- Jan 28, 2013
Overview of DNS and Networking
Hostnames are traditionally assigned by end users, who inform an administrator of the virtual machine's desired IP address and primary hostname (such as vhost1234). The administrator creates a record in the DNS system so the fully qualified domain name can be used (such as vhost.sceexample.com). In addition, an alias is created (such as fred-db2-singapore.sceexample.com).
The article makes special reference to virtual local area networks (VLANs). Having a VLAN is just like having your own private data center on the cloud. After you provision a virtual machine to a VLAN, it won't be visible to the Internet. Making the changes to the virtual machine instances in this document will enable networking and DNS within your VLAN. However, for most cloud providers, DNS typically won't be configured when provisioning virtual machines on a VLAN, because it's difficult for a cloud provider to manage hostnames for private IP addresses. On the public Internet, IP addresses are unique, but private IP addresses only need to be unique within the private network to which they belong. A more precise definition is beyond the scope of this article, but you can roughly understand that the private network domain is visible to you, including your corporate network, as well as any VPN connections that you might have to different VLANs on the cloud. So it makes more sense to use your own DNS server when working with virtual machines on a VLAN. Figure 1 shows a simple DNS topology with VLANs on the cloud.
Figure 1 Simple DNS topology with VLANs.
The same arguments for the DNS server also apply to the network gateway. In a VLAN you'll also be responsible for managing your own network gateway, which will typically be a virtual machine with IP addresses on both the Internet and the VLAN. That virtual machine might be configured to route all traffic originating in the VLAN to the Internet, allowing only restricted traffic into the VLAN.
The Firewall image in IBM SmartCloud Enterprise is a good choice for the gateway because it includes preconfigured firewall software and is security-hardened in a way that's appropriate for an Internet-facing server. In the examples in this article, the network gateway hosts the DNS servers. Figure 2 shows the network topology for the example in this article.
Figure 2 Network topology for the examples in this article.
Although in Figure 1 we showed the user communicating directly with a Linux virtual machine in a VLAN, this is actually a simplification. As Figure 2 shows, the network topology forces all traffic to and from the Linux virtual machine on the VLAN to be routed through the firewall, which has one IP address on the Internet (shown as the public IP) and one on the VLAN (shown as the private IP). Outbound traffic to the Internet with a connection originating on the Linux virtual machine (VM) in the VLAN must use the private IP address of the firewall as a gateway.
In IBM SmartCloud Enterprise, all IP addresses are statically assigned. With the dynamic nature of the self-service user interface (that is, the web portal), which can allocate IP addresses rapidly and automatically, you get the convenience of a DHCP system without concern for the IP address changing. Not all clouds operate this way. Some clouds use DHCP to assign IP addresses to virtual machines. In that kind of network environment, some steps described in this article would need to be modified.