Morning Jeremy Some more detail of your infrastructure would be helpful such as total number of NICs (I assume you have two), whether your storage (on eth 1) is only Primary Storage and if so where your Secondary Storage will be located (and which NIC will access it) etc
CloudStack maps its Physical Networks to a Bridge, and a Bridge is mapped to either a single Interface or a Bond - see http://wiki.centos.org/TipsAndTricks/BondingInterfaces for more info Recommended Bonding Modes when LACP is not available on the switch stack are Mode1 for Management and Storage Mode 6 For Guest and Public IF you want both Networks where the VMs are behind a Virtual Router, and you also want VMs with a real Public IP directly connected to the Internet, then you want to use standard Advanced Networking, and not Advanced with Security Groups. System VMs recycling are a sign that when they are booting they cannot communicate with either the Management Server or the 'Internal' DNS Servers or they cannot PING the Public Gateway. This is often caused by the KVM Traffic Labels not being set to the appropriate Bridge Name for each type of CloudStack Traffic (Management, Guest and Public). Note the CloudStack 'Storage' is optional, and only really required if you have a NIC (or pair of NICs bonded) which you want to use specifically for Secondary Storage Traffic, otherwise the SSVM will simply use its Management Interface to access the NFS Sec Storage. It looks like you have the following NIC Allocations eth 0 - Public eth 1 - Management eth 2 - Primary Storage Therefore you need to create Bridge for each one such as eth 0 = cloudbr0, eth 1 = cloudbr1 etc and when adding the Zone, set the traffic labels to Management - cloudbr1 Guest - cloudbr0 Public - cloudbr0 (yes the same as public as the physical NIC will handle both) Storage - Optional and probably not used if your NFS Storage is accessible from eth 1 Note: You do not tell cloudstack which NIC to use for Primary Storage, your hypervisor works this out based in the CIDR of the Primary Storage You will then create 'Isolated' networks for VMs to sit behind a Virtual Router, and Shared Networks with an IP schema in the available Public IP range for VMs requiring direct Internet Public IPs etc Check out these links for more info http://www.youtube.com/watch?v=wzEZomU4FrM http://www.slideshare.net/ShapeBlue/introduction-to-cloudstack-43-networking http://shapeblue.com/cloudstack/understanding-cloudstacks-physical-networking-architecture/ http://docs.cloudstack.apache.org/projects/cloudstack-installation/en/latest/ Regards Geoff Higginbottom D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 geoff.higginbot...@shapeblue.com -----Original Message----- From: Jeremy Peterson [mailto:jpeter...@acentek.net] Sent: 02 October 2014 22:16 To: users@cloudstack.apache.org Subject: Advanced networking CloudStack 4.3 Good afternoon all or morning depending where you are, Truly looking for some help. This question has probably been asked a hundred times but I cannot find a good resource for it. I am looking to deploy CloudStack using KVM on centos 6.5 using ISCSI multipath hence the reason for CLVM. I want advanced networking because I've using CLVM as primary storage. I want to offer virtual routers with public IP's and be able to deploy VM's with a public IP directly attached. If that's not possible that's ok. When I deploy advanced networking do I choose security groups or not? Now I've done it both ways and had issues with each. If there is a good way to do it let me know because I can't find it. My SSVM and console VM's have recycled 100's of times. I've had issues where my SSVM is trying to bridge on eth2 where eth2 is my management NIC on the hypervisor. Currently I sit at a clean install of cloudstack-management and my cloudstack-agent is stopped on my two kvm hosts. My storage is on eth1 and public is on cloudbr0 which is bridged off eth0. Jeremy Peterson Find out more about ShapeBlue and our range of CloudStack related services IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
