cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilya <ilya.mailing.li...@gmail.com>
Subject Re: Wrapping my mind around networking...
Date Mon, 01 Jun 2015 07:34:15 GMT
Internet access is not a requirement by any means. Your public network 
must be able to reach your webserver - thats as far as it goes.

Aslo, in global settings, define your networks for a config 
secstorage.allowed.internal.sites to your trusted networks, comma seprated..

i.e. 192.168.0.0/16,10.0.0.0/8

On 5/28/15 3:07 PM, Andrija Panic wrote:
> Correct. Public netowrk,is the one attached to VR, SSVM, CPVM ("public" NIC
> inside these system VMs)
>
> On 29 May 2015 at 00:04, Alex McWhirter <alexmcwhirter@triadic.us> wrote:
>
>> So in other words, the public network can be any network that has internet
>> access? I doesn't necessarily have to provide public ip adddress, but at
>> least IP addresses that are routable to the internet?
>>
>> On 05/28/2015 05:35 PM, Erik Weber wrote:
>>
>>> On Thu, May 28, 2015 at 11:21 PM, Alex McWhirter <
>>> alexmcwhirter@triadic.us>
>>> wrote:
>>>
>>>> On 05/28/2015 05:16 PM, Erik Weber wrote:
>>>>
>>>>   On Thu, May 28, 2015 at 11:11 PM, Alex McWhirter <
>>>>> alexmcwhirter@triadic.us>
>>>>> wrote:
>>>>>
>>>>>    I'm working on a private cloud using cloudstack and im stuck on which
>>>>>
>>>>>> networking topology i should chose. Our network is segregated by
VLANS
>>>>>> and
>>>>>> each department has it's own VLAN. I want to add each department
into
>>>>>> CloudStack as a project and then add users into each project. Each
>>>>>> project
>>>>>> should have it's own VLAN.
>>>>>>
>>>>>> So the KVM hosts have two physical NIC's. One dedicated purely for
NFS
>>>>>> and
>>>>>> the other for the rest of the networking.
>>>>>>
>>>>>> eth0 - General networking, VLAN trunk enabled
>>>>>>
>>>>>> eth1 - NFS, no VLAN trunking enabled.
>>>>>>
>>>>>> In the Basic mode i should be able to setup a single physical network
>>>>>> with
>>>>>> management labeled to eth0, storage labeled to eth1, and guest labeled
>>>>>> to
>>>>>> br0 (which is attached to eth0).
>>>>>>
>>>>>> But in this scenario how can i tell each project to tag it's guests
>>>>>> traffic to a different VLAN?
>>>>>>
>>>>>> Advanced mode seems way to complex for what i want to do. I don't
need
>>>>>> a
>>>>>> public network. We have a hardware gateway for that. I don’t need
any
>>>>>> virtual routers or anything like that as well. I just need a guest
to
>>>>>> boot
>>>>>> tagged to a specific VLAN and the gateway should handle the DHCP
and
>>>>>> routing.
>>>>>>
>>>>>>
>>>>>>   Basic network doesn't support multiple isolated networks (AFAIK).
>>>>> You would probably want to check out shared networks in advanced mode,
>>>>> that'll let you use your hardware router etc.
>>>>> I think you still need to provide a small public range for system vms
>>>>> and
>>>>> such, but your tenants won't have to use that, they can rely on shared
>>>>> networks.
>>>>>
>>>>>    Do i have the wrong idea on what the public network is? Im taking
>>>>> public
>>>>>
>>>> as in actual public IP space on the internet?
>>>>
>>>> Or is it something different like the network the management server uses
>>>> to talk to the KVM hosts?
>>>>
>>>>   Just to clarify why there is a distinct public network - not all
>>> companies/organizations/whatever allow internet access from (all) their
>>> networks.
>>> This way we're able to ensure that those VMs who needs it, usually system
>>> vms and routers, have internet access, while things like management and
>>> storage networks doesn't require that access.
>>>
>>>
>


Mime
View raw message