UserPreferences

EC2


The following 239 words could not be found in the dictionary of 550 words (including 550 LocalSpellingWords) and are highlighted below:

ability   able   across   added   address   addresses   adopting   already   amazon   Amazon   an   and   another   appealing   application   article   as   As   be   because   behind   Being   between   both   Building   but   by   C2   call   called   came   can   certificates   challenges   cloud   Cloud   cluster   clusters   cohesiveft   com   communicate   computing   configured   connect   connecting   could   creating   cube   custom   detect   developer   different   difficult   Dmitriy   does   dynamic   each   ec2   editing   either   ends   enterprise   etc   Even   exchange   exist   explained   explains   extension   external   face   Fedora   finish   firewall   for   Gateway   generated   get   given   group   help   hitch   hoping   host   hour   how   However   if   images   information   Infrastructure   install   instances   Instances   instead   Interior   interior   internetwork   Into   iptables   is   it   its   Journal   keys   know   Linux   linuxjournal   live   ll   long   machine   machines   making   manage   Many   many   membership   mismatch   more   most   multicast   Multisourced   My   need   net   network   networks   new   node   not   of   offers   On   on   one   One   open   Open   opened   openvpn   or   other   over   packages   passing   paying   people   plan   port   poses   possibilities   possible   private   Private   problems   proceed   propagate   protocol   protocols   public   publishes   purposes   Quagga   quagga   ran   refuse   resource   restarting   routed   router   routes   routing   Routing   run   Samovskiy   schemes   Sec   security   servers   service   services   set   short   should   show   simple   so   some   sourceforge   standard   start   subnets   such   support   supported   supports   sysconfig   technologists   test   that   The   the   them   then   these   they   this   through   to   To   tools   traffic   translation   troubleshoot   tunnel   tunnels   two   up   use   used   using   Using   very   via   virtual   vtun   was   while   within   without   won   work   workaround   would   wrote   you   your   yum  

Clear message

Amazon's [WWW]EC2 service offers the ability to start one or many virtual machines, for as short or long as you need them, while paying by the hour. Being able to use this computing cloud as an extension of your private network would open up many computing possibilities. One appealing application of this resource is creating computing clusters. However, some challenges face technologists hoping to use EC2 for some of these purposes:

Routing Into The Cloud

Dmitriy Samovskiy wrote a [WWW]Linux Journal article, [WWW]Building a Multisourced Infrastructure Using OpenVPN, that explains how to use [WWW]OpenVPN to connect a private network to EC2. The article explained that they used a custom dynamic routing protocol called [WWW]cube-routed to propagate routing information within the cloud.

EC2, OSPF, OpenVPN, and vtun

Many enterprise networks already use OSPF as a dynamic routing protocol, and instead of adopting a new, custom routing protocol to communicate routes between EC2 and a private network, one should be able to use OSPF. As a standard protocol, more tools exist to troubleshoot problems and more people know how to use it. However, using OSPF within the EC2 cloud poses some challenges, given that EC2 instances can't multicast to each other. A possible workaround is to set up a network of tunnels using either OpenVPN or [WWW]vtun within EC2, and then run OSPF on each interior node.

To test this, I set up two EC2 instances that I'll call "EC2Gateway" and "Interior", using the Fedora 8 public images Amazon publishes. My plan was to connect this network to a private internetwork across the Internet that already used OSPF, through a router called "PrivateGateway".

PrivateGateway already ran OSPF to help manage dynamic routing within its network. I used yum to install OpenVPN packages on both PrivateGateway and EC2Gateway. On another machine behind the firewall, I generated SSL keys and certificates for both ends of the OpenVPN tunnel. I added a security group to EC2 called "VPN", and added UDP port 1194 to it, and opened up port 1194 on PrivateGateway by editing /etc/sysconfig/iptables and restarting the iptables service. The OpenVPN tunnel came without a hitch, connecting PrivateGateway and EC2Gateway using two private IP addresses.

To get OSPF to work between the two servers, I configured [WWW]GNU Quagga to exchange routes over the OpenVPN tunnel.

TODO: finish this