Previous: IPv6 DNS |
The virtual machines are easy to setup using the VirtualBox software. I didn't use Linux's KVM because the host hardware doesn't support CPU virtualization, but I do have a similar setup with KVM on a computer that does. I have used this setup with VMWare and Virtual PC as well. The router gets four interfaces each independent of the other while interface eth0 gets bridged to the outside world. The remaining interfaces are placed on internal networks named for their purpose. I have completed moving the WonderBlog into a three tier architecture in a virtualized DMZ and will document the configuration in the next few weeks, but I wanted to look over virtualized home network DMZ designs I didn't choose and discuss why I didn't choose them. I wrote about the home based DMZ architecture I used, but that entry focused more on how the network was laid out. This post will discuss the designs I played with but didn't use for my home network architecture. My blog shows a three tier architecture in use, which consists of a client facing tier, an application tier, and a database tier. These three tiers are separate virtual machines, totaling four virtual machines on one server. The computer running those only has three gigabytes of RAM and I actually wanted 9 virtual machines. So I solved this problem of stuffing all of these virtual machines into three gigabytes by using operating system-level virtualization. This type of virtualization tends to be extremely efficient since it uses one virtual machine and lets the operating system partition off the virtual servers. I used OpenBSD and OpenBSD's packet filter (pf), to manage all of the Solaris Zones and FreeBSD jails. I thought about some other offshoot designs. The first design was to simply do the whole thing on one virtualized server. I could have put the firewall rules into the Solaris or FreeBSD host machine and used only one VM, but I found I liked working with separate pieces that made changing one part without harming others something I couldn't resist working with. You have many choices. Simiar articles
OpenBSD ifconfig Outputlo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33204 groups: lo inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 08:00:27:57:24:6b groups: egress media: Ethernet autoselect (1000baseT full-duplex) status: active inet 192.168.1.20 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::a00:27ff:fe57:246b%em0 prefixlen 64 scopeid 0x1 inet6 2002:43a4:a7f0:0:a00:27ff:fe57:246b prefixlen 64 autoconf pltime 16 vltime 26 em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 08:00:27:fb:e9:df media: Ethernet autoselect (1000baseT full-duplex) status: active inet 192.168.8.1 netmask 0xffffff00 broadcast 192.168.8.255 inet6 fe80::a00:27ff:fefb:e9df%em1 prefixlen 64 scopeid 0x2 em2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 08:00:27:68:63:2a media: Ethernet autoselect (1000baseT full-duplex) status: activea inet 192.168.10.1 netmask 0xffffff00 broadcast 192.168.10.255 inet6 fe80::a00:27ff:fe68:632a%em2 prefixlen 64 scopeid 0x3 em3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 08:00:27:a3:ad:7c media: Ethernet autoselect (1000baseT full-duplex) status: active inet 192.168.12.1 netmask 0xffffff00 broadcast 192.168.12.255 inet6 fe80::a00:27ff:fea3:ad7c%em3 prefixlen 64 scopeid 0x4 enc0: flags=0<> mtu 1536 pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33204 groups: pflog OpenBSD in VirtualBOX With 4 Interfaces The first interface is bridged to the Ubuntu host's ethernet adapter. The tier interfaces follow as int1, int2, int3. I have used this design with Linux's Kernel Based Virtual Machine (KVM), Virtualbox, and VirtualPC. The picture above shows Solaris is configured to use each interface. The Solaris Zones are assigned to each interface and they route to the OpenBSD server which performs firewall functions in packet filter. |
Journal
This is the place for notes and updates. Archives
March 2013
Categories
All
|