Volterra Private Network

Objective

This guide presents information on Volterra private network, provides instructions on how to enable it, deploy Volterra sites using it, and perform advertisement/discovery on the private network. Volterra private network is also called as Volterra direct connect network. For more information on network concept, see Networking.

Using the instructions provided in this guide, you will be able to create a Virtual Network and setup a static route from this network.


Private Network Overview

Volterra private network is a virtual network configuration managed by Volterra for customers who request for it. This private virtual network is only visible and usable to that customer.

In case of customers sites to be deployed on networks that are isolated from internet, the sites require the following as part of installation and registration:

  • Downloading a set of configurations
  • Downloading of images from docker repositories for various site services
  • Establish IPsec/SSL tunnels to the Volterra Regional Edge (RE) sites
  • Communicating with PKI/Identity Authority

After site installation, it is also required to enable the ability to advertise services, configure end points, and enable service discovery for these isolated networks.

Volterra private network connects the isolated networks to a set of Volterra RE sites using any of the following methods:

  • Private link
  • CloudLink
  • L3VPN on Volterra backbone

Volterra sites in the isolated network are provisioned using this private network as opposed to the regular sites that connnect to the RE sites and Global Controller over internet.

After the private network is enabled, the following objects are created for your tenant:

  • Virtual network object representing the private network
  • Global configuration object containing DNS IP address to be used in the private virtual network
  • HTTP Connect/DRP Proxy object for site installation and management over the private network

Prerequisites

The following prerequisites apply:

Note: If you do not have an account, see Create a Volterra Account.

  • Hardware devices or VMs on networks isolated from internet.

Note: See Supported Hardware for hardware that is supported for installing Volterra site.

  • HTTP load balancer to advertise services.

Note: If you do not already set up a load balancer, see HTTP Load Balancer.


Configuration

To use Volterra private network, it is required to first enable it via raising a support request. After the private network is enabled for your tenant, you can deploy Volterra sites using the private network. You can also perform various activities such as advertising services, configuring endpoints, setting up discoveries, etc.

Enable Private Network

Perform the following to enable Volterra private network for your tenant:

Step 1:Log into VoltConsole and start creating a support request.
  • Click General on the selector bar on the left configuration menu.
  • Click Requests in the Support section.
  • Click `Add new request. This opens a new support request form.
Step 2:Fill the request information and create request.
  • Select Request for the Type field and Others for the Topic field.
  • Choose a priority in the Priority field.
  • Enter subject for the Please choose a subject for your issue field.
  • Enter the details in the Please explain the problem below field.
  • Click Send.

Note: Volterra support enables the private network and configures it for your tenant in the shared namespace.

Step 3:Verify the private network after it is enabled.
  • Log into VoltConsole and navigate to Manage -> Networking -> Virtual Networks in the System namespace.
  • Verify that there is a network entry whose name is in the adn-private-vn-<tenant-name> format and listed in shared namespace.

volt adn pvn
Figure: Volterra ADN Private Network in Shared Namespace

  • Expand the network object to view its details in JSON format. The value VIRTUAL_NETWORK_VOLTADN_PRIVATE_NETWORK for the legacy_type field indicates that it is the Volterra private network configured for this tenant.

Deploy Volterra Site Using Private Network

You can use the Volterra private network in one of the following 2 ways:

  • Using HTTP-Connect proxy - This is a recommended method.
  • Using Dyamic Reverse Proxy (DRP)

Perform the following to deploy Volterra sites using the Volterra private network:

Step 1:Install Volterra site image in your isolated network location.
  • Start installing Volterra site on a location in your isolated network. You can download and install the image on a VM or a hardware device.

Note:

  • For information on site installation requirements and instructions, see the documentation in the Site Management guides.
  • For information on the software image, see the image downloads in the Images guides.
  • In case of Volterra hardware such as IGW or ISV, the box is shipped with pre-installed image. Therefore, you do not require performing installation.
  • Power up the VM or the device.
Step 2:Perform post-installation configuration.

After switching on the VM or device with the Volterra site image installed, perform initial configuration using one of the following methods:

Using HTTP Proxy
  • You will be prompted to enter login credentials. Enter admin username and Volterra123 password. Login for the first time prompts you to update the password for the admin user.
  • Enter configure and enter the Volterra private virtual network name.
  • Perform rest of the configuration as per your requirements. For more information, see Site Management guides.
Using DRP

In case of DRP, make sure that your corporate HTTP proxy is resolving against Volterra DNS or manually configure all DNS records. Perform the following:

  • You will be prompted to enter login credentials. Enter admin username and Volterra123 password. Login for the first time prompts you to update the password for the admin user.
  • Enter configure-network. Enter Yes for Do you want to configure ADVANCED network options? Ensure that you configure your HTTP Proxy used internally.
  • Optionally, enter configure and enter the Volterra private virtual network name. However, you can also set this option at the registration time.
  • Perform rest of the configuration as per your requirements. For more information, see Site Management guides.
Step 3:Perform site registration
  • Log into VoltConsole. Go to Manage -> Site Management -> Registrations in the System namespace. Click ✅ to load the registration acceptance form.
  • Set Volterra private network using one of the following:

    • In case you are using HTTP Proxy method for site installation, verify that the private network name is reflecting in the registration acceptance form in the Private Network Name field.
    • In case you are using DRP Proxy method and did not set the Volterra private network during the post-install configuration, enter the Volterra private network name in the Private Network Name field.

volt adn reg
Figure: Volterra ADN Private Network During Registration

  • Set the rest of the registration fields as per your requirement and click Save and Exit.

Note: Enter all mandatory fields marked with the * character.

  • Wait for the site status to become ONLINE. You can check this in the Sites -> Site List for your site in the Site Admin State column.

Advertising services on the private network requires you to select the private network for advertising. In case you set the default VIP in advertising configuration, the VIP of the private network is used as listener IP.

Perform the following to advertise on the private network:

Note: This step only shows advertisement configuration of load balancer. For full set of load balancer creation instructions, see HTTP Load Balancer guide.

Step 1:Log into VoltConsole and start creating load balancer.
  • Click on App in the selector bar and select your namespace from the drop-down list.
  • Select Manage -> Load Balancers -> HTTP Load Balancers from the options. Click Add HTTP load balancer to start creating the load balancer.
  • Set a name, domain, and type of load balancer in the basic configuration section.
  • Configure origin pool in the default origin servers section.
Step 2:Perform VIP configuration for advertising on the private network.
  • In the VIP configuration section, enable the Show Advanced Fields option.
  • Select Advertise Custom for the Where to Advertise the VIP field.
  • Click Configure under the Advertise Custom field. Custom VIP advertise configuration page opens.
  • Enable the Show Advanced Fields option.
  • Select Virtual Network for the Select Where to Advertise field.
  • Click on the Virtual Network field and select the private network object from the displayed list of network objects.
  • Click Apply.

adv pol pvn
Figure: Advertising on Volterra Private Network

Note: The option Default VIP is set by default for the Select VIP option and the default VIP is used as a listener IP.

Step 3:Complete creating the load balancer.

In the load balancer configuration page, click Save and Exit.


Configure Service Discovery Private Network

Perform the following to discover services on the private network:

Note: This step only shows configuration of where the discovery is valid. For full set of service discovery creation instructions, see Service Discovery - K8s guide for K8s discovery. See Service Discovery - Consul guide for consul discovery.

Step 1:Log into VoltConsole and start creating service discovery.
  • Click System on the selector bar on the left configuration menu.
  • Select Manage -> App Management -> Service Discovery and click Add discovery.
  • Enter a name for the discovery object in the metadata section.
Step 2:Set that discovery is visible on the private network.
  • Navigate to the Where section and enable the Show Advanced Fields option.
  • Select Virtual Network for the Virtual-Site or Site or Network field.
  • Click on the Reference field and select the Volterra private network object from the displayed list.
Step 3:Complete creating the service discovery object.

Configure Origin Server in Private Network

Perform the following to configure origin server on the private network:

Note: This step only shows origin server configuration part of origin pool. For full set of origin pool creation instructions, see Origin Pools guide.

Step 1:Log into VoltConsole and start creating origin pool.
  • Click App on the selector bar on the left configuration menu. Select your namespace from the drop-down list to change to it.
  • Select Manage -> Load Balancers -> Origin Pools and click Add Origin Pool.
  • Enter a name for the origin pool in the metadata section.
Step 2:Specify the origin server IP address or DNS name reachable over the private network.

Navigate to the Basic Configuration section and select one of the following options for the Select Type of Origin Server field.

  • Select IP address on Virtual Network and enter the IP address of origin server in the IP field.
  • Select Name on Virtual Network and enter DNS name of the origin server in the DNS Name field. Click on Virtual Network field and select the Volterra private network from the displayed list of network objects.

Note: Ensure that origin servers are running so that the endpoint discovery will be succesfull while attempting to use the origin pools.

Step 3:Complete creating the origin pool object.
  • Perform configuration for the rest of origin pool sections as per your requirement; See Origin Pools guide for more information.
  • Click Save and Exit.