Return-Path: X-Original-To: apmail-cloudstack-users-archive@www.apache.org Delivered-To: apmail-cloudstack-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id AB92310DC9 for ; Mon, 23 Dec 2013 10:43:15 +0000 (UTC) Received: (qmail 38229 invoked by uid 500); 23 Dec 2013 10:43:14 -0000 Delivered-To: apmail-cloudstack-users-archive@cloudstack.apache.org Received: (qmail 38173 invoked by uid 500); 23 Dec 2013 10:43:13 -0000 Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cloudstack.apache.org Delivered-To: mailing list users@cloudstack.apache.org Received: (qmail 38154 invoked by uid 99); 23 Dec 2013 10:43:06 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 Dec 2013 10:43:06 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of shanker.balan@shapeblue.com designates 213.199.154.11 as permitted sender) Received: from [213.199.154.11] (HELO emea01-am1-obe.outbound.protection.outlook.com) (213.199.154.11) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 Dec 2013 10:42:59 +0000 Received: from DBXPR07MB318.eurprd07.prod.outlook.com (10.141.12.140) by DBXPR07MB319.eurprd07.prod.outlook.com (10.141.12.141) with Microsoft SMTP Server (TLS) id 15.0.842.7; Mon, 23 Dec 2013 10:42:36 +0000 Received: from DBXPR07MB318.eurprd07.prod.outlook.com ([10.141.12.140]) by DBXPR07MB318.eurprd07.prod.outlook.com ([10.141.12.140]) with mapi id 15.00.0842.003; Mon, 23 Dec 2013 10:42:36 +0000 From: Shanker Balan To: CloudStack-Users Subject: Re: Bridge management network Thread-Topic: Bridge management network Thread-Index: AQHO/ahV1pve2ge+60GZO6CRoHfEM5phnAoA Date: Mon, 23 Dec 2013 10:42:36 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [124.40.244.169] x-forefront-prvs: 0069246B74 x-forefront-antispam-report: SFV:NSPM;SFS:(10009001)(51704005)(377454003)(13734003)(199002)(189002)(53754006)(24454002)(19580395003)(83322001)(83716003)(59766001)(80022001)(77982001)(65816001)(82746002)(66066001)(19580405001)(15974865002)(74662001)(74502001)(47446002)(31966008)(2656002)(63696002)(81686001)(90146001)(79102001)(80976001)(85852003)(56816005)(81816001)(81542001)(83072002)(54316002)(15395725003)(87266001)(69226001)(4396001)(33656001)(47976001)(50986001)(74366001)(47736001)(36756003)(74706001)(81342001)(56776001)(85306002)(87936001)(76796001)(74876001)(76786001)(49866001)(46102001)(76482001)(53806001)(51856001)(54356001);DIR:OUT;SFP:1101;SCL:1;SRVR:DBXPR07MB319;H:DBXPR07MB318.eurprd07.prod.outlook.com;CLIP:124.40.244.169;FPR:;RD:InfoNoRecords;A:1;MX:1;LANG:en; Content-Type: text/plain; charset="Windows-1252" Content-ID: <334E638F38EC0C42BD1AAF946B132490@eurprd07.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: shapeblue.com X-Virus-Checked: Checked by ClamAV on apache.org Hi Robert, Comments inline. On 20-Dec-2013, at 10:53 pm, Robert Navarro wrote: > Hey All, > > I realize that this is a highly unusual use case, but here we are. > > I have a 2U, 4 node server going to the Colo and I want to use all the > nodes as vm hosts. > > The biggest thing though, I want to firewall off the management network > using pfSense or some other software firewall VM that also resides on the= se > hosts. Ok. > Now I figure I can run two KVM VMs on two separate physical hosts outside > of CloudStack to accomplish this, but I was wondering if there was a way = to > pipe the management network into a CloudStack managed VM so I can take > advantage of the HA stuff that CloudStack offers. The CloudStack VM HA features are available only when a shared primary stor= age is being used (NFS, iSCSI, FCOE). Are you planning to use a shared storage service in your CloudStack setup? > Let me know if you want to know any of the particulars of the networking > layout and I'd be more than happy to supply the details. While I have not personally tried what you are attempting but I don=92t see any reason why you can=92t do it. I would however be concerned from an oper= ability point of view - what would happen to your gateway VM: a) If primary storage is unreachable b) If primary storage is down for maintenance Am sure there will be a lot more gotchas along the way which will require =93workarounds=94. >From an uptime SLA perspective, I would stick to having a management network out-of-band from the production network. Regards. -- @shankerbalan M: +91 98860 60539 | O: +91 (80) 67935867 shanker.balan@shapeblue.com | www.shapeblue.com | Twitter:@shapeblue ShapeBlue Services India LLP, 22nd floor, Unit 2201A, World Trade Centre, B= angalore - 560 055 Need Enterprise Grade Support for Apache CloudStack? Our CloudStack Infrastructure Support offers the best 24/7 SLA for CloudStack Environments. Apache CloudStack Bootcamp training courses **NEW!** CloudStack 4.2 training 08/09 January 2014, London 13-17 January 2014, GLOBAL. Instructor led, On-line 20-24 January 2014, GLOBAL. Instructor led, On-line This email and any attachments to it may be confidential and are intended s= olely for the use of the individual to whom it is addressed. Any views or o= pinions expressed are solely those of the author and do not necessarily rep= resent those of Shape Blue Ltd or related companies. If you are not the int= ended recipient of this email, you must neither take any action based upon = its contents, nor copy or show it to anyone. Please contact the sender if y= ou believe you have received this email in error. Shape Blue Ltd is a compa= ny incorporated in England & Wales. ShapeBlue Services India LLP is a compa= ny incorporated in India and is operated under license from Shape Blue Ltd.= Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and= is operated under license from Shape Blue Ltd. ShapeBlue is a registered t= rademark.