2.1. Managing Networks and Traffic Types

To balance and optimize networking in Virtuozzo Hybrid Infrastructure, you can assign different types of traffic to separate networks. Assigning a traffic type to a network means that a firewall is configured on nodes connected to this network, specific ports are opened on node network interfaces, and the necessary iptables rules are set. For example, nodes connected to a network with only the S3 public traffic type will accept incoming connections only on ports 80 and 443.

As described in the Installation Guide, is it recommended to have these networks in Virtuozzo Hybrid Infrastructure:

  • Internal network (traffic types: Storage, Internal management, OSTOR private, ABGW private), assigned to the first bonded connection

    Note

    If you plan to use RDMA over InfiniBand, move the traffic type Storage to a dedicated network and assign that network to the IB interface. See Enabling RDMA.

  • Overlay network (traffic type VM private), assigned to a VLAN created on the second bonded connection

  • Management network (traffic types: Admin panel, SSH, SNMP), assigned to a VLAN created on the second bonded connection

  • External network (traffic types: Self-service panel, Compute API, VM public, S3 public, ABGW public, iSCSI, and NFS), assigned to a VLAN created on the second bonded connection

  • Backup network (traffic types: VM backups and VM public), assigned to a VLAN created on the second bonded connection

You need to configure these networks on the INFRASTRUCTURE > Networks screen on the admin panel before you create the cluster (see Creating, Editing, and Deleting Networks). By default, you have two preconfigured networks named Public and Private, according to their type. They can be considered templates that you can customize to create the desired (recommended) configuration.

Important

Some traffic types cannot be reassigned to a different network if they are in use. In addition, a public network cannot be renamed if it is used by a compute virtual network.

After you create the networks, proceed to create the remaining of the recommended VLAN interfaces on each node and assign them to networks as described in Creating VLAN Interfaces.

An example of recommended networks and their traffic types is:

Table 2.1.1 Recommended network setup
Network Traffic types
Internal Storage, Internal management, OSTOR private, ABGW private
Overlay VM private
Management Admin panel, SSH, SNMP
External Compute API, Self-service panel, S3 public, iSCSI, NFS, ABGW public, VM public
Backup VM backups, VM public

The next three subsections describe all traffic types that can be assigned to networks.

2.1.1. Exclusive Traffic Types

Exclusivity means that such a traffic type can be added only to one network. Exclusive traffic types cannot be reassigned between networks if they are in use. To do that, you will have to delete the service that uses them first.

Internal management
Internal cluster management and transfers of node monitoring data to the admin panel. Without this traffic type, the administrator cannot control and monitor the cluster. The cluster, however, continues working. Uses any available port.
Storage
Internal transfers of data chunks, high availability service heartbeats, as well as data self-healing. This is the most critical traffic type that defines storage performance and enables cluster HA. Uses any available port.
OSTOR private
Internal data exchange between multiple S3/NFS services. Uses any available port.
ABGW private
Internal management of and data exchange between multiple Backup Gateway services. Uses any available port.
VM private
Network traffic between VMs in private virtual networks and VNC console traffic. Private virtual networks are implemented as VXLAN, overlay networking fully isolated on L2. Opens UDP port 4789 and TCP ports from 5900 to 5999.
Compute API

External access to standard OpenStack API endpoints. Opens the following ports:

  • TCP 5000—Identity API v3
  • TCP 6080—noVNC Websocket Proxy
  • TCP 8004—Orchestration Service API v1
  • TCP 8041—Gnocchi API (billing metering service)
  • TCP 8774—Compute API
  • TCP 8776—Block Storage API v3
  • TCP 8780—Placement API
  • TCP 9292—Image Service API v2
  • TCP 9313—Key Manager API v1
  • TCP 9513—Container Infrastructure Management API (Kubernetes service)
  • TCP 9696—Networking API v2
  • TCP 9888—Octavia API v2 (load balancer service)
VM backups
External access to NBD endpoints. Third-party backup management systems can pull VM backups using this traffic type. To be able to access backup agents installed in virtual machines, assign this traffic type along with VM public. Opens TCP ports from 49300 to 65535.

2.1.2. Regular Traffic Types

The traffic types listed further are not exclusive and can be added to multiple networks.

S3 public
External data exchange with the S3 access point. Uses TCP ports 80 and 443.
iSCSI
External data exchange with the iSCSI access point. Uses TCP port 3260.
NFS
External data exchange with the NFS access point. Uses TCP/UDP ports 111, 892, and 2049.
ABGW public
External data exchange with Acronis Backup agents and Acronis Backup Cloud. Uses TCP port 44445.
Admin panel
External access to the admin panel. Uses TCP port 8888.
VM public
External data exchange between VMs and public networks (e.g., the Internet). When a node network interface is assigned to a network with this traffic type, an Open vSwitch bridge is created on that network interface.
SSH
Remote access to nodes via SSH. Uses TCP port 22.
SNMP
External access to storage cluster monitoring statistics via the SNMP protocol. Opens UDP port 161.
Self-service panel
External access to the self-service panel. Opens TCP port 8800.

2.1.3. Custom Traffic Types

You can create custom traffic types that will open desired TCP ports. Such traffic types can be added to multiple networks. See Creating, Editing, and Deleting Traffic Types.

2.1.4. Creating, Editing, and Deleting Networks

If required, you can add a new network by doing as follows:

  1. On the INFRASTRUCTURE > Networks screen, click Edit and then Create network.

  2. In the New network window, specify a network name. Network names must be alphanumerical and 2-32 characters long.

    ../_images/stor_image81_2_vz.png
  3. Click Create.

  4. Add the needed traffic types to the new network by ticking the corresponding checkboxes.

  5. When finished, click Save to apply the changes.

To edit a network name or delete a custom network, click on the ellipsis icon next to it and select the action you want to perform.

You can only delete networks that are not assigned to any network adapters.

2.1.5. Creating, Editing, and Deleting Traffic Types

If required, you can add a new traffic type by doing as follows:

  1. On the INFRASTRUCTURE > Networks screen, click Edit and then Create traffic type.

  2. In the Create traffic type window, specify a traffic type name and port to open.

    Traffic type names must be alphanumerical and 3-32 characters long.

    ../_images/stor_image81_3_vz.png
  3. Click Create.

  4. Add the newly created traffic type to one or more of your networks by ticking the corresponding checkboxes.

  5. When finished, click Save to apply the changes.

To edit or delete a custom traffic type, make sure it is excluded from all networks, click the ellipsis icon next to it, and select the desired action.