Virtual Router 3.6
This guide describes how to use the Virtual Router in OpenNebula.
When instantiated in a network, this appliance provides the following services for other Virtual Machines running in the same network:
A big advantage of using this appliance is that Virtual Machines can be run in the same network without being contextualized for OpenNebula.
This appliance is controlled via
CONTEXT. More information in the following
This is a 64-bit appliance and will run both in
Xen environments. It will run with any
Since each virtual router will start a DHCP server and it's not recommended to have more than one DHCP server per network, it's recommend to use it along network isolation drivers if you're going to deploy two or more router instances in your environment:
RANGEDnetwork and not
The appliance is based on archlinux. There's only
one user account:
root. The default password for the root user is
router. This can be changed using
CONTEXT along with root's public key.
openssl passwd -1. To disable password login set:
The virtual router can be used in two ways:
Only one interface. Useful if you only want DHCP or NTP.
To enable this you need to add the following context to the VM:
TARGET = "hdb" PRIVNET = "$NETWORK[TEMPLATE, NETWORK=\"private_network_name\"]", TEMPLATE = "$TEMPLATE" DHCP = "YES|NO" NTP = "YES|NO"
If you're going to a use a netmask different to '255.255.255.0' you will have to add the following to the private network's template:
NETWORK_MASK = 255.255.255.254
In this case, the Virtual Machine will need two network interfaces: a private
and a public one. The public one will be masqueraded. In this mode you can also
configure a DNS server by setting the
DNS and optionally the
attribute (useful for domain searches in
/etc/resolv.conf). This mode also
includes all the attributes related to the previous section, i.e. DHCP and NTP
This is an example context for the router mode:
TARGET = "hdb" PRIVNET = "$NETWORK[TEMPLATE, NETWORK=\"private_network\"]", PUBNET = "$NETWORK[TEMPLATE, NETWORK=\"public_network\"]", TEMPLATE = "$TEMPLATE" DHCP = "YES|NO" NTP = "YES|NO" DNS = "188.8.131.52 184.108.40.206" SEARCH = "local.domain" FORWARDING = "8080:10.0.10.10:80 10.0.10.10:22"
This attribute expects a list of dns servers separated by spaces.
This attribute expects a list of forwarding rules separated by spaces. Each rule has either 2 or 3 components separated by
:. If only two components are specified, the first is the IP to forward the port to, and the second is the port number. If there are three components, the first is the port in the router, the second the IP to forward to, and the third the port in the forwarded Virtual Machine. Examples:
8080:10.0.10.10:80This will forward the port 8080 in the router to the port 80 to the VM with IP 10.0.10.10.
10.0.10.10:22This will forward the port 22 in the router to the port 22 to the VM with IP 10.0.10.10.
If the public network uses a netmask different to
255.255.255.0 or if the
gateway is not the ip's network with one as the last byte:
x.y.z.1 it can be
explicitely set adding the following attributes to the public network's
GATEWAY = "192.168.1.100" NETWORK_MASK = "255.255.254.0"