cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geoff Higginbottom <>
Subject RE: Advanced networking CloudStack 4.3
Date Fri, 03 Oct 2014 06:31:57 GMT
Morning Jeremy

Some more detail of your infrastructure would be helpful such as total number of NICs (I assume
you have two), whether your storage (on eth 1) is only Primary Storage and if so where your
Secondary Storage will be located (and which NIC will access it) etc

CloudStack maps its Physical Networks to a Bridge, and a Bridge is mapped to either a single
Interface or a Bond - see for more

Recommended Bonding Modes when LACP is not available on the switch stack are

  Mode1 for Management and Storage
  Mode 6 For Guest and Public

IF you want both Networks where the VMs are behind a Virtual Router, and you also want VMs
with a real Public IP directly connected to the Internet, then you want to use standard Advanced
Networking, and not Advanced with Security Groups.

System VMs recycling are a sign that when they are booting they cannot communicate with either
the Management Server or the 'Internal' DNS Servers or they cannot PING the Public Gateway.
 This is often caused by the KVM Traffic Labels not being set to the appropriate Bridge Name
for each type of CloudStack Traffic (Management, Guest and Public).  Note the CloudStack 'Storage'
is optional, and only really required if you have a NIC (or pair of NICs bonded) which you
want to use specifically for Secondary Storage Traffic, otherwise the SSVM will simply use
its Management Interface to access the NFS Sec Storage.

It looks like you have the following NIC Allocations

eth 0 - Public
eth 1 - Management
eth 2 - Primary Storage

Therefore you need to create Bridge for each one such as eth 0 = cloudbr0, eth 1 = cloudbr1
etc and when adding the Zone, set the traffic labels to

Management - cloudbr1
Guest - cloudbr0
Public - cloudbr0 (yes the same as public as the physical NIC will handle both)
Storage - Optional and probably not used if your NFS Storage is accessible from eth 1
Note:  You do not tell cloudstack which NIC to use for Primary Storage, your hypervisor works
this out based in the CIDR of the Primary Storage

You will then create 'Isolated' networks for VMs to sit behind a Virtual Router, and Shared
Networks with an IP schema in the available Public IP range for VMs requiring direct Internet
Public IPs etc

Check out these links for more info


Geoff Higginbottom

D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581

-----Original Message-----
From: Jeremy Peterson []
Sent: 02 October 2014 22:16
Subject: Advanced networking CloudStack 4.3

Good afternoon all or morning depending where you are,

Truly looking for some help.  This question has probably been asked a hundred times but I
cannot find a good resource for it.

I am looking to deploy CloudStack using KVM on centos 6.5 using ISCSI multipath hence the
reason for CLVM.  I want advanced networking because I've using CLVM as primary storage. I
want to offer virtual routers with public IP's and be able to deploy VM's with a public IP
directly attached.  If that's not possible that's ok.

When I deploy advanced networking do I choose security groups or not?

Now I've done it both ways and had issues with each.  If there is a good way to do it let
me know because I can't find it.

My SSVM and console VM's have recycled 100's of times.

I've had issues where my SSVM is trying to bridge on eth2 where eth2 is my management NIC
on the hypervisor.

Currently I sit at a clean install of cloudstack-management and my cloudstack-agent is stopped
on my two kvm hosts.

My storage is on eth1 and public is on cloudbr0 which is bridged off eth0.

Jeremy Peterson

Find out more about ShapeBlue and our range of CloudStack related services

IaaS Cloud Design & Build<>
CSForge – rapid IaaS deployment framework<>
CloudStack Consulting<>
CloudStack Infrastructure Support<>
CloudStack Bootcamp Training Courses<>

This email and any attachments to it may be confidential and are intended solely for the use
of the individual to whom it is addressed. Any views or opinions expressed are solely those
of the author and do not necessarily represent those of Shape Blue Ltd or related companies.
If you are not the intended recipient of this email, you must neither take any action based
upon its contents, nor copy or show it to anyone. Please contact the sender if you believe
you have received this email in error. Shape Blue Ltd is a company incorporated in England
& Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated
under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated
in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company
registered by The Republic of South Africa and is traded under license from Shape Blue Ltd.
ShapeBlue is a registered trademark.
View raw message