Common Function Gateway

1.Functions

1-1.Overview

Common function gateway is a gateway to connect from customer tenant to common function pool. It is provided as a virtual router dedicated to customers on redundant equipment.
The common function pool is a group of devices for providing functions that can be used by communicating from within a customer tenant, such as a license authentication server and NTP server.
Customers can use the common functions provided in the common function pool via the common function gateway.
This function is positioned as one of “common functions” that can be used for free for all customers using Enterprise Cloud 2.0.

共通機能ゲートウェイ機能概要

1-2.Features

This function enables Customers to utilize common functions free of charge.
Also, various settings etc. are automated, so immediate use is possible when necessary.

2.Functions available

2-1.Function list

Following are major two functions to be available with Common Function Gateway.

Function

Overview

Layer 2 / Layer 3 Connectivities

Common function gateway is a function that works as a gateway. NTT Com provides L2 / L3 connection function to connect customer tenant and common function pool.

Self-Management Function

NTT Com provides functions for customers to self-manage common function gateways.


2-2.Explanation of each function

This section describes each function above that Common Function Gateway provides.

2-2-1.L2 / L3 connection function

Common function gateway is a function that works as a gateway. NTT Com provides L2 / L3 connection function to connect customer tenant and common function pool.
This function consists of following functions:

Detailed Function

Details

Connection with Logical Network

Connect to the logical network of customer tenants.

Connection with Common Function Pool

Connect to the common function pool.

NAT/NAPT

NTT Com will perform NAT / NAPT between customer tenants and common function pool.


2-2-1-1.Connection function with logical network

The connection function with the logical network is provided with the following specification / restriction.
  • “Common function gateway connection logical network” and “common function gateway connection subnet” are created automatically when creating the common function gateway and are provided with connected to the common function gateway.

  • This logical network is created as a data plane with the name “common_function_gw_access_ (unique ID)”.

  • This subnet is named “common_function_gw_access_subnet_ (unique ID)” and is created with the following parameters.

Parameter

Settings for the subnet

Name

Common_function_gw_access_subnet_ (unique ID)

ID

Unique ID for each subnet.

Details

None

Tenant ID

Tenant ID that the subnet belongs to.

Logical Network ID

Logical Network ID for connecting to Common Function Gateway

Network Address

169.254.0.0/17

Gateway IP

None

DHCP Attainable

Enabled

View IPv4 address range which is automatically assigned to destination devices by DHCP.

Start: 169.254.0.2
End: 169.254.127.254

DNS Server

None

NTP Server

None

Setting additional route

None
  • The following ports are automatically created on this Logical Network. These IP addresses cannot be assigned to the customer resources such as Virtual Server and Baremetal Server connected to the Logical Network.

    • 169.254.0.2 — DHCP server port

    • 169.254.0.3 — Common Function Gateway(primary)

    • 169.254.0.4 — Common Function Gateway(secondary)

  • From the subnets of this logical network, the following addresses are reserved by the operator and can not be assigned to virtual servers or bare metal servers that customers connect to the logical network.

    • 169.254.127.0/24 — for common functions

  • In “Subnet for Common Function Gateway Connection” created when creating Common Function Gateway, DNS server address is not specified. Since the IP address of the DHCP server port may be delivered as a DNS server address, please do the following:

    • How to specify the DNS server address in the customer portal

      • Check “No DNS server”... DNS server address is not delivered

      • No check in “Disable DNS server” · · · Specified address is delivered as DNS server address.

      • If there is no ‘Disable DNS server’ checkbox, please specify the address like API.

    • How to specify DNS server address in API

      • When 0.0.0.0 is specified ... DNS server address is not advertised

      • When arbitrary address is specified · · · Specified address is advertised as DNS server address.

      • Empty ... IP address of DHCP server port may be delivered as DNS server address. Specify 0.0.0.0 to suppress distribution, or specify an arbitrary address to advertise DNS server address.

2-2-1-2.Connection function with common function pool

The function of connecting to the common function pool is provided with the following specification / restriction.

  • The connection with the common function pool is performed automatically when creating the common function gateway. It is not possible for customers to perform operations related to connection with the common function pool.


2-2-1-3.NAT / NAPT function

The NAT / NAPT function is provided with the following specifications / restrictions.

  • The IP address (IP address used for NAT / NAPT) for using the common function pool has the following fixed value. It can not be set / changed by customers.

  • Customers can use the functions of the common function pool by communicating with the following addresses.

Available Functions

IP Address

Port number

Details

Communicate with NTP Server

169.254.127.1 UDP 123

Enable Baremetal/Virtual Servers to communicate with NTP Server that NTT Com provides.

License Authentication for Windows

169.254.127.17 TCP 1688
Provides license authentication in case Customers utilize official image template of Windows license provided by OS menu within their Baremetal/Virtual Servers. (Please refer to “Service Description v1.0: Windows Server”)
*Please keep in mind that it breaches the license agreement in case Customers attempt to authenticate the Windows license which is not provided by our OS menu.
*This has already been configured as the IP address of license server within the official image template.

License Authentication for RHEL

169.254.127.18
169.254.127.18
TCP 443
When using the official image template of the Redhat Enterprise Linux license provided on the OS menu on the virtual server and bare metal server, you can activate the license for that license.
*Please keep in mind that it breaches the license agreement in case Customers attempt to authenticate the Red Hat Enterprise Linux license which is not provided by our OS menu.
*This has already been configured as the IP address of license server within the official image template.

Backup agent on backup menu Software delivery communication

169.254.127.20 TCP 80

It is the IP address / port number used as the communication destination of the backup agent software distribution in the backup menu.

Backup menu backup communication

169.254.127.22
169.254.127.23
TCP 9500

It is the IP address / port number used as the data backup destination in the backup menu. This IP address is automatically set in the backup server beforehand when installing the backup agent software.


  • Please connect all the resources you want to use common function to the logical network for common function gateway connection.

  • Common function If there is a resource that can not be connected to the logical network for gateway connection, connect the firewall or the like to the common function gateway connection logical network and make the following settings and use the common function pool from another logical network.

    • Source NAT: The common function gateway can communicate only with the IP address (169.254.0.0 / 17) of the directly connected segment. Communication with the common function pool is communication with virtual server / bare metal as the sender. Please configure source NAT with firewall etc.

    • Static routing: Configure a static route to communicate from the virtual server / bare metal server to the common function gateway segment.

    • Packet filtering: In order to allow communication between the virtual server / bare metal server and the common function pool, please make packet filter permission setting by firewall etc.

  • Regarding setting example on Firewall(Brocade 5600 vRouter), please refer to `Example of NAT configuration when using Common Functions via firewall<https://ecl.ntt.com/documents/tutorials/rsts/networkfunction/function_d.html>`_ .

  • Port number confirms to the specification of menu connected to, and setting value may change.

  • The common function gateway is redundant by VRRP and uses VRRP group IDs 51 and 52. If the VRRP group ID is duplicated on the same Logical Network, it can not communicate normally. Also, with some appliances, if the VRRP group ID is duplicated across all connected Logical Networks, it can not communicate normally. Please design so that the VRRP group ID does not overlap.

共通機能ゲートウェイ

2-2-2.Self-management function

NTT Com provides functions for customers to self-manage common function gateways. This function is configured with the following functions.

Detailed Function

Details

View Common Function Gateway

Enable Customers to view the information of Common Function Gateway.

Create Common Function Gateway

Enable Customers to create Common Function Gateway.

Modify Common Function Gateway

Enable Customers to modify Common Function Gateway.

Delete Common Function Gateway

Enable Customers to delete Common Function Gateway.

2-2-2-1.Reference to common function gateway

Customers can view the information of Common Function Gateway.

Items

Details

Name

Customers can view the name of Common Function Gateway they set.

ID

Customers can view the ID of Common Function Gateway.

Details

Customers can refer to any customer’s character string set for the common function gateway.

Tenant ID

Customers can view the Tenant ID in which Common Function Gateway exists.

Common Function Pool ID

Customers can view the Common Function Pool ID that Common Function Gateway connects to.

Common Function Pool Name

Customers can view the Common Function Pool name that Common Function Gateway connects to.

Logical Network ID

Customers can refer to the ID of the logical network that common function gateway will connect.


2-2-2-2.Creating a common function gateway

Customers can create Common Function Gateway with following parameters:

Configurable Items

Details

Name

Customer can configure the name of Common Function Gateway.

Details

Customers can set your own arbitrary character string on the Common function gateway.

Common Function Pool

Customer can configure the Common Function Pool connected to Common Function Gateway.


2-2-2-3.Edit common function gateway

Customers can modify following parameters of Common Function Gateway:

Configurable Function

Details

Name

Customers can modify the name of Common Function Gateway.

Details

Customers can edit any character string set for the common function gateway


2-2-2-4.Common function Delete gateway

Customers can delete the Common Function Gateway.

3.Menu

3-1.Menu, plan

There is no menu in Common Function Gateway.


3-2.Application type and method

Customers who subscribe to Enterprise Cloud 2.0 can apply for a common function gateway. The types of applications are as follows

Subscription Type

Subscription Methods

Offered Date

Add Common Function Gateway

Apply by customer’s own operation via customer portal / API

Instant Offering

Delete Common Function Gateway

Apply by customer’s own operation via customer portal / API

Instant Offering

3-3.Precautions for application

  • NTT Com provides one Common Function Gateway per one Tenant.

  • When Customers create Common Function Gateway, one Logical Network for connecting to it will be added. The Logical Network will be charged if Customers has more than five Logical Networks including this. (NTT Com provides up to five Logical Networks free of charge.)

4.Price

4-1.Initial fee

There is no initial fee.

4-2.Monthly charge

There is no monthly charge in this menu.


5.Quality of the provided Menu

5-1.Scope of support

All functions provided by this service are supported. Designing and configuring Customers’ network architectures utilizing this function are not supported.

5-2.Operational quality

Quality of Operation of this menu has been established as a standard on Enterprise Cloud 2.0.

5-3.SLA

SLA on this menu has been established as a standard on Enterprise Cloud 2.0.

5-4.Precautions

  • MTU size supports up to 1500 bytes.