Header Shadow Image


OpenWRT: Microsoft Azure to Cloudera CDH via VPN Gateway

Pages: 1 2 3 4 5 6 7

In this post, we'll show you how to create and connect your local home network to the Azure space network.  We'll take this a step further by connecting this Microsoft Azure VM instances defined to an on premise Cloudera CDH cluster.  Together, the on-prem cluster will be extended with compute capacity from Azure while the workloads are running.  Once workloads are done, the extra compute can be turned off or destroyed no the Azure side. This will provide some cost savings while also reducing the overall IaaS and PaaS costs normally associated with on-prem infrastructures.  The below steps are essentially a learning LAB or POC type of setup.  This is not meant for a PROD type of setup.  For PROD, Expressroute or a higher end configuration will be needed.  Or entirely Cloud based solutions would take the place of this setup. 

The configuration below will assume the following VLAN's and subnets are defined on the Azure side ( NOTE: These can differ from the images you see below.  The VLAN's in the lists below apply.)

Azure VPN:

10.10.0.0/24 
10.10.10.0/24 
10.10.20.0/24 
10.10.30.0/24 

Local on-prem VLAN's:

192.168.0.0/24
10.0.0.0/24
10.1.0.0/24
10.2.0.0/24
10.3.0.0/24

The topology for the configuration will be as follows. The on-prem StrongSwan GW will reside on the Raspberry Pi 2:

https://i0.wp.com/www.microdevsys.com/WordPressImages/Network-Topology-StrongSwan.JPG?ssl=1

Begin by defining the Azure VPN Gateway and essentials. Start with the Public IP definition.  This will include a new Azure Public IP address or an existing one, your choice:

https://i0.wp.com/www.microdevsys.com/WordPressImages/Azure-VPN-Gateway-Public-IP-Definition.JPG?ssl=1

Next, define the local virtual networks that will be used on the Azure side:

https://i0.wp.com/www.microdevsys.com/WordPressImages/Azure-VPN-Gateway-Virtual-Network.JPG?ssl=1

Define the Local Network Gateway properties.  This includes the public IP address of your external home or company network.  

https://i0.wp.com/www.microdevsys.com/WordPressImages/StrongSwan-Azure-Local-Network-Gateway.jpg?ssl=1

IMPORTANT: Ensure you've added the local IP address ranges that exist on your private (home, company) network, to the Local Network Gateway configuration.  Otherwise, mapping won't take place.  See image above. 

Beware of issues allocating address ranges. Ensure there is no overlap between Azure VLAN's and on-Prem VLAN's.  Notice how the 10.0.0.0/16 VN IP range conflicts with the on-Prem 10.0.0.0/24 network in the below screenshot?

https://i0.wp.com/www.microdevsys.com/WordPressImages/Azure-VPN-Gateway-Subnet-10.0.0.0-conflict-between-left-right.JPG?ssl=1

 

Now define the VPN Gateway using the above components:

https://i0.wp.com/www.microdevsys.com/WordPressImages/Azure-VPN-Gateway-Definition.JPG?ssl=1

 

Finally, define a connection that will pair up with our DD-WRT, OpenWRT or Asus Merlin router below (Notice the Data in and Data out fields.  Ideally they will NOT be 0 indicating successful traffic flow. ):

https://i0.wp.com/www.microdevsys.com/WordPressImages/StrongSwan-Azure-Connection-On-Prem.jpg?ssl=1

NEXT: Attempt at configuring StrongSwan on DD-WRT …..

Pages: 1 2 3 4 5 6 7

Leave a Reply

You must be logged in to post a comment.


     
  Copyright © 2003 - 2013 Tom Kacperski (microdevsys.com). All rights reserved.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License