Contents
| 1 | Introduction |
2 | CEE on Single Server |
| 2.1 | Prerequisites |
| 2.1.1 | Required Hardware and Software |
| 2.1.2 | Documents |
| 2.1.3 | Conditions |
| 2.2 | L2 Connection to BGW |
1 Introduction
This document describes how to configure external tenant Border Gateway (BGW) and Firewall (FW) connections to the Cloud Execution Environment (CEE) region. This guideline provides a high-level overview, as the BGW or FW is not part of the CEE region, so the actual BGW present at the actual deployment is not known.
- Note:
- For more information about the CEE region configuration, refer to the Configuration File Guide.
2 CEE on Single Server
The subsections of this section provide Layer 2 (L2) guidelines for the case where Neutron is configured to use the ericsson_user_spec deployment type.
2.1 Prerequisites
This section describes the prerequisites that must be fulfilled before external connectivity can be achieved.
2.1.1 Required Hardware and Software
For information on the BGW hardware and software, refer to the documentation of the BGW solution.
2.1.2 Documents
Before starting the configuration procedure, ensure that the following information and documents are available:
- Information about product name, software version, platform, operating system, and hardware.
- Information about how to collect data and log files. For more information, refer to data collection guidelines for the BGW.
- Information about how to carry out backup and restore procedures. For more information, refer to backup and restore guidelines for the BGW.
- Some of the recovery steps require physical access to the products for pressing buttons, replacing hardware, and so on. For more information about physical access and handling, refer to Personal Health and Safety Information and System Safety Information.
- Some of the recovery steps require instructions. For a detailed description, refer to the applicable documentation of the BGW.
2.1.3 Conditions
The following conditions must apply before the configuration is performed:
- Configuration input data for the applicable BGW is available.
Refer to the applicable documentation of the BGW regarding configuration.
- Note:
- Consider the time for producing the applicable configuration data.
- The proper BGW software package is installed.
- Connectivity between CEE and BGW is in place.
- Connectivity between BGW and FW is in place.
- The VLAN ranges for external connection must be aligned. The VLAN ID range for CEE external tenant connectivity must be reserved before the CEE installation. For information about ranges, refer to the section "Networking API v2.0 extensions" in the OpenStack API Complete Reference.
2.2 L2 Connection to BGW
This section describes how to connect CEE to the BGW using an L2 network. For more information on Neutron, refer to the sections "Networking API v2.0" and "Networking API v2.0 extensions" in the OpenStack API Complete Reference.
Figure 0 L2 Connection to BGW
Figure 1 L2 Connection to BGW
Do the following:
- Configure the BGW to be able to handle incoming and outgoing traffic. For more information, refer to the DC Firewall Hardening Guide.
- Create VRs in the BGW as shown
in fig-L2Singleeps Figure 1.
- Note:
- There can be one or several VLANs connected to the VR, and one or several VRs can be connected to the applicable port towards CEE. There can also be one or several VLANs connected to the FW.
- Configure the VR with its applicable parameters. Both IPv4 and IPv6 can be used.
- After a VR is created, create applicable VLANs. It is recommended to choose VLAN names that reflect what they are used for. VLAN ports connected to CEE must be in the reserved range, specified in Section 2.1.3.
- To achieve redundancy on the VRs, configure VRRP v.3 on the VLANs interfacing CEE.
- Add VLANs to applicable ports connected to CEE.
- Add VLANs on the ports connected to the FWs and VRs.