65 lines
1.4 KiB
Text
65 lines
1.4 KiB
Text
- how to secure the network
|
|
- rate limiting
|
|
- automating
|
|
- trigger / postgres / etcd
|
|
- metadata!
|
|
- building vm images!
|
|
- generate tap names matching vm??? problem, because inteerfaces are
|
|
limited in length!
|
|
|
|
[root@diamond hackcloud]# ip link add b23456789012345 type bridge
|
|
[root@diamond hackcloud]# ip link add b234567890123456 type bridge
|
|
Error: argument "b234567890123456" is wrong: "dev" not a valid ifname
|
|
[root@diamond hackcloud]#
|
|
|
|
- VMID is not uuid, but counter; using hexa; using 16**10,
|
|
gives 1099511627776 VMs
|
|
|
|
>>> (16**10)/(1000*24*365)
|
|
125515.02600182648
|
|
|
|
interface names:
|
|
|
|
x = vxlan ?
|
|
b = bridge
|
|
v = vm
|
|
|
|
|
|
=> 16 types possible
|
|
|
|
10+1 used => 4 left
|
|
|
|
2 positions for interface id? => 256 interfaces per VM
|
|
|
|
mac:
|
|
|
|
48 bits = 6 bytes
|
|
1 byte = 2hexa positions
|
|
|
|
prefix is 02:00: = 2 bytes
|
|
we have 4 bytes = 8 hexa left!!!!
|
|
embed mac suffix as ID!
|
|
full mac = 12 bytes
|
|
|
|
No vmprefix + counter -> because counter size might always be wrong
|
|
(how many interfaces? 16? 256? ... )
|
|
|
|
--------------------------------------------------------------------------------
|
|
No stale firewall entries as we regnerate, not keep the list!
|
|
|
|
table bridge filter {
|
|
chain prerouting {
|
|
type filter hook prerouting priority 0;
|
|
policy accept;
|
|
|
|
ibrname br100 jump netpublic-$version
|
|
}
|
|
chain netpublic-10 {
|
|
...
|
|
}
|
|
|
|
}
|
|
|
|
can generate new full chain, change only the jump
|
|
|
|
--------------------------------------------------------------------------------
|