From dev-return-111549-archive-asf-public=cust-asf.ponee.io@cloudstack.apache.org Sat Jun 9 10:31:45 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id B4D58180648 for ; Sat, 9 Jun 2018 10:31:44 +0200 (CEST) Received: (qmail 38843 invoked by uid 500); 9 Jun 2018 08:31:43 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 38828 invoked by uid 99); 9 Jun 2018 08:31:42 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 09 Jun 2018 08:31:42 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 26B6A1A2776 for ; Sat, 9 Jun 2018 08:31:42 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.3 X-Spam-Level: X-Spam-Status: No, score=0.3 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id OwQcPCWrkYPp for ; Sat, 9 Jun 2018 08:31:39 +0000 (UTC) Received: from se01-out.mail.pcextreme.nl (se01-out.mail.pcextreme.nl [185.66.251.200]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id AD6F25F3BA for ; Sat, 9 Jun 2018 08:31:38 +0000 (UTC) Subject: Re: Multiple Physical Networks in Basic Networking (KVM) To: dev@cloudstack.apache.org, Dag Sonstebo References: <1f1e8257-0be3-ddab-9a21-b4003f425f25@widodh.nl> <260DAFB9-BD16-4BEC-B12B-861E7749EFA7@shapeblue.com> <8B209D5F-FD73-4E27-94A6-DE68E4DF96C3@shapeblue.com> <6bb70f4a-34bd-674f-ff53-adcaf400b227@widodh.nl> <43B75DCB-9BA9-4166-B328-AC39F3211E09@shapeblue.com> From: Wido den Hollander Openpgp: preference=signencrypt Autocrypt: addr=wido@widodh.nl; prefer-encrypt=mutual; keydata= xsBNBFPkomgBCADGA8E8Wm2bG2lSTggjk4i6iEHEA6EZJ9Ln2nTIGPg+QbRAZSYuPBtr0d6K kijiFzh0oujoQ5Q6UlK1sp3on7PIsmKeK5K54Ji+is28xPaUAoEVteTb/2XuLon/sobO+fzM v2nrZ63owjQRMUtuR9vJmZ+aODq0WyHUj4bw1WVIL3PBkQ5QuwDA6u5e/UlugvdVf+GMCFOM wOo8mh6IRtYQTqoUkiGydrAM8gFbOTA9rO4bFpbSbiu/e9FbDwdmj370YHFVd6s/wgNtOeKs pQVdWD8tJI8eI8g0L/HYfxD69BTnyI0YPjI1n/aDHRvh0F1usYoTXb2/18pDPNcjVfxvABEB AAHNO1dpZG8gZGVuIEhvbGxhbmRlciAoUENleHRyZW1lIEIuVi4ga2V5KSA8d2lkb0BwY2V4 dHJlbWUubmw+wsB4BBMBAgAiBQJT5KJoAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK CRB9xvI4O0zu2g9wB/9l6xuaRF1J3gQB7jAg/B2PnOM4KmjoFPMGSMtKs94rLoqmcn5GUD4H JEdSiP5USqh0OnLN6Knb1ZAASWzLOji9QLq+nPI8zjeMXChF2Qf7/qkP75MslH3wBxy16yl2 0yvd7wqZZXbc7vKSkxVMvJdxqf738d+Zc38u0z0cV43h77T3CvxZuEA13WeHK/eHQCXx3sBl zrjfylM0UbIDhntNWe9q5BYtOOQJpfq9t7DQwTQ6m7VFMrFBExP3ZdHIOvFKesrHyGAJLMw+ 8nMeEdWOe9TEsBgmhxny5TJmygNcekuzoaWSknyHn7vwLNSESejs/Vs3/duv/luZWbkpvaq/ zsBNBFPkomgBCACbkn7d8A2z/4691apLM07NyvkXBON7+HPtBm7LFJ2YnVcfc1AaX6d8XVnG s5aKMqaa5+ZVDpvKX0rUE9B8neQQ0UwUaEG8QlSuilBfAbDA1+8NtjIkoo7Vcy0PTJ1kGhgV D4cD98SIT+NpCB0Om9D80O14YP+ES9pkL3XEcixPy7LpLVTVMz2ZH1PXZy/pm7AdSHX/xcKG SctiO2C8jWq0VZdoQSP5hhnf4FOZdhTnp2bZFFgC/5EQ3tTrBMOJiftmOFf5ai5CLffoBRqN 8e8wsVohcdRKEDvMtdKJntncG3pmJIuDMSWQxhM1LrZ7UgeSBbrS+vCdyKplXwdDw/GJABEB AAHCwF8EGAECAAkFAlPkomgCGwwACgkQfcbyODtM7trA2gf/Ydp28gq6PFZZAycM4n4bUQ2p E34E91VBpJZlYGHJWoBbkBgf6eAzkWXZq2sDnnAjxPP9H7RWyPZGH4xRB4U7JdtAD4z46gWT 8qoWvkbwfZlrmxEPkyTIi05msiNYRk6iGOkb5Oob0yp03ROxZRGljiiLzS44BgK9M+n67DxC IlhSiSotHSfljbMUeMj1VXLrmusEw7Dtds5LzON2UZFd/AUJP6zj9GHCpTsvEwacsCdia683 44jzAsFJLduXHdNa9SKlreahe8fGmv8CAtQpD4OuLiDsqzzwkKPI6GAd1MqJQh5AwM0HarPt oDhu3Bo+SVdO5LIKLCmujjBbHZBHIw== Message-ID: <73e81916-c9c1-f72f-5fbb-017a28ed890f@widodh.nl> Date: Sat, 9 Jun 2018 10:31:29 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <43B75DCB-9BA9-4166-B328-AC39F3211E09@shapeblue.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Originating-IP: 2a00:f10:400:2:425:b2ff:fe00:1c1 X-SpamExperts-Domain: out.pcextreme.nl X-SpamExperts-Username: 2a00:f10:400:2:425:b2ff:fe00:1c1 Authentication-Results: mail.pcextreme.nl; auth=pass smtp.auth=2a00:f10:400:2:425:b2ff:fe00:1c1@out.pcextreme.nl X-SpamExperts-Outgoing-Class: ham X-SpamExperts-Outgoing-Evidence: Combined (0.03) X-Recommended-Action: accept X-Filter-ID: EX5BVjFpneJeBchSMxfU5gUWs7w3tH5ZkGFRaN2ArLZ602E9L7XzfQH6nu9C/Fh9KJzpNe6xgvOx q3u0UDjvO8iOFiy1Zh+at7ab+mPudvOPIwKqP3wdNNrgGu66K2bZrOm1XVJjBdLK8iSb7oW884SM ONPazwP/fe56BNfY88Dnx8yeplRO3sLIqUlSH7OGC27P3oMsL6OkVbvI9W2KuNVKCGR3hoh079d8 W1qhRsXF6sneCoABXNA5+FmegTBD21cB5II4BuTcvRvTR+yZm2Ml2wa8XEYLrjvybBVJkBEynJtH jzlJGUDX+haZMx3PKTJbCCEFCLCAhHykeLiXaIBNnkB5aIMVHGLNK8UPpiPR/V3sf/S6vH9NqYDT kbe0aLF9oR4h/cimU4+CaJVmmrHPTPzn4IxtSHQ+ZI1kLS+E8kK9wuzHcxCXuQ6oHsVW+C2oGJpK 24NRXejFqdqnQY+acSNOKO6hc+iU/nB+AJp1u6LSJPeTiWmfJ8LzmC4YQqNCPyimfZ/1Hfi8R2w3 qux0f/F3SGA9aXI/7qIBToqmwlnrTmz3ihJOFq2800+JGplHcpVCCoX989hgB8R+yA8tbm/RjbId OWC1JUKZ280RGppjNNVsTbwPU0HXkdY7bKqjqyP+UMiN2qlssOsyEZ8kfyT5N82ws551hc9EVa8H mFDqewO9xyOqCYO8P1aHqjpXdU4pJ19DsVQ1rr9bnbfq7vSBZTvY12lHvjojeO7Sq9f+iRuJKtad m95N83nIwWeeuXbPBnybqBy4hn84a7z66AKD1UNAojpSMVuQDgQ6AFYZkdX+zwA55L9slvHg0QO3 toOK0eWo0fgFXGX8flNu3W0QYhbViGpkBbaAyToIPUaeNrbOpDPFr3gk75lsctgzcDoFd+96Xw4Q UNtTncxneJHBK4mxlTA8Qn+XVuP1d+n2LUf0eqCtJki9MaTC9sVKUkkNDnld6n/ffmBnxz7krmdG via6lC0xhNJDNgLG0DQQU5mEnDeQWuyXiJOZvzBmgWOpVgHABM8iVVdczIeCbXRa4ACkDqfQvFP5 wlLbVwHkgjgG5Ny9G9NH7JmbrFyR3zG+deKhz4ZvSHVXF/fc8uJBpsdB91qzB8FJ0Dyj4LHe2mff sebzuZSzXazc X-Report-Abuse-To: spam@semaster01.mail.pcextreme.nl On 06/08/2018 03:54 PM, Dag Sonstebo wrote: > Ivan – not sure how you deal with per-network VM bandwidth (or what your use case is) so probably worth testing in the lab. > Isn't that done by libvirt in the XML? In Basic Zone at least that works. It is part of the service offering. > Wido – agree, I don’t see why our current “basic zone” can’t be deprecated in the long run for “advanced zone with security groups” since they serve the same purpose and the latter gives more flexibility. There may be use cases where they don’t behave the same – but personally I’ve not come across any issues. > I wouldn't know those cases. I'll test and see how it works out. Give me some time and I'll get back to this topic. Might even be possible to convert a Basic Zone to a Advanced Zone by doing some database mutations. Wido > Regards, > Dag Sonstebo > Cloud Architect > ShapeBlue > > On 08/06/2018, 14:44, "Wido den Hollander" wrote: > > > > On 06/08/2018 03:32 PM, Dag Sonstebo wrote: > > Hi Ivan, > > > > Not quite – “advanced zone with security group” allows you to have multiple “basic” type networks isolated within their own VLANs and with security groups isolation between VMs / accounts. The VR only does DNS/DHCP, not GW/NAT. > > > > Hmm, yes, that was actually what we/I is/are looking for. The main > reason for Basic Networking is the shared services we offer on a public > cloud. > > A VR dies as soon as there is any flood, so that's why we have our > physical routers do the work. > > I thought that what you mentioned is "DirectAttached" networking. > > But that brings me to the question why we still have Basic Networking > :-) In earlier conversations I had with people I think that on the > longer run Basic Networking can be dropped/merged in favor of Advanced > Networking with Security Groups then, right? > > Accounts/VMs are deployed Inside the same VLAN and isolation is done by > Security Groups. > > Sounds right, let me dig into that! > > Wido > > > Regards, > > Dag Sonstebo > > Cloud Architect > > ShapeBlue > > > > On 08/06/2018, 14:26, "Ivan Kudryavtsev" wrote: > > > > Hi, Dag. Not exactly. Advanced zone uses VR as a GW with SNAT/DNAT which is > > not quite good for public cloud in my case. Despite that it really solves > > the problem. But I would like to have it as simple as possible, without VR > > as a GW and xNAT. > > > > пт, 8 июн. 2018 г., 15:21 Dag Sonstebo : > > > > > Wido / Ivan – I’m probably missing something – but is the feature you are > > > looking for not the same functionality we currently have in “advanced zones > > > with security groups”? > > > > > > Regards, > > > Dag Sonstebo > > > Cloud Architect > > > ShapeBlue > > > > > > On 08/06/2018, 14:14, "Ivan Kudryavtsev" wrote: > > > > > > Hi Wido, I also very interested in similar deployment, especially > > > combined > > > with the capability of setting different network bandwidth for > > > different > > > networks, like > > > 10.0.0.0/8 intra dc with 1g bandwidth per vm and white ipv4/ipv6 with > > > regular bandwidth management. But it seem it takes very big redesign > > > of VM > > > settings and VR redesign is also required. > > > > > > When I tried to investigate if it possible with ACS basic network, > > > didn't > > > succeed with any relevant information. > > > > > > > > > пт, 8 июн. 2018 г., 14:56 Wido den Hollander : > > > > > > > Hi, > > > > > > > > I am looking into supporting multiple Physical Networks inside onze > > > > Basic Networking zone. > > > > > > > > First: The reason we use Basic Networking is the simplicity and the > > > fact > > > > that our (Juniper) routers can do the routing and not the VR. > > > > > > > > ALL our VMs have external IPv4/IPv6 addresses and we do not use NAT > > > > anywhere. > > > > > > > > But right now a Hypervisor has a single VLAN/POD going to it > > > terminated > > > > on 'cloudbr0' using vlan://untagged. > > > > > > > > But to better utilize our physical hardware it would be great it > > > Basic > > > > Networking would support multiple physical networks using VLAN > > > separation. > > > > > > > > For example: > > > > > > > > - PhysicalNetwork1: VLAN 100 > > > > - PhysicalNetwork2: VLAN 101 > > > > - PhysicalNetwork3: VLAN 102 > > > > > > > > I've been looking into DirectAttached with Advanced Networking, but I > > > > couldn't find any reference to it on how that exactly works. > > > > > > > > Right now for our use-case Basic Networking with multiple Physical > > > > Networks would work best for us. > > > > > > > > Has anybody looked at this or has any insight of the problems we > > > might > > > > run in to? > > > > > > > > Wido > > > > > > > > > > > > > > > > Dag.Sonstebo@shapeblue.com > > > www.shapeblue.com > > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > > > @shapeblue > > > > > > > > > > > > > > > > > > > > Dag.Sonstebo@shapeblue.com > > www.shapeblue.com > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > > @shapeblue > > > > > > > > > > Dag.Sonstebo@shapeblue.com  > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > @shapeblue > > >