cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilya <>
Subject Re: Wrapping my mind around networking...
Date Mon, 01 Jun 2015 07:34:15 GMT
Internet access is not a requirement by any means. Your public network 
must be able to reach your webserver - thats as far as it goes.

Aslo, in global settings, define your networks for a config 
secstorage.allowed.internal.sites to your trusted networks, comma seprated..


On 5/28/15 3:07 PM, Andrija Panic wrote:
> Correct. Public netowrk,is the one attached to VR, SSVM, CPVM ("public" NIC
> inside these system VMs)
> On 29 May 2015 at 00:04, Alex McWhirter <> wrote:
>> So in other words, the public network can be any network that has internet
>> access? I doesn't necessarily have to provide public ip adddress, but at
>> least IP addresses that are routable to the internet?
>> On 05/28/2015 05:35 PM, Erik Weber wrote:
>>> On Thu, May 28, 2015 at 11:21 PM, Alex McWhirter <
>>> wrote:
>>>> On 05/28/2015 05:16 PM, Erik Weber wrote:
>>>>   On Thu, May 28, 2015 at 11:11 PM, Alex McWhirter <
>>>>> wrote:
>>>>>    I'm working on a private cloud using cloudstack and im stuck on which
>>>>>> networking topology i should chose. Our network is segregated by
>>>>>> and
>>>>>> each department has it's own VLAN. I want to add each department
>>>>>> CloudStack as a project and then add users into each project. Each
>>>>>> project
>>>>>> should have it's own VLAN.
>>>>>> So the KVM hosts have two physical NIC's. One dedicated purely for
>>>>>> and
>>>>>> the other for the rest of the networking.
>>>>>> eth0 - General networking, VLAN trunk enabled
>>>>>> eth1 - NFS, no VLAN trunking enabled.
>>>>>> In the Basic mode i should be able to setup a single physical network
>>>>>> with
>>>>>> management labeled to eth0, storage labeled to eth1, and guest labeled
>>>>>> to
>>>>>> br0 (which is attached to eth0).
>>>>>> But in this scenario how can i tell each project to tag it's guests
>>>>>> traffic to a different VLAN?
>>>>>> Advanced mode seems way to complex for what i want to do. I don't
>>>>>> a
>>>>>> public network. We have a hardware gateway for that. I don’t need
>>>>>> virtual routers or anything like that as well. I just need a guest
>>>>>> boot
>>>>>> tagged to a specific VLAN and the gateway should handle the DHCP
>>>>>> routing.
>>>>>>   Basic network doesn't support multiple isolated networks (AFAIK).
>>>>> You would probably want to check out shared networks in advanced mode,
>>>>> that'll let you use your hardware router etc.
>>>>> I think you still need to provide a small public range for system vms
>>>>> and
>>>>> such, but your tenants won't have to use that, they can rely on shared
>>>>> networks.
>>>>>    Do i have the wrong idea on what the public network is? Im taking
>>>>> public
>>>> as in actual public IP space on the internet?
>>>> Or is it something different like the network the management server uses
>>>> to talk to the KVM hosts?
>>>>   Just to clarify why there is a distinct public network - not all
>>> companies/organizations/whatever allow internet access from (all) their
>>> networks.
>>> This way we're able to ensure that those VMs who needs it, usually system
>>> vms and routers, have internet access, while things like management and
>>> storage networks doesn't require that access.

View raw message