From Grid5000
Revision as of 14:43, 5 July 2012 by Sbadia (talk | contribs) (Overview)

Jump to: navigation, search
See also: Tutorial | KaVLAN_Admin | KaVLAN | Specs | Multisite Specs


The goal of Kavlan is to allow people to manage VLAN on Grid'5000 nodes. The benefits is complete level 2 isolation. It can be used together with OAR and Kadeploy to do some experimentations on the grid.

Installation status on sites :

Sites Version Status
Bordeaux Fail.png
Grenoble Fail.png
Lille 1.1.12-2 Check.png
Luxembourg Fail.png
Lyon 1.1.12-2 Check.png
Nancy 1.1.12-2 Check.png
Reims 1.1.13-2 InProgress.png
Rennes 1.1.12-2 Check.png
Sophia 1.1.12-2 Check.png
Toulouse Fail.png

There are 3 types of vlan available on Grid'5000:

  • local VLANs (in green)
  • routed VLANs (in blue)
  • global VLANs (in purple)
KaVLAN architecture

1: Isolated VLAN

An isolated VLAN (also called local VLAN) is completely isolated from the rest of Grid5000: no routing configured. Therefore, you must use a special host to reach your nodes inside this kind of VLAN.

The following figure shows two jobs running with KaVLAN: each job has it's nodes isolated in a local VLAN (purple and green). The other nodes are all in the default VLAN (red). The only way to reach the isolated nodes is to use a gateway node (kavlan-1 and kavlan-2 in the figure). The gateway has two Ethernet interfaces: one in the default VLAN and one is the dedicated VLAN. This way, you can use ssh to reach your nodes (an other way to reach an isolated node is to use the kaconsole command).

KaVLAN architecture: 2 jobs running KaVLAN
Note.png Note

The gateways are NOT doing any routing: they are only used as ssh gateways.

2: Routed VLAN

This kind of VLAN is not isolated at the layer 3. Therefore you can reach the nodes inside the VLAN from the rest of Grid5000. No need for an ssh gateway.

Global VLAN

A global VLAN is a VLAN which is spread on all grid5000 sites (using QinQ). Therefore you can configure nodes of different sites on the same VLAN ! There will be no routing between these nodes. To reach nodes inside a VLAN, routing is configured on one of the router (on the site where you reserved this global VLAN)


How to reserve a VLAN

KaVLAN only works with deploy reservations; to obtain nodes and a VLAN, you must reserve a kavlan resources with oarsub. There are 3 kinds of resources defined in OAR: kavlan, kavlan-local, kavlan-global. For example, if you need 3 nodes and a local VLAN:

Terminal.png frontend:
oarsub -t deploy -l {"type='kavlan-local'"}/vlan=1+/nodes=3 -I

Then you can get the id of your VLAN using the kavlan command

Terminal.png frontend:
kavlan -V

If you run this command outside the shell started by OAR for your reservation, you must add the oar JOBID.

Terminal.png frontend:
kavlan -V -j JOBID

You should get an integer in the <1-3> range for local VLAN ( the range for routed vlan is <4-9>, and there is one global VLAN per OAR server).

You can get all the options of the command using --help:

# kavlan --help
Usage: kavlan [options]
Specific options:
    -i, --vlan-id N                  set VLAN ID (integer or DEFAULT)
    -C, --ca-cert CA                 CA certificate
    -c, --client-cert CERT           client certificate
    -k, --client-key KEY             client key
    -l, --get-nodelist               Show nodenames in the given vlan
    -e, --enable-dhcp                Start DHCP server
    -d, --disable-dhcp               Stop DHCP server
    -V, --show-vlan-id               Show vlan id of job (needs -j JOBID)
    -g, --get-vlan                   Show vlan of nodes
    -s, --set-vlan                   Set vlan of nodes
    -j, --oar-jobid JOBID            OAR job id
    -m, --machine NODE               set nodename (several -m are OK)
    -f, --filename NODEFILE          read nodes from a file
    -u, --user USERNAME              username
    -v, --[no-]verbose               Run verbosely
    -q, --[no-]quiet                 Run quietly
        --[no-]debug                 Run with debug output
    -h, --help                       Show this message
        --version                    Show version

Once you have a kavlan reservation running, you can put your nodes in your VLAN (and back into the default VLAN) at anytime during the lifetime of your job; for local VLAN, you are also allowed to connect to the VLAN gateway named kavlan-<ID> where ID is your vlan ID,

In you want to learn how to use KaVLAN, you can try the tutorial on Network isolation on Grid'5000