cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ron Wheeler <>
Subject Re: Really really confused about Cloudstack networking
Date Sun, 28 Feb 2016 02:21:19 GMT
I would be willing to work with someone who really knows the networking 
to fix the docs.

I have made specific suggestions about what I think needs to be changed 
but it does require input from someone who actually understands 
Cloudstack networking to properly fix the docs.

It would also be helpful to have the sources  to the drawings. I could 
not find them in the git project but perhaps I did not look in all 
possible places.


On 27/02/2016 5:56 PM, Simon Weller wrote:
> I do agree that the docs are confusing, especially if you have a limited knowledge of
networking concepts.
> In terms of the complexity, a lot of that has to do with the fact that every company
has different service requirements and ACS needs to be flexible enough to accommodate very
different underlying needs.
> It's always best to start with a basic zone, unless you REALLY need some functionality
within an advanced zone. As soon as you move into advanced zone networking, you need to have
a good understanding of layer 2/3 networking.
> If all you want to do is place public IP addresses on VMs directly, then a basic zone
is what you want. If you want to build complicated relationships between VMs using separate
L2 segments (with L3 routing within ACS), then you'll need advanced networking. Advanced networking
does open up a lot of exciting possibilities, including various SDN controllers, native VXLAN
(on KVM), GRE and many more options.
> Before you dive into the more specialized areas of ACS networking, it's always best to
start with something simple, so you can get your head around some of the general concepts.
> So Ron, to  answer your questions more directly:
> Basic Zone guest network is what you use for public ips. Basic zone is very simple and
doesn't offering any physical  private from public traffic separation. That's where security
groups come in (Think AWS style networking here). Now you can use multiple interfaces though
I believe, although I've never tried that before.
> In terms of DNS, you can use the same DNS server for both. I wasn't actually aware basic
zone gave you this option. Normally this is used for split DNS, where you may have internal
records not exposed publicly.
> As Lucian pointed out, ISCSI should be an available option under XenServer when you create
the primary storage.
> There should be no need for your primary storage network to need to talk to the management
server. The secondary storage network will need to be able to talk to the management server
when you pre-seed the XenServer specific templates during setup.
> All of our clouds are advanced networking based, so team, feel free to jump in if I've
stated anything incorrectly ;-)
> - Si
> ________________________________________
> From: Ron Wheeler <>
> Sent: Saturday, February 27, 2016 8:13 AM
> To:
> Subject: Re: Really really confused about Cloudstack networking
> I am also stuck trying to sort out networking so Josh has my sympathies.
> The networking docs are really confusing.
> They wander from general to specific.
> They mix the general architecture with specific hardware discussions
> without any context for the switch or any explanation of why the
> hardware specific note needs to be known to everyone.
> I have earlier made specific suggestions about how reorganize the docs
> but no one seems to be working in this area.
> I think that part of the problem is that the larger organizations have
> dedicated network experts who are working in networking everyday whereas
> smaller organizations have generalists and once the network is set up,
> it runs on its own for years until you want to do something like Cloudstack.
> To help this type of user, the docs need to be reorganized and simplified.
> The Shapeblue article is much better than the Cloudstack docs.
> It is great that it is available but the official docs should be improved.
> I did ask where the drawing sources are located but did not get a response.
> Ron
> On 27/02/2016 3:27 AM, Nux! wrote:
>> Hello Josh,
>> Networking is the single biggest cause of headaches with Cloudstack, once you get
it right the rest is easier.
>> I recommend to read
>> >From what you described, it looks like what you need is either a Basic Zone or
Advanced Zone with Security Groups.
>> I have a ACS+Xenserver setup and when I go to Infrastructure > Primary Storage
I definitely see "iscsi" as an option in the storage type.
>> HTH
>> Lucian
>> --
>> Sent from the Delta quadrant using Borg technology!
>> Nux!
>> ----- Original Message -----
>>> From: "Josh Davis" <>
>>> To:
>>> Sent: Saturday, 27 February, 2016 01:00:49
>>> Subject: Really really confused about Cloudstack networking
>>> I have been tinkering about cloudstack but every single guide seems to be
>>> centered around the public IPs being NATed to the guest VMs. To be honest the
>>> more I think about it the more I get confused so I'm posting here in hopes that
>>> someone will guide me through this.
>>> I have tried to pen down what I'm looking for and I hope it's clear enough:-
>>> have a block of public routable IPs which I want to assign to individual VMs-
>>> These VMs run linux and are intended to function as web servers- I have no need
>>> for inter-VM private interactions except for via the public network- These VMs
>>> all reside in a single cloudstack cloud for high availability and resource
>>> balancing- The HVs in the cloud are connected to a central SAN running iSCSI-
>>> The HVs run XenServer
>>> I'm confused with:- Do I set the guest network as the public IP range?- Internal
>>> DNS = Public DNS?- Does the management server need to have access to the
>>> storage network?- Why don't I have the option to choose iSCSI when I try to add
>>> a primary storage?- Basically everything
> --
> Ron Wheeler
> President
> Artifact Software Inc
> email:
> skype: ronaldmwheeler
> phone: 866-970-2435, ext 102

Ron Wheeler
Artifact Software Inc
skype: ronaldmwheeler
phone: 866-970-2435, ext 102

View raw message