forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path_networking-openstack.html.md.erb
72 lines (53 loc) · 4.9 KB
/
_networking-openstack.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
1. Select **Networking**.
1. The values you enter in the **Router IPs** and **HAProxy IPs** fields depend on whether you are using your own load balancer or the HAProxy load balancer. Find your load balancer type in the table below to determine how to complete these fields.
<p class="note"><strong>Note</strong>: If you choose to assign specific IP addresses in either the <strong>Router IPs</strong> or <strong>HAProxy IPs</strong> field, ensure that these IP addresses are in your subnet.</p>
<table border="1" class="nice" >
<tr>
<th><strong>LOAD BALANCER</strong></th>
<th><strong>ROUTER IP FIELD VALUE</strong></th>
<th><strong>HAPROXY IP FIELD VALUE</strong></th>
</tr>
<tr>
<td>Your own load balancer</td>
<td>Enter the IP address or addresses for PCF that you registered with your load balancer. Refer to the <a href='../customizing/custom-load-balancer.html'>Using Your Own Load Balancer</a> topic for help using your own load balancer with PCF.</td>
<td>Leave this field blank.</td>
</tr>
<tr>
<td>HAProxy load balancer</td>
<td>Leave this field blank.</td>
<td>Enter at least one HAProxy IP address. Point your DNS to this address. For more information, see <a href="../opsguide/ssl-term-haproxy.html">Configuring SSL/TLS Termination at HAProxy</a>.</td>
</tr>
</table>
<br/>For help understanding the Elastic Runtime architecture, refer to the [Architecture](../concepts/architecture/) topic.
1. (Optional) In **SSH Proxy IPs**, add the IP address for your Diego Brain, which will accept requests to SSH into application containers on port `2222`.
1. (Optional) In **TCP Router IPs**, add the IP address(es) you would like assigned to the TCP Routers. You enable this feature at the bottom of this screen.
<%= image_tag 'images/ert_networking_ip_fields.png' %>
1. Under **Configure the point-of-entry to this environment**, choose one of the following options:
<p class="note"><strong>Note:</strong> For details about the different SSL/TLS termination point options, how they correspond to different points-of-entry for Elastic Runtime, and related certificate requirements, see the <a href="../opsguide/security_config.html#ssl_term">Providing a Certificate for your SSL Termination Point</a> topic.</p>
* **Forward SSL to Elastic Runtime Router**: Select this option if your deployment uses an external load balancer that can forward encrypted traffic to the Elastic Runtime Router, or for a development environment that does not require load balancing. Complete the fields for the **Router SSL Termination Certificate and Private Key** and **Router SSL Ciphers**.
<%= image_tag 'images/ert_lb_encrypted_certs.png' %>
* **Forward unencrypted traffic to Elastic Runtime Router**: Select this option if your deployment uses an external load balancer that cannot forward encrypted traffic to the Elastic Runtime Router, or for a development environment that does not require load balancing.
<%= image_tag 'images/ert_lb_unencrypted.png' %>
* **Forward SSL to HAProxy**: Select this option to use HAProxy as your first point of entry. Complete the fields for **SSL Certificate and Private Key**, and **HAProxy SSL Ciphers**. Select **Disable HTTP traffic to HAProxy** if you want the HAProxy to only allow HTTPS traffic.
<%= image_tag 'images/ert_haproxy_certs.png' %>
1. <%= partial 'ssl_verification' %>
1. <%= partial 'insecure_cookies' %>
1. <%= partial 'zipkin_enable' %>
<%= image_tag 'images/ert_disable_ssl_cookies_zipkin.png' %>
1. <%= partial 'route_services' %>
1. The **Loggregator Port** defaults to `443` if left blank. Enter a new value to override the default.
1. <%= partial 'app_subnet_field' %>
1. <%= partial 'app_mtu' %>
<%= image_tag 'images/ert_log_port_mtu.png' %>
1. <%= partial '_router_timeout_backend' %>
1. <%= partial 'lb_unhealthy_threshold' %>
1. <%= partial 'lb_healthy_threshold' %>
<%= image_tag 'images/router_lb_thresholds.png' %>
1. Enter a value for **Router Max Idle Keepalive Connections**. See [Considerations for Configuring max\_idle\_connections](../adminguide/routing-keepalive.html#considerations).
<%= image_tag 'images/keepalive.png' %>
1. <%= partial 'http_headers_to_log' %>
1. <%= partial 'tcp_routing_enable' %>
1. Return to the top of the **Networking** screen. In **TCP Router IPs** field, make sure you have entered IP addresses within your subnet CIDR block. These will be the same IP addresses you configured your load balancer with in [Pre-Deployment Steps](../adminguide/enabling-tcp-routing.html), unless you configured DNS to resolve the TCP domain name directly to an IP you've chosen for the TCP router. You can enter multiple values as a comma-delimited list or as a range. For example, `10.254.0.1, 10.254.0.2` or `10.254.0.1-10.254.0.2`.
1. <%= partial 'tcp_routing_disable' %>
1. Click **Save**.