diff --git a/images/sandbox_topology_new.png b/images/sandbox_topology_new.png new file mode 100755 index 000000000..85766d46f Binary files /dev/null and b/images/sandbox_topology_new.png differ diff --git a/sandbox/Sandbox15/configurations.rst b/sandbox/Sandbox15/configurations.rst index a0e84b4a0..bbf421ff0 100644 --- a/sandbox/Sandbox15/configurations.rst +++ b/sandbox/Sandbox15/configurations.rst @@ -7,44 +7,48 @@ Once you log into the Netris Controller, you will find that certain services hav V-Net (Ethernet/Vlan/VXlan) Example =================================== -After logging into the Netris Controller by visiting `https://sandbox15.netris.io `_ and navigating to **Services → V-Net**, you will find a V-Net service named "**vnet-example**" already configured for you as an example. +To access the V-Net service example, first log into the Netris Controller by visiting `https://sandbox15.netris.io `_ and navigating to **Services → V-Net**, where you will find a pre-configured V-Net service named "**vnet-example**" available as an example. -If you examine the particular service settings ( select **Edit** from the **Actions** menu indicated by three vertical dots (**⋮**) on the right side of the "**vnet-example**" service), you will find that the services is configured on the second port of **switch 21** named "**swp2(swp2)@sw21-nyc (Admin)**". +To examine the service settings, select **Edit** from the **Actions** menu indicated by three vertical dots (**⋮**) on the right side of the "**vnet-example**" service, where you'll see that the V-Net service is configured with VLAN ID **45** in order to enable **EVPN Multihoming** on the underlying switches. -The V-Net servicers is also configured with both an IPv4 and IPv6 gateway, **192.168.45.1** (from the "**192.168.45.0/24 (EXAMPLE)**" subnet) and **2607:f358:11:ffcf::1** (from the "**2607:f358:11:ffcf::/64 (EXAMPLE IPv6)**" subnet) respectively. +You'll also see that the V-Net service is configured with both an IPv4 gateway (**192.168.45.1**) from the "**192.168.45.0/24 (EXAMPLE)**" subnet and an IPv6 gateway (**2607:f358:11:ffcf::1**) from the "**2607:f358:11:ffcf::/64 (EXAMPLE IPv6)**" subnet. + +Additionally, the V-Net service is configured to utilize network interfaces on both switches 21 and 22. Specifically, it is connected to **swp4(swp4)@sw21-nyc (Admin)** on switch 21 and **swp4(swp4)@sw22-nyc (Admin)** on switch 22. You may also verify that the service is working properly from within the GUI: (*\*Fields not specified should remain unchanged and retain default values*) -1. Navigate to **Net → Looking Glass**. -2. Select switch "**sw21-nyc(10.254.46.21)**" (the switch the "**vnet-example**" service is configured on) from the **Select device** drop-down menu. -3. Select "**Ping**" from the **Command** drop-down menu. -4. Type ``192.168.45.64`` (the IP address of **srv04-nyc** connected to **swp2@sw21-nyc**) in the field labeled **IPv4 address**. -5. Click **Submit**. +1. Navigate to **Network → Looking Glass**. +2. Make sure "**vpc-1:Default**" is selected from the **VPC** drop-down menu. +3. Select "**SoftGate1(45.38.161.192)**" from the **Hardware** drop-down menu. +4. Leave the "**Family: IPV4**" as the selected choice from the **Adrress Family** drop-down menu. +5. Select "**Ping**" from the **Command** drop-down menu. +6. Leave the "**Selecet IP address**" as the selected choice from the **Source** drop-down menu. +7. Type ``192.168.45.64`` (the IP address configured on **bond0.45** on **srv04-nyc**) in the field labeled **IPv4 address**. +8. Click **Submit**. The result should look similar to the output below, indicating that the communication between switch **sw21-nyc** and server **srv04-nyc** is working properly thanks to the configured V-Net service. .. code-block:: shell-session - sw21-nyc# ip vrf exec Vrf_netris ping -c 5 192.168.45.64 + SoftGate1# ping -c 5 192.168.45.64 PING 192.168.45.64 (192.168.45.64) 56(84) bytes of data. - 64 bytes from 192.168.45.64: icmp_seq=1 ttl=64 time=0.562 ms - 64 bytes from 192.168.45.64: icmp_seq=2 ttl=64 time=0.745 ms - 64 bytes from 192.168.45.64: icmp_seq=3 ttl=64 time=0.690 ms - 64 bytes from 192.168.45.64: icmp_seq=4 ttl=64 time=0.737 ms - 64 bytes from 192.168.45.64: icmp_seq=5 ttl=64 time=0.666 ms - + 64 bytes from 192.168.45.64: icmp_seq=1 ttl=61 time=6.29 ms + 64 bytes from 192.168.45.64: icmp_seq=2 ttl=61 time=5.10 ms + 64 bytes from 192.168.45.64: icmp_seq=3 ttl=61 time=4.82 ms + 64 bytes from 192.168.45.64: icmp_seq=4 ttl=61 time=4.82 ms + 64 bytes from 192.168.45.64: icmp_seq=5 ttl=61 time=4.79 ms --- 192.168.45.64 ping statistics --- - 5 packets transmitted, 5 received, 0% packet loss, time 4092ms - rtt min/avg/max/mdev = 0.562/0.680/0.745/0.065 ms + 5 packets transmitted, 5 received, 0% packet loss, time 4002ms + rtt min/avg/max/mdev = 4.787/5.161/6.285/0.572 ms If you are interested in learning how to create a V-Net service yourself, please refer to the step-by-step instructions found in the :ref:`"V-Net (Ethernet/Vlan/VXlan)"` section of the :ref:`"Learn by Creating Services"` document. -More details about V-Net (Ethernet/Vlan/VXlan) can be found on the the :ref:`"V-NET"` page. +More details about V-Net (Ethernet/Vlan/VXlan) can be found on the the :ref:`V-Net"` page. E-BGP (Exterior Border Gateway Protocol) Example ================================================ -Navigate to **Net → E-BGP**. Here, aside from the necessary system generated IPv4/IPv6 E-BGP peer connections between the two border routers ( **SoftGate1** & **SoftGate2** ) and the rest of the switching fabric (which can be toggled on/off using the **Show System Generated** toggle at the top of the page), you will also find two E-BGP sessions named "**iris-isp1-ipv4-example**" and "**iris-isp1-ipv6-example**" configured as example with **IRIS ISP1**. This ensures communication between the internal network with the Internet. +Navigate to **Network → E-BGP**. Here, aside from the required system generated IPv4/IPv6 E-BGP peer connections between the two border routers ( **SoftGate1** & **SoftGate2** ) and the rest of the switching fabric (which can be toggled on/off using the **Show System Generated** toggle at the top of the page), you will also find two E-BGP sessions named "**iris-isp1-ipv4-example**" and "**iris-isp1-ipv6-example**" configured as examples with **IRIS ISP1**. This ensures communication between the internal network and the Internet. You may examine the particular session configurations of the E-BGP connections by selecting **Edit** from the **Actions** menu indicated by three vertical dots (**⋮**) on the right side of either the "**iris-isp1-ipv4-example**" and "**iris-isp1-ipv6-example**" connections. You may also expand the **Advanced** section located toward the bottom of the **Edit** window to be able to access the more advanced settings available while configuring an E-BGP session. @@ -54,7 +58,7 @@ More details about E-BGP (Exterior Border Gateway Protocol) can be found on the NAT (Network Address Translation) Example ========================================= -Navigate to **Net → NAT** and you will find a NAT rule named "**NAT Example**" configured as an example for you. The configured "**SNAT**" rule ensures that there can be communication between the the private "**192.168.45.0/24 (EXAMPLE)**" subnet and the Internet. +Navigate to **Network → NAT** and you will find a NAT rule named "**NAT Example**" configured as an example for you. The configured "**SNAT**" rule ensures that there can be communication between the the private "**192.168.45.0/24 (EXAMPLE)**" subnet and the Internet. You can examine the particular settings of the NAT rule by clicking **Edit** from the **Actions** menu indicated by three vertical dots (**⋮**) on the right side of the "**NAT Example**" service. @@ -74,10 +78,10 @@ More details about NAT (Network Address Translation) can be found on the :ref:`" ACL (Access Control List) Example ================================= -Navigate to **Services → ACL** and you will find an ACL services named "**V-Net Example to WAN**" set up as an example for you. This particular ACL ensures that the connectivity between the the private "**192.168.45.0/24 (EXAMPLE)**" subnet and the Internet is permitted through all protocols and ports, even in a scenario where the the "**ACL Default Policy**" for the "**US/NYC**" site configured under **Net → Sites** in our Sandbox is changed from **Permit** to **Deny**. +Navigate to **Services → ACL** and you will find an ACL services named "**V-Net Example to WAN**" set up as an example for you. This particular ACL ensures that the connectivity between the the private "**192.168.45.0/24 (EXAMPLE)**" subnet and the Internet is permitted through all protocols and ports, even in a scenario where the the "**ACL Default Policy**" for the "**US/NYC**" site configured under **Network → Sites** in our Sandbox is changed from **Permit** to **Deny**. You can examine the particular settings of this ACL policy by selecting **Edit** from the **Actions** menu indicated by three vertical dots (**⋮**) on the right side of the "**V-Net Example to WAN**" ACL policy. By utilizing ACLs, you can impose granular controls and implement policies that would permit or deny particular connections of any complexity. If you are interested in learning how to create ACL policies yourself, please refer to the step-by-step instructions found in the :ref:`"ACL (Access Control List)"` section of the :ref:`"Learn by Creating Services"` document. -More details about ACL (Access Control List) can be found on the :ref:`"ACL"` page. \ No newline at end of file +More details about ACL (Access Control List) can be found on the :ref:`"ACL"` page. diff --git a/sandbox/Sandbox15/creating-services.rst b/sandbox/Sandbox15/creating-services.rst index 0d5bcff2d..ed782e1b3 100644 --- a/sandbox/Sandbox15/creating-services.rst +++ b/sandbox/Sandbox15/creating-services.rst @@ -27,19 +27,20 @@ Let's create a V-Net service to give server **srv05-nyc** the ability to reach i 2. Click the **+ Add** button in the top right corner of the page to get started with creating a new V-Net service. 3. Define a name in the **Name** field (e.g. ``vnet-customer``). 4. From the **Sites** drop-down menu, select "**US/NYC**". - 5. From the **Owner** drop-down menu, select "**Demo**". - 6. From the **IPv4 Gateway** drop-down menu, select the "**192.168.46.0/24(CUSTOMER)**" subnet. - 7. The first available IP address "**192.168.46.1**" is automatically selected in the second drop-down menu of the list of IP addresses. This matches the results of the ``ip route ls`` command output on **srv05-nyc** we observed earlier. - 8. From the **Add Network Interface** drop-down menu put a check mark next to switch port "**swp2(swp2 | srv05-nyc)@sw22-nyc (Demo)**", which we can see is the the port where **srv05-nyc** is wired into when we reference the :ref:`"Sandbox Topology diagram"`. + 5. From the **VLAN ID** drop-down menu, select "**Enter manually**" and type in "**46**" in the field to the right. + 6. From the **Owner** drop-down menu, select "**Demo**". + 7. From the **IPv4 Gateway** drop-down menu, select the "**192.168.46.0/24(CUSTOMER)**" subnet. + 8. The first available IP address "**192.168.46.1**" is automatically selected in the second drop-down menu of the list of IP addresses. This matches the results of the ``ip route ls`` command output on **srv05-nyc** we observed earlier. + 9. From the **Add Network Interface** drop-down menu put a check mark next to both network interfaces "**swp5(swp5 | srv05-nyc)@sw12-nyc (Demo)**" and "**swp5(swp5 | srv05-nyc)@sw21-nyc (Demo)**", which we can see are the interfaces where **srv05-nyc** is wired into when we reference the :ref:`"Sandbox Topology diagram"`. - * The drop-down menu only contains this single switch port as it is the only port that has been assigned to the **Demo** tenant. + * The drop-down menu only contains these two network interfaces as they are the only interfaces that have been assigned to the **Demo** tenant. - 9. Check the **Untag** check-box and click the **Add** button. - 10. Click the **Add** button at the bottom right of the "**Add new V-Net**" window and the service will start provisioning. + 10. Check the **Untagged** check-box and click the **Add** button. + 11. Click the **Add** button at the bottom right of the "**Add new V-Net**" window and the service will start provisioning. -After just a few seconds, once fully provisioned, you will start seeing successful ping replies, similar in form to "**64 bytes from 192.168.46.1: icmp_seq=55 ttl=64 time=1.66 ms**", to the ping that was previously started in the terminal window, indicating that now the gateway address is reachable from host **srv05-nyc**. +After just a few seconds, once fully provisioned, you will start seeing successful ping replies, similar in form to "**64 bytes from 192.168.46.1: icmp_seq=55 ttl=64 time=1.66 ms**", to the ping that was previously started in the terminal window, indicating that now the gateway address is accessible from host **srv05-nyc**. -More details about V-Net (Ethernet/Vlan/VXlan) can be found on the the :ref:`"V-NET"` page. +More details about V-Net (Ethernet/Vlan/VXlan) can be found on the the :ref:`"V-Network"` page. .. _s15-e-bgp: @@ -51,7 +52,7 @@ Optionally you can configure an E-BGP session to IRIS ISP2 for fault tolerance. * In a web browser: (*\*Fields not specified should remain unchanged and retain default values*) - 1. Log into the Netris Controller by visiting `https://sandbox15.netris.io `_ and navigate to **Net → E-BGP**. + 1. Log into the Netris Controller by visiting `https://sandbox15.netris.io `_ and navigate to **Network → E-BGP**. 2. Click the **+ Add** button in the top right corner of the page to configure a new E-BGP session. 3. Define a name in the **Name** field (e.g. ``iris-isp2-ipv4-customer``). 4. From the **Site** drop-down menu, select "**US/NYC**". @@ -60,7 +61,7 @@ Optionally you can configure an E-BGP session to IRIS ISP2 for fault tolerance. * For the purposes of this exercise, the required switch port can easily be found by typing ``ISP2`` in the Search field. - 7. For the **VLAN ID** field, uncheck the **Untag** check-box and type in ``1152``. + 7. For the **VLAN ID** field, type in ``1152`` while leaving the **Untagged** check-box unchecked. 8. In the **Neighbor AS** field, type in ``65007``. 9. In the **Local IP** field, type in ``45.38.161.214``. 10. In the **Remote IP** field, type in ``45.38.161.213``. @@ -69,10 +70,11 @@ Optionally you can configure an E-BGP session to IRIS ISP2 for fault tolerance. 13. In the **Prefix List Outbound** field, type in ``permit 45.38.161.192/28 le 32`` 14. And finally click **Add** -Allow up to 1 minute for both sides of the BGP sessions to come up and then the BGP state on **Net → E-BGP** page as well as on **Telescope → Dashboard** pages will turn green, indication a successfully established BGP session. We can glean further insight into the BGP session details by navigating to **Net → Looking Glass**. +Allow up to 1 minute for both sides of the BGP sessions to come up and then the BGP state on **Network → E-BGP** page as well as on **Telescope → Dashboard** pages will turn green, indication a successfully established BGP session. We can glean further insight into the BGP session details by navigating to **Net → Looking Glass**. - 1. Select "**SoftGate2(45.38.161.193)**" (the border router where our newly created BGP session is terminated on) from the **Select device** drop-down menu. - 2. Leaving the **Family** drop-down menu on IPv4 and the **Command** drop-down menu on "**BGP Summary**", click on the **Submit** button. + 1. Make sure "**vpc-1:Default**" is selected from the **VPC** drop-down menu. + 2. Select "**SoftGate2(45.38.161.193)**" (the border router where our newly created BGP session is terminated on) from the **Hardware** drop-down menu. + 3. Leaving the **Address Family** drop-down menu on "**Family: IPV4**" and the **Command** drop-down menu on "**Command: BGP Summary**", click on the **Submit** button. We are presented with the summary of the BGP sessions terminated on **SoftGate2**. You can also click on each BGP neighbor name to further see the "**Advertised routes**" and "**Routes**" received to/from that BGP neighbor. @@ -91,23 +93,23 @@ Now that we have both internal and external facing services, we can aim for our 3. Start a ping session towards any public IP address (e.g. ``ping 1.1.1.1``). 4. Keep the ping running as an indicator for when the service starts to work. -Let's configure a source NAT so our Customer subnet **192.168.46.0/24**, which is used in the V-Net services called **vnet-customer**, can communicate with the Internet. +Let's configure a Source NAT so our Customer subnet **192.168.46.0/24**, which is used in the V-Net services called **vnet-customer**, can communicate with the Internet. * In a web browser: (*\*Fields not specified should remain unchanged and retain default values*) - 1. Log into the Netris Controller by visiting `https://sandbox15.netris.io `_ and navigate to **Net → NAT**. + 1. Log into the Netris Controller by visiting `https://sandbox15.netris.io `_ and navigate to **Network → NAT**. 2. Click the **+ Add** button in the top right corner of the page to define a new NAT rule. 3. Define a name in the **Name** field (e.g. ``NAT Customer``). 4. From the **Site** drop-down menu, select "**US/NYC**". 5. From the **Action** drop-down menu, select "**SNAT**". - 6. From the **Protocol** drop-down menu, select "**ALL**". + 6. Leave **ALL** selected in the **Protocol** drop-down menu. 7. In the **Source Address** field, type in ``192.168.46.0/24``. - 8. In the **Destination Address** field, type in ``0.0.0.0/0``. + 8. In the **Destination Address** field, leave the default value of ``0.0.0.0/0``. 9. Toggle the switch from **SNAT to Pool** to **SNAT to IP**. 10. From the **Select subnet** drop-down menu, select the "**45.38.161.196/30 (NAT)**" subnet. 11. From the **Select IP** drop-down menu, select the "**45.38.161.196/32**" IP address. - * This public IP is part of **45.38.161.196/30 (NAT)** subnet which is configured in the **NET → IPAM** section with the purpose of **NAT** and indicated in the SoftGate configurations to be used as a global IP for NAT by the :ref:`"Netris SoftGate Agent"`.. + * This public IP is part of **45.38.161.196/30 (NAT)** subnet which is configured in the **Network → IPAM** section with the purpose of **NAT** and indicated in the **SoftGate** configurations to be used as a global IP for NAT by the :ref:`"Netris SoftGate Agent"`. 12. Click **Add** @@ -117,9 +119,9 @@ More details about NAT (Network Address Translation) can be found on the :ref:`" .. _s15-l3lb: -L3LB (Anycast L3 load balancer) +L3LB (Anycast L3 Load Balancer) =============================== -In this exercise we will quickly configure an Anycast IP address in the Netris Controller for two of our :ref:`"ROH (Routing on the Host)"` servers (**srv01-nyc** & **srv02-nyc**) which both have a running Web Server configured to display a simple HTML webpage and observe **ECMP** load balancing it in action. +In this exercise we will quickly configure an Anycast IP address in the Netris Controller for two of our :ref:`"ROH (Routing on the Host)"` servers (**srv01-nyc** & **srv02-nyc**) which both have a running **Web Server** configured to display a simple HTML webpage and observe **ECMP** load balancing it in action. * In a web browser: (*\*Fields not specified should remain unchanged and retain default values*) @@ -142,7 +144,7 @@ In this exercise we will quickly configure an Anycast IP address in the Netris C .. image:: /images/l3lb_srv01.png :align: center -In order to trigger the L3 load balancer to switch directing the traffic towards the other backend server (in this case from **srv01-nyc** to **srv02-nyc**, which based on the unique hash in your situation could be the other way around), we can simulate the unavailability of backend server we ended up on by putting it in **Maintenance** mode. +In order to trigger the L3 load balancer to switch directing the traffic towards the other backend server (in this case from **srv01-nyc** to **srv02-nyc**, which based on the unique hash in your situation could be the other way around), we can simulate the unavailability of the backend server we ended up on by putting it in **Maintenance** mode. * Back in the Netris Controller, navigate to **Services → L3 Load Balancer**. @@ -176,12 +178,12 @@ Now that **srv05-nyc** can communicate with both internal and external hosts, le * In a web browser: (*\*Fields not specified should remain unchanged and retain default values*) - 1. Log into the Netris Controller by visiting `https://sandbox15.netris.io `_ and navigate to **Net → Sites**. + 1. Log into the Netris Controller by visiting `https://sandbox15.netris.io `_ and navigate to **Network → Sites**. 2. Click **Edit** from the **Actions** menu indicated by three vertical dots (**⋮**) on the right side of the **UC/NYC** site. 3. From the **ACL Default Policy** drop-down menu, change the value from "**Permit**" to "**Deny**". 4. Click **Save**. -Soon you will notice that there are no new replies to our previously started ``ping 1.1.1.1`` command in the terminal window, indicating that the **1.1.1.1** IP address is no longer reachable.Now that the **Default ACL Policy** is set to **Deny**, we need to configure an **ACL** entry that will allow the **srv05-nyc** server to communicate with the Internet. +Soon you will notice that there are no new replies to our previously started ``ping 1.1.1.1`` command in the terminal window, indicating that the **1.1.1.1** IP address is no longer reachable. Now that the **Default ACL Policy** is set to **Deny**, we need to configure an **ACL** entry that will allow the **srv05-nyc** server to communicate with the Internet. * Back in the web browser: (*\*Fields not specified should remain unchanged and retain default values*) @@ -192,9 +194,7 @@ Soon you will notice that there are no new replies to our previously started ``p 5. In the Source field, type in ``192.168.46.0/24``. 6. In the Destination field, type in ``0.0.0.0/0``. 7. Click **Add**. - 8. Select **Approve** from the **Actions** menu indicated by three vertical dots (**⋮**) on the right side of the newly created "**V-Net Customer to WAN**" ACL. - 9. Click **Approve** one more time in the pop-up window. -Once the Netris Controller has finished syncing the new ACL policy with all member devices, we can see in the terminal window that replies to our ``ping 1.1.1.1`` command have resumed, indicating that the **srv05-nyc** server can communicate with the Internet once again.. +You can observer the status of the syncing process by clicking on the **Syncing** yellow label at the top right of the **ACL** windown. Once the Netris Controller has finished syncing the new ACL policy with all relevant member devices, the label will turn green and read as **Synced**. Back in the terminal window we can observer that the replies to our ``ping 1.1.1.1`` command have resumed, indicating that the **srv05-nyc** server can communicate with the Internet once again.. More details about ACL (Access Control List) can be found on the :ref:`"ACL"` page. diff --git a/sandbox/Sandbox15/index.rst b/sandbox/Sandbox15/index.rst index 1fbb4baf5..14072593f 100644 --- a/sandbox/Sandbox15/index.rst +++ b/sandbox/Sandbox15/index.rst @@ -23,7 +23,7 @@ 45.38.161.192/30 # PUBLIC LOOPBACK subnet 45.38.161.193 # PUBLIC Loopback IPv4 of SoftGate2 45.38.161.196/30 # PUBLIC IPv4 NAT Subnet - 45.38.161.196/32 # CUSTOMER V-NET SNAT IP + 45.38.161.196/32 # CUSTOMER V-Net SNAT IP 45.38.161.200/30 # L3LB Subnet 45.38.161.200/32 # L3LB IP 45.38.161.204/30 # L4LB Subnet diff --git a/sandbox/Sandbox15/onprem-k8s.rst b/sandbox/Sandbox15/onprem-k8s.rst index b871a06b1..95dcf11fd 100644 --- a/sandbox/Sandbox15/onprem-k8s.rst +++ b/sandbox/Sandbox15/onprem-k8s.rst @@ -7,6 +7,8 @@ Learn Netris operations with Kubernetes .. contents:: :local: +.. _s15-k8s: + Intro ===== This Sandbox environment provides an existing Kubernetes cluster that has been deployed via `Kubespray `_. For this scenario, we will be using the `external LB `_ option in Kubespray. A dedicated Netris L4LB service has been created in the Sandbox Controller to access the k8s apiservers from users and non-master nodes sides. diff --git a/sandbox/Sandbox15/sandbox-info.rst b/sandbox/Sandbox15/sandbox-info.rst index b79a32fc2..6729c45d7 100644 --- a/sandbox/Sandbox15/sandbox-info.rst +++ b/sandbox/Sandbox15/sandbox-info.rst @@ -22,10 +22,10 @@ The Sandbox environment includes: Topology diagram ================ -.. image:: /images/sandbox_topology.png +.. image:: /images/sandbox_topology_new.png :align: center :alt: Sandbox Topology - :target: ../../_images/sandbox_topology.png + :target: ../../_images/sandbox_topology_new.png @@ -37,9 +37,10 @@ Linux servers ============= Example pre-configured Netris services: - * **srv01-nyc**, **srv02-nyc**, **srv03-nyc** & **Netris Controller** - are consuming :ref:`"ROH (Routing on the Host)"` Netris example service, see **Services → ROH.** - * **srv01-nyc**, **srv02-nyc** - are behind :ref:`"Anycast L3 load balancer"`, see **Services → Load Balancer**. - * **srv04-nyc**, **srv05-nyc** - are consuming :ref:`"V-NET (routed VXLAN)"` Netris service, see **Services → V-NET**. + * **srv01-nyc**, **srv02-nyc**, **srv03-nyc** & **Netris Controller** - are consuming :ref:`"ROH (Routing on the Host)"` Netris example service, see **Services → ROH.**. + * **srv01-nyc**, **srv02-nyc** - can be configured with :ref:`"L3 Load Balancer (Anycast LB)"`, see **Services → L3 Load Balancer**. + * **srv04-nyc**, **srv05-nyc**, **srv06-nyc**, **srv07-nyc** & **srv08-nyc** - are consuming :ref:`"V-Net (routed VXLAN)"` Netris service, see **Services → V-Net**. + * **srv06-nyc**, **srv07-nyc**, **srv08-nyc** - are members of a 3 node Kubernetes cluser, and the K8s API servers are behind :ref:`"L4 Load Balancer (L4LB)"`, see **Services → L4 Load Balancer**. **Accessing the Linux servers:** @@ -61,7 +62,7 @@ This Sandbox provides an up and running 3 node Kubernetes cluster. You can integ Upstream ISP ============ This Sandbox also provides an upstream ISP service with real-world Internet routing configured through :ref:`"BGP"`. -There are two pre-configured examples under **NET → E-BGP** , one using IPv4 and the other using IPv6, which are advertising the public IP subnets belonging to the sandbox to the upstream ISP IRIS. +There are two pre-configured examples under **Network → E-BGP** , one using IPv4 and the other using IPv6, which are advertising the public IP subnets belonging to the sandbox to the upstream ISP IRIS. ISP settings: @@ -101,7 +102,7 @@ ISP settings: Networks Used ============= -Allocations and subnets defined under :ref:`"IPAM"`, see **Net → IPAM**. +Allocations and subnets defined under :ref:`"IPAM"`, see **Network → IPAM**. .. code-block:: shell-session @@ -131,4 +132,4 @@ Allocations and subnets defined under :ref:`"IPAM"`, see **Net → IPA | EXAMPLE IPv6 Allocation: 2607:f358:11:ffcf::/64 |___ EXAMPLE IPv6 Subnet: 2607:f358:11:ffcf::/64 - + \ No newline at end of file