cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Burke <n...@nickburke.com>
Subject Re: Some network offerings missing after creating them
Date Thu, 05 Sep 2013 05:57:04 GMT
Hi Geoff,

Thanks again for your reply and patience. I'm relieved to hear it's
possible with a little elbow grease!

I have no problem starting again what-so-ever with anything. This is
preproduction. I've been doing regular 'drop database cloud's so anything
dangerous can easily be done.

I think a large part of my problem is there is no "add guest network" in
Infrastructure / Zones / your-zone-name / Physical Network Tab /
your-network-name (the one with Guest Traffic) / Guest-Configure / Network
Tab. (See screen shot:  http://i.imgur.com/fOtttgD.png ). There are no
"right click" options either. I'm running version  4.1.1, if there is some
kind of version thing happening here.


Regarding API, can I use cloudmonkey or do I have to start doing research
into the API calls?


On Wed, Sep 4, 2013 at 6:18 PM, Geoff Higginbottom <
geoff.higginbottom@shapeblue.com> wrote:

> Hi Nick
>
> What you are trying to do is achievable, but you need to start again, as
> once you have created a network which has taken its VLAN from the Default
> Guest VLAN range you cannot change the network Offering to one which has
> the 'Specify VLAN' option set.
>
> Fortunately you can create the new networks you need using the correct
> Network Offerings, then use the 'addNicToVirtualMachine' and
> 'removeNicFromVirtualMachine' API commands to add the new Networks to the
> VM, and remove the old ones.
>
>
>
> I would create two network offerings, I'll call them 'External' and
> 'Internal'
>
> 'External' should not have any 'Services' as it does not need them, that
> way no VR will be created for this Network. Assign a 'Name'& 'Description',
> and check the 'Specify VLAN' option as you want to manually set the VLAN ID
> so it can connect to your external physical Router.  You do not need the
> 'Persistent' feature as there will be no VR.
>
> 'Internal' should have 'Specify VLAN' checked and 'DHCP' and 'DNS'
> services enabled, all set to 'Virtual Router' You don't need the
> 'Persistent' option as this simply keeps the VR running when you have no
> VMs, and as you want to run a 'Intrusion Detection' VM you will always have
> one running, and the VLAN is persistent even if do shut all VMs down, as
> you used the 'Specify VLAN' option.
>
> To actually create the networks you cannot use the main 'Network' tab, you
> must navigate to:
>
> Infrastructure / Zones / your-zone-name / Physical Network Tab /
> your-network-name (the one with Guest Traffic) / Guest-Configure / Network
> Tab
>
> Then click 'Add Guest Network' and set the 'scope' to account, you will
> now see the two new Network Offerings listed (as long as you enabled them).
>  Create the 'External' Network with 'VLAN ID' of 200 and 'Guest Gateway'
> set to the IP of the Physical Router connected to the Internet.  Set the
> 'Guest Start IP' and 'Guest End IP' range so that it spans the IP you want
> to allocate to the External interface of your VM.  Although you will be
> setting the IP on the VM manually, and even though we did not assign the
> DHCP service to this Network, CloudStack will still allocate an IP to this
> VM and this will appear in the GUI.  To keep things neat I always use the
> API to allocate the IP of the VM when I create it so that the CloudStack
> allocated IP and my manually configured IP are the same.
>
> Repeat the process to create your 'Internal' network, setting the 'VLAN
> ID' to 100, the 'Guest Gateway' to the IP you intend to allocate to the
> Internal Interface of your Intrusion Detection VM, and setting 'Guest Start
> IP' and 'Guest End IP', ensuring they do not overlap the Guest Gateway.
>  Note that the VR which gets created to handle the DHCP and DNS will be
> allocated the 1st IP from the Guest Range.
>
> Now create your Intrusion Detection VM using the API and not the GUI so
> you can specify the IPs for the External and Internal Interfaces, and set
> the External as the Default.  Once created, you can add additional VMs onto
> the Internal Network, and they will use the 'Intrusion Detection VM' as
> their Gateway.
>
> Note that the VLANs you use for the External and Internal networks must be
> outside of the default Guest VLAN Range.
>
> Regards
>
> Geoff Higginbottom
>
> D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581
>
> geoff.higginbottom@shapeblue.com
>
> -----Original Message-----
> From: Nick Burke [mailto:nick@nickburke.com]
> Sent: 04 September 2013 18:56
> To: users@cloudstack.apache.org
> Subject: Re: Some network offerings missing after creating them
>
> Hello Geoff,
>
> Thank you for replying!
>
> I went there and tried to change it to the service offering I wanted, but
> once again the only one available is
> DefaultIsolatedNetworkOfferingWithSourceNatService. There is no associated
> VM's with this network. I can't add anything on that scree
>
> Here is a screenshot: http://imgur.com/ljrVYgP
>
>
> I think I'm missing something dreadfully obvious or I'm not being clear on
> what I'm trying to accomplish... or both! :-)
>
>
> Here is my end goal:
>
> IE: VLAN100 has a public/static IP of 4.2.2.2/24 (internet facing) ->
> Intrusion Prevention System (aka, a cloudstack VMserver running linux) ->
> VLAN200  public/static 4.3.3.3/24
>
>
> Both virtual nics are public IP addresses. One side is on one vlan, the
> other side is on a different one. All traffic routed from the internet must
> go through this virtual machine to reach the target 4.3.3.3/24 network
> and vice versa.
>
>
>
>
> On Wed, Sep 4, 2013 at 2:59 PM, Geoff Higginbottom <
> geoff.higginbottom@shapeblue.com> wrote:
>
> > Nick,
> >
> > You need to go to Infrastructure / Zone / Phys Networks / Guest
> > Networks etc to use this type of network offering.
> >
> > The Networks Tab only shows network offerings which have the 'Source NAT'
> > service enabled
> >
> > Regards
> >
> > Geoff Higginbottom
> > CTO / Cloud Architect
> >
> >
> > D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:
> > +442036030540> | M: +447968161581<tel:+447968161581>
> >
> > geoff.higginbottom@shapeblue.com<mailto:geoff.higginbottom@shapeblue.c
> > om>
> > | www.shapeblue.com
> >
> > ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS
> >
> >
> >
> > On 4 Sep 2013, at 17:53, "Nick Burke" <nick@nickburke.com<mailto:
> > nick@nickburke.com>> wrote:
> >
> > Thank you for the reply!
> >
> > I am logged in through the GUI as the default admin user under the
> > ROOT domain. Just a quick clarification: I can see it under "Network
> > Offerings", but I can't actually use it/see it when I try to deploy an
> > instance and/or when creating a network.
> >
> > According to cloudmonkey, it's enabled (this is the default system
> > created one I'd like to use);
> >
> > CLOUD> list networkofferings
> > count = 8
> > networkoffering:
> > name = DefaultIsolatedNetworkOffering
> > id = 14b2f56b-b941-4495-a9e6-377a756bee70
> > availability = Optional
> > conservemode = True
> > displaytext = Offering for Isolated networks with no Source Nat
> > service forvpc = False guestiptype = Isolated isdefault = True
> > ispersistent = False networkrate = 200
> > service:
> > name = Dhcp
> > provider:
> > name = VirtualRouter
> >
> > ======================================================================
> > ==========
> > name = UserData
> > provider:
> > name = VirtualRouter
> >
> > ======================================================================
> > ==========
> > name = Dns
> > provider:
> > name = VirtualRouter
> >
> > ======================================================================
> > ========== serviceofferingid = d430a7fc-e294-4940-bd32-bb57a9caff3e
> > specifyipranges = True
> > specifyvlan = True
> > state = Enabled
> > traffictype = Guest
> >
> >
> > This is the one I created myself:
> >
> > CLOUD> list networkofferings id="e00234b0-9252-4541-9f82-7d575b8b131e"
> > count = 1
> > networkoffering:
> > name = test
> > id = e00234b0-9252-4541-9f82-7d575b8b131e
> > availability = Optional
> > conservemode = False
> > displaytext = test
> > forvpc = False
> > guestiptype = Isolated
> > isdefault = False
> > ispersistent = True
> > networkrate = 200
> > service:
> > name = Dhcp
> > provider:
> > name = VirtualRouter
> >
> > ======================================================================
> > ==========
> > name = UserData
> > provider:
> > name = VirtualRouter
> >
> > ======================================================================
> > ==========
> > name = Dns
> > provider:
> > name = VirtualRouter
> >
> > ======================================================================
> > ========== serviceofferingid = d430a7fc-e294-4940-bd32-bb57a9caff3e
> > specifyipranges = True
> > specifyvlan = True
> > state = Enabled
> > traffictype = Guest
> >
> >
> >
> >
> > On Wed, Sep 4, 2013 at 1:48 PM, Chiradeep Vittal <
> > Chiradeep.Vittal@citrix.com<mailto:Chiradeep.Vittal@citrix.com>> wrote:
> >
> > If the offering has 'specify VLAN', then only the admin should be able
> > to see it.
> > You can also use cloudmonkey to verify the offerings.
> >
> >
> > On 9/4/13 12:00 PM, "Nick Burke" <nick@nickburke.com<mailto:
> > nick@nickburke.com>> wrote:
> >
> > I've read the documents, but I can't seem to find anything about this
> > even after google searching.
> >
> > Here is what I'm trying to accomplish: I'd like to have an external
> > hardware router handle the routing for certain networks. It's on VLAN10.
> >
> > Here is what I'm seeing: Only one network offering is showing up under
> > "network offering" in create a network and for instances. It is "
> > DefaultIsolatedNetworkOfferingWithSourceNatService"
> >
> >
> > I've tried creating a new network offering with specify vlan and
> > specify IP addresses, but it doesn't seem to ever show up to be used.
> > Additionally, there is a system created one that looks like it could
> > do it, "DefaultIsolatedNetworkOffering" but it too doesn't show up.
> >
> > If I create a network offering with the exact same options as as
> > DefaultIsolatedNetworkOfferingWithSourceNatService, it does show up
> > and can be used.
> >
> >
> > I'm in advanced networking mode for the zone, and as far as I can tell
> > everything is working well as expected.
> >
> > Does anyone have any place they can point me to for this or offer some
> > advice as to why at least the system DefaultIsolatedNetworkOffering
> > can't be used?
> >
> > --
> > Nick
> >
> > *'What is a human being, then?'
> > 'A seed'
> > 'A... seed?'
> > 'An acorn that is unafraid to destroy itself in growing into a tree.'
> > -David Zindell, A Requiem for Homo Sapiens*
> >
> >
> >
> >
> > --
> > Nick
> >
> > *'What is a human being, then?'
> > 'A seed'
> > 'A... seed?'
> > 'An acorn that is unafraid to destroy itself in growing into a tree.'
> > -David Zindell, A Requiem for Homo Sapiens* This email and any
> > attachments to it may be confidential and are intended solely for the
> > use of the individual to whom it is addressed. Any views or opinions
> > expressed are solely those of the author and do not necessarily
> > represent those of Shape Blue Ltd or related companies. If you are not
> > the intended recipient of this email, you must neither take any action
> > based upon its contents, nor copy or show it to anyone. Please contact
> > the sender if you believe you have received this email in error. Shape
> > Blue Ltd is a company incorporated in England & Wales. ShapeBlue
> > Services India LLP is operated under license from Shape Blue Ltd.
> > ShapeBlue is a registered trademark.
> >
>
>
>
> --
> Nick
>
> *'What is a human being, then?'
> 'A seed'
> 'A... seed?'
> 'An acorn that is unafraid to destroy itself in growing into a tree.'
> -David Zindell, A Requiem for Homo Sapiens*
> This email and any attachments to it may be confidential and are intended
> solely for the use of the individual to whom it is addressed. Any views or
> opinions expressed are solely those of the author and do not necessarily
> represent those of Shape Blue Ltd or related companies. If you are not the
> intended recipient of this email, you must neither take any action based
> upon its contents, nor copy or show it to anyone. Please contact the sender
> if you believe you have received this email in error. Shape Blue Ltd is a
> company incorporated in England & Wales. ShapeBlue Services India LLP is
> operated under license from Shape Blue Ltd. ShapeBlue is a registered
> trademark.
>



-- 
Nick

*'What is a human being, then?'
'A seed'
'A... seed?'
'An acorn that is unafraid to destroy itself in growing into a tree.'
-David Zindell, A Requiem for Homo Sapiens*

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message