- Home
- Documentation
- Nebula System
- Nebula Network and VPN
Nebula Network and VPN
-
Documentation
- Release Notes
- Get Started
- Nexus Server
- Nexus Application
- Nexus Stacks
- Nexus Two Factor Authentication
- Nexus GUI and Modules
- Access Gates
- Access Keys
- Block Storage
- Codespaces
- Cron Scheduler
- Data Bright
- Data Gate
- Data Insight
- Data Spark-house
- Data Spark-nodes
- Data Spark-solaris
- Data Stream
- Desktops
- Event Hub
- Firewall
- Flow-fx
- Groups
- Identities
- Instances-cn
- Instances-vm
- Instances-xvm
- Load Balancer
- Magna-app
- Magna-buckets
- Magna-db
- Magna-nodes
- Magna-s3
- Magna-se
- Magna-sqld
- Magna-sqlr
- Name Server
- Notification Gate
- Object Storage
- Private Network
- Repositories
- Roles
- SIEM Collector
- Secret Keys
- Security Scanner
- Serverless-api
- Serverless-flow
- Serverless-fx
- Serverless-json
- Serverless-mq
- Serverless-spark
- Sky Link
- Sky Nodes
- Solution Stacks
- VPN Manager
- Vista Sessions
- Nebula System
- Vista Connect
Nebula Network
The Nebula System comprises two network layers: the managed network, which is created as a bridge device linked to the physical NIC and includes its own DHCP server for each network; and the DLAN/VLAN, which directly maps to a physical NIC device and relies on the parent device’s DHCP server.
xcNET Network
Upon deployment, Nebula automatically creates a default managed network named xcNET. This network is assigned an IP range of 10.N.0.0/16, where N is the IPN number of the deployment, incrementing with each subsequent Nebula deployment. The IP segment 10.x.x.x is defined by the default_cn_IP_start key in the Nexus Server configuration settings. Managed networks have their own DHCP server, set to 10.N.0.1, which also serves as the private IP address for the Sky Node. When the xcNET network is assigned to an instance, the instance will receive an IP address from the 10.N.0.0/16 network range.
You can create new managed networks using the Private Network module of the Nexus Server.
xcLAN Network
Upon deployment, Nebula also automatically creates the xcLAN network, a DLAN/VLAN that directly maps to the physical network device with the primary IP address of the Sky Node. When the xcLAN network is assigned to an instance, the instance will attempt to contact a DHCP server on the network where the primary IP of the Sky Node resides and receive its IP address. This configuration places the instance on the same network as the Sky Node, which is commonly used in VDI environments.
To add a new DLAN/VLAN network, follow these steps:
-
Add a new network device on the Sky Node. You can use either a LAN from a new
network interface card (NIC) or a VLAN over an existing NIC. For detailed instructions
on adding bridged or VLAN networks, please refer to the documentation of the host Linux
distribution used by the Sky Node.
- Next, you can use the Private Network module of the Nexus Server to add your new netwrok device to the Nebula system as a direct DLAN/VLAN device. Please ensure that the network name in the Nebula system matches the physical device name you configured in the previous step.
Nebula VPN
The Nebula deployment establishes two VPN layers, including a virtual Sky Router switch that utilizes the 11.x.x.x/24 network to create secure VPN tunnels for traffic.
VPN Manager
The VPN Manager service is responsible for managing peer certificates on the Sky Router, which facilitates the creation and routing of VPN traffic over the Sky Node using port 443/UDP.
Sky Link
The Sky Link service is used when multiple Sky Nodes need to share their private networks. Managed by the Sky Router, this service facilitates the exchange of VPN certificates for authentication, enabling potential circular VPN configurations. This setup is crucial for scenarios such as distributed data storage or computing. Each Sky Node can establish one outbound IPsec tunnel using port 443/UDP.
Sky IP and FQDNs
Upon deployment, Nebula establishes cloud core services and configures the following Fully Qualified Domain Names (FQDNs), which are visible only to the Sky Node, and assigns the following IP addresses:
IP | FQDN | Description |
10.N.0.1 | sky.node | DHCP Server for xcNET and Sky Node private IP address |
10.N.0.2 | sky.vpn | The VPN Manager service |
10.N.0.3 | sky.svl | The serverless controler service |
10.N.0.4 | sky.sqs | The serverless MQ service |
10.N.0.5 | sky.git | The Git server |
10.N.0.6 | sky.s3 | The Object Storage service |
10.N.0.7 | sky.code | The Code server |
10.N.0.8 | sky.docker | The Docker registry service |
10.N.0.9 | sky.services | The cluster and gateway controler |
10.N.0.10 | sky.api | The serverless api service |
10.N.0.11 | sky.events | The Event Hub service |
10.N.0.12 | sky.builder | The Builder service |