Configuring a VM to work with multiple network interfaces

Various use cases call for running a virtual machine (VM) with multiple network interfaces. For example, you may want to deploy a monitoring appliance on a separate network spanning multiple tenants to audit traffic on all of your production networks for analysis and troubleshooting, without causing any interference.

That appliance VM would need an interface with the "monitoring" network and another with each production network. 

Metacloud supports the ability to attach a VM to multiple networks. However, images are not automatically configured to work with more than one network interface card (NIC). You have to perform extra steps on the VM itself:

  • Create the configuration file for each additional NIC.
  • Bring up each additional NIC.

Setting Up the VM

You need a VM with the following features:

  • a security group with a rule that permits ingress via SSH for accessing the VM 
  • a key pair for accessing the VM via SSH
  • interfaces with two networks, assigned during launch  
  • a floating IP address, assigned after launch

If you have a VM that meets these criteria already, go to Enabling an Additional NIC. Otherwise, take the following steps to set up the VM. 

Note: Before you set up a VM, make sure you have available two networks with subnets defined. For information on setting up networks see Creating and Managing Networks (using the Dashboard) or Creating and Managing Networks Using the CLI.

Using the Dashboard

Create the security group for SSH access.

  1. In the Dashboard, click Access & Security on the Project drop-down list.
  2. Click the Security Groups tab.
  3. Click CREATE SECURITY GROUP.
  4. In the Create Security Group box, enter a name for the new group and click CREATE SECURITY GROUP.
  5. In the Security Groups table, click MANAGE RULES for the new group.
  6. In the SECURITY GROUP RULES table, click ADD RULE.
  7. Select Custom TCP Rule, Ingress, and enter 22 for the port. It is unnecessary to change any other settings. Click ADD. The new rule appears in the SECURITY GROUP RULES table.

Create the key pair. 

  1. In the Dashboard, click Access & Security on the Project drop-down list.
  2. Click the Key Pairs tab.
  3. Click CREATE KEY PAIR.
  4. In the Create Key Pair box, enter a name for new key pair and click CREATE KEY PAIR.
  5. The new key pair appears in the Key Pairs table, and a .pem file named after the key pair is downloaded to your computer.

Launch the instance.

  1. In the Dashboard, click Instances on the Project drop-down list.
  2. On the INSTANCES page, click LAUNCH INSTANCE.
  3. On the Details tab, enter a name and select settings for the new instance.
  4. On the Access & Security tab, select the key pair and security group you created for SSH access.



  5. On the Networking tab, select both networks that you want to connect the new instance to.

    Note: If you prefer to map a specific network to a specific NIC, select the networks in the desired order. For example, if you want a nic:1 to interface with the Magenta network (as in the following screen shot), select the Magenta network first. 



  6. Click LAUNCH. The new instance appears in the INSTANCES table with IP addresses for each network.

    instance_2nics.png

Add the floating IP to the instance. The IP addresses assigned to the instance at launch are internal network addresses and not reachable from external networks. The floating IP address allows you to communicate with the instance from your computer, so that you can SSH into it.

  1. On the INSTANCES page, select Associate Floating IP from the Actions drop-down list for the new instance.
  2. In the Manage Floating IP Associations box, associate an available floating IP address with your instance. Then click ASSOCIATE.
    OR
    If you do not have floating IP addresses allocated, click the plus (+) icon to allocate them and proceed with the next steps.
  3. In the Allocate Floating IP box, select a network pool to allocate addresses from. Click ALLOCATE IP.
  4. In the Manage Floating IP Associations box, associate the newly allocated address with your instance. Then click ASSOCIATE

    associate_floating_IP.png

    The floating IP appears with instance IP addresses.

    instance_2nics_floatingIP.png

    Note: If you need to create a floating IP address, see Managing IP Addresses.

Using the command line interface (CLI)

Create the security group for SSH access.

  1. Create a security group:
    $ openstack security group create ssh_ingress
    +-------------+---------------------------------------------------------------------------------+
    | Field       | Value                                                                           |
    +-------------+---------------------------------------------------------------------------------+
    | description | ssh_ingress                                                                     |
    | headers     |                                                                                 |
    | id          | 9fb4e89d-fc72-4af4-a1c6-ff4ac3075661                                            |
    | name        | ssh_ingress                                                                     |
    | project_id  | aa3f3346b0f046ed9cb8d8679780b1b1                                                |
    | rules       | direction='egress', ethertype='IPv4', id='ad1c102c-0fed-4599-b216-559aa9d60c78' |
    |             | direction='egress', ethertype='IPv6', id='9e86ccc3-8f0a-4568-ad69-f905d572402f' |
    +-------------+---------------------------------------------------------------------------------+
  2. Create a rule to allow SSH ingress:
    $ openstack security group rule create ssh_ingress --protocol tcp --dst-port 22:22 --remote-ip 0.0.0.0/0
    +-------------------+--------------------------------------+
    | Field             | Value                                |
    +-------------------+--------------------------------------+
    | direction         | ingress                              |
    | ethertype         | IPv4                                 |
    | headers           |                                      |
    | id                | 1fad1fb1-e9e6-4d45-9f3a-3efc7ddbf0a5 |
    | port_range_max    | 22                                   |
    | port_range_min    | 22                                   |
    | project_id        | aa3f3346b0f046ed9cb8d8679780b1b1     |
    | protocol          | tcp                                  |
    | remote_group_id   | None                                 |
    | remote_ip_prefix  | 0.0.0.0/0                            |
    | security_group_id | 9fb4e89d-fc72-4af4-a1c6-ff4ac3075661 |
    +-------------------+--------------------------------------+

Create a key pair to allow SSH ingress.

  1. Create the key pair:
    $ openstack keypair create ssh_ingress_key > ssh_ingress_key.pem
  2. Set the key permissions so that only you can read and write to it:
    $ chmod 600 ssh_ingress_key.pem 
  3. Verify that Metacloud has imported the key:
    openstack keypair list
    +-----------------+-------------------------------------------------+
    | Name            | Fingerprint                                     |
    +-----------------+-------------------------------------------------+
    | ssh_ingress_key | ea:07:c7:19:74:43:37:70:5c:10:26:fb:01:90:56:15 |
    +-----------------+-------------------------------------------------+

Create the VM with the security group, the key pair, and interfaces for two networks: 

$ openstack server create server2_example --flavor m1.small --image ubuntu_1404_server_cloudimg_amd64 --security-group ssh_ingress --key-name ssh_ingress_key --availability-zone xmpl --nic net-id=b9781d40-1d8b-47c7-a8b1-a4fd4ce63c0b --nic net-id=b51b424e-2755-4c75-92c4-0cbb6049efc5
+--------------------------------------+--------------------------------------------------------------------------+
| Field                                | Value                                                                    |
+--------------------------------------+--------------------------------------------------------------------------+
| OS-DCF:diskConfig                    | MANUAL                                                                   |
| OS-EXT-AZ:availability_zone          | xmpl                                                                     |
| OS-EXT-SRV-ATTR:host                 | None                                                                     |
| OS-EXT-SRV-ATTR:hypervisor_hostname  | None                                                                     |
| OS-EXT-SRV-ATTR:instance_name        | instance-00003078                                                        |
| OS-EXT-STS:power_state               | NOSTATE                                                                  |
| OS-EXT-STS:task_state                | None                                                                     |
| OS-EXT-STS:vm_state                  | building                                                                 |
| OS-SRV-USG:launched_at               | None                                                                     |
| OS-SRV-USG:terminated_at             | None                                                                     |
| accessIPv4                           |                                                                          |
| accessIPv6                           |                                                                          |
| addresses                            |                                                                          |
| adminPass                            | XBqs9YJ3az8M                                                             |
| config_drive                         |                                                                          |
| created                              | 2017-02-11T01:27:44Z                                                     |
| flavor                               | m1.small (2)                                                             |
| hostId                               |                                                                          |
| id                                   | 0863d491-42a9-45b5-a259-21f374214c45                                     |
| image                                | ubuntu_1404_server_cloudimg_amd64 (a93d5d25-668d-45c6-9d28-12e3a14aa413) |
| key_name                             | ssh_ingress_key                                                          |
| name                                 | server2_example                                                          |
| os-extended-volumes:volumes_attached | []                                                                       |
| progress                             | 0                                                                        |
| project_id                           | aa3f3346b0f046ed9cb8d8679780b1b1                                         |
| properties                           |                                                                          |
| security_groups                      | [{u'name': u'ssh_ingress'}]                                              |
| status                               | BUILD                                                                    |
| updated                              | 2017-02-11T01:27:44Z                                                     |
| user_id                              | 7b46c66ee84445dd8f6e1b8e61e1384d                                         |
+--------------------------------------+--------------------------------------------------------------------------+

Attach a floating IP address with the instance.

  1. View a list of allocated floating IP addresses to determine if any are unattached to an instance:
    openstack floating ip list
    +-------------------------------+---------------------+------------------+-------------------------------+-------------------------------+----------------------------------+
    | ID                            | Floating IP Address | Fixed IP Address | Port                          | Floating Network              | Project                          |
    +-------------------------------+---------------------+------------------+-------------------------------+-------------------------------+----------------------------------+
    | <FLIP_UUID>                   | <ATTACHED_FLIP>     | <ATTACHED_VM_IP> | 43d95c14-f697-48ef-9901-b67dd | <FLOATING_NETWORK_UUID>       | <PROJECT_UUID>                   |
    | <FLIP_UUID>                   | <ATTACHED_FLIP>     | <ATTACHED_VM_IP> | f086321e-                     | <FLOATING_NETWORK_UUID>       | <PROJECT_UUID>                   |
    | <FLIP_UUID>                   | <UNATTACHED_FLIP>   | None             | None                          | <FLOATING_NETWORK_UUID>       | <PROJECT_UUID>                   |
    | <FLIP_UUID>                   | <ATTACHED_FLIP>     | <ATTACHED_VM_IP> | beee9c2a-a790-48b2-b179-6912c | <FLOATING_NETWORK_UUID>       | <PROJECT_UUID>                   |
    | <FLIP_UUID>                   | <ATTACHED_FLIP>     | <ATTACHED_VM_IP> | 1cc60d26-8eb4-4f0b-a81d-      | <FLOATING_NETWORK_UUID>       | <PROJECT_UUID>                   |
    | <FLIP_UUID>                   | <UNATTACHED_FLIP>   | None             | None                          | <FLOATING_NETWORK_UUID>       | <PROJECT_UUID>                   |
    +-------------------------------+---------------------+------------------+-------------------------------+-------------------------------+----------------------------------+
    Note: If you need to create a floating IP address, see Managing IP Addresses.

  2. Associate an unattached floating IP address with the instance:
    openstack server add floating ip 0863d491-42a9-45b5-a259-21f374214c45 <UNATTACHED_FLIP>
  3. Verify that the instance now has a floating IP address in addition to two internal network addresses:
    openstack server show 0863d491-42a9-45b5-a259-21f374214c45
    +--------------------------------------+--------------------------------------------------------------------------+
    | Field                                | Value                                                                    |
    +--------------------------------------+--------------------------------------------------------------------------+
    | OS-DCF:diskConfig                    | MANUAL                                                                   |
    | OS-EXT-AZ:availability_zone          | xmpl                                                                     |
    | OS-EXT-SRV-ATTR:host                 | <HOST_NAME>                                                              |
    | OS-EXT-SRV-ATTR:hypervisor_hostname  | <HOST_NAME>                                                              |
    | OS-EXT-SRV-ATTR:instance_name        | instance-00003078                                                        |
    | OS-EXT-STS:power_state               | Running                                                                  |
    | OS-EXT-STS:task_state                | None                                                                     |
    | OS-EXT-STS:vm_state                  | active                                                                   |
    | OS-SRV-USG:launched_at               | 2017-02-11T01:27:50.000000                                               |
    | OS-SRV-USG:terminated_at             | None                                                                     |
    | accessIPv4                           |                                                                          |
    | accessIPv6                           |                                                                          |
    | addresses                            | Purple=<IP>; Magenta=<IP>, <FLIP>                                        |
    | config_drive                         |                                                                          |
    | created                              | 2017-02-11T01:27:44Z                                                     |
    | flavor                               | m1.small (2)                                                             |
    | hostId                               | 8989287ae11b9572620d5e3415c7b1204f01a05ab7e6a9dc6db20f7d                 |
    | id                                   | 0863d491-42a9-45b5-a259-21f374214c45                                     |
    | image                                | ubuntu_1404_server_cloudimg_amd64 (a93d5d25-668d-45c6-9d28-12e3a14aa413) |
    | key_name                             | ssh_ingress_key                                                          |
    | name                                 | server2_example                                                          |
    | os-extended-volumes:volumes_attached | []                                                                       |
    | progress                             | 0                                                                        |
    | project_id                           | aa3f3346b0f046ed9cb8d8679780b1b1                                         |
    | properties                           |                                                                          |
    | security_groups                      | [{u'name': u'ssh_ingress'}, {u'name': u'ssh_ingress'}]                   |
    | status                               | ACTIVE                                                                   |
    | updated                              | 2017-02-11T01:27:50Z                                                     |
    | user_id                              | 7b46c66ee84445dd8f6e1b8e61e1384d                                         |
    +--------------------------------------+--------------------------------------------------------------------------+

Enabling an Additional NIC

Note: The instructions and paths in the following example are specifically for the Ubuntu 14.04 operating system. Instructions and paths may vary for other operating systems. See documentation for your specific operating system for NIC configuration help.

SSH into the VM, using the floating IP address and the PEM file for the key pair that you created:

$ ssh -i ssh_ingress_key.pem cloud@184.94.253.79

Run ifconfig to view the status of the NICs:

sudo ip addr
sudo: unable to resolve host example-0213
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet <IP>/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:f6:5f:3c brd ff:ff:ff:ff:ff:ff
    inet <IP>/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 <IP>/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether fa:16:3e:49:b1:95 brd ff:ff:ff:ff:ff:ff

The IP address for eth0 appears in the command output, but not for eth1. This indicates that eth1 is not running.  

Tip: To prevent the occurrence of the line
sudo: unable to resolve host example-0213
from the output, add the host name to the /etc/hosts file.

Create the configuration file for eth1:

$ echo $'auto eth1\niface eth1 inet dhcp' | sudo tee /etc/network/interfaces.d/eth1.cfg > /dev/null>

Note: The path for the configuration file varies, depending on the operating system (OS) of the image. In this example, the OS is Ubuntu 14.04. See the network configuration documentation for your image's OS to determine the path for its NIC configuration files.

Bring up eth1:

sudo ifup eth1
Internet Systems Consortium DHCP Client 4.2.4
Copyright 2004-2012 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/eth1/fa:16:3e:49:b1:95
Sending on   LPF/eth1/fa:16:3e:49:b1:95
Sending on   Socket/fallback
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0xd43cac77)
DHCPREQUEST of <IP> on eth1 to 255.255.255.255 port 67 (xid=0x77ac3cd4)
DHCPOFFER of <IP> from <IP>
DHCPACK of <IP> from <IP>
bound to <IP> -- renewal in 6839 seconds.

The command output shows that the VM is now communicating with eth1.

Run ifconfig again to confirm that both NICs are running:

ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet <IP>/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:f6:5f:3c brd ff:ff:ff:ff:ff:ff
    inet <IP>/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 <IP>/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:49:b1:95 brd ff:ff:ff:ff:ff:ff
    inet <IP>/24 brd 192.168.2.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe49:b195/64 scope link 
       valid_lft forever preferred_lft forever

 The IP address for eth1 now appears in the command output to indicate that eth1 is running.

 

Have more questions? Submit a request
Powered by Zendesk