Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

At AppNexus every customer has a private VLAN, or Virtual Local Area Network, in each datacenter where they operate equipment. Your VLAN is a list sequential of IP addresses to be assigned to the instances you launch on in the AppNexus systemenvironment. Your VLAN can consist of 8, 24, 56 or 120 IP addresses;eight addresses in each range are reserved for networking equipment so that equipment will it can behave as though it was part of your indiviudal VLAN.

...

VLANs provide security by segregating each customer's traffic from AppNexus and other customers' traffic and also by regulating traffic from the Internet via a customer-controlled Access Control List (ACL).

  • By default all inbound traffic from the Internet to your IP block is denied except for ping (ICMP Echo---used to verify that the host is up). Customers You can explicitly permit TCP, UDP, or ANY traffic for a particular source and destination IPs and ports , request ALLOW or DENY rule.  Default rule is deny all explicitly permitted traffic is allowed to pass.Initial access rules are configured based on the customer questionnaire.
  • You will be assigned a separate VLAN in each datacenter where you have equipment. By default, all ports between your two VLANs in different datacenters will be open. Traffic between LAX1 and NYM1 travels over the Internet and is not encrypted.
  • All outgoing traffic is allowed.
  • by the ACLs. 
  • You'll set your inital ACL via the customer questionnaire, and you can change it at any time. At the moment, ACL changes must go through Support. Please see How to Request Firewall Changes for more information. Soon there will be an API for ACLs and you will also be able to use the customer portal.
  • By default, all ports between same-customer VLANs in different datacenters will be open. Traffic between LAX1 and NYM1 travels over the Internet and is not encrypted.
  • All outgoing traffic is allowed.

If you run out of IP addresses in your VLAN

If you outgrow a VLAN, we can assign you a new, larger one. This can take up to one workday, and you as support staff configures the ACL. You will then have need to migrate instances from the old VLAN to the new one. This can be done without downtime; you will assign each item in your VLAN a second IP address for the duration of the migration. You will get detailed instructions how to migration from one VLAN to another Detailed instructions on VLAN migration will be provided when you make your request to Support.1. When you launch new instance, please use

Assigning specific IP addresses from your VLAN

You can assign specific IP addresses to your equipment by using the optional "--ip" flag of "parameter for the manage-instance launch" command to explicitly declare IP address of instance in new address block. - Really it'll be part of instruction - Vladimir

Meanwhile I'll prepare instructions on how to deal with multi-VLAN environment, how to migrate instances from old IP space to the new one with the existing API/CLI functionality, et cetera. - Actually Alexander Novitskiy is communicating with GiftReal (RT:5483) and OpenAds (RT:5118) on this.

Assigning IP addresses from your VLAN

manage-instance launch --name, --cpu-units, --server-id, --memory, --disk, --share-name,
--path, --ip, --upload, --authorized-keys, --async

. For more information, see manage-instance

Further Reading