Upload File

vyatta: the virtual router for cloud computing enviroment

  • Home
  • Technology
  • Vyatta: The Virtual Router for Cloud Computing Enviroment
16
(C)Copyright 1996-2010 SAKURA Internet Inc. 2010年12月09日 さくらインターネット研究所 上級研究員 日本Vyattaユーザー会 運営委員 松本直人

Upload: naoto-matsumoto

Post on 19-Jun-2015

2.221 views

Category:

Technology


1 download

Report

TRANSCRIPT

Page 1: Vyatta: The Virtual Router for Cloud Computing Enviroment

(C)Copyright 1996-2010 SAKURA Internet Inc.

2010年12月09日

さくらインターネット研究所 上級研究員 日本Vyattaユーザー会 運営委員

松本直人

Page 2: Vyatta: The Virtual Router for Cloud Computing Enviroment

現在起こっているコト

従来のコンピューティング

クラウド・コンピューティング

パブリック、プライベートの区別なくクラウドへ移行中

Page 3: Vyatta: The Virtual Router for Cloud Computing Enviroment

仮想化を取り巻く環境

今後5年以内に国内サーバーの1/4が仮想環境となる

Page 4: Vyatta: The Virtual Router for Cloud Computing Enviroment

ネットワーク機器も仮想化へ

既存のシステム構成 仮想化技術で省力化

ネットワーク機器の仮想アプライアンス化は発展途上

Page 5: Vyatta: The Virtual Router for Cloud Computing Enviroment

仮想化・クラウドを取り巻く方向性

用途に応じた選択が、ユーザーによって行われる

パブリック・クラウド プライベート・クラウド

仮想化

Page 6: Vyatta: The Virtual Router for Cloud Computing Enviroment

Vyattaが持つ機能

Page 7: Vyatta: The Virtual Router for Cloud Computing Enviroment

VyattaCore提供方式

ユーザー環境に応じて、システム・イメージを選択が可能

LiveCD VMware OVF XenServer XVA virt.ISO

http://www.vyatta.org/downloads

Page 8: Vyatta: The Virtual Router for Cloud Computing Enviroment

クラウド時代のVyattaの使われ方

仮想ルーターとして、クラウド環境で場所を選ばず利用できる

Page 9: Vyatta: The Virtual Router for Cloud Computing Enviroment

BASIC Configuration

基本的なルーター設定は、既存のルーター製品と全く同じ

set interfaces ethernet eth0 address 10.10.10.10/24

set system gateway-address 10.10.10.1

set system name-server 10.10.10.99

set system name-server 10.10.10.88

set interfaces ethernet eth1 address 192.168.168.10/24

set service ssh

set system time-zone Asia/Tokyo

set system syslog host 10.10.10.222 facility all level info

commit

Page 10: Vyatta: The Virtual Router for Cloud Computing Enviroment

インタークラウドで設備のシームレス化

Page 11: Vyatta: The Virtual Router for Cloud Computing Enviroment

Layer2 Bridging Configuration

Ethernetフレームを遠隔地まで飛ばし、シームレスにつなぐ

set interfaces bridge br0

set interfaces ethernet eth1 bridge-group bridge br0

set interfaces openvpn vtun0 bridge-group bridge br0

set interfaces openvpn vtun0 mode site-to-site

set interfaces openvpn vtun0 remote-host X.X.X.X

run vpn openvpn-key generate /root/key

set interfaces openvpn vtun0 shared-secret-key-file /root/key

Page 12: Vyatta: The Virtual Router for Cloud Computing Enviroment

Against VLAN Exhaustion

VLAN番号枯渇対策

管理セグメントのVLAN番号の制約を受けないネットワーク設計

set interfaces ethernet eth0 vif 66 address A.A.A.A/24

set interfaces ethernet eth0 vif 77 address B.B.B.B/24

set interfaces ethernet eth0 vif 88 address C.C.C.C/24

set interfaces ethernet eth0 vif 99 address D.D.D.D/24

Page 13: Vyatta: The Virtual Router for Cloud Computing Enviroment

IPv6 Networking

小規模なIPv6 Networkingから開始できる機能を保持

set interfaces ethernet eth0 address 2001:db8:a::1/64

set interfaces ethernet eth1 address 2001:db8:b::2/64

delete system ipv6 disable-forwarding

set protocols static route6 ::/0 next-hop 2001:db8:a::99/64

set firewall ipv6-name FWv6 default-action reject

set firewall ipv6-name FWv6 rule 66 source address 2001:db8:a::0/64

set firewall ipv6-name FWv6 rule 66 action accept

set interfaces ethernet eth0 firewall in ipv6-name FWv6

commit

Page 14: Vyatta: The Virtual Router for Cloud Computing Enviroment

Add New media type / Infiniband

OpenFabrics Enterprise Distribution (OFED)でIPoIB機能追加

sudo full-upgrade -k

sudo apt-get update

sudo aptitude install module-assistant

sudo apt-get install rpm zlib1g-dev zlib1g-dbg

sudo aptitude intall byacc bison flex

sudo module-assistant prepare

sudo /opt/OFED-1.5.2/install.pl

sudo vi /etc/udev/rules.d/75-persistent-net-generator.rules

:

set interfaces inifniband ib0 address 1.1.1.1/24

commit

Page 15: Vyatta: The Virtual Router for Cloud Computing Enviroment

Against Denial of Service Attack

同一IPアドレスから10秒間に99回以上のトラフィックは遮断

set firewall name STOP-DoS default-action accept

set firewall name STOP-DoS rule 99 protocol tcp

set firewall name STOP-DoS rule 99 destination port 80

set firewall name STOP-DoS rule 99 state new enable

set firewall name STOP-DoS rule 99 recent count 99

set firewall name STOP-DoS rule 99 recent time 10

set firewall name STOP-DoS rule 99 action drop

set interfaces ethernet eth0 firewall in name STOP-DoS

VyattaCore version 6.1 2010.08.20

Build ID 1008200448-170b446

Page 16: Vyatta: The Virtual Router for Cloud Computing Enviroment

(C)Copyright 1996-2010 SAKURA Internet Inc.

ご静聴誠にありがとうございました


Vyatta BasicRoutingRef

Vyatta - IPv6

Guide to Vyatta Software Licensing - Huihoodocs.huihoo.com/vyatta/6.2/Vyatta_SWLicensing_R6.2_v01.pdf · iv Guide to Vyatta Software Licensing R6.2 v02 Vyatta Quick List of Commands

Vyatta - OSPF

Vyatta users meeting 2013 Autumn Brocade Vyatta vRouter チュートリアル

Vyatta Systemhy435/material/Vyatta-OSPF_6.5R1_v01.pdf · Open Shortest Path First protocol on the Vyatta System. 1 Chapter2: Router‐Level Configuration This chapter describes commands

VYATTA, INC. | Vyatta System · PDF fileQoS VYATTA, INC. | Vyatta System Title. ... qos-policy rate-limit burst ... NOTE You must create and configure network

0.us.mirrors.vyos.net0.us.mirrors.vyos.net/vyatta/...v01/Vyatta-Firewall... · iii Firewall 6.5R1 v01 Vyatta Contents Quick List of Commands

DANOS-Vyatta Edition (DVe) Cell Site Router (CSR)

Vyatta - Basic System

Vyatta and Virtualization - vyatta-users.jp · PDF fileVyatta and Virtualization ‐ 仮想環境でのVyatta ‐ Japan Vyatta Users GroupMeeting@ Hiroshima 海老澤健太郎 Twitter:

0.us.mirrors.vyos.net0.us.mirrors.vyos.net/vyatta/vc6.4/docs/Vyatta-Firewall_R6.4_v01.pdf · iii Firewall R6.4 v01 Vyatta Contents Quick List of Commands

VYATTA, INC. | Vyatta Systemplonetest.univ-pau.fr/.../Vyatta_CommandRef_VC3_v02.pdf · Vyatta Suite 200 1301 Shoreway Road Belmont, CA 94002 vyatta.com Command Reference VYATTA, INC

Vyatta - QoS

Best Practices Guide: Vyatta Firewall - …community.brocade.com/.../14/1/Vyatta_Firewall_Best_Practices.pdf · VYATTA FIREWALL BEST PRACTICES FEBRUARY 2013 1 INTRODUCTION Vyatta

about vyatta

Instalação - Vyatta

Vyatta - BGP

Vyatta - Encapsulated Tunnels

VYATTA, INC. | Vyatta · PDF file1 Welcome Thank you for choosing the Vyatta system. This Guide This document is intended to: • Describe the various deployment options for the Vyatta

Vyatta Nat

Vyatta - RIP

Vyatta - LAN Interfaces

Vyatta Router/Firewall/VPN

VYATTA, INC. | Vyatta System - Kmlinux - NMSkmlinux.fjfi.cvut.cz/~minarmir/site/v6/Vyatta_QuickStart... ·  · 2010-05-09VYATTA, INC. | Vyatta System Title. COPYRIGHT ... Vyatta

Firewall - Stony Brook Universityise321/vyatta/Vyatta Firewall Reference... · Vyatta Suite 200 1301 Shoreway Road Belmont, CA 94002 vyatta.com 650 413 7200 1 888 VYATTA 1 (US and

Vyatta Bootcamp 1.1.1

Installing a virtualized Open Source Router - · PDF file1 Installing an Open Source Router in a VM PART 1 VYOS Vyatta was once an open source router before the company was acquired

Vyatta 6.3 Transforme o seu PC num Router Firewall.pdf

Vyatta and Virtualization 仮想環境でのVyatta

| Vyatta System

Vyatta - VPN

VYATTA, INC. | Vyatta Systemise321/vyatta/Vyatta Quick Start Guide.pdf · 1 Welcome Thank you for choosing the Vyatta System. Vyatta has changed the networking world by developing

VYATTA, INC. | Vyatta OFRdocs.huihoo.com/vyatta/Vyatta_CommandRef_VC2_v01.pdf · Vyatta Suite 160 One Waters Park Drive San Mateo, CA 94403 vyatta.com Vyatta OFR Command Reference

VYATTA, INC. | Vyatta OFR - Huihoodocs.huihoo.com/vyatta/Vyatta_QuickStart_R2.1_v02.pdf · 1 Quick Start Configuration Thank you for choosing the Vyatta OFR. This document helps you