Scenario: Set up SDN so that traffic can flow between the public and private network

Edit online

For this scenario, we take the example of a team that is prototyping a new web application. If it is successful, you expect your business to scale out this application rapidly. In order to not disrupt the rest of the business, you want to make sure it is isolated on the network. You do not want to put it on the same network as your production applications. Working with the network team in a traditional model to deploy a new VLAN can take too long, so you will use SDN to solve this problem.

This company will set up SDN with the following qualities:
  • All application components, such as a web server, load balancers, logic nodes, and database backends can communicate with each other by using an overlay network..
  • Only the web server can be seen by external systems.
  • Quality of Service (QoS) controls are added so that the development system does not use too much bandwidth from the production environment.
  • An additional layer of security is added by configuring security groups.
Note: These steps assume that you have an environment as described in Compute node requirements.
  1. Register at least one network node by following these steps: Set up a network node. You must have a physical Ethernet port attached to the br-ex device on the network node for routers to work.
    Notes:
    • All of the network nodes must be on the same physical network, and therefore must be on the same subnet.
    • Only one subnet can be attached to the router.
  2. Create an external network. From the PowerVC user interface, click the network symbol in the left sidebar, then click Create network. Select these values:
    • Virtualization type: Open vSwitch
    • Type: Flat or VLAN
  3. Set up an isolated network by creating a private overlay network. From the PowerVC user interface, click the network symbol in the left sidebar, then click Create network. Select these values:
    • Virtualization type: Open vSwitch
    • Type: VXLAN
    • External network: Choose the network that was created in the previous step.
    Note: PowerVC sets the MTU sizes. If you change the MTU size in the virtual machine, the workload within the virtual machine might become unstable.

    PowerVC automatically configures virtual routers on your network nodes for the new VXLAN network.

  4. From the PowerVC user interface, deploy virtual machines on the VXLAN network created in the previous step. At this point, those virtual machines can access the wide area network, but traffic originating from the wide area network cannot reach those virtual machines.
  5. Open the virtual machine console from PowerVC and install the application components on the virtual machines.
  6. Because this is a web application, people will need to be able to browse on our WAN to reach it. To give external connectivity to the virtual machine that is hosting the web server, set up external IP addresses.

    Associate an external IP address with one of your virtual machines by navigating to the virtual machine's details page and adding the IP address. This address must be a member of the IP address pool for the External Network that you specified when creating the VXLAN network.

    Note: External IP addresses are separate from the virtual machines. A virtual machine with an associated external IP address has no awareness of the external IP address.