If you are not familiar with the concept of an application in Ravello, it is a grouping of virtual machines that run in a defined region (notice I avoided saying container there, could become even more confusing). A region is a geographic location where there are compute resources available. Pretty much every public cloud operates in this fashion. A region will be a location in a country and within each region are usually availability zones, which is a grouping of datacentres close to each other in that region to help protect against datacentre failure.
Anyways, I have some applications running in different regions that I would like to connect with software-defined networking. The only tool I have any kind of familiarity with is the free tool, VeeamPN. Check out the webpage for further info and just ignore the fact it says it’s for Microsoft Azure, its available as an OVA download. VeeamPN is a site to site and site to client VPN software based on OpenVPN. I am going to use it to create a Site to Site VPN between 2 Oracle Ravello regions to simulate a production and a disaster recovery location.
So let’s look at that other thing I put in the title, Elastic IP’s, what is that then? It is a public IP address that persists across application power cycles, IE it is not ephemeral. If an Elastic IP was not used, a different public IP is assigned to a virtual machine following a power cycle. The Elastic IP is perfect for this use case as it means we can define a static IP for the VeeamPN hub server.
Now I mentioned there is an OVA available for VeeamPN but I could not get this to work correctly with Ravello. I followed Anthony Spiteri’s guide on deploying VeeamPN from a Linux repo here. As this uses Ubuntu server, I decided to save some build time and grabbed a pre-built copy of Ubuntu server from the Ravello Repo.
The desired connectivity will look like this, a typical hub and spoke arrangement for a site to site VPN.
Now we can start with the deployment. Open the Ravello Repo and search for Ubuntu. You should see something like below. Add it to your library.
Deploying the VM and assigning Elastic IP.
Now, either create a new application or add to an existing application the Ubuntu VM.
The first warning you will receive is that a key pair needs to be created to allow SSH access to the VM. This helps to lock down access to the VM.
Create a new key pair.
You will be given a PEM file to download once the key pair has been generated. If you are using Putty on a Windows machine for SSH access, the PEM file will need to be converted to Putty native PPK format first before you can use it to connect using SSH. Check out this guide here on how to do that.
Click on NICs tab and click on open.
I found that setting a static IP here for the internal address did not work very well. I opted to reserve an IP in the Ravello DHCP scope instead.
Choose the Elastic IP option.
Create a new elastic IP
Select the desired region for the Elastic IP to be available in.
And the new public IP will be available for consumption.
Also, expose the required ports on the VM to external networks as detailed in the system requirements for VeeamPN.
TCP/UDP 1194 TCP/UDP 6197 HTTPS 443 SSH 22
Install VeeamPN binaries onto Ubuntu server.
Once the VM first powers on, open the Ravello console and login with username: ubuntu / password: ravelloCloud. Or alternatively, connect with Putty via the Elastic IP we assigned earlier.
Now run the following commands to install VeeamPN:
sudo -s curl -k http://repository.veeam.com/keys/veeam.gpg | apt-key add - echo "deb http://repository.veeam.com/VeeamPN/public testing VeeamPN" > /etc/apt/sources.list.d/veeampn.list apt-get update apt-get -y install veeam-vpn-ui veeam-vpn-svc
Once this process has completed, it would be a good idea save the VM to the your Ravello library before any configuration takes place. You need one of these VM’s per site you would like to deploy a site to site VPN.
Once the binaries have installed open up a web browser and point it to https://YourElasticIP.
Configure VeeamPN Hub.
The steps for initial setup are detailed here on the Veeam website.
Login with username: ubuntu / password: ravelloCloud. This is the default login credentials for the Ubuntu server deployed from Ravello Repo. Change your password.
Choose Network Hub config
Wait for self signed cert generation.
Enter a display name for the Hub, up the encryption level if you wish.
Enter the Elastic IP address for the hub appliance and enable or disable services as required.
Configure VeeamPN site settings.
The first step is to create a client on the hub. This will generate a XML config file that can imported onto another VeeamPN server.
Create a client.
Select entire site for Site to Site VPN
Specify a display name and network subnet for remote site.
And you are done.
Clicking finish generate the XML file for download.
Configure VeeamPN site server.
Remember I said save the VM to the Ravello library after the binaries have installed but before configuring the hub? You should have a unconfigured VeeamPN VM server that you can deploy again here. Deploy the VM and adjust the IP settings accordingly. The site servers do not need an Elastic IP address.
Log into the web interface and this time choose to configure a site rather than a hub.
Import the XML file.
And that’s it done. You should see in the hub site that the remote site has connected successfully.
There is no way in Ravello to add routing options to the software routers that are deployed as part of an application. You will need to add static routes to each VM you would like to talk over VPN tunnel.
In Windows that is:
route add 192.168.0.0 mask 255.255.255.0 10.0.1.200 -p
Which is route add the destination / the subnet mask of the destination and the path to take, in this case the site VPN server and make it a persistent route.
I covered how to perform the same operation on Linux here.