Closed
Bug 894565
Opened 12 years ago
Closed 11 years ago
Sort out EC2 network configuration for WebRTC automation
Categories
(Testing :: General, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: ted, Assigned: dminor)
References
(Blocks 1 open bug)
Details
We need to figure out the specifics of how to configure a network of EC2 VMs for the purposes of our WebRTC automation tests.
|
Assignee | |
Comment 1•12 years ago
|
||
I've posted an initial network diagram to the wiki at: https://wiki.mozilla.org/Auto-tools/Projects/WebRTC_Cloud_Automation
I'll be looking into automating the creation of the test network and clients next.
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 2•12 years ago
|
||
The EC2 provided NAT instances appear to be using iptables:
[ec2-user@ip-172-17-1-22 ~]$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 anywhere
The current network configuration is that any system on 172.17.2.0/24 goes through the NAT. One possibility to support multiple NAT configs would be to set up clients on additional /24 subnets and configure the NAT differently for each subnet, e.g. different rules for clients on 172.17.3.0/24.
|
|
Assignee | |
Comment 3•12 years ago
|
||
A bit more digging show thats the AWS NAT type is 'port restricted cone'. Connecting through this type of NAT uses STUN, and is currently configured and working.
The other major NAT type appears to be 'symmetric' which requires use of a TURN server. The next step is to set up iptables rules for a symmetric NAT for a separate NAT on each test network, and then reconfigure the automation to run tests through both types of NATs (and possibly setting up a TURN server as well.)
|
|
Assignee | |
Comment 4•12 years ago
|
||
Adding --random to the /usr/local/sbin/configure-pat.sh script appears to be enough to configure a symmetric NAT:
log "Enabling PAT..."
sysctl -q -w net.ipv4.ip_forward=1 net.ipv4.conf.eth0.send_redirects=0 && (
iptables -t nat -C POSTROUTING -o eth0 -s ${VPC_CIDR_RANGE} -j MASQUERADE --random 2> /dev/null ||
iptables -t nat -A POSTROUTING -o eth0 -s ${VPC_CIDR_RANGE} -j MASQUERADE --random) ||
die
Running stunc reports symmetric, needs a bit more work.
|
|
Assignee | |
Comment 5•12 years ago
|
||
We will need some sort of TURN server setup that is accessible to the steeplechase machines. For now, I think I'll set something up on one of the steeplechase machines and firewall it so it is only accessible to the test machines.
Depends on: 865296
|
|
Assignee | |
Comment 6•11 years ago
|
||
We have a configuration running on AWS that simulates restricted cone and symmetric NATs. If this needs reconfiguration, we can always file a new bug.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
||
Updated•7 years ago
|
Component: New Frameworks → General
You need to log in
before you can comment on or make changes to this bug.
Description
•