cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dag Sonstebo <Dag.Sonst...@shapeblue.com>
Subject Re: Untagged Networking for Advanced Zone possible?
Date Thu, 29 Mar 2018 08:17:54 GMT
Hi Parth,

Not sure if I follow. Generally, your management network is untagged, whilst your public and
isolated networks tagged. The underlying idea of advanced zones is you must have network isolation
between multiple guest networks, otherwise you have no privacy/security. You can do this either
at L2 with VLAN tagging, which is the simplest, or with L3 using various SDN overlay network
solutions (more complicated and comes at a cost).

If you don’t want to tag anything you’re probably better off using basic networks, where
I believe you could use a single flat subnet (happy to be proven wrong).

Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue


Dag.Sonstebo@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

On 29/03/2018, 08:48, "Parth Patel" <parthpatel2597@gmail.com> wrote:

    Hi all,
    
    After banging my head with different network configuration permutations, I
    don't understand what is the issue with Network Guru here and why it can't
    implement the isolated guest network. I just want to know if Advanced Zone
    can be successfully setup or has someone configured an advanced zone using
    untagged VLAN traffic?
    
    I have the following configuration of components:
    - I have 3 (16 GB Ram and 4 Cores) machines each with 1 physical NIC.
    - I have two networks: 192.168.20.0/24 (using this for isolated guest
    network) and 172.16.20.0/16 (management server and NFS servers network)
    - I am using KVM hypervisor and NFS for storage.
    - Currently, the output of brctl show is (when the Cloudstack is not
    running, other wise the interface are populated with three vnets for cloud0
    and 4-5 vnets for cloudbr0):
    bridge name     bridge id               STP enabled     interfaces
    cloud0          8000.000000000000       no
    cloudbr0                8000.3464a92a083a       no              eno1
    virbr0          8000.525400daae23       yes             virbr0-nic
    
    My earlier doubt was if I can configure advanced zone with one physical
    interface available in each host, but that was resolved when I read this
    post of ShankerBalan:
    https://shankerbalan.net/blog/cloudstack-simple-advanced-network-example/
    
    ACS throws InsufficientVirtualNetworkCapacity exception and lines like:
    "NetworkGuru can't implement network [275||15]" are printed in management
    server logs when I try to create a simple CentOS 5.5 NoGUI KVM instance
    after a complete and fresh install of ACS (even of CentOS).
    
    My main doubt here is if I can successfully configure an advanced zone with
    two networks but with untagged VLAN traffic ? I can't currently configure
    the router or switches to allow tagged VLAN networking as I am doing this
    project in my university. But, I have requested and gained access to the
    mentioned two networks: 192.168.20.0/24 and 172.16.20.0/16 and both
    networks are pingable and have internet access across all three machines.
    Can anyone help me with this please?
    
    Thanks,
    Parth Patel
    

Mime
View raw message