SoftLayer
ShinobiLayer

ShinobiLayer: Private NWへの新経路情報(161.26.0.0/16)について

More than 3 years have passed since last update.


はじめに

SoftLayerにおいては、初期プロビジョニング時にPrivate NWへのstatic routeとして10.0.0.0/8がデフォルトで追加されていました。

2016/05/17に新規に投稿されたblog情報によると、SoftLayerのPrivate NW内のサービスを利用するためには、Private NW側へのroutingとして10.0.0.0/8だけでなく、161.26.0.0/16も今後は追加設定する必要があるようです。既存環境にはすぐには影響はないとは思いますが、新たなサービスを利用するためには161.26.0.0/16を追加しないと動かないかもしれません(逆に、SoftLayerの新サービスは、161.26.0.0/16上に載ってくる可能性が高そうです)。


CentOS7プロビジョニング時のネットワーク構成

[root@mynin2 ~]# date

Wed May 18 08:41:11 JST 2016

[root@mynin2 ~]# ip r
default via 161.202.86.1 dev eth1
10.0.0.0/8 via 10.132.75.65 dev eth0
10.132.75.64/26 dev eth0 proto kernel scope link src 10.132.75.87
161.26.0.0/16 via 10.132.75.65 dev eth0
161.202.86.0/27 dev eth1 proto kernel scope link src 161.202.86.5
169.254.0.0/16 dev eth0 scope link metric 1002
169.254.0.0/16 dev eth1 scope link metric 1003

[root@mynin2 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 161.202.86.1 0.0.0.0 UG 0 0 0 eth1
10.0.0.0 10.132.75.65 255.0.0.0 UG 0 0 0 eth0
10.132.75.64 0.0.0.0 255.255.255.192 U 0 0 0 eth0
161.26.0.0 10.132.75.65 255.255.0.0 UG 0 0 0 eth0
161.202.86.0 0.0.0.0 255.255.255.224 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1

[root@mynin2 ~]# cat /etc/sysconfig/network-scripts/route-eth0
10.0.0.0/8 via 10.132.75.65
161.26.0.0/16 via 10.132.75.65


情報源

http://blog.softlayer.com/new-routes

http://knowledgelayer.softlayer.com/faq/preconfigured-routes-customer-hosts


Customers will see a new route configured on a newly provisioned customer host or on a customer host after a portal-initiated OS reload. This is part of a greater goal to enable new services and offerings for SoftLayer customers. This route will direct traffic addressed to hosts configured out of the 161.26.0.0/16 network block (161.26.0.0 -161.26.255.255) to the back end private gateway IP address configured on customer servers or virtual server instances.

The 161.2.0.0/16 address space is assigned to SoftLayer by IANA and will not be advertised over the front end public network. This space will be used exclusively on SoftLayer’s backend private network, will never conflict with network addresses on the Internet, and should never conflict with address space used by third-party VPN service providers.

This new route is similar to the 10.0.0.0/8 route already located on SoftLayer hosts, in that SoftLayer services are addressed out of both ranges. Also, both the 10.0.0.0/8 route and the 161.26.0.0/16 route will need to be configured on a customer host if it is required to access all SoftLayer services hosted on the back end private network. Unlike the 10.0.0.0/8 range, the 161.26.0.0/16 range will be used exclusively for SoftLayer services. Customers will need to ensure that ACL/firewalls on customer servers, virtual server instances, and gateway appliances are configured to allow connectivity to the 161.26.0.0/16 network block to access these new services.

For more information on this new route, including how to configure existing systems to use them, read more on KnowledgeLayer.