Creating network paths
This topic describes how to create a network path. It also provides some background information about network paths and some recommendations for creating them. It contains the following sections:
Background information
Expand any of the links below to access background information about network paths.
What is a network path?
Distinction between a firewall rule and a network path
Inbound and outbound network paths
Guidelines for creating network paths
Creating an inbound network path for a network instance
When defining an inbound path for a selected network, you describe the route by which traffic arrives at the selected network.
When creating an inbound path for a selected network instance, you specify a source endpoint—either a server network interface or a network endpoint. You accept the destination endpoint, which defaults to your network instance selection. Then you add the firewall constraints that regulate the traffic between the two endpoints.
Note
Load Balancer pools cannot serve as source endpoints.
The following table describes the network types.
Network type | Description |
---|---|
Customer networks | When specifying an inbound path for a customer network, the destination is the customer network. The source can be another network in the same container or a server network interface card (NIC) on the network. When specifying an outbound path for a customer, the source is the customer network. The destination can be be server NIC, another network in the same container, or VLB pool. |
External networks | Traffic can originate from and travel to external networks in much the same way as they do in customer networks. External networks identify subnets that reside outside the container. Note The external network zero-address 0.0.0.0/0 (all routes) acts as a mask for all network addresses and ports that are not in the container and not specified by other external networks.
|
Outside networks | An outside network acts as a bridge on which traffic passes back and forth between an external network that resides outside the container and an internal customer network residing within the container. Traffic does not originate from or go to an outside network, which works in the background as a conduit between external and customer networks. Consequently, you do not need to create network paths for an outside network. |
Management networks | Likewise, management networks do not involve network paths because the assumption is that management traffic is trusted and does not need to be regulated. |
To select the network instance
- Select the Network or Load Balancer Pool radio button, and click the drop-down arrow to display the corresponding entries.
- Select a Network or Load Balancer Pool entry from the drop-down list. This is the network type or load balancer pool for which you will create a network path. This example in the previous figure shows an Customer NIC Segment as the network type.
- Click the Create Network Path icon to display the Create Network Path wizard.
Continue with one of the following procedures:
- Creating an inbound network path for a network instance
- Creating an outbound network path for a network instance
- Creating an inbound network path for a load balancer pool
This example uses a "Customer NIC Segment" network instance. The network serves as the network instance to which the inbound network path is added.
To create an inbound network path
- On the initial the Create Network Path wizard panel, select the direction choice Create Inbound Network Path and specify a description for the network path.
- Click Next to display the Source Endpoint dialog. Here you specify the origin of the inbound traffic. For the source endpoint, you can choose between the Server Network Interface or the Network Endpoint option. The default selection is Server Network Interface. This example uses the default Server Network Interface as the source endpoint selection.
- See Selecting source or destination endpoints to complete your source endpoint selection. Once completed, your source endpoint data will look similar to that in this example:
- After specifying your source endpoint, click Next to access the Destination Endpoint dialog. It defaults to the selected Customer NIC Segment network instance, which is the destination of the inbound traffic.
- Click Next to access the Path Constraints dialog.
Specify the following items:
Item Description Transport Protocol Indicates the required protocol, for example, TCP, UDP, and so on. Application Protocol Select an application protocol or enter a single port number or port range in the Port Range field. Allow Traffic Select to permit traffic on the path. Log Select to enable logging. Locked Select to lock the path, which prevents end users and tenant administrators from deleting or editing the path. Hidden Select to hide the path from end users and tenant administrators. - Click Save to add the inbound network path to the selected network (a Customer NIC Segment network in this example) in the Manage Network Paths dialog. The action is queued under Pending Activity and, providing no errors occur, completes in stages. After it is complete, the network path is posted under the Network Paths pane for the selected network. The highlighted row below illustrates the network path created in this example.
Creating an outbound network path for a network instance
When defining an outbound path for a selected network instance, you describe the route by which traffic leaves the selected network.
When creating an outbound path for a selected network instance, you accept the source endpoint, which is the selected network instance. You specify a destination endpoint—a server network interface, a network endpoint, or a VLB pool. Then you add the firewall constraints that regulate the traffic between the two endpoints.
To select the network instance
- Select the Network or Load Balancer Pool radio button, and click the drop-down arrow to display the corresponding entries.
- Select a Network or Load Balancer Pool entry from the drop-down list. This is the network type or load balancer pool for which you will create a network path. This example in the previous figure shows an Customer NIC Segment as the network type.
- Click the Create Network Path icon to display the Create Network Path wizard.
Continue with one of the following procedures:
- Creating an inbound network path for a network instance
- Creating an outbound network path for a network instance
- Creating an inbound network path for a load balancer pool
This example uses a "Customer NIC segment" network. The Customer NIC network serves as the network to which the outbound network path is added.
To create an outbound network path
- On the initial the Create Network Path wizard panel, select the direction choice Create Outbound Network Path.
- Click Next to display the Source Endpoint dialog. It defaults to the selected network instance from which the outbound traffic originates—the Customer NIC Segment in this example.
- After viewing the source endpoint, click Next to access the Destination Endpoint dialog. Here you specify the destination of the outbound traffic. For the destination endpoint, you can choose among the Server Network Interface, the Network Endpoint, and the Virtual Load Balancer Pool options. The default selection is Server Network Interface. This example uses the Network Endpoint option as the destination endpoint selection.
- See Selecting source or destination endpoints to complete your destination endpoint selection. Once completed, your destination endpoint data will look similar to that in this example:
.
- Click Next to access the Path Constraints dialog.
- Specify the Transport Protocol, the Application Protocol or Port Number if either is required, and the Allow Traffic selection to permit or allow traffic that matches the protocol definition.
Item Description Transport Protocol Indicates the required protocol, for example, TCP, UDP, and so on. Application Protocol Select an application protocol or enter a single port number or port range in the Port Range field. Allow Traffic Select to permit traffic on the path. Log Select to enable logging. Locked Select to lock the path, which prevents end users and tenant administrators from deleting or editing the path. Hidden Select to hide the path from end users and tenant administrators. - Click Save to add the outbound network path to the selected network (a Customer NIC Segment in this example) in the Manage Network Paths dialog. The action is queued under Pending Activity and, providing no errors occur, completes in stages. After it is complete, the network path is posted under the Network Paths pane for the selected network.
Creating an inbound network path for a load balancer pool
A VLB always functions as the destination of a network path.
You can specify an inbound network path that has the selected VLB pool as the destination endpoint.
To create a network path for load balancer pool
- In the Manage Network Paths panel, choose the Load Balancer Pool option, and select an entry from the drop-down menu.
- Click the Create Network Path icon to display the Create Network Path wizard. Note that when creating a network path for a load balancer pool, it defaults to the Source Endpoint dialog (the second panel in the wizard).
- Specify the origin of the inbound traffic. For the source endpoint, you can choose between the Server Network Interface or the Network Endpoint option. The default selection is Server Network Interface. This example uses the Network Endpoint option as the source endpoint selection.
- See Selecting source or destination endpoints to complete your source endpoint selection. Once completed, your source endpoint data will look similar to that in this example:
- After specifying your source endpoint, click Next to access the Destination Endpoint dialog. It defaults to the selected VLB instance, which is the destination of the inbound traffic.
- Click Next to access the Path Constraints dialog.
- Specify the Transport Protocol, the Application Protocol or Port Number if either is required, and the Allow Traffic selection to permit or allow traffic that matches the protocol definition.
Item Description Transport Protocol Indicates the required protocol, for example, TCP, UDP, and so on. Application Protocol Select an application protocol or enter a single port number or port range in the Port Range field. Allow Traffic Select to permit traffic on the path. Log Select to enable logging. Locked Select to lock the path, which prevents end users and tenant administrators from deleting or editing the path. Hidden Select to hide the path from end users and tenant administrators. - Click Save to add the inbound network path to the selected VLB in the Manage Network Paths dialog. The action is queued under Pending Activity and, providing no errors occur, completes in stages. After it is complete, the network path is posted under the Network Paths pane for the selected VLB.
Selecting source or destination endpoints
- When creating an inbound network path, you have the option of selecting a server network interface or a network endpoint as the source endpoint. The destination endpoint in the inbound context is the selected network instance.
- When creating an outbound network path, you have the option of selecting a server network interface, a network endpoint, or a VLB as the destination endpoint. The source endpoint in this context is the selected network instance.
To select a server network interface as a source or destination endpoint
In this example, an inbound path is being created, so the server network interface is added as a source endpoint. The steps are the same for an outbound path in which you would add a server network interface as a destination endpoint.
Note
Follow these steps to select a server network interface.
- Accept the Server Network Interface default selection in the endpoint dialog. In this example, it is the Source Endpoint dialog.
- Click the Select Service Offering Instances icon to open the Service Instance Search dialog. By default, only service instances with a status of Running can be retrieved. To narrow the search, you can specify values for the Name, Tenant, and Owner fields.
- Click Search to retrieve the matching instances. Then choose an instance, and click Select to return to the dialog screen—in this example the Source Endpoint dialog.
- Using the drop-down selections, choose the server and NIC. The network address is automatically populated.
- Click Next to proceed to the next wizard dialog, and continue with your procedure steps. See Creating an inbound network path for a network instance, Creating an outbound network path for a network instance, or Creating an inbound network path for a load balancer pool.
To select a network endpoint as a source or destination endpoint
In this example, an outbound path is being created, so the network endpoint is added as a destination endpoint. The steps are the same for an inbound path in which you would add a network endpoint as a source endpoint.
Follow these steps to select a network endpoint:
- Select Network Endpoint in the endpoint dialog. In this example, it is the Destination Endpoint dialog.
- Complete the Network Endpoint Details choosing one of the following three options:
- To chose an available network by name, click the Select Network Endpoint icon next to the Name field in the Source Endpoint dialog to display the Network Type Picker.
- In the Network Type Picker, select the type and network name. If you select Zone as a type, specify a zone. The Network Address and Network Mask are populated automatically. Then click OK to copy the information to the Destination Endpoint dialog.
- To use a host address, select the Host Address field, and enter a valid IP address.
- To use a network address, select the Network Address field, and enter valid IP addresses for the Network Address and Network Mask.
- To chose an available network by name, click the Select Network Endpoint icon next to the Name field in the Source Endpoint dialog to display the Network Type Picker.
- Click Next to proceed to the next wizard dialog, and continue with your procedure steps. See Creating an inbound network path for a network instance, Creating an outbound network path for a network instance, or Creating an inbound network path for a load balancer pool.
Selecting a VLB as a destination endpoint
Because a VLB does not serve as a source endpoint, you have the option to select it as a destination endpoint for an outbound network path of a selected network instance.
- In the Destination Endpoint dialog, select the Virtual Load Balancer Pool instance.
- Using the drop-down lists, select a Load Balancer entry and a Load Balancer Pool entry. The Virtual IP address field is populated automatically.
- Click Next to proceed to the next wizard dialog, and continue with your procedure steps. See Creating an outbound network path for a network instance.
Related BMC Communities video
The following BMC Communities video (4:04) describes how to use NIC segments in network blueprints in TrueSight Network Automation (formerly called BMC Network Automation). The blueprints can then be used in BMC Cloud Lifecycle Management.
Comments
Log in or register to comment.