Select a node from the drop-down list of the Specific Node field.
  • Select VLAN ID for the Select Untagged or VLAN tagged field and enter a VLAN ID. This example configures 100 for development environment.

ni stat 1
Figure: Specific Node Interface Configuration

  • Click Show Advanced Fields option to enable the advanced fields in the IP Configuration section.
  • Select Static IP for the Select Interface Address Method field and enter an IP address in the IP address/Prefix Length field. Optionally, set default gateway IP address and DNS server address in their respective fields.
  • Select Site Local Network Inside for the Select Virtual Network field.

ni stat 2
Figure: Specific Node Interface Configuration

  • Click Apply to apply ethernet interface configuration to network interface configuration.
  • Click Continue to create the interface and add to fleet.

Note: Repeat the above steps and create an interface for each node.

Step 4.3: Configure inside interface towards workstations and test servers subnetworks.

Follow same steps as that of Step 4.2 with the IP addresses of node interfaces towards the other 2 subnetworks and DHCP pool settings for the clients. The following are the example images for the segmented VLANs.

Note: The following examples show interface configuration in the DHCP server mode. Static mapping is not shown. In case you are using static mapping, follow the instructions of Interfaces with Static Mapping Method in Step 4.2. Create interfaces for each VLANs. For this example, there are 3 VLANs and 3 nodes so a total of 9 interfaces are required to be created for static method.

DHCP Network Settings for VLAN 191 (interface name subnet-clients-vlan191):

eth3 191 dhcp
Figure: DHCP Configuration for VLAN 191

Static mappings for VLAN 191:

eth3 191 static new
Figure: Static IP Configuration for VLAN 191

DHCP Network Settings for VLAN 192 (interface name subnet-vmware-vlan192):

eth3 192 dhcp
Figure: DHCP Configuration for VLAN 192

Static mappings for VLAN 192:

eth3 192 static new
Figure: Static IP Configuration for VLAN 192

Step 5: Create Network Connectors for your fleet.

Go to Network Connectors section and perform the following:

  • Click on Select network connector object and click Add new Network Connector.
  • Enter a name for the network connector and click Continue to add the network connector to the fleet. This sets the network connector to function in the default SNAT mode that connects site local inside network to site local outside network.
Step 6: Complete creating fleet.

fleet final
Figure: Fleet Created

Click Save and Exit.


Apply Fleet to the Site

When your Fleet is configured, you will need to apply it on your multi-node site so that the nodes on that site are configured with the settings you just created.

Perform the following to apply the Fleet label to a site:

Step 1:Add fleet label to site configuration.
  • Navigate to Sites -> Site List, find your site object and click ... -> Edit to edit your site properties.
  • Locate the Labels box form and insert the key-value pair that represents your fleet. The key should be ves.io/fleet and value should be the label of your fleet configured in Step 2 of the Create Fleet chapter.

fleet to site
Figure: Fleet Label Addition to Site Configuration

  • Click Save and Exit to save Changes.
Step 2: Verify the configuration

Your multi node site is now part of the fleet that you configured. You can verify the configuration in one of the following ways:

  • Navigate to Sites -> Site List and click on your site from the displayed list. This opens the site dashboard. Click on the Nodes tab and click on a node to open the node dashboard. Click Hardware Information and scroll down to Network Devices to check the device name and its IP address.

node eths
Figure: Node Ethernet Interface Details

  • Log on to the site local UI dashboard using the https://<ip-address>:65500 URL with your user credentials and scroll down to the Network Information section to check the Ethernet device details.

local ui eths
Figure: Node Ethernet Interface Details from Local Dashboard

  • Add a client to one of the subnets using your network authentication mechanism (like SSID and network key). Check that the client is assigned with a DHCP IP address from the allocated pool or static (as per the MAC mapping) address for that subnet as per your fleet configuration.

Concepts


API References