Morris, There are two main benefits of separating management and signaling (and these are often required in production networks).
· It improves security. Obviously all nodes need to be on the signaling network, but not all need to be on the (same) management network... or at least it's not necessary for traffic to be routable between two nodes on the management network. This means that if one node's security was compromised, it couldn't be used to escalate to accessing other nodes. · It prevents an overload of traffic on the signaling network from overloading the management network (meaning that an administrator can still get in to manage the system). On which virtualization platform are you installing Project Clearwater? For example, on OpenStack, we have HEAT templates (https://github.com/Metaswitch/clearwater-heat) that · install all the Project Clearwater components on separate VMs · use separate management and signaling networks · use 6 public and 6 private IPs (one per node) on the management network · use just 3 public IPs (for Bono, Ellis and Homer) and 6 private IPs on the signaling network. I hope that helps - please let me know how you get on. Thanks, Matt From: yan morris [mailto:[email protected]] Sent: 20 July 2016 15:44 To: Matt Williams (projectclearwater.org) <[email protected]> Subject: Re: [Project Clearwater] Configuration about Bono with two network adapters Hi , Matt Thanks for your answers. Now, I understand the "network namespace" after reading the documents . However , There are two questions I want to ask . First is what is benefits allow separation of management from signaling ? The second is , How sould I do if I install all of Clearwater components in VMs , which have Virtual IPs , and I want to let the users of outside network can access my clearwater ? I tried to use six physical IPs , but there are't more IPs for the second sprout or bono . Are there solutions can help me use only two physical IPs (for Bono and Ellis) to built the Clearwater ? Thank you very much. Morris 2016-07-20 21:14 GMT+08:00 Matt Williams (projectclearwater.org<http://projectclearwater.org>) <[email protected]<mailto:[email protected]>>: Morris, Thanks for your email! If I understand correctly, you're looking to use eth0 for management and core signaling, and eth1 for access signaling - is that right? Unfortunately, the multiple network support in Clearwater only allows separation of management from signaling, not access signaling from core signaling. Metaswitch produces a combined P-CSCF/SBC called Perimeta (http://www.metaswitch.com/perimeta-session-border-controller-sbc) that can be dropped in to replace Bono and supports this function. Regarding where eth1 has gone on your existing Bono node, Clearwater's multiple network support uses "network namespaces" - you should still be able to see eth1 if you run "ip netns exec signaling ifconfig". You can read more about these at http://www.projectclearwater.org/multiple-networks-support-part-1/, http://www.projectclearwater.org/multiple-networks-support-part-2/ and http://www.projectclearwater.org/multiple-networks-support-part-3/. I hope that helps - please let me know if you have any questions. Thanks, Matt From: Clearwater [mailto:[email protected]<mailto:[email protected]>] On Behalf Of yan morris Sent: 18 July 2016 15:02 To: [email protected]<mailto:[email protected]> Subject: [Project Clearwater] Configuration about Bono with two network adapters Hi , I am trying to use two network adapters in my Bono. One is virtual ip address (eth0), and it is used for inter-communication of Clearwater-infrastructure. The other is physical address (eth1), and it is used for getting SIP request from Internet. I configured according this document , http://clearwater.readthedocs.io/en/stable/Multiple_Network_Support.html However,when I run service clearwater-infrastructure restart , eth1 disappeared while I type ifconfig . In addition , when i tried to ping google.com<http://google.com> or any other domain name , it give a error message "network is unreachable." As expected , I cannot sign in my Clearwater.(Get message 590 port is not reachable) The command and configuration is under below Local_config: local_ip=my virtual ip public_ip=my physical ip public_hostname= my clearwater zone etcd_cluster = six components virtual ips signaling_namespace=signaling signaling_dns_server=my dns server ip management_local_ip=my virtual ip Network namespace command : ip netns add signaling ip link set eth1 netns signaling ip netns exec signaling ifconfig lo up ip netns exec signaling ifconfig eth1 <my physical ip/16> up ip netns exec signaling route add default gateway <my physical ip's gateway> dev eth1 Are there anything I forgot to configure? Or something that I did wrong. Could you give me some ideas about this situation. Thank you. Morris Yan.
_______________________________________________ Clearwater mailing list [email protected] http://lists.projectclearwater.org/mailman/listinfo/clearwater_lists.projectclearwater.org
