-
Notifications
You must be signed in to change notification settings - Fork 23
vpc 4.1 spec
As a cloud user, I would like to see Eucalyptus present network semantics similar to that of AWS VPC, but only to the extent that makes sense for a private cloud.
- PRD-212 (PRD-51, PRD-53, PRD-234)
- ARCH-65
- Status: Step #1, initial draft
This section is background material, inclusion in this section does not imply any action is being taken.
VPC security groups support egress rules in addition to the ingress rules we currently support.
The security group membership for instances can be changed with VPC security groups unlike the classic security groups we currently support.
Existing elements (e.g. instances) would require updating for VPC related filters. New abstractions would require tagging/filtering support.
We currently generate MAC addresses for instances based on the instance identifier, this may no longer be feasible as MAC addresses are required for network interfaces in VPC.
Services using EC2 functionality will need to be updated:
- Auto Scaling
- CloudFormation
- EC2 - Imaging VM resources
- Elastic Load Balancing - User facing functionality and ELB VM resources
Non-exhaustive use cases for VPC service tier.
An infrastructure or resource administrator configures the platform (EC2-Classic|VPC) for a cloud and/or account (T.B.D.)
A cloud users account has EC2-VPC platform (DescribeAccountAttributes action) and the accounts default VPC is used for all networking. The supported Default VPC functionality may be a subset of the AWS/EC2 functionality but should cover at least one basic AWS/EC2 VPC usage scenario.
A cloud user runs an instance in a VPC with a single public subnet, an EC2 managed network interface, and an internet gateway/route table enabling communication to the instance via its (requested on launch) public IP.
A cloud user runs two instances in a VPC, one in a public subnet and one in a private subnet.
A cloud user runs an instance in a VPC with multiple subnets using multiple availability zones.
A cloud user runs and instance in a VPC and associates a (VPC) elastic IP address.
A cloud user runs an instance in a VPC with a single public subnet, and an internet gateway to enable communication to the instance. Network ACLs are defined to secure access to the subnet.
A cloud user deletes [part of] their default VPC, a resource administrator restores it.
A cloud user associates a private IP with an ebs instance for great good. The private IP belongs to a VPC subnet and is either associated with an instance via a (VPC) network interface using the AssociateAddress action or is specified when using the RunInstances action.
A cloud user attaches multiple (VPC) network interfaces to an EC2 (VPC) instance that supports it (EC2 instance type). The network interfaces my be attached to an instance using the AttachNetworkInterface action and/or be specified when using the RunInstances action.
The VPC manager exposes EC2 VPC actions to cloud users.
The VPC broadcaster sends the network information to the CC (or elsewhere) to be implemented.
EC2 User -> VPC Manager : Configures VPC via EC2 actions
VPC Broadcaster -> Cluster Controller : Applies VPC configuration
Enumeration representing the EC2 classic and VPC domains.
Represents an EC2 VPC, a region specific logically isolated virtual network in which to run instances.
DHCP configuration for an EC2 VPC .
An EC2 VPC subnet, an availability zone and VPC specific network subnet.
An EC2 VPC route table.
An EC2 VPC internet gateway.
An EC2 VPC network interface for use with a VPC instance. Can be associated with one or more public (elastic) and private IP addresses.
Represents an EC2 classic (region specific) or VPC domain specific elastic IP address (VPC addresses are not for a particular VPC)
Represents an EC2 classic (region specific) or VPC specific security group.
The sprint 1 goal is to support the "Single Public Subnet VPC" use case.
- Amazon Virtual Private Cloud (docs.aws.amazon.com)
- Differences Between EC2-Classic and EC2-VPC (includes default VPC; docs.aws.amazon.com)
- Default VPC (docs.aws.amazon.com)
- Private IP Addresses Per ENI Per Instance Type (docs.aws.amazon.com)
- Resource tagging for EC2, including VPC (docs.aws.amazon.com)