eryph
by

Advanced Topics

Advanced networking

Eryph provides enterprise-grade virtual networking through OpenVSwitch and OVN, supporting overlay networks, VLANs, and advanced configurations on all Windows versions.

Network Architecture

Physical Adapters → Network Providers → Virtual Networks → VM Connections

Network providers define physical connectivity and IP pools. Virtual networks (configured per project) use these providers for isolation. See Project Networks for virtual network configuration.

Network Provider Types

TypeUse CasePhysical AdapterExternal AccessNetwork Services
nat_overlay (default)Single-host dev/testNot requiredHost only via NATBuilt-in DHCP/DNS, isolated
overlayShared team access, productionRequiredDirect via IP poolBuilt-in DHCP/DNS, isolated per project
flatMaximum performance, existing infrastructureRequiredDirect L2 bridgingExternal DHCP/DNS required

NAT Overlay - Perfect for development. Zero configuration, automatic NAT, built-in services. Catlets only accessible from host.

Overlay - Enterprise virtual networking. Full isolation between projects, built-in DHCP/DNS per project, VLAN support. Small performance overhead from encapsulation.

Flat - Direct Hyper-V networking at full speed with no overhead. Best when you have existing DHCP/DNS infrastructure or need maximum performance. Trade-off: you manage all network dependencies, no project isolation, external services required.

Configuration Commands

# Import new network configuration
eryph-zero networks import --inFile network-config.yaml

# Sync/repair network state  
eryph-zero networks sync

Import validates configuration, creates OVS bridges, configures Hyper-V switches, and sets up NAT. Sync repairs drift and reconnects adapters.

Network Provider Configuration

Default NAT Overlay (Zero Config)

network_providers:
- name: default
  type: nat_overlay
  bridge_name: br-nat
  subnets:
  - name: default
    network: 10.249.248.0/22
    gateway: 10.249.248.1
    ip_pools:
    - name: default
      first_ip: 10.249.248.10
      last_ip: 10.249.251.241

Overlay Network

network_providers:
- name: production
  type: overlay
  bridge_name: br-pif
  adapters: ['Ethernet 2']
  subnets:
  - name: default
    network: 172.16.20.0/24
    gateway: 172.16.20.1
    ip_pools:
    - name: default
      first_ip: 172.16.20.10
      last_ip: 172.16.20.240

Flat Network (native Hyper-V)

network_providers:
- name: datacenter
  type: flat
  switch_name: dc-switch
  # no adapters 
  subnets:
  # external subnets and free range for
  # static address assignments
  - name: default
    network: 172.16.15.0/24
    gateway: 172.16.15.1
    ip_pools:
    - name: default
      first_ip: 172.16.15.10
      last_ip: 172.16.15.240

Configuration Options

Multiple IP Pools - Separate ranges for different purposes:

subnets:
- name: default
  network: 172.16.0.0/24
  gateway: 172.16.0.1
  ip_pools:
  - name: web
    first_ip: 172.16.0.10
    last_ip: 172.16.0.50
  - name: database
    first_ip: 172.16.0.100
    last_ip: 172.16.0.120

VLAN Configuration

vlan: 100                          # Provider VLAN
bridge_options:
  bridge_vlan: 200                 # Bridge VLAN (if different)
  vlan_mode: native_tagged         # access | native_untagged | native_tagged

The provider VLAN is for traffic from the VMs and the default VLAN for the bridge. If you use the bridge for host traffic you can change the VLAN of the bridge with bridge_vlan and vlan_mode.

Single Adapter Mode - When using one adapter for management and overlay:

bridge_options:
  default_ip_mode: dhcp            # Required for single adapter

Bonding (Windows Server with SET only):

bridge_options:
  bond_mode: balance_slb           # active_backup | balance_slb
adapters: ['Ethernet 2', 'Ethernet 3']

Bonding requires Windows Server with SET support. Automatic failover not currently supported.

When multiple adapters are configured, Eryph automatically creates a SET—no manual setup required.

Managing Networks

# Get catlet IPs
Get-CatletIP                      # External IPs
Get-CatletIP -InternalIp          # Internal IPs

# View VM switches (standard Hyper-V)
Get-VMSwitch -Name "eryph_overlay"

# Check NAT configuration  
Get-NetNat | Where Name -like "eryph_*"

Common Scenarios

Team Access - Enable network access to catlets:

network_providers:
- name: team
  type: overlay
  bridge_name: br-team
  adapters: ['Team Network']
  subnets:
  - name: default
    network: 10.50.0.0/24
    gateway: 10.50.0.1
    ip_pools:
    - name: shared
      first_ip: 10.50.0.20
      last_ip: 10.50.0.200

DMZ with VLAN - Isolated network segment:

network_providers:
- name: dmz
  type: overlay
  bridge_name: br-dmz
  vlan: 50
  bridge_options:
    vlan_mode: access
  adapters: ['DMZ Port']
  subnets:
  - name: public
    network: 172.16.50.0/24
    gateway: 172.16.50.1

Troubleshooting

Catlets not accessible: Verify IP pool availability, check firewall rules, ensure gateway reachability, run eryph-zero networks sync

Bridge adapter missing: Wait 30 seconds after configuration, verify OVS service running, check Windows event logs

VLAN issues: Verify switch port trunk configuration, check VLAN ID matches, ensure correct vlan_mode

Advanced diagnostics: OVS/OVN tools are available but require finding the eryph runtime directory. Contact support for guidance on using these diagnostic tools.

Single adapter disconnection: Temporary disconnection is normal during configuration. Always set default_ip_mode: dhcp and have console access.

Switching network types: Export catlet configs first, import new network provider, recreate catlets. Direct migration not supported.

Production Networks

Get IT approval before adding overlay networks to corporate infrastructure. Coordinate IP ranges and VLANs to avoid conflicts.

See Also

Next
Project Networks