Scribd Logo
Upload

Welcome to Scribd!

  • 211 views

    IGW Principle of Operation, Installation, Configuration

    Uploaded by

    Naeem Shayan
    1. IGWs are border gateways that interconnect partner physical testbeds and virtual customer testbeds in Panlab2. They automatically mesh with each other using SSH and establish L2 tunnels between testbeds. 2. IGWs route traffic between testbed resources while shielding them from each other using VLAN tagging and separate L2 tunnels. Customer testbeds are connected through "VCT access" using the L2TP protocol. 3. Setting up an IGW involves downloading its VM image, configuring its external interface, and allowing necessary ports through the firewall to enable automatic meshing with other IGWs.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd

    IGW Principle of Operation, Installation, Configuration

    Uploaded by

    Naeem Shayan
    211 views28 pages
    1. IGWs are border gateways that interconnect partner physical testbeds and virtual customer testbeds in Panlab2. They automatically mesh with each other using SSH and establish L2 tunnels between testbeds. 2. IGWs route traffic between testbed resources while shielding them from each other using VLAN tagging and separate L2 tunnels. Customer testbeds are connected through "VCT access" using the L2TP protocol. 3. Setting up an IGW involves downloading its VM image, configuring its external interface, and allowing necessary ports through the firewall to enable automatic meshing with other IGWs.

    Original Description:

    IGW Principle of Operation, Installation, Configuration

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    1. IGWs are border gateways that interconnect partner physical testbeds and virtual customer testbeds in Panlab2. They automatically mesh with each other using SSH and establish L2 tunnels between testbeds. 2. IGWs route traffic between testbed resources while shielding them from each other using VLAN tagging and separate L2 tunnels. Customer testbeds are connected through "VCT access" using the L2TP protocol. 3. Setting up an IGW involves downloading its VM image, configuring its external interface, and allowing necessary ports through the firewall to enable automatic meshing with other IGWs.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    211 views28 pages

    IGW Principle of Operation, Installation, Configuration

    Uploaded by

    Naeem Shayan
    1. IGWs are border gateways that interconnect partner physical testbeds and virtual customer testbeds in Panlab2. They automatically mesh with each other using SSH and establish L2 tunnels between testbeds. 2. IGWs route traffic between testbed resources while shielding them from each other using VLAN tagging and separate L2 tunnels. Customer testbeds are connected through "VCT access" using the L2TP protocol. 3. Setting up an IGW involves downloading its VM image, configuring its external interface, and allowing necessary ports through the firewall to enable automatic meshing with other IGWs.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 28

    Panlab2Interconncetion Gateway(IGW)

    P i i l of Principle foperation, ti I Installation, t ll ti C Configuration fi ti

    AndreSteinbach,TSystems

    Andre.Boenick@tsystems.com

    v.100927

    WhatisanddoesanIGW?
    IGW IGWs are border b d gateways t of f Panlab2 P l b2 (P2) partners t physical h i l testbeds and take care of interconnecting Panlab customers virtual testbeds. They are foreseen to mesh automatically and d so establish t bli h connections ti t other to th peer IGWs IGW possible For Goal was to make them as selfconfiguring as possible. such meshing of all IGWs a stateless low overhead tunneling was chosen, without usage of proprietary interIGW protocols It is NOT planned for the normal P2 customer to deal with the IGW resource. Only partners setting up a physical P2 testbeds need to deal with it. In best case the IGW resource is completely hidden from customer, even in planning (VCT tool)

    IGWprincipleofoperation(external)
    All running i IGWs IGW will ill automatically t ti ll mesh h with ith each h other, using TCP Port 22 for authentication and registration To avoid countless tunnels (one for each )) only y one outer IPin interconnceted testbed (VCT)) IP interconncetion tunnel (RFC4251) between each IGW is established Inside such interconnection tunnels one Layer2

    (L2) tunnel (RFC2661) per VCT makes sure that th right the i ht collision lli i d domains i of f all ll sites it get t chained

    Virtualcustomertestbed(VCT)
    Physical partner sitesvs.VirtualVCTview

    IGWprincipleofoperation(internal)
    O Once IGWs IGW are meshed h d externally, t ll they th are ready d to route VCT payload between test sites. What test sites get chained is commanded by the Teagle and VCT planing tool Data streams between ressources are shielded all along the way from each other. On the local domain (test site Ethernet) tagged VLAN (IEEE 802 1Q) is 802.1Q) i used d for f that th t purpose and d between b t IGWs one seperated L2 tunnel per VCT. Each IGW that terminates a L2 tunnel is firewalling this interface to take care that only allowed address p get interconnected. g spaces

    IGWshieldedresourceinterconnection

    IGWinformationresources
    Since IGW is an ongoing development, l there h are several l living l documents and sources of information located in the wiki For the h most frequent f questions and d answers , please l visit http://trac.panlab.net/trac/wiki/IGW_FAQ F For IGW operation i related l d links li k and d documentation, d i please l visit ii http://trac.panlab.net/trac/wiki/IGW_VM F For Teagle T l and d PTM related l d access to the h IGW, IGW please l visit ii http://trac.panlab.net/trac/wiki/IGW_RA Th The current t IGW virtual i t l server machine hi image i can be b downloaded d l d d at t http://141.39.79.118/download/P2_IGW.rar

    IGWsetuppreparations
    The h IGWs core functionalities f l are based b on Linux Kernel l and implemented for Linux RPMbased (e.g. RedHat, CentOS, SuSe) machines. Currently y it is delivered inside a virtual image. g Download current IGW virtual server machine image for VMware and make sure this machine is guaranteed at least 256MB of RAM. RAM Network Adapter 1 1 Interface (sometimes just Bridge the virtual Network called Network Adapter) directly to the host systems physical public interface and the virtual Network Adapter 2 Interface directly to the host system systems s physical testbed internal interface Do NOT use any NATed or heavily firewalled conncetions and make sure you have a static nonprivate IP address towards public internet

    IGWsetuppreparations
    Important !! If you or you infrastructure staff operate p an external firewall in front of IGW, make sure the following ports and protocolls are open to the world . RFC4251 SSH (TCP,port22) RFC2661 L2TP (UDP port1701) (UDP, RFC2003 IPIPtunneling (nextlevelprotocol4,RFC790)

    IGWsetup

    IGWsetup
    Afterthat,justbootthevirtualmachineandall necessaryserviceswillbestartedautomatically. Atthefirstboot, boot orifnomeaningful configurationexists,theIGWwillpromptaninput window i d for f external t lcommunication i ti parameters. t ThisisimportantsinceIPaddress,networkmask, IPdefault d f l gatewayand ddomain d i namesystem parameterscannotbeautoconfigured.

    IGWsetup

    Whenprompted,chooseEditDevices. Doonlyselectandmodifytheeth0interface. Theeth1interfaceneedstobepresentbut untouched. untouched

    IGWsetup

    InserttheusualpublicIPparameters.TheIGWs external t linterface i t f is i not tallowed ll dto t useprivate i t IP parameters,DHCPconfigurationortooperate behindaNATingnetworkaccessdevice.

    IGWsetup

    After f modification f eth0parameters,savethe changesandgobacktomainmenu. AsalaststepgototheDNSconfigurationmenu. menu

    IGWsetup
    Enterthepartnername (e.g.EiCT,UoP,TSI,etc.) intothehostnamefield andup ptothreeexisting g domainnameservers ofyourchoice.Proceed withOkandgobackto mainmenu.

    ThisprocedureisonlyappliedthefirsttimetheIGW boots.ThereaftertheIGWwilltrytoconnectand meshwithotheravailableIGWsaswellasthelocal PTM.

    IGWoperation

    Thebootp processendsshowing gaconfiguration g and monitoringsummaryoftheinternalandexternalinterfacesto overviewIGWsconnectivitybehavior.Seebelowthe automaticconfiguredfields(green)andtheonesthatcanbe chosenbyand(redandyellow).

    VCT VCTaccess accessconnectivityfor customers


    IGW IGWssupportaprocedure d called ll dVCTaccess i inwhich hi hthe h customercanconnectaterminalorsmallinfrastructurewith thecreatedVCTandbepartofit. Technicallythetunneling protocol t lL2TPwasused dto t ensureremoteaccesson ISO/OSIL2andupwards. Thistypeofconnection shouldbeusedifnolocal IGWconnectionis available.

    VCT VCTaccess accessconnectivityforcustomers


    VCTaccess is i afunction f ti in i which hi hthe th customer t can connectaterminalorsmallinfrastructurewiththe createdVCTandbep partofit.Technically ythe tunnellingprotocolL2TPwasusedtoensureremote accessonISO/OSIL2andupwards.Thistypeof connectionshouldbeusedifnolocalIGWconnection isavailable. Thefollowingslidespresentanexampleforasingle Micosoft Windowsterminal.MakesuretoopenUDP P 1701onyourfi Port firewall ll!Open O startmenuof fthe h taskbarandselecttoruntheregedittool:

    VCT VCTaccess accessconnectivityforcustomers

    VCT VCTaccess accessconnectivityforcustomers

    VCT VCTaccess accessconnectivityforcustomers

    VCT VCTaccess accessconnectivityforcustomers

    VCT VCTaccess accessconnectivityforcustomers

    VCT VCTaccess accessconnectivityforcustomers

    VCT VCTaccess accessconnectivityforcustomers

    You might also like