Protection of user infrastructure in the SIM-Cloud using a router on the basis of a separate instance¶
Description¶
This article describes the first steps for using an arbitrary software router on the basis of a separate instance for protecting user infrastructure in SIM-Cloud.
The use of these materials requires system administration skills in the Linux and Windows families of operating systems. Additionally, the content of this article is intended for users with an understanding of the possibilities offered by the management interface for SIM-Cloud, the Dashboard, and who have familiarised themselves with the following technical articles:
Basic information¶
Use of an arbitrary software router on the basis of a separate instance requires: - knowledge about the deployment of instances from existing images in the SIM-Cloud - basic experience of working with instances in the SIM-Cloud - experience of working with the selected software router
First steps¶
- Create an additional private network within the project
- Create an instance on the basis of the image of the preferred router, (referred to below as the ‘ROUTER’) During the creation process, add interfaces to the instance from network 172.16.0.0/20 and from the private network just created
- Attach a floating IP to the port with the address from network 172.16.0.0/20
- If necessary, specify the defined address from the private network (e.g. ending in .1 - 192.168.0.1) for the second port of the ROUTER. To do this, delete the port of the instance from this network and then add it. During the process of adding the port, a field is displayed in which you can specify the required IP value. This operation can also be performed without deleting the port by using the command line interface; more detail is given in the article
- For the port of the instance of the ROUTER, with the address from the private network, an entity should be added such as ‘Permitted address pair’. This process is described in detail in the article
- After this you can create instances with ports from the private network and arrange access to them via the instance with the ROUTER
Note