cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Angus <paul.an...@shapeblue.com>
Subject RE: Advanced Zone with Security Groups
Date Mon, 16 Jul 2018 15:07:48 GMT
Yes, it should probably be hidden in a security group based zone.


Kind regards,

Paul Angus

paul.angus@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 


-----Original Message-----
From: S. Reddit <s.reddit.mailing@gmail.com> 
Sent: 16 July 2018 14:33
To: users@cloudstack.apache.org
Subject: Re: Advanced Zone with Security Groups

Hi Paul,

Yes, a VM should have access to a private network. Yes, one possibility would be to have a
second, private network per customer, which is routable to the default public guest network.
Thanks for the hint. What wouldn't work though is, when customers try to dualhome VMs, which
CloudStack allows you to do with addnic API call or even GUI.

Cheers,
Adrian

On Mon, Jul 16, 2018 at 1:04 PM Paul Angus <paul.angus@shapeblue.com> wrote:

> Hi Adrian,
>
> Is the requirement 'just' that a VM can access a private network?
> Can you not make the private network routable from the network that 
> the VM is on?
> Or apply a secondary IP and configure it manually for the private 
> network (VLANs permitting).
>
>
> Kind regards,
>
> Paul Angus
>
> paul.angus@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK @shapeblue
>
>
>
>
> -----Original Message-----
> From: S. Reddit <s.reddit.mailing@gmail.com>
> Sent: 16 July 2018 11:21
> To: users@cloudstack.apache.org
> Subject: Re: Advanced Zone with Security Groups
>
> Thanks for your answer, Paul!
>
> VPC would be nice, but it's not working together with security groups,
> correct me if I'm wrong...
>
> Regards,
> Adrian
>
> On Fri, Jul 13, 2018 at 9:21 PM Paul Angus <paul.angus@shapeblue.com>
> wrote:
>
> > Hi Adrian,
> >
> > An advanced zone with security groups is similar to a basic network in
> > that it doesn’t really have the concept of multiple networks for any
> > given VM.  The security groups themselves create pseudo networks.
> >
> > You can create either a shared network on the vlan that you want to
> > access
> > - where CloudStack allocates IPs and sets the gateway or an L2 network
> > with a 3rd party DHCP in place.
> >
> > There is also the option of using the private gateway feature of VPCs.
> >
> > paul.angus@shapeblue.com
> > www.shapeblue.com
> > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK @shapeblue
> >
> >
> >
> >
> > -----Original Message-----
> > From: S. Reddit <s.reddit.mailing@gmail.com>
> > Sent: 11 July 2018 08:37
> > To: users@cloudstack.apache.org
> > Subject: Advanced Zone with Security Groups
> >
> > Hi Group
> >
> > I am testing with an advanced zone and security group enabled networks
> > (KVM based). So far it works fine, but for the following features:
> >
> > - attach 2nd network to instance:
> > => security group(s) do not get programmed on secondary vnetXY
> interfaces,
> > hence no communication over additional network is possible
> >
> > As the zone prevents me from adding a network without security group
> > feature, it seems such a setup is not supported, correct? Does anyone
> see a
> > way to give instances access to a private network? Could L2-network from
> > 4.11 be a solution? I am still running 4.9...
> >
> > Cheers,
> > Adrian
> >
>
Mime
View raw message