forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
_networking-vmware.html.md.erb
53 lines (41 loc) · 4.89 KB
/
_networking-vmware.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
1. Select **Networking**.
<%= image_tag 'networking-config.png' %>
1. (**Optional**) The values you enter in the **Router IPs** and **HAProxy IPs** fields depends on whether you are using your own load balancer or the HAProxy load balancer. Find your load balancer type in the table below to determine how to complete these fields.
<p class="note"><strong>Note</strong>: If you choose to assign specific IP addresses in either the <strong>Router IPs</strong> or <strong>HAProxy IPs</strong> field, ensure that these IPs are in your subnet.</p>
<table border="1" class="nice" >
<tr>
<th><strong>LOAD BALANCER</strong></th>
<th><strong>ROUTER IP FIELD VALUE</strong></th>
<th><strong>HAPROXY IP FIELD VALUE</strong></th>
</tr>
<tr>
<td>Your own load balancer</td>
<td>Enter the IP address or addresses for PCF that you registered with your load balancer. Refer to the <a href='../opsguide/custom-load-balancer.html'>Using Your Own Load Balancer</a> topic for help using your own load balancer with PCF.</td>
<td>Leave this field blank.</td>
</tr>
<tr>
<td>HAProxy load balancer</td>
<td>Leave this field blank.</td>
<td>Enter at least one HAProxy IP address. Point your DNS to this address.</td>
</tr>
</table>
<br />
For more information, refer to the [Configuring PCF SSL
Termination](../opsguide/ssl-term.html) topic.
For help understanding the Elastic Runtime architecture, refer to the
[Architecture](../concepts/architecture/) topic.
1. For **Router IPs**, enter one or more static IP addresses for your routers. These must be in the subnet that you configured in the Ops Manager **Create Networks** section. If you are using your own load balancer, configure it to point to these IPs. If you are using the Elastic Load Balancer (ELB), add the name of your ELB in the router column of the **Resource Config** section.
1. For **HAProxy IPs**, enter one or more IP addresses for HAProxy. You must point your DNS to this IP unless you are using your own load balancer, and HAProxy's IP must be in your subnet.
1. Under **Configure the point-of-entry to this environment**, choose one of the following:
* **External Load Balancer with Encryption**: Select this option if your deployment uses an external load balancer that can forward encrypted traffic to the Elastic Runtime Router, or for a development environment that does not require load balancing. Complete the fields for the **Router SSL Termination Certificate and Private Key** and **Router SSL Ciphers**.
* **External Load Balancer without Encryption**: Select this option if your deployment uses an external load balancer that cannot forward encrypted traffic to the Elastic Runtime Router, or for a development environment that does not require load balancing.
* **HAProxy**: Select this option to use HAProxy as your first point of entry. Complete the fields for **SSL Certificate and Private Key**, and **HAProxy SSL Ciphers**. Select **Disable HTTP traffic to HAProxy** if you want the HAProxy to only allow HTTPS traffic.
<p class="note">For details about providing SSL termination certificates and keys, see the [Providing a Certificate for your SSL Termination Point](../opsguide/security_config.html#config) topic.</p>
1. If you are not using SSL encryption or if you are using self-signed certificates, select **Disable SSL certificate verification for this environment**.
1. Select the **Disable insecure cookies on the Router** checkbox to turn on the secure flag for cookies generated by the router.
1. In the **Choose whether or not to enable route services** section, choose either **Enable route services** or **Disable route services**. Route services are a class of [marketplace services](../devguide/services/managing-services.html#marketplace) that perform filtering or content transformation on application requests and responses. See the [Route Services](../services/route-services.html) topic for details.
* If you enable route services, check **Ignore SSL certificate verification on route services** for the routing tier to reject requests that are not signed by a trusted CA.
1. Optionally, use the **Applications Subnet** field if you need to avoid address collision with a third-party service on the same subnet as your apps. Enter a CIDR subnet mask specifying the range of available IP addresses assigned to your app containers. The IP range must be different from the network used by the system VMs.
1. Optionally, you can change the value in the **Applications Network Maximum Transmission Unit (MTU)** field. Pivotal recommends setting the MTU value for your application network to `1454`. Some configurations, such as networks that use GRE tunnels, may require a smaller MTU value.
1. Optionally, increase the number of seconds in the **Router Timeout to Backends** field to accommodate larger uploads over connections with high latency.
1. Click **Save**.