Cloud-A Launches New High Performance Direct Fibre Network
Halifax, NS – Dec 19, 2014 – Cloud-A Computing Inc., a Canadian OpenStack Public Cloud provider, announced today, the launch of their new dedicated fibre network between their primary data centre facility in Halifax, Nova Scotia and the Toronto Internet Exchange in Toronto, Ontario.
The new network, which is the highest performing and most comprehensive direct fibre network offered by any Canadian Public Cloud provider, will not only provide Cloud-A customers with a single hop between their Halifax and Toronto data centre facilities, but also a direct connection to London, the Caribbean, and New York, leveraging Hibernia’s high capacity, low latency trans-atlantic fiber network.
Early indications of performance gains are that latency has been reduced by an average of 35% across the board.
“We know that network performance and reliability are extremely important to our clients. Investing in higher quality peering is a top priority for us, and this Hibernia link will open doors for us to continue extending the reach of our network both within and outside of our borders.” says Jacob Godin, Chief Technology Officer at Cloud-A “We are extremely excited to allow our clients to reach their users more efficiently. We believe it will enable them to better compete with providers in the US and beyond. It’s the kind of network that Canada’s cloud industry really needs.”
In addition to enhanced network performance, the new network allows for enhanced protection against distributed denial-of-service (DDoS) attacks, which Cloud-A has been victim of in the past. The one-hop to Toronto means that Cloud-A now peers with some of the worlds leading internet service providers, which expands Cloud-A’s DDoS mitigation strategy.
Cloud-A is the leading provider of public cloud Infrastructure based in Canada. Their products automate & simplify the installation and management of the hardware and software that provides the infrastructure for large scale environments having hundreds or thousands of servers supporting high performance compute applications. For more information visit www.CloudA.ca
Geoff Sullivan, Channel Manager & Public Relations
Last week we announced our new direct fibre network which will provide one-hop from our primary data centre facility in Halifax to the Toronto Internet Exchange as well as Europe and the Caribbean.
So what does that mean for our customers?
35% Decrease in Network Latency
Early testing has indicated that our new direct fibre network has provided performance gains in network latency by an average of 35%. Not only does this enhance performance within Canada, the new network provides direct connection to London, the Caribbean, and New York, leveraging Hibernia’s high capacity, low latency trans-atlantic fibre network.
Here are some performance test results from our Data Centre in Halifax, Nova Scotia:
14 millisecond round trip from Halifax to New York
25 millisecond round trip from Halifax to Montreal
30 millisecond round trip from Halifax to Toronto
60 millisecond round trip from Halifax to the UK
68 millisecond round trip from Halifax to the Bahamas
90 millisecond round trip from Halifax to Calgary
90 millisecond round trip from Halifax to Vancouver
Enhanced DDoS Protection
Earlier this year we were the victim of several DDoS attacks which resulted in some unfortunate outages for our clients (see our DDoS Story & Postmortem.) In an effort to prevent future DDoS attacks, we successfully developed a DDoS mitigation strategy in conjunction with our upstream internet service providers.
Our new network has us directly connected to all major Internet players in Canada including Telus, Rogers, Bell, Allstream, Google, TekSavvy, Akamai, Microsoft, and Net Access which expands our DDoS strategy and provides enhanced protection against future attacks.
Continuous Product Development
Our new network is just one of the many product enhancements we have in our hopper. Cloud-A is dedicated to staying ahead of the curve and offering high performing cloud products. We love feedback so please continue to send your feature requests to firstname.lastname@example.org.
While security groups are a good measure for locking down access to your network through firewall rules, in many cases it is necessary to configure a VPN between your Cloud-A Virtual Private Network and your office / individual computer. This can reduce the number of internet accessible resources and encrypt all of your traffic between sites.
We’re going to launch an Ubuntu 14.04 server and, using Cloud-Init, pre-configure it with the required packages to run your own VPN server. We’ll set up your VPC Firewall in a way to allow VPN traffic into your private network, and establish a connection from your VPN client.
Cloud-init enables you to leverage OpenStack’s metadata service to send instructions to your instance that will be executed upon launching. In this post, we’re going to leverage this functionality to have cloud-init install and configure our VPN for us on first boot. Here is what the final instruction set will look like:
The Cloud-Init configuration is driven through the cloud-config YAML file, which is marked by “#cloud-config” being the first line. There is a large section of examples in the Cloud-Init documentation. We’re going to walk through the different sections one at a time, explaining what each does and why it’s required to automate the deployment of your VPN server.
The first section “packages” will tell cloud-init what to pre-install for us. In this case, we’re going to use PPTP for our VPN connection, which pptpd will handle.
Next, in the write_files section, we’re providing configuration files that are required for our VPN to work. You should to change myvpnuser and mypassword to reflect the login credentials that you would like your VPN client(s) to use.
Also, we are creating a virtual network to be used for the VPN service. This is done via the localip and remoteip options in /etc/pptpd.conf. Make sure that these values don’t overlap with your office / home network. Using obscure values like 192.168.183.x instead of 192.168.0.x may be a good idea.
Finally, runcmd is a list of commands that cloud-init will run late in the booting process. For our VPN, we need a simple iptables NAT rule and we need to enable IP forwarding in the Linux kernel, as it will be forwarding your traffic to your Cloud-A network.
Launching our Instance
The launch process is identical to launching a regular instance, with one final step at the end. So, we’re going to run through it quickly.
In our example, we’re going to create a new Ubuntu 14.04 server. Before launching, we’re going to go to the Cloud-Init tab and paste the instruction set that you’ve customized with your own values into the textbox. It will perform validation to ensure your formatting is still valid YAML when you create your VPN server.
At this point, we’re good to launch our instance! Once it has started, we need to allow PPTP traffic to pass through to the instance. There is a single TCP port (1723) that needs to be opened. In this example, we’re going to create a separate security group called ‘PPTP‘.
Configuring the client is relatively simple, especially if we wish to route all traffic through our VPN connection. However, we’re going to configure our client in “split-tunnel mode“. This means that only traffic that is local to the VPN network (IE your Cloud-A instances) will be routed over the PPTP connection, while all other traffic will route as usual.
Open your Network Preferences and click on the “+” button under the list of network connections. This will bring up a dialog box which allows you to create a new network connection. Here, we’re going to want to select PPTP VPN and give our new connection a name.
Now we simply need to fill in our Public IP address and our username, click ‘Connect’, apply your changes, and enter your password. You’re now connected to your VPN server!
Next, we’re going to configure split tunneling. Apple doesn’t provide a pretty UI to do this, so we’re going to have to open terminal to do so, running: sudo route add -net 10.0.0.0/24 -interface ppp0
As you can see from your terminal, we’re adding a route to your Cloud-A network (10.0.0.0/24 by default) via the PPTP connection (ppp0). The traceroute tests routing to the Cloud-A virtual router. NOTE: On OSX, the sudo route add... command must be run every time we restart our machine. Otherwise, we will not have split routing into our remote Cloud-A network.
If you want to run office-to-cloud VPN, you’ll need to configure static PPTP on your internal network’s router. This way, you’re always connected to your Cloud-A VMs while you are in the office, and can act as if they’re on your local network. If you are running a router with DDWRT installed, there are some instructions here to get you started.
And there we have it! You have now securely connected into your virtual Cloud-A network. If you have any questions, or require assistance with anything VPN, drop us a message at email@example.com.
A few months ago, we showed you how to associate a single public IP to your instance. For most use cases, this functionality does everything that you need. However, one request we find ourselves seeing occasionally is the desire to allocate more than one IP address from the same subnet to an instance, with the driver being that it provides the ability to have multiple public IPs pointing at a particular NIC/port. Currently, this requires some more advanced command line work.
Dash is an extremely powerful web-based UI that helps users efficiently manage their cloud infrastructure. While we aim to make the initial setup process as quick and simple as possible, we also want to give administrators the flexibility to create networks and systems that fit exactly to their needs. Due to the variety of options and settings that users are presented with when setting their infrastructure up for the first time, we provide an Introduction Wizard to guide them through the process of creating a network, volumes, and instances. However, some of the choices for getting a core network setup and ready to place instances on can be confusing for beginners.