Fake Uplink Setup

If you are not connecting through a BGP link, or you just want to use static routing follow this section.

This creates a static up-link to connect VMs to the external network.

  1. Create fake uplink

    We are going to create the following topology to allow the VMs reach external networks:

              |                                  |
              |     Fakeuplink linux bridge      |
              |                                  |
              +------------------+---------------+        UNDERLAY
                                 | veth0
      +------+  +------+  +-------------+  +------+  +------+
          | veth1
              +------------------+----------------+        OVERLAY
              |                                   |
              |            Edge Router            |
              |                                   |
  2. Create a veth pair

    # ip link add type veth
    # ip link set dev veth0 up
    # ip link set dev veth1 up
  3. Create a bridge, set an IP address and attach veth0

    # brctl addbr uplinkbridge
    # brctl addif uplinkbridge veth0
    # ip addr add dev uplinkbridge
    # ip link set dev uplinkbridge up
  4. Enable IP forwarding

    # sysctl -w net.ipv4.ip_forward=1
  5. Route packets to 'external' network to the bridge

    # ip route add via
  6. Create a port on the Edge Router and bind it to the veth:

    $ midonet-cli
    midonet> router list
    router router0 name Edge Router state up
    midonet> router router0 add port addresses
    midonet> router router0 add route src dst type normal port router router0 port port0 gw
    midonet> host list
    host host0 name controller alive true
    midonet> host host0 add binding port router router0 port port0 interface veth1
    host host0 interface veth1 port router0:port
  7. Add masquerading to your external interface so connections coming from the overlay with addresses that belong to the "fake" external network are NATed. Also make sure these packets can be forwarded:

    # iptables -t nat -I POSTROUTING -o eth0 -s -j MASQUERADE
    # iptables -I FORWARD -s -j ACCEPT

Now we can reach VMs from the underlay host using their floating IPs, and VMs can reach external networks as well (as long as the host has external connectivity).

Questions? Discuss on Mailing Lists or Chat.
Found an error? Report a bug.

loading table of contents...