Monday, December 19, 2016

STARTING SERIOUSE...

part I

Load Balancing with Policy-Based Routing Configuration Example

Use Case: A customer has two lines, one is a cable link and another is a DSL link. The majority of traffic goes through the cable link since it has larger bandwidth, and the rest traffic goes through the DSL link. As lots of secure websites (such as bank, or online shopping) are sensitive to flip flop the source IP address, let traffic for https, ftp, video, and game go through the cable link.
Solution: Complete the following configuration tasks:
 • Configure a configurable port as the secondary WAN (WAN2). See Configure a secondary WAN.
 • Connect the cable modem to the primary WAN port (WAN1) and connect the DSL modem to the secondary WAN port (WAN2).
 • Enable the Weighted Dual WAN Settings and set the weighted value of WAN1 to 80% and the weighted value of WAN2 to 20%. See Dual WAN Settings.
 • Enable the Policy-Based Routing feature and configure the Policy-Based Routing rules so that traffic for HTTPS, FTP, video, and game is directed to WAN1. See Configuring Policy-Based Routing.
 • (Optional) Enable the Usage reports and the WAN Bandwidth reports so that you can view the network bandwidth usage. See Usage Reports, page 73 and WAN Bandwidth Reports, page 75.



Part II


  1. Configure the Open vSwitch agent. Add the following to /etc/neutron/plugins/ml2/ml2_conf.ini:
    [ovs]
    local_ip = TUNNEL_INTERFACE_IP_ADDRESS
    bridge_mappings = external:br-ex
    
    [agent]
    enable_distributed_routing = True
    tunnel_types = vxlan
    l2_population = True
    
    [securitygroup]
    firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
    
    Replace TUNNEL_INTERFACE_IP_ADDRESS with the IP address of the interface that handles VXLAN project networks.
  2. Configure the L3 agent. Add the following to /etc/neutron/l3_agent.ini:
    [DEFAULT]
    ha_vrrp_auth_password = password
    interface_driver = openvswitch
    external_network_bridge =
    agent_mode = dvr_snat
    


    Note
    The external_network_bridge option intentionally contains no value.
part III

The stroke tool allows changes to the loglevel while the daemon is running, e.g.:
# ipsec stroke loglevel ike 2
To disable logging with -1, argument parsing in stroke has to be terminated first, e.g.:
# ipsec stroke loglevel ike -- -1

Cielo e terra (duet with Dante Thomas)