HOWTO: Use VPN support with your benchmarks - ibmcb/cbtool GitHub Wiki

High-level:

  1. Users of many private clouds (and even public clouds) will sometimes not have the benchmark tool on the same L3 network as the cloud they want to benchmark.
  2. Some users do, in fact, have the tool inside the cloud but, even then, may employ different L2 networks configured between tenants even in the same region.
  3. Some cloud virtual machines do not have public internet access at all.
  4. Some users inevitably run the tool itself on their laptops against the cloud, again on different networks.

How it works:

  1. CloudBench has the ability to feed a VPN configuration file through cloud-init and cloud-config via userdata to the virtual machines and bootstrap them onto an OpenVPN-specific L3 network.
  2. After cloud-config receives the userdata, it extracts an OpenVPN configuration file and gets all the VMs connected.
  3. CloudBench then logs in/rsyncs all of its configuration over the VPN-assigned IP address instead of the public/private IP address assigned by the cloud.
  4. After bootstrapping is complete, all intra-workload traffic happens across the normal L3 network within the cloud (not the VPN network). For example, all load generating traffic and application-specific communication that requires higher performance stays within the cloud.

CAVEATS:

  1. Cloud-init support is specific to each cloud supported by cloudbench. If it has not been implemented by your driver, then cloudbench cannot function because there are many forms of communication that need to happen between the tool and the cloud, including logging, database management, monitoring, and bootstrapping (again, not including high-performance intra-workload traffic).

SETUP:

Put the following into your configuration file:

[VM_DEFAULTS]   # You can optionally conditionalize this to your cloud like other paramters
USE_VPN_IP = $True
VPN_ONLY = $True
USERDATA = $True   # Implemented exclusively by each particular cloud driver

[VPN]
SERVER_IP = x.x.x.x          # shared-access IP address hosting server.conf file from cbtool/configs/generated
SERVER_BOOTSTRAP = 10.9.0.6  # This doesn't need to be correct. The tool will retreive the right value for you.
NETWORK = 10.9.0.0           # User-chosen
SERVER_PORT = 1194           # User-chosen

RUNNING:

  1. After you have started up cloudbench, you will get three OpenVPN configuration files automatically generated for you:
  • cbtool/configs/XXXXX_server.conf # This one needs to be copied to a server with a shared-access IP address
  • cbtool/configs/XXXXX_client.conf # This one use is used by the tool itself.
  • cbtool/configs/XXXXX_mongo.conf # Optional: This one allows you to join any more powerful external mongodb cluster that you may already have available
  1. Next, after the tool is started, copy the file cbtool/configs/XXXXX_server.conf to some kind of shared-access server that both VMs in the and the tool can reach. It does not necessarily need to be on the public internet: It just needs to be reachable at an IP that both the tool and the VMs can see. Where it goes is entirely up to you, as every L2/L3 network is different. After you copy it, start openvpn like this:

    openvpn --config XXXXX_server.conf --daemon

  • NOTE: A log file is referenced in the configuration file. Refer to it for debugging.
  1. After the VPN server is running, make sure that the VPN client is connected to it. If it's not running, feel free to start it manually, as you likely will not have started the VPN server before the tool was started. The tool does make an attempt to start it for you, but do check the OpenVPN log referenced in the client configuration file for any failures to reconnect to the server after you have started it.

    openvpn --config cbtool/configs/generated/XXXXX_client.conf --daemon

  • NOTE: A log file is referenced in the configuration file. Refer to it for debugging.
  • NOTE: The same goes for the XXXXX_mongo.conf file, should your mongodb cluster be located elsewhere.

Now you should be all set. Your benchmarks will now perform all tool <==> cloud communication over the VPN and will keep all intra-workload communication inside the cloud.

Good luck. Join the mailing list if you need help.