Creating multitiered vApp Networks

Having multiple networks inside the same vApp is not straightforward, at least not if it comes to easy-to-connect ability.

Getting ready

We need a VM template that we can add multiple times to build the vApp.

Note

If you want to follow my instructions to build your own router, you will need a virtual router and you need to know how to configure it. If you would like to use my example, have a closer look at the There's more... section of this recipe.

How to do it...

Let's work through the two different options we have.

Perform the following steps for using the vApp router:

  1. Create a new isolated Organization Network, call it App Net, and assign it a 192.168.2.0/24 network with an IP Pool.
  2. Create a new vApp.
  3. Add at least three VMs to the vApp.
  4. When it comes to connecting the VMs to the network, we do the following:
    1. Create a vApp Network, call it DB Net, and assign it a 192.168.1.0/24 network with an IP pool.
    2. Connect one VM to the DB network.
    3. Connect one VM to the previously created Organization Network called the App network.
    4. Create another new vApp Network, call it Web Net, and assign it a 192.168.3.0/24 network with an IP pool.
    5. Connect one VM to the Web network, as shown in the following screenshot:
  5. Finish the vApp creation.
  6. Double-click on the vApp and choose Networking.
  7. Connect both vApp Networks to the Organization Network and unselect both the Firewall and NAT options, as shown in the following screenshot:
    Tip

    This will allow the traffic to flow between all networks.

  8. Right-click on each of the vApp Networks and choose Configure services and perform the following:
    1. Click on Static Routing.
    2. Check Enable static routing:
    3. Note down the Router external IP value.
  9. Click on Apply to save the network configuration.
  10. Power on the vApp.
  11. Log into the OS of the VM that is deployed in the App network, and enter the following to add a route to its routing table:

    The [gateway ip] value is the IP that you noted down as Router external IP. For example, route add 192.168.1.0 MASK 255.255.255.0 192.168.2.101.

  12. Now all networks can communicate with each other. You might like to improve this with your own firewall rules.

Perform the following steps to create your own router:

  1. Create a new vApp.
  2. Add at least three VMs to the vApp.
  3. When it comes to connecting the VMs to networking, we do the following:
    1. Create a vApp Network, call it DB Net, and assign it a 192.168.1.0/24 network with an IP pool.
    2. Connect one VM to the DB network.
    3. Create a vApp Network, call it App Net, and assign it a 192.168.2.0/24 network with an IP pool.
    4. Connect one VM to the App network.
    5. Create a vApp Network, call it Web Net, and assign it a 192.168.3.0/24 network with an IP pool.
    6. Connect one VM to the Web network.
  4. Finish the vApp creation.
  5. Double-click on the vApp and choose Virtual Machines.
  6. Add the router VM (see the There's more... section for more details).
  7. Make sure that you add a network card for each of the three networks and set it to DHCP as show in the following screenshot:
  8. Click on Guest Customization and then switch off Guest Customization.
  9. Finish the router VM integration.
  10. Deploy the vApp.
  11. Now the only thing left to do is configuring the router VM (see the There's more... section). Make sure that you assign the IPs for each network card as the one set as a gateway in the network settings.

How it works...

Using the vCloud solution, you can make use of the vApp routers, and therefore, make the configuration a bit faster; however, using a software router (for example, m0n0wall) is a bit more complicated in the initial setup, but is a much better solution as it gives more configuration freedom. In addition to this, using a virtual router will allow you to use this configuration as a template and redeploy it without too much hassle. The following diagram shows the network configurations for the two configurations we have been discussing:

Creating multitiered vApps makes sense for development as well as for production deployment. It helps in testing the communication between different application layers and configuring the hardening of the applications.

Both solutions need you to understand how routing/firewalling/NATing works, but that's not a bad skill for any admin to learn in the first place. We don't have the space in this book to go into it.

There's more...

In this section I will give you a fast introduction to a virtual router. The following instructions will show you how to base configure the m0n0wall virtual appliance. In this example, I will refer to the previous configuration. Please note that VMware will not support the configuration of third-party routers. However, using a third-party router is actually quite a common occurrence.

Downloading and importing a virtual router into vCloud

Perform the following steps for downloading and importing a virtual router into vCloud:

  1. Go to http://m0n0.ch/wall/ and click on Download.
  2. Download the .zip version (generic-pc-vm).
  3. Unzip and upload the content to a vSphere datastore.
  4. Add the .vmx file to your vCenter.
  5. Power on the router VM and wait until you see a menu on the screen (or wait for two minutes).
  6. Power off the router VM. We have to perform this step to create all the other files that are needed for a proper VM.
  7. Import m0n0wall as a template into vCloud.
  8. Deploy the VM into your configuration (add as many network cards as the number of interfaces you need; m0n0wall comes with two network cards).
  9. Power the m0n0wall VM on.
  10. Open the Remote Console as shown in the following screenshot:
Setting up the networking

Perform the following steps to set up the networking:

  1. Type 1 and press Enter.
  2. You probably don't use VLANs inside the vApp, so let's skip this by selecting No.
  3. All the network devices and their MACs are now listed.
  4. Assign a network card to the LAN side (DB network) of the router. Choose em0.
  5. Assign the WAN side (the App network) of the router a network card. Choose em1.
  6. Now assign the third interface (the Web network) a network card. Just type in em2.
  7. Just press Enter and accept the reboot (y).
Setting up the web interface

Perform the following steps to set up the web interface:

  1. After reboot, you will come back to the menu; now press 2 to set up the LAN interface IP.
  2. Enter an IP and Network mask (192.168.1.1/24) that is consistent with the LAN network you set up.
  3. Don't use a DHCP server in that LAN (choose n).
  4. You are now able to use the web interface of m0n0wall. Just go to one of your VMs in the DB network, open a browser, and enter the IP of the m0n0wall you configured in the previous step.
  5. The default credentials are admin and mono. After login you will see the following screenshot:
Configuring the WAN interfaces with the correct network settings

Perform the following steps to configure the WAN interfaces with the correct network settings:

  1. Navigate to Interfaces | WAN.
  2. Change the Type value to Static.
  3. Enter under Static IP configuration the IP (192.168.2.1) in both the IP and gateway.
  4. Uncheck Block private network (at the bottom of the page).
  5. Click on Save.
Configuring the OPT1 interfaces with the correct network settings

Perform the following steps to configure the OPT1 interfaces with the correct network settings:

  1. Navigate to Interfaces | OPT1.
  2. Check Enable Optional 1 interface.
  3. You can change the name to Web if you like.
  4. Enter under Static IP configuration the IP (192.168.3.1).
  5. Configure the firewall rules to allow the traffic to flow.
  6. Navigate to Firewall | Rules.
  7. Create/edit a rule for every network with the following settings:
  8. Click on Apply Changes.
Configuring static routing

Perform the following steps to configure static routing:

  1. Navigate to System | Static routes.
  2. Add a rule for all networks as follows:
  3. Click on Apply Changes.
  4. It is best to reboot the router VM now. You can do this by going to the console and choosing from the menu option 5.
  5. This completes the unsecure, rudimentary setup for a router interface.

See also

  • An easy-to-use and very small (128 MB memory, 26 MB disk) router is m0n0wall, which is available at http://m0n0.ch/wall/.
    Note

    Please note that there is a VM ready for deployment in the Downloads section.

上一章目录下一章