cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <cloudstackh...@outlook.com>
Subject RE: No public network on zone
Date Tue, 08 Mar 2016 17:48:53 GMT


I tried tagging them differently but it gives me an error about more than one networks with
no tags specified to make a choice even though I tagged them all.






On Tue, Mar 8, 2016 at 3:42 AM -0800, "Sanjeev Neelarapu" <sanjeev.neelarapu@accelerite.com>
wrote:





Josh,

You are right, we should specifiy traffic lables if we want to use multiple nics.
VPC is not supported with security groupd. We don't need to use GRE isolation for guest networks
in VPC. It works only with VLAN isolation.

Thanks,
Sanjeev

-----Original Message-----
From: cloudstackhelp@outlook.com [mailto:cloudstackhelp@outlook.com]
Sent: Tuesday, March 08, 2016 3:10 PM
To: users@cloudstack.apache.org
Subject: RE: No public network on zone



Hi Sanjeev


Does it mean that if I have two guest NICs I tag them Guest1 and Guest2? Because the last
time I tried to have two guest NICs the setup gave an error about not knowing which label
to use.


Also, is VPC only available without security groups isolation? I can't seem to find the network
in the drop down list if I'm using sg isolation.


Also, do I need to use GRE isolation for guest network for VPC?


Thanks

Josh


From: Sanjeev Neelarapu

Sent: Tuesday, March 8, 15:03

Subject: RE: No public network on zone

To: users@cloudstack.apache.org



Hi Josh,


If you are using advanced zone with vlan isolation you can't use security groups for guest
traffic isolation, whereas if you use advanced zone with security groups enabled(instead of
vlan isolation) you can use security groups.


If we are using more than one physical network and wants to have guest traffic in all the
physical network, we have to specify tags on the physical network, and traffic labels for
each traffic type in all the physical networks.

These traffic lables should match with the nic names on the hypervisor.


Please refer to traffic labels in apache cloudstack admin guide.


Thanks,

Sanjeev


-----Original Message-----

From: cloudstackhelp@outlook.com [ mailto:cloudstackhelp@outlook.com]

Sent: Monday, March 07, 2016 7:08 PM

To: users@cloudstack.apache.org

Subject: RE: No public network on zone




Hi all,




I've played around more with the system. Am I correct to say that the following setup would
not be possible?




1. Advanced group with security group isolation



2. Two separate NICs as Guest networks but only one with a public routable subnet




The only way would be to bond the dual NICs, trunk both subnets and hope that either network
doesn't overload the interface?




I tried setting up a fresh zone with two physical NICs tagged as Guest traffic and it throws
the error "failed to create a guest network for basic zone. Error: More than one physical
networks exist in zone id=11 and no tags are specified in order to make a choice". The problem
is I selected the Advanced zone. Is there something wrong with the UI?




For the record, this is what I am trying to achieve:




1. System VMs that are able to take on both public and private IPs



2. Bandwidth throttling/limiting/control for public network but none for guest network



3. Users can control guest traffic isolation by putting up security group isolations instead
of starting separate guest VLANs as my switch can only trunk VLANs individually instead of
by block



4. Ability to create an entire private network fronted by a single public IP for VPN purposes
to extend a physical network




Help is greatly appreciated. I feel like I am almost getting what I require.




Thanks



Josh





On Mon, Mar 7, 2016 at 12:08 AM -0800, <cloudstackhelp@outlook.com> wrote:








Hi Sanjeev



How does this traffic reach the VMs without a public network? How do I assign public IPs to
the VMs without being able to add them in the guest network form if I can't select the NIC
they should be routed via?



Thanks







On Mon, Mar 7, 2016 at 12:04 AM -0800, "Sanjeev Neelarapu" <sanjeev.neelarapu@accelerite.com>
wrote:






There is no way we can convert the zone type.


Routable IPs means, any IPs reachable without any NAT devices in between.


-----Original Message-----

From: cloudstackhelp@outlook.com [ mailto:cloudstackhelp@outlook.com]

Sent: Monday, March 07, 2016 1:27 PM

To: users@cloudstack.apache.org; users@cloudstack.apache.org

Subject: RE: No public network on zone




Is there a way to convert the zone type after creation and add the Public network or do I
have to start with a fresh zone?



What do you mean by routable public IPs? How do I add public IPs to the zone with security
groups?



Thanks


Josh




From: Sanjeev Neelarapu


Sent: Monday, March 7, 13:30


Subject: RE: No public network on zone


To: users@cloudstack.apache.org




Hi Josh,



In Advanced zone with Security Groups public traffic is not supported. Assumption is guest
vms will have a routable public IPs. That's why we don't see the option to add public traffic.



We can use updatePhysicalNetwork and updateTrafficType APIs for updating zone and traffic
types if it is supported.



Thanks,


Sanjeev N



-----Original Message-----


From: cloudstackhelp@outlook.com [ mailto:cloudstackhelp@outlook.com]


Sent: Sunday, March 06, 2016 11:11 PM


To: users@cloudstack.apache.org


Subject: No public network on zone





Hi all,




Apologies for flooding. I feel like I've made new progress with understanding CS. I have run
into a bit more problems but I think I understand most of it.




It seems that I have setup my zone incorrectly. I accidentally clicked the security groups
isolation under advanced network and as a result I did not have the Public network tag under
the physical network setup screen. I didn't think much about it up and went about setting
up everything including adding a couple of XS hosts. Everything is nice except I have 0/0
public IP addresses.




Now I'm trying to add a public subnet to the zone but I can't select the Public network because
I don't have it set up. I go to the Zone page and there is no option to add physical network.
I go to add a new zone, this time not selecting the security group isolation option and I
see the Public tag on the next page.




Surely there is a way to add the public network to the zone without creating a new zone? I
don't want to clear everything and start all over again.




Thanks



Josh







DISCLAIMER


==========


This e-mail may contain privileged and confidential information which is the property of Accelerite,
a Persistent Systems business. It is intended only for the use of the individual or entity
to which it is addressed. If you are not the intended recipient, you are not authorized to
read, retain, copy, print, distribute or use this message. If you have received this communication
in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent
Systems business does not accept any liability for virus infected mails.






DISCLAIMER

==========

This e-mail may contain privileged and confidential information which is the property of Accelerite,
a Persistent Systems business. It is intended only for the use of the individual or entity
to which it is addressed. If you are not the intended recipient, you are not authorized to
read, retain, copy, print, distribute or use this message. If you have received this communication
in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent
Systems business does not accept any liability for virus infected mails.




DISCLAIMER

==========

This e-mail may contain privileged and confidential information which is the property of Accelerite,
a Persistent Systems business. It is intended only for the use of the individual or entity
to which it is addressed. If you are not the intended recipient, you are not authorized to
read, retain, copy, print, distribute or use this message. If you have received this communication
in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent
Systems business does not accept any liability for virus infected mails.





DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite,
a Persistent Systems business. It is intended only for the use of the individual or entity
to which it is addressed. If you are not the intended recipient, you are not authorized to
read, retain, copy, print, distribute or use this message. If you have received this communication
in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent
Systems business does not accept any liability for virus infected mails.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message