Triton networking and fabric user guide

Modified: 14 Aug 2015 23:53 UTC

This document introduces and covers topics in the use of networking and fabrics in Triton. This document is aimed at users of the system. If you're looking for operator information for networking and fabrics, see the operator guide.

At the heart of any instance is its ability to communicate with other instances in a given data center and the broader Internet. Designing and customizing your network topology is an important part of planning and operating your infrastructure.

Fabrics

In every Triton data center, your account has access to a fabric. The fabric is a logical set of interconnected switches -- just like the switching fabric that powers a data center network. In Triton, the fabric is an isolated blank slate on which you can build:

Anything built on top of a fabric is always private to a customer. This means that traffic generated by one customer cannot be seen by another customer -- it's only ever visible to the containers and VMs on your VLANs and networks. This allows for truly private networks in the data center. In addition, it allows for different sets of containers and VMs to be completely isolated from one another from a networking perspective.

VLANs

VLANs, also known as IEEE 802.11Q, provide a low level way to segregate and subdivide the network. Traffic on one VLAN cannot, on its own, reach another VLAN.

VLANs are specified by a unique integer ID that ranges from 0-4095. Not all networks necessarily have a VLAN. For example, most home networks, don't use VLANs, while corporate and data center networks do. VLAN 0 is used to refer to a network without such a tag and is equivalent to traditional networks.

In Triton, an account has VLAN 2 automatically created in each data center. Additional VLANs can be created and destroyed through CloudAPI.

For more background on VLANs, see the wikipedia article.

IP Networks

An IP network is the basic building block of your infrastructure. By default, all machines in the same IP network can talk to one another. Machines in different IP networks cannot talk to one another unless something has been set up to route between the networks which involves the router having an address on both networks.

IP networks come in two flavors: IPv4 and IPv6. Currently, only IPv4 networks are supported in Triton.

An IPv4 address is a series of four numbers that range from 0 to 255 and are commonly written out, separated with . characters. For example, 10.100.23.4 and 192.168.1.1 are both valid IP addresses. IP networks, collections of IP addresses that can talk to each other, are described in blocks called CIDR blocks, also known as subnets. Sample subnets include 192.168.1.0/24, 10.1.0.0/16, and 172.16.128.0/23.

On a fabric, you can create any IPv4 networks you'd like, making subnetworks based on the RFC 1918 addresses -- 10.0.0.0/8, 192.168.0.0/16, and 172.16.0.0/12. For examples of how to apply these, see [Common Configurations].

Internet Gateways

A network on a fabric cannot talk to any other network on a fabric, including ones that exist between two customers. However, while a private network is desirable, many times the ability to still reach the broader Internet is desirable for the purposes of being able to install security updates or send alerts.

To facilitate this, networks are created with an Internet gateway by default. This Internet gateways allows instances on a network that don't have a public IP address to still be able to reach the Internet and initiate connection to it. It does not allow for the Internet to initiate connections back to the machine and is not suitable for running a public facing service. Instead, a public IP address should be assigned to the instance.

For IPv4 networks, this functionality is provided using Network Address Translation (NAT).