ungleich-staticcms/content/u/blog/uncloud-next
2020-01-12 13:28:24 +01:00

65 lines
1.4 KiB
Text

- how to secure the network
- rate limiting
- automating
- trigger / postgres / etcd
- metadata!
- building vm images!
- generate tap names matching vm??? problem, because inteerfaces are
limited in length!
[root@diamond hackcloud]# ip link add b23456789012345 type bridge
[root@diamond hackcloud]# ip link add b234567890123456 type bridge
Error: argument "b234567890123456" is wrong: "dev" not a valid ifname
[root@diamond hackcloud]#
- VMID is not uuid, but counter; using hexa; using 16**10,
gives 1099511627776 VMs
>>> (16**10)/(1000*24*365)
125515.02600182648
interface names:
x = vxlan ?
b = bridge
v = vm
=> 16 types possible
10+1 used => 4 left
2 positions for interface id? => 256 interfaces per VM
mac:
48 bits = 6 bytes
1 byte = 2hexa positions
prefix is 02:00: = 2 bytes
we have 4 bytes = 8 hexa left!!!!
embed mac suffix as ID!
full mac = 12 bytes
No vmprefix + counter -> because counter size might always be wrong
(how many interfaces? 16? 256? ... )
--------------------------------------------------------------------------------
No stale firewall entries as we regnerate, not keep the list!
table bridge filter {
chain prerouting {
type filter hook prerouting priority 0;
policy accept;
ibrname br100 jump netpublic-$version
}
chain netpublic-10 {
...
}
}
can generate new full chain, change only the jump
--------------------------------------------------------------------------------