UserPreferences

EC2


You didn't create a user profile yet. Select UserPreferences in the upper right corner to create a profile.

Clear message

Amazon's [WWW]EC2 service offers the ability to start one or many virtual machines, for as short or long as you need them, while paying by the hour. Being able to use this computing cloud as an extension of your private network would open up many computing possibilities. One appealing application of this resource is creating computing clusters. However, some challenges face technologists hoping to use EC2 for some of these purposes:

Routing Into The Cloud

Dmitriy Samovskiy wrote a [WWW]Linux Journal article, [WWW]Building a Multisourced Infrastructure Using OpenVPN, that explains how to use [WWW]OpenVPN to connect a private network to EC2. The article explained that they used a custom dynamic routing protocol called [WWW]cube-routed to propagate routing information within the cloud.

EC2, OSPF, OpenVPN, and vtun

Many enterprise networks already use OSPF as a dynamic routing protocol, and instead of adopting a new, custom routing protocol to communicate routes between EC2 and a private network, one should be able to use OSPF. As a standard protocol, more tools exist to troubleshoot problems and more people know how to use it. However, using OSPF within the EC2 cloud poses some challenges, given that EC2 instances can't multicast to each other. A possible workaround is to set up a network of tunnels using either OpenVPN or [WWW]vtun within EC2, and then run OSPF on each interior node.

To test this, I set up two EC2 instances that I'll call "EC2Gateway" and "Interior", using the Fedora 8 public images Amazon publishes. My plan was to connect this network to a private internetwork across the Internet that already used OSPF, through a router called "PrivateGateway".

PrivateGateway already ran OSPF to help manage dynamic routing within its network. I used yum to install OpenVPN packages on both PrivateGateway and EC2Gateway. On another machine behind the firewall, I generated SSL keys and certificates for both ends of the OpenVPN tunnel. I added a security group to EC2 called "VPN", and added UDP port 1194 to it, and opened up port 1194 on PrivateGateway by editing /etc/sysconfig/iptables and restarting the iptables service. The OpenVPN tunnel came without a hitch, connecting PrivateGateway and EC2Gateway using two private IP addresses.

To get OSPF to work between the two servers, I configured [WWW]GNU Quagga to exchange routes over the OpenVPN tunnel.

TODO: finish this