Local router

[Update: July 28, 2018]

Information about [Local Router]

1. Overview

A local router is an appliance that realizes an L3 interconnection among the switch of SAKURA Cloud and local switches that are connected to SAKURA VPS/SAKURA dedicated servers regardless of the member ID or cloud account.

Unlike the bridge connection service and hybrid connection service that can connect only the switches created with the same member ID or the same cloud account, the local router makes it possible to interconnect switches with different cloud accounts, and local switches of SAKURA VPS with different member IDs and the SAKURA dedicated servers. By doing this, the users can achieve closed network connection of various services of SAKURA internet of different users through easy operations on the control panel, without asking the users to construct their own closed network such as VPN.

Furthermore, by splitting the segment at L3, it is possible to solve the issues of scalability of L2 flat and manage large-scale site operation.

Specifications

The local router specifications are as follows.

Supported regions Tokyo, Ishikari
Per cloud account
Maximum number of servers to create
10
Bandwidth 1Gbps best effort
Per local router
Maximum number of peer connections
10 connections
Per connection network
Number of necessary IP addresses
3 addresses (1 virtual IP address, 2 physical IP addresses)
Range of connectable network /8 to /28
Static route setting function Available (up to 10 entries)
VRID setting function Available
Per local router
Recommended maximum number of connected VM
100VM

Comparison with other switch services

Switch related functions provided by SAKURA Cloud include “Bridge connection” and “Hybrid connection.” For the differences of each function, please refer to “FAQ What is the difference between hybrid connection and bridge connection?”.

2. Usage procedures

Creation of a local router and setting of a network for connection (including SAKURA VPS and SAKURA dedicated server) are done on the control panel of SAKURA Cloud.

*Even if your configuration does not include SAKURA Cloud, such as only connecting SAKURA VPS and SAKURA dedicated servers, it is necessary to create a SAKURA Cloud account (free) and set up on the SAKURA Cloud control panel. For details, please refer to New account creation.

Confirmation of necessary equipment and network requirements

One local router should be created and connected per existing switch of each service that you want to interconnect. For this reason, you need to have a [Local Switch] contract and connection for the network of each service to be interconnected.

In addition, the following 3 IP addresses are required to be assigned to the local router from the connected network.

Virtual IP address This is the IP address that becomes a gateway from the network underneath.
In reality, it becomes an alias of one of the two physical IP addresses, and, when a fault occurs, the operation will continue by switching automatically.
Physical IP address 1 /
Physical IP address 2
They are the IP addresses assigned to two interfaces of the local router.

*The network must be in the range of /8 to /28.
*It is also possible to set the global IP address. However, reachability to the Internet is not automatically set.

New creation, connection to a switch

All operations such as creating a new [Local Router] or setting up a [Local Router] are done on the control panel of SAKURA Cloud. Even if you do not use SAKURA Cloud and connect only using SAKURA VPS and SAKURA dedicated servers, you still need to set it up on the control panel of SAKURA Cloud.

Creation of a new local router

When you click [Local Router] from the menu on the left of the SAKURA Cloud control panel, the local router setting screen will appear. If there are local routers that are already created, a list of the local routers will appear.

To create a new local router, click the [Add] button at the top right of the screen.

On the screen to create a new local router, enter necessary information such as name and explanation of the local router, and click the [Create] button at the bottom right. This will add a new local router.

*Because one local router is required for each local switch of SAKURA Cloud, SAKURA VPS, and SAKURA dedicated server, you need to create multiple routers as needed.

Confirmation of information

On the information screen of the local router that is just created, the [Resource ID] and [Secret Key] required for interconnection setup will appear. These are required for setting up the local switch for interconnection.

Connecting to a switch

The newly created local router is not yet connected to any switch. To newly connect to a switch or disconnect from an already connected switch, double-click the local router to be set from the local router list and click the [Modify Connected Switch Settings] button at the upper right of the details screen.

When you select a service where the switch you want to connect to exists on the radio button, a pop-up menu to select the switches that are created with the member ID which is used to log in and the entry section of each IP address will appear on the control panel.

After entering each item, click the [Update] button and click the [Apply] button on the upper right to activate the settings.

The set connection information can be shown from the [Interface] tab. Making changes can be done again by clicking the [Modify Connected Switch Settings] button.

*The switch that can be specified as the connection destination is a switch of each service owned by the member ID that is used to currently log in to the control panel of SAKURA Cloud. When you set up a connection to a switch owned by a different member ID, please log in to the cloud control panel using that member ID.
*It is not possible to connect a local router with a switch that has already been used for a hybrid connection or bridge connection.
*It is not possible to connect a local router when multiple switches are on the same broadcast domain.

Peer setting

An L3 connection between local routers is created on [Peer Setting]. Display the target local router and click the [Peer Setting] tab above. The list of peer settings that are already configured will appear. Click the [Add] button to make a new peer setting.

In the dialog box, enter the resource ID and secret key of the connected local router and click the [Add] button. If you do not want to enable the peer setting immediately, you can select [Disable] with the radio button and activate it later on the screen of the peer setting list.

Similarly, perform peer settings for the opposite endpoint local router, and set the resource ID and secret key of the local router that you configured this time. When both peer settings are done normally, “UP” status is displayed in the status section on the screen of the peer setting list.

By clicking the pencil button on each peer setting line, you can change the resource ID and secret key of the opposite endpoint local router and change the enable/disable setting of the peer setting.

When you create a new local router or change the contents, they become effective by clicking the [Apply] button at the upper right of the screen.

*Up to 10 peer settings can be configured per one local router.
*If both network address and net mask match with the local router of the peer setting destination, an error occurs and it cannot be configured.
*If a peer setting is deleted from one local router, the status on the other local router will only become “DOWN” and the peer setting will be kept. If you want to completely delete the peer setting, please remove the setting from both local routers.

Routing setting on the server side

Even if the connection between each local router is completed by the peer setting on the control panel, it is necessary to set up a routing table so that the devices under the local router will communicate with each other.

Here, the setting method is explained using CentOS case as an example.

Example of a configuration network

As shown in the figure below, we use a routing setting example where the other two networks connected by a local router go through the local router. In this example, communication other than these two networks will go through shared segment that is connected to the Internet.

Local network 192.168.10.0/24 (Local router GW: 192.168.10.1)
Network of host B 192.168.11.0/24 (Local router GW: 192.168.11.1)
Network of host C 192.168.12.0/24 (Local router GW: 192.168.12.1)

Set the routing table as follows so that “host A” can communicate with “host B” and “host C” that exist on other networks.

*Similarly, it is necessary to set up routing tables also on host B and host C, so that they can be routed to the network to which host A belongs.

CentOS7

Since it is not recommended for CentOS7 to set up by directly editing the file, you need to set up by using several commands that are prepared according to the environment.
Here is an example of using the nmcli command to set up from the command line.

First, investigate the UUID displayed together with the interface name connected to the router side.

$ nmcli connection show
NAME         UUID                                  TYPE            DEVICE
System eth0  XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX  802-3-ethernet  eth0
System eth1  YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY  802-3-ethernet  eth1

Perform routing setting to the corresponding interface.

# nmcli connection modify uuid YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY ipv4.routes "192.168.11.0/24 192.168.10.1"
# nmcli connection modify uuid YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY ipv4.routes "192.168.12.0/24 192.168.10.1"

In order to enable the setting, close the relevant interfaces once and restart them.

# ifdown eth1
# ifup eth1

Confirm the routing table setting.

$ ip route show
default via 198.51.100.1 dev eth0  proto static  metric 100
198.51.100.0/24 dev eth0  proto kernel  scope link  src 198.51.100.100  metric 100
198.51.100.0/24 dev eth0  proto kernel  scope link  src 198.51.100.100  metric 100
192.168.11.0/24 via 192.168.10.1 dev eth1  proto static  metric 100
192.168.12.0/24 via 192.168.10.1 dev eth1  proto static  metric 100

CentOS6

Edit the configuration file of the interface on the local router side (the configuration file when the interface name is “eth1” is /etc /sysconfig/network-scripts /route-eth1) and add the target network and its gateway information.

192.168.11.0/24 via 192.168.10.1
192.168.12.0/24 via 192.168.10.1

*The default gateway information that will be the gateway to the network that is not entered in the configuration file will be entered in the /etc/sysconfig/network file.

Restart the network service and enable the network setting that is entered.

# service network restart

Static route setting function

On the local router, there is a function to set the next hop of the specified IP address block to the IP address of any device underneath. By using this function, you can perform routing setting of IP address blocks other than the IP address block specified when connecting to the interface to enable more flexible network configuration.

Example: When another 10.0.100.0.24 network is constructed in the 192.168.10.0/24 network and a static route is set for “server A” that has two interfaces.

*Appropriate network setting is necessary for each server.

A list of already set static routes is displayed from the [Static Route] tab. Click the [Add] button to make a new setting.

Enter the prefix and next hop in the dialog box, and click the [Add] button. The new setting and changed contents are enabled by clicking the [Apply] button at the upper right of the screen.

activity monitor

From the [Activity] tab, you can use a graph to check traffic sent from and received by the applicable local router.

3. Cautions

In case of peer setting with non-mesh structure

The peer setting when only one network connects to other multiple networks is possible with a star network configuration. But it is necessary to construct a full mesh structure with a peer setting on each local router if you want each network to communicate with other networks.

In case of 3 local router configuration

In case of 4 local router configuration

*It is also possible to communicate between networks without taking a full mesh structure by setting the server in the network on the route, etc.
*Even if you do not intentionally establish a full mesh structure so as not to communicate with other networks, communication may be established depending on the server setting.

Other items

Regarding creation, deletion and operating authority of a local router

A local router can be created, deleted, and edited only when you log in to the control panel with a member ID authentication. With account permissions, you can only view information.

*For details concerning the access level function, please refer to the Access level function page.

Concerning operation by API

The local router cannot perform various operations such as creation, deletion, and change of setting by API.