Copyright: Attribution, allow others to create paper-based, and must distribute paper (based on the original license agreement with the same license Creative Commons )
Virtual network management blog directory
Enterprise cloud virtual network management
SANGFOR aCloud use the "WYSIWYG" network topology, visualize the connections between virtual machines in a virtual network, network equipment. Use the mouse to drag and drop simplicity, you can quickly set up virtual networks
In the enterprise cloud menu bar, click [] to enter the virtual network virtual network topology management page to manage and maintain the network topology
1. virtual network node
1.1 Physical exports
Physical outlet for connecting virtual and physical networks.Physical network physical connection can export internal virtual router, virtual network device or virtual machines, external needs to connect to the host.
Create a physical outlet, click the Configure the physical network ports can be configured physically connected to the outlet and add VLAN group
to add configured VLAN group, you can configure the type or Trunk Access
2. Virtual Switch
Virtual switch running in the virtual network, virtual machine or virtual network connection devices, for exchanging data within the virtual network forwarding。
aCloud cluster distributed virtual switch is running, that has a virtual switch instances on each host. Distributed virtual switch can be guaranteed to run on different hosts, but can be mutually connected to a communication between virtual machines with a virtual switch.
With the virtual machine on a virtual switch, when forwarding traffic across hosts, encapsulated traffic is forwarded via the data communication port VXLAN each host.
2.1 Virtual Switch Configuration
The virtual switch to drag after the commencement of the network topology, to connect a virtual machine, a virtual router or a virtual network device to a virtual switch. Built-in virtual switch several ports connected to either "internal port" is added to the connection
3. Virtual Routers
Provide some basic virtual router IP routing, including static routing, policy routing, NAT, ACL, DHCP, DNS proxy, virtual road is not distributed operation, and supports HA. l configure the virtual router and then connect directly added to configure
4 virtual security device
Virtual network supports adding SINFOR traditional safety equipment use, you need to import the equipment before using the security template to the enterprise cloud and virtual security appliances were newly added authorization is required for normal use
to configure the IP address of the device can be completed after authorization by Log on to the web console network device functional configuration operations
Distributed Firewall 4.1
Distributed firewall is used in enterprise cloud virtual network, used for east-west traffic protection and access control layer 2-4
Distributed firewall rules support direct configuration specified criteria to select the virtual machine, the virtual machine functions need to install a performance optimization tool, otherwise it will be unsuccessful under the policy issued
Virtual machine needs to be connected to the distributed device policy to be able to successfully issued, the policy of direct physical export of virtual machine is invalid
Configure distributed firewall policy
Configuring source and destination match criterion: can select all IP, IP range specified, the specified set of IP
configuration matching service: services can be selected and built a custom service
configuration policies to allow or deny the operation
after the configuration may be set by moving the distributed firewall policy strategy matching order
5. Virtual network packet capture
Virtual network support packet capture, packet capture analysis can be carried out in a physical outlet, virtual switches, virtual router's details page
In the packet capture analysis page, select the designated network port packet capture, packet if necessary to avoid too much grip, you can set up filters and packet capture file size, and finally click [start] to capture for packet crawl
