incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Murali Reddy <>
Subject Re: [4.1 feature RFC] L4-L7 network services in shared network
Date Thu, 06 Dec 2012 08:31:38 GMT
Checked in this feature into master with commits


Now with this feature, one can enable PF/LB/Source and Static NAT/Firewall
services in the shared networks as well.

I have unit-tested with service combinations

- FW + PF + Source NAT
- FW + Source NAT 
- FW + LB + Source NAT
- Source NAT +LB 

Also unit-tested below service provider combinations

- Virtual Router providing DNS, DHCP, Firewall, LB, PF, Source Nat services
- VR providing DNS, DHCP services and SRX providing Firewall/NAT/PF
- VR providing DNS, DHCP services, SRX providing Firewall/NAT/PF services
and NetScaler providing LB service.

This is only a framework level change, so no expectation on specific
network service provider. All the combination of network services and
network service providers that are possible in 'isolated' networks are
possible with 'Shared' network as well. This feature only enables services
in the shared network in the advanced zone only.

On 16/10/12 8:27 PM, "Murali Reddy" <> wrote:

>CloudStack supports guest networks of type isolated and shared. While
>there is rich support of L4-L7 network services like firewall, NAT, LB in
>the isolated networks, similar network services are not available in the
>networks of shared type. While there is EIP and ELB services which
>provides NAT and LB service in basic zone which uses shared network,
>there are no firewall, NAT, LB services available to the shared networks
>created in the advanced zone. For enterprise/private clouds and simple
>deployments it make sense to enable L4-L7 services in the shared
>networks. I am proposing that CloudStack should enable L4-L7 network
>services in the shared networks created in the advanced zone. I opened
>new feature request for 4.1 release [1] and documented the functional
>requirements at [2]. Please comment.

View raw message