Return-Path: X-Original-To: apmail-cloudstack-users-archive@www.apache.org Delivered-To: apmail-cloudstack-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2B73C185C0 for ; Thu, 28 May 2015 21:37:04 +0000 (UTC) Received: (qmail 44396 invoked by uid 500); 28 May 2015 21:36:52 -0000 Delivered-To: apmail-cloudstack-users-archive@cloudstack.apache.org Received: (qmail 44336 invoked by uid 500); 28 May 2015 21:36:52 -0000 Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cloudstack.apache.org Delivered-To: mailing list users@cloudstack.apache.org Received: (qmail 44319 invoked by uid 99); 28 May 2015 21:36:51 -0000 Received: from Unknown (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 May 2015 21:36:51 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 46CF8C9878 for ; Thu, 28 May 2015 21:36:51 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.9 X-Spam-Level: ** X-Spam-Status: No, score=2.9 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-us-west.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id fcgb7Qa2P19i for ; Thu, 28 May 2015 21:36:45 +0000 (UTC) Received: from mail-wi0-f171.google.com (mail-wi0-f171.google.com [209.85.212.171]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with ESMTPS id DA53D201E9 for ; Thu, 28 May 2015 21:36:44 +0000 (UTC) Received: by wicmc15 with SMTP id mc15so719476wic.1 for ; Thu, 28 May 2015 14:35:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=ApvBjNPTQ/4rtU/5c+RYS8cJpFo4iRfpJLD23OlpPtw=; b=rI/ZKpXGg1CXBe6XeU91GSFuv7wnjQ0Cd++TgxKXiNZAQA5Ai/y9itYOFBQx6t4vMj jDSNquAXWkaC//wmY8jtlO4VXR/810xlaJikP2sXAEeRacrWac37e5DqwKQGZtSxMAqg BFTN7HlCzOcV/XNU5CXAe9IwrZl9GOnOzPr7B356uprzC2DVJ1FyYSOGwTnZVSiF2gDp VEm70TtAoViRAVtcgAFMGyn3l55k7yIFCOjhhwVHLuvIYsU2UI6m0fUY41zGLEZ8JTZC u7SSvNHIO0VjYe1RSHoDEn0izpp+KQ2BpwxRHFCBxg4ewI7ZGSKB2rdbhmq+r4BG2yqn Yfng== MIME-Version: 1.0 X-Received: by 10.194.175.65 with SMTP id by1mr9141694wjc.152.1432848913704; Thu, 28 May 2015 14:35:13 -0700 (PDT) Received: by 10.28.224.135 with HTTP; Thu, 28 May 2015 14:35:13 -0700 (PDT) In-Reply-To: <556786E6.6040404@triadic.us> References: <55678499.5090306@triadic.us> <556786E6.6040404@triadic.us> Date: Thu, 28 May 2015 23:35:13 +0200 Message-ID: Subject: Re: Wrapping my mind around networking... From: Erik Weber To: "users@cloudstack.apache.org" Content-Type: multipart/alternative; boundary=089e013d196a84ac3105172b222e --089e013d196a84ac3105172b222e Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Thu, May 28, 2015 at 11:21 PM, Alex McWhirter wrote: > > On 05/28/2015 05:16 PM, Erik Weber wrote: > >> On Thu, May 28, 2015 at 11:11 PM, Alex McWhirter < >> alexmcwhirter@triadic.us> >> wrote: >> >> I'm working on a private cloud using cloudstack and im stuck on which >>> networking topology i should chose. Our network is segregated by VLANS >>> and >>> each department has it's own VLAN. I want to add each department into >>> CloudStack as a project and then add users into each project. Each >>> project >>> should have it's own VLAN. >>> >>> So the KVM hosts have two physical NIC's. One dedicated purely for NFS >>> and >>> the other for the rest of the networking. >>> >>> eth0 - General networking, VLAN trunk enabled >>> >>> eth1 - NFS, no VLAN trunking enabled. >>> >>> In the Basic mode i should be able to setup a single physical network >>> with >>> management labeled to eth0, storage labeled to eth1, and guest labeled = to >>> br0 (which is attached to eth0). >>> >>> But in this scenario how can i tell each project to tag it's guests >>> traffic to a different VLAN? >>> >>> Advanced mode seems way to complex for what i want to do. I don't need = a >>> public network. We have a hardware gateway for that. I don=E2=80=99t ne= ed any >>> virtual routers or anything like that as well. I just need a guest to >>> boot >>> tagged to a specific VLAN and the gateway should handle the DHCP and >>> routing. >>> >>> >> Basic network doesn't support multiple isolated networks (AFAIK). >> >> You would probably want to check out shared networks in advanced mode, >> that'll let you use your hardware router etc. >> I think you still need to provide a small public range for system vms an= d >> such, but your tenants won't have to use that, they can rely on shared >> networks. >> >> Do i have the wrong idea on what the public network is? Im taking publi= c > as in actual public IP space on the internet? > > Or is it something different like the network the management server uses > to talk to the KVM hosts? > Just to clarify why there is a distinct public network - not all companies/organizations/whatever allow internet access from (all) their networks. This way we're able to ensure that those VMs who needs it, usually system vms and routers, have internet access, while things like management and storage networks doesn't require that access. --=20 Erik --089e013d196a84ac3105172b222e--