cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sheng Yang <sh...@yasker.org>
Subject Re: Supported Source NAT Type?
Date Thu, 18 Apr 2013 21:19:06 GMT
Hi Will,

"Per zone" is mostly for external network devices(e.g. SRX). We can
configure one public network address on SRX, and use that one(which is out
of Cloudstack's control) for all the public traffic go through the device.
That's "Per zone".

"Per account" is the other way, used by VR in CloudStack. It would acquire
one public ip from public ip pool in the zone for each isolated network,
and make it source nat IP for the network. The name "per account" because
in the past one user would have only one isolated network, so the network
is de facto per account. It's not necessary true now, but the name remained
I think.

There are probably bad names, we should get better name than them...

--Sheng


On Thu, Apr 18, 2013 at 2:07 PM, Will Stevens <wstevens@cloudops.com> wrote:

> Oh, my bad.  I forgot about that.
>
> On the 'create network service offering' overlay, if you select 'SourceNat'
> in Supported Services, there is a drop down which get added.  The drop down
> has the title of 'Supported Source Nat Type' and has two options: 'Per
> zone' and 'Per account'
>
> Thanks,
>
> Will
>
>
> On Thu, Apr 18, 2013 at 4:09 PM, Chip Childers <chip.childers@sungard.com
> >wrote:
>
> > Will,
> >
> > Images and other attachments are stripped on this list (text only
> > please!)
> >
> > Can you post the image somewhere or describe the list?
> >
> > On Thu, Apr 18, 2013 at 04:05:36PM -0400, Will Stevens wrote:
> > > In the 'Create network service offering' flow there is this dropdown:
> > >
> > > [image: Inline image 1]
> > >
> > > What are the implications for picking one or the other?
> > >
> > > This code seems related in
> > >
> >
> 'com.cloud.network.ExternalFirewallDeviceManagerImpl.manageGuestNetworkWithExternalFirewall()'
> > > :
> > > NetworkOffering offering =
> > > _networkOfferingDao.findById(network.getNetworkOfferingId());
> > > boolean sharedSourceNat = offering.getSharedSourceNat();
> > >
> > > IPAddressVO sourceNatIp = null;
> > > if (!sharedSourceNat) {
> > >     // Get the source NAT IP address for this account
> > >     List<? extends IpAddress> sourceNatIps =
> > > _networkMgr.listPublicIpsAssignedToAccount(network.getAccountId(),
> > >             zoneId, true);
> > >
> > >     if (sourceNatIps.size() != 1) {
> > >         String errorMsg = "External firewall was unable to find the
> > source
> > > NAT IP address for account "
> > >     + account.getAccountName();
> > >         s_logger.error(errorMsg);
> > >         return true;
> > >     } else {
> > >         sourceNatIp =
> > _ipAddressDao.findById(sourceNatIps.get(0).getId());
> > >     }
> > > }
> > >
> > > How does the 'sourceNatIp' get set if 'sharedSourceNat' is true?
> > >
> > > Thanks,
> > >
> > > Will
> >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message