...
Introduction to Abiquo and AWS
Include Page
Abiquo now configures VPC networking Scenario 2 as described in the AWS documentation http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html.
Under this configuration, users must attach Elastic IPs to virtual machines with a connection to the public subnet. And by default, virtual machines in private networks will have internet access through the public subnet. This is helpful for automation because a virtual machine can now connect to the internet to download its configuration, for example, using Chef, without an Elastic IP.
VPC and Subnet
When you create an Abiquo virtual datacenter in an AWS public datacenter, Abiquo creates a VPC of size /16 and a subnet of size /24 (or as defined by the user). The default CIDR for the VPC and the subnet is 192.168.0.0, which is the default private network in Abiquo. You can set a custom private network in Abiquo and this network will be used to create the VPC and subnet in Abiquo. You can create multiple Abiquo private networks in different availability zones in the same VPC.
AWS Reserves IP Addresses
AWS reserves five IP addresses in your private networks. It reserves the first four IP addresses and the last IP address of the VPC private connect network. These IP addresses are not displayed or used by Abiquo. Therefore the first available IP address in a network that is defined to start with address 0, will be address 5, and the gateway address will be address 1.
For example, in the default_private_network with network address 192.168.0.0, the following addresses would be reserved or used as the gateway.
| IP Address | Notes |
|---|---|
| 192.168.0.1 | Reserved by AWS, default gateway address |
| 192.168.0.2 | Reserved by AWS |
| 192.168.0.3 | Reserved by AWS |
| 192.168.0.4 | Reserved by AWS |
| 192.168.0.254 | Reserved by AWS |
Internet Access
Abiquo creates a route table that is equivalent to the AWS route table with the values of the Abiquo private network. You can use the AWS NAT instance for Internet access from the Abiquo virtual datacenter private network. You can acquire floating public IPs for your virtual datacenter and in AWS, these will be created as Elastic IPs with public network addresses. Note that AWS may charge for Elastic IPs when they are NOT in use, i.e. when they are not assigned to a virtual machine or when the virtual machine is not deployed in AWS. In Abiquo 4.0+, you must assign the Elastic IPs to virtual machines with connections to the Public subnet.
Security
By default Abiquo assigns instances to the default VPC security group. This means that by default, all outbound traffic from instances is allowed. Enterprise administrators should configure an Abiquo firewall. Abiquo will create an AWS Security group in the VPC when this firewall is assigned to a virtual datacenter. Users can synchronize their firewalls with AWS, which will import existing security groups. The most basic configuration is to allow SSH inbound traffic, for example, port 22, which will allow SSH connections to the machine through a public IP, NAT, or from a private IP within the virtual datacenter. See AWS Security Groups as Abiquo Firewalls.
Number of IP Addresses per VM
Abiquo supports multiple IP addresses in the AWS integration. You can synchronize existing virtual machines with multiple IP addresses and create multiple IP addresses through Abiquo, including multiple Elastic IPs.
Abiquo supports the number of IP addresses supported by the AWS hardware profile (instance type). See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI
If the user adds multiple IPs in the same subnet, Abiquo adds them to the same elastic network interface. And if the IPs are in a different subnet, Abiquo adds them to a different elastic network interface. For information about Elastic Network Interfaces, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html
How Abiquo Creates a Virtual Private Cloud
...