|Introduction||The blackhole project is a solution to simplify routing and firewalls. It simplifies yet increases security and flexibility. It is meant for datacenters. It allows communication between any container or virtual machine wherever they are connected physically in the data center. All done with a central configuration (who can talk to who). It does so while making all routing and firewalling simple, restrictive and uniform across all servers and firewalls.|
|Target audience||Having many servers (Hosts) running containers (vservers) and virtual machines distributed into several networks. The hosts are running Linux.|
|Routing requirements||The basic routing requirements are simple: The blackhole components must reach every hosts in your networks on a single TCP port (usually 8000). Once met, any host may talk to any host in any networks (if allowed by the blackhole). All connections are established from the blackhole. Containers and VMs only establish connections to their local horizon service (they never reach out of their host).|
|Usage||The following drawings show the various components. Arrows presents all possible TCP connections including the direction of the connections.|
Here is complete introduction to the project: principle.pdf.
More details about its operation mode: operations.pdf.
Packages for Centos 6.5 64 bits may be found here (compiled by me). You need linuxconf-lib, blackhole, blachole-horizon and blackhole-conproxy. blackhole-wormhole is optional.
Source is available using subversion here.