Newer
Older
# Example: Isolating an NGINX server from a CDN with Custom L2SM networks
## Overview
This example demonstrates the isolation of traffic between pods using custom networks with L2S-M. In this scenario, two networks, v-network-1 and v-network-2, are created, and three pods (cdn-server, router, and content-server) are connected. The objective is to showcase how traffic can be isolated through a router connecting the two networks.
This example can be seen in action [in the screencast provided](#procedure), where it's presented a Cluster scenario with three nodes, where a Pod will be deployed in each Node, as shown in the following figure:
<p align="center">
<img src="../../assets/video-server-example.svg" width="400">
</p>
The following example doesn't really need a three Node scenario, it can be used with just a Node in the Cluster. Through the example guide, we will create the following resources:
- [v-network-1](./v-network-1.yaml)
- [v-network-2](./v-network-2.yaml)
Two virtual L2S-M networks, without any additional configuration.
Note: The configurations specified can be seen in each Pod YAML specification.
- **[cdn-server](./cdn-server.yaml) (CDN Server)**
This pod will act as a CDN server, it's just an alpine image with the following pre-configuration:
- IP: 10.0.1.2
- Network: v-network-1
- **[router](./router.yaml) (Router)**
This pod will act as a router, where we could launch some firewall rules if we wanted. It will have the following pre-configuration:
- Networks: v-network-1, v-network-2
- IP: 10.0.1.1 (net1) and 10.0.2.1 (net2)
- **[content-server](./content-server.yaml) (Content Server)**
This pod will act as a content server. The image can be found at the [./video-server directory](./video-server/). It's an NGINX image with a video file that will be served. It has the following pre-configuration:
- IP: 10.0.2.2
- Network: v-network-2
## Procedure
Follow the steps below to demonstrate the isolation of traffic between pods using custom networks with L2S-M. You can watch a screencast of how this operates and how it should follow through this youtube video:
<p align="center">
<a href="https://www.youtube.com/watch?v=Oj2gzm-YxYE" target="_blank">
<img src="https://img.youtube.com/vi/Oj2gzm-YxYE/maxresdefault.jpg" width="400">
</a>
</p>
### 1. Create Virtual Networks
- Create two virtual L2S-M networks: [v-network-1](./v-network-1.yaml) and [v-network-2](./v-network-2.yaml).
kubectl create -f ./examples/cdn/v-network-1.yaml
kubectl create -f ./examples/cdn/v-network-2.yaml
### 2. Verify Network Creation
Note: This step is optional, but it will help you understand how L2S-M internally work, if you already know a bit about SDN and network overlays.
- Check the logs in the `l2sm-controller` and `l2sm-operator` to ensure that the virtual networks have been successfully created.
kubectl get net-attach-def
```
```bash
kubectl logs l2sm-operator-667fc88c57-p7krv
```
```bash
kubectl logs l2sm-controller-d647b7fb5-kb2f7
```
- Deploy the following three pods, each attached to specific networks:
- [cdn-server](./cdn-server.yaml) (CDN Server) attached to `v-network-1`
- [router](./router.yaml) (Router) connected to both `v-network-1` and `v-network-2`
- [content-server](./content-server.yaml) (Content Server) attached to `v-network-2`
kubectl create -f ./examples/cdn/cdn-server.yaml
```
```bash
kubectl create -f ./examples/cdn/content-server.yaml
```
```bash
kubectl create -f ./examples/cdn/router.yaml
```
### 4. Verify Intent Creation
- Examine the logs in the `l2sm-controller` to confirm that the intents for connecting the pods to their respective networks have been successfully created.
```bash
kubectl logs l2sm-controller-d647b7fb5-kb2f7
```
```bash
kubectl get pods
```
### 5. Inspect Content Server
- Enter the `content-server` pod and check its IP configuration.
kubectl exec -it content-server /bin/bash
```
```bash
ip a s # Show IP addresses
```
```bash
ip r s # Display routing table
```
- Start the server to serve the video content.
```bash
nginx # Start the server
```
### 6. Inspect CDN Server
- Enter the `cdn-server` pod and add the `curl` command to initiate communication with the content server.
- Check the IPs to ensure connectivity.
To test the connectivity from the cdn server:
```bash
kubectl exec -it cdn-server /bin/bash # Enter CDN-Server pod
```
In the CDN pod, execute the following commands:
```bash
apk add curl # Install the curl cli
```
```bash
ip a s # Show IP addresses
```
```bash
ip r s # Display routing table
```
### 7. Perform Traceroute
- Execute a traceroute to observe any intermediaries between the content server and CDN server. It should appear like theres a step between them, the router.
```bash
traceroute 10.0.2.2 # Trace route to content-server
```
### 8. Test Communication
- Perform a `curl` from the CDN server to the content server to initiate video retrieval.
```bash
curl http://10.0.2.2/big_buck_bunny.avi --output video.avi --limit-rate 2M # Download video
```
Note: leave this Pod running while doing the next steps.
### 9. Introduce Interruption
- Delete the pod for the router and observe that the video communication stops.
While the video downloads delete the router pod:
```bash
kubectl delete pod router
```
### 10. Restore Connection
- Restart the router pod and verify the reconnection of the `content-server` and `cdn-server`.
```bash
kubectl create -f router.yaml
```