cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sonali Jadhav <son...@servercentralen.se>
Subject RE: Networking in Advance zone with security groups enabled
Date Fri, 06 Feb 2015 13:04:12 GMT
Ok, then can we add multiple vlans on that guest NIC?

/Sonali

-----Original Message-----
From: Nux! [mailto:nux@li.nux.ro] 
Sent: Friday, February 6, 2015 6:04 PM
To: users@cloudstack.apache.org
Subject: Re: Networking in Advance zone with security groups enabled

Sonali,

Correct, there is no isolated network in Adv zone with SG. No nat, no firewall, no load balancer.
What you get from a network perspective is 1 NIC (IP via DHCP) and security groups, that's
it.

HTH
Lucian

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

----- Original Message -----
> From: "Sonali Jadhav" <sonali@servercentralen.se>
> To: users@cloudstack.apache.org
> Sent: Friday, 6 February, 2015 11:13:55
> Subject: RE: Networking in Advance zone with security groups enabled

> Ok I get it.
> 
> But again, does that mean there would be no "shared guest" network and 
> "isolated guest" network offerings in "Advance zone with security groups"?
> 
> Coz, I understood that, in case of "isolated guest" network, VR is 
> responsible for NAT, firewall and load balancing functions, which 
> doesn’t happen in case of "shared guest" network. So I want to know if 
> this exist in case of ""Advance zone with security groups" as well.
> 
> 
> /Sonali
> 
> -----Original Message-----
> From: Nux! [mailto:nux@li.nux.ro]
> Sent: Friday, February 6, 2015 4:10 PM
> To: users@cloudstack.apache.org
> Subject: Re: Networking in Advance zone with security groups enabled
> 
> Hello Sonali,
> 
> In an advanced zone with security groups the guest and public network 
> are combined in one. It's very similar to the Basic zone.
> So you will end up with a network and all your VMs will be connected 
> to it. You will want to use "public" IPs and there will be no NAT involved.
> 
> Although you can add more than one network, a VM cannot be connected 
> to more than 1 at a time.
> 
> You will have a VR which is there to provide DHCP, user data, 
> passwords; it will not route traffic.
> You will not be able to use the "firewall" feature though obviously 
> you will be able to use Security Groups. There is no load balancer or 
> VPN feature available, as well.
> 
> The main advantage is that the traffic of your VMs bypasses the VR and 
> goes out through the host directly, the security groups (iptables 
> rules) are also applied on the host; this gives it significantly more 
> performance than an Advanced zone.
> 
> So look at what your needs are and choose the appropriate type of zone.
> 
> 
> HTH
> Lucian
> 
> --
> Sent from the Delta quadrant using Borg technology!
> 
> Nux!
> www.nux.ro
> 
> ----- Original Message -----
>> From: "Sonali Jadhav" <sonali@servercentralen.se>
>> To: users@cloudstack.apache.org
>> Sent: Friday, 6 February, 2015 09:26:15
>> Subject: RE: Networking in Advance zone with security groups enabled
> 
>> So basically in "Advance zone with security groups" on guest network 
>> we'll be creating both logical networks? i.e. Shared network and 
>> Isolated networks?
>> 
>> So, if we use only Advance zone, then there will be guest and public 
>> networks, and we can create isolated network on Public traffic 
>> interface and shared network on Guest traffic interface.
>> 
>> Where as in case of Advance zone with Security groups, there will be 
>> only Guest interface, and we can create both types of logical 
>> networks on same guest traffic interface.
>> 
>> So I want to understand that, why there is this difference, what 
>> advantage we get in it?
>> 
>> (actually I am planning production ready CloudStack deployment
> > architecture, so want to understand what's better)


Mime
View raw message