cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stavros Konstantaras <s.konstanta...@uva.nl>
Subject Re: Usage of public IP space
Date Wed, 20 Jan 2016 15:12:02 GMT
Yes, that is correct. The /24 that I have is routable and there are ACLs + Router controlling
incoming and outgoing traffic through that space (e.g. a VM in that space can not access other
resources of the organisation and vice versa). 

Thus, I want to use the rest of the space to assign it to my VMs and not just assign the full
IP space to Cloudstack’s public network.  I do have my own VLAN range so I can do L2 separation
of traffic and enforce my own security boundaries, however I am CL is not very flexible on
that. 

Cheers
Stavros

> On 20 Jan 2016, at 16:01, Simon Weller <sweller@ena.com> wrote:
> 
> Cloudstack does enforce networking boundaries and in any production setup, that's honestly
what you want it to do. 
> 
> Since you're getting delegated a network, it sounds as if your upstream network folks
are expecting you to manage and subnet said networks as you see fit.
> 
> I'm assuming the /24 you have is routable public space and not RFC 1918 space, correct?
> 
> If so, what are you doing in terms of protecting assets? Do you have a firewall in front
of it that can do layer 3 routing?
> 
> - Si
> ________________________________________
> From: Stavros Konstantaras <s.konstantaras@uva.nl>
> Sent: Wednesday, January 20, 2016 8:07 AM
> To: users@cloudstack.apache.org
> Subject: Re: Usage of public IP space
> 
> Ok that’s one option. I could use the head node as a router/gateway with some VLAN
translation but this will increase the complexity of the setup and will add some administration
overhead (we use CS to make our lives simpler, correct? ).
> 
> Shall I assume that there is no other way to solve that easily inside?
> 
> Cheers
> Stavros
> 
>> On 20 Jan 2016, at 14:51, Simon Weller <sweller@ena.com> wrote:
>> 
>> Stavros,
>> 
>> One option you have is to place a linux (or *bsd)  box between your router and Cloudstack
and use that to break out your subnets). You could then hand off routed vlans to CS.
>> 
>> - Si
>> 
>> 
>> ________________________________________
>> From: Stavros Konstantaras <s.konstantaras@uva.nl>
>> Sent: Wednesday, January 20, 2016 7:47 AM
>> To: users@cloudstack.apache.org
>> Subject: Re: Usage of public IP space
>> 
>> Hi Simon,
>> 
>> Thought of it already but I can’t touch the router of my network to make and register
subnets on it. So I need to work around CS to make it work.
>> 
>> Regards
>> Stavros
>> 
>>> On 20 Jan 2016, at 14:40, Simon Weller <sweller@ena.com> wrote:
>>> 
>>> Can't you subnet it out to a /27?
>>> 
>>> 
>>> 
>>> ________________________________________
>>> From: Stavros Konstantaras <s.konstantaras@uva.nl>
>>> Sent: Wednesday, January 20, 2016 7:13 AM
>>> To: users@cloudstack.apache.org
>>> Subject: Usage of public IP space
>>> 
>>> Hi all,
>>> 
>>> I have a question regarding the public network on CS 4.6.
>>> 
>>> Currently, I have a /24 network of public & routable IP addresses. I want
to assign the first 30 of them to Cloudstack’s public network for using it in the system
VMs while keeping the rest of this space for my instances.
>>> 
>>> However, I don’t see it possible as I get the following exception when I register
the rest of the space in shared networks: "The IP range with tag: vlan://869 in zone NewZone
has overlapped with the subnet. Please specify a different gateway/netmask.”
>>> 
>>> Does anyone know a trick to make this happen? Thanks in advance
>>> 
>>> Kind Regards
>>> Stavros Konstantaras
>>> 
>>> ----------------------------
>>> Stavros Konstantaras
>>> Science faculty Research IT support (FEIOG)
>>> University of Amsterdam, Science Park 904, 1098 XH
>>> 
>>> Fingerprint: E5E5 9B19 D1CD 88CD 4763  3465 A8DC 7C92 330F D59A
>>> 
>> 
> 


Mime
View raw message