Commit 68f013fa authored by Dimitris Aragiorgis's avatar Dimitris Aragiorgis

Fix some typos

..and use upper case for all acronyms (NIC, TAP, DNS, SSH, RDP).
Signed-off-by: default avatarDimitris Aragiorgis <dimara@grnet.gr>
parent bd45c6f1
......@@ -8,8 +8,8 @@ center is practically impossible (currently expensive switches provide less
than 1024 vlans trucked on all ports), L2 isolation can be achieved via
MAC filtering on a common bridge over a single VLAN.
To ensure isolation we should allow traffic coming from tap to have specific
source MAC and at the same time allow traffic coming to tap to have a source
To ensure isolation we should allow traffic coming from TAP to have specific
source MAC and at the same time allow traffic coming to TAP to have a source
MAC in the same MAC prefix. Applying those rules only in FORWARD chain will not
guarantee isolation. The reason is because packets with target MAC a `multicast
address <http://en.wikipedia.org/wiki/Multicast_address>`_ go through INPUT and
......
......@@ -146,7 +146,7 @@ Supported Setups
Currently since NICs in Ganeti are not taggable objects, we use network's and
instance's tags to customize each NIC configuration. NIC inherits the network's
tags (if attached to any) and further customization can be achieved with
instance tags e.g. <tag prefix>:<nic uuid or name>:<tag>. In the following
instance tags e.g. <tag prefix>:<NIC's UUID or name>:<tag>. In the following
subsections we will mention all supported tags and their reflected underline
setup.
......@@ -198,7 +198,7 @@ nfdhcpd
^^^^^^^
snf-network creates binding files with all info required under
`/var/lib/nfdhcpd/` directore so that `nfdhcpd
`/var/lib/nfdhcpd/` directory so that `nfdhcpd
<http://www.synnefo.org/docs/nfdhcpd/latest/index.html>`_ can reply
to DHCP, NS, RS, DHCPv6 and thus instances get properly configured.
......@@ -210,10 +210,10 @@ Firewall
Synnefo defines three security levels: protected, limited, and unprotected.
- Protected means that traffic requesting new connections will be dropped,
dns responses (dport 53) will be accepted, icmp protocol (ping) will be
DNS responses (dport 53) will be accepted, icmp protocol (ping) will be
accepted and everything else dropped.
- Limited additionally allows ssh (dport 22) and rdp (dport 3389).
- Limited additionally allows SSH (dport 22) and RDP (dport 3389).
- Unprotected accepts everything.
......
......@@ -3,7 +3,7 @@
Routed Setup
------------
In the following section we are going to describe how we can achive a routed
In the following section we are going to describe how we can achieve a routed
setup for a specific subnet across the data center. We distinguish here
two ways to do that:
......@@ -14,13 +14,13 @@ two ways to do that:
external router (Gateway).
Whether the external router will do NAT or not depends on whether we have
a public routable subnet available or just a single node with internet
a public route-able subnet available or just a single node with internet
access.
For the next examples we assume that the route-able subnet will be
``192.0.2.0/24``, the gateway ``192.0.2.1``, nodes primary interface will
be ``eth0`` while VM traffic will go through ``eth0.0`` physical VLAN.
Of cource ``eth0.222`` can be substituted with a separate physical interface
Of course ``eth0.222`` can be substituted with a separate physical interface
(e.g. ``eth1``). All examples use `/etc/networ/interfaces` file, the
common way for configuring static interfaces under Debian.
......@@ -49,7 +49,7 @@ setup is:
# Enable proxy ARP and forwarding
up echo 1 > /proc/sys/net/ipv4/conf/eth0.222/proxy_arp
up echo 1 > /proc/sys/net/ipv4/conf/eth0.222/forwarding
# Mangle arp request originating from the host
# Mangle ARP request originating from the host
up arptables -A OUTPUT -o eth0.222 --opcode request -j mangle --mangle-ip-s 192.0.2.254
down arptables -D OUTPUT -o eth0.222 --opcode request -j mangle
down ip rule del iif eth0.222 lookup 222
......@@ -111,7 +111,7 @@ Routed Traffic
^^^^^^^^^^^^^^
Here we break down all stages of networking and analyze how we connectivity
is actually achived. To do so let's first assume the following:
is actually achieved. To do so let's first assume the following:
* ``IP`` is the instance's IP
* ``GW_IP`` is the external router's IP
......@@ -119,7 +119,7 @@ is actually achived. To do so let's first assume the following:
* ``ARP_IP`` is a dummy IP inside the network needed for proxy ARP
* ``MAC`` is the instance's MAC
* ``TAP_MAC`` is the tap's MAC
* ``TAP_MAC`` is the TAP's MAC
* ``DEV_MAC`` is the host's DEV MAC
* ``GW_MAC`` is the external router's MAC
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment