Comments/Critiques/Additions to this list as well as implementation suggestions are requested.
After looking at the differences between Public cloud routing and Virtual Private Cloud Routing it appears the main differences are: Public Cloud VPC One private network connection Multiple (1…n) private networks (tiers?) Single router/1 NIC public/1 NIC private Single router/ 1 NIC public/ (1….n) NIC private (tiers?) Additional/Needed functionality for redundant VPC routers: Router pairs must be initialized (master/backup) with the same functionality (NAT,DNS,etc). Router pairs must be initialized with the same number of NIC both public and private on each router. Unique IP's must be available for each NIC on both master and backup routers using CIDR(s) configured in VPC private network. It appears most of the changes functional will be inside the Java class: VpcVirtualNetworkApplianceManagerImpl Have I missed any critical differences? Karl Harris Cloud Software Engineer Sungard Availability Systems Listed below, lifted from the CloudStack Documentation, are the characteristics of a VPC as a reference: *Major Components of a VPC:* A VPC is comprised of the following network components: - *VPC*: A VPC acts as a container for multiple isolated networks that can communicate with each other via its virtual router. - *Network Tiers*: Each tier acts as an isolated network with its own VLANs and CIDR list, where you can place groups of resources, such as VMs. The tiers are segmented by means of VLANs. The NIC of each tier acts as its gateway. - *Virtual Router*: A virtual router is automatically created and started when you create a VPC. The virtual router connect the tiers and direct traffic among the public gateway, the VPN gateways, and the NAT instances. For each tier, a corresponding NIC and IP exist in the virtual router. The virtual router provides DNS and DHCP services through its IP. - *Public Gateway*: The traffic to and from the Internet routed to the VPC through the public gateway. In a VPC, the public gateway is not exposed to the end user; therefore, static routes are not support for the public gateway. - *Private Gateway*: All the traffic to and from a private network routed to the VPC through the private gateway. For more information, see Section 11.19.5, “Adding a Private Gateway to a VPC”<http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/configure-vpc.html#add-gateway-vpc> . - *VPN Gateway*: The VPC side of a VPN connection. - *Site-to-Site VPN Connection*: A hardware-based VPN connection between your VPC and your datacenter, home network, or co-location facility. For more information, see Section 11.17.4, “Setting Up a Site-to-Site VPN Connection”<http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/vpn.html#site-to-site-vpn> . - *Customer Gateway*: The customer side of a VPN Connection. For more information, seeSection 11.17.4.1, “Creating and Updating a VPN Customer Gateway”<http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/vpn.html#create-vpn-customer-gateway> . - *NAT Instance*: An instance that provides Port Address Translation for instances to access the Internet via the public gateway. For more information, see Section 11.19.9, “Enabling or Disabling Static NAT on a VPC”<http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/configure-vpc.html#enable-disable-static-nat-vpc> . *Network Architecture in a VPC* In a VPC, the following four basic options of network architectures are present: - VPC with a public gateway only - VPC with public and private gateways - VPC with public and private gateways and site-to-site VPN access - VPC with a private gateway only and site-to-site VPN access *Connectivity Options for a VPC* You can connect your VPC to: - The Internet through the public gateway. - The corporate datacenter by using a site-to-site VPN connection through the VPN gateway. - Both the Internet and your corporate datacenter by using both the public gateway and a VPN gateway. *VPC Network Considerations* Consider the following before you create a VPC: - A VPC, by default, is created in the enabled state. - A VPC can be created in Advance zone only, and can't belong to more than one zone at a time. - The default number of VPCs an account can create is 20. However, you can change it by using the max.account.vpcs global parameter, which controls the maximum number of VPCs an account is allowed to create. - The default number of tiers an account can create within a VPC is 3. You can configure this number by using the vpc.max.networks parameter. - Each tier should have an unique CIDR in the VPC. Ensure that the tier's CIDR should be within the VPC CIDR range. - A tier belongs to only one VPC. - All network tiers inside the VPC should belong to the same account. - When a VPC is created, by default, a SourceNAT IP is allocated to it. The Source NAT IP is released only when the VPC is removed. - A public IP can be used for only one purpose at a time. If the IP is a sourceNAT, it cannot be used for StaticNAT or port forwarding. - The instances only have a private IP address that you provision. To communicate with the Internet, enable NAT to an instance that you launch in your VPC. - Only new networks can be added to a VPC. The maximum number of networks per VPC is limited by the value you specify in the vpc.max.networks parameter. The default value is three. - The load balancing service can be supported by only one tier inside the VPC. - If an IP address is assigned to a tier: - That IP can't be used by more than one tier at a time in the VPC. For example, if you have tiers A and B, and a public IP1, you can create a port forwarding rule by using the IP either for A or B, but not for both. - That IP can't be used for StaticNAT, load balancing, or port forwarding rules for another guest network inside the VPC. - Remote access VPN is not supported in VPC networks. -- Karl O. Harris Cloud Software Engineer Sungard Availability Services
