Yes if Guest and Management traffic are on the different NIC we have to give traffic labels while creating physical networks.
-Sanjeev -----Original Message----- From: Geoff Higginbottom [mailto:geoff.higginbot...@shapeblue.com] Sent: Tuesday, January 14, 2014 1:40 PM To: <users@cloudstack.apache.org> Cc: users@cloudstack.apache.org Subject: Re: Communication between Management Server and guest vm deployed by root admin user Sanjeev, That will only work if the Guest traffic and Management traffic share the same NICs, if they are on different NICs (controlled by the traffic labels) simply setting the same VLAN ID will not be enough. Regards Geoff Higginbottom CTO / Cloud Architect D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:+442036030540> | M: +447968161581<tel:+447968161581> geoff.higginbot...@shapeblue.com<mailto:geoff.higginbot...@shapeblue.com> | www.shapeblue.com<htp://www.shapeblue.com/> ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS<x-apple-data-detectors://37> On 14 Jan 2014, at 05:55, "Sanjeev Neelarapu" <sanjeev.neelar...@citrix.com<mailto:sanjeev.neelar...@citrix.com>> wrote: Hi Saurav, If you want your guest vm to be in the management network, you can create a shared network with vlan id and CIDR matching your management network and deploy a vm in that network. This way you don't have to make any changes to the DB. Thanks, Sanjeev -----Original Message----- From: Geoff Higginbottom [mailto:geoff.higginbot...@shapeblue.com] Sent: Monday, January 13, 2014 5:38 PM To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org> Subject: RE: Communication between Management Server and guest vm deployed by root admin user Saurav, A method I have used in the past is to create a new Gust Physical Network which uses the same NICs as the Management Traffic (in this case it was a XenServer environment where the Management Traffic had a dedicated Bond). Then I created a Guest Network with the same VLAN ID and CIDR as the Management Network, obviously using a range of IP which was not already in use. If I recall correctly, cloudstack did not let me do this directly, so I had to manipulate the settings in the DB. Then simply create a VM on this network, and they are on the Network as your Management Infrastructure. If you have to create a 2nd Guest Physical Network, you will need to implement Network Tags ALL of your Network Offerings, however if your Hosts have only a single Bond, then this step is not required. You obviously need to run this past your security people, as you could be opening up holes in your system. Regards Geoff Higginbottom D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 geoff.higginbot...@shapeblue.com<mailto:geoff.higginbot...@shapeblue.com> -----Original Message----- From: Shanker Balan [mailto:shanker.ba...@shapeblue.com] Sent: 13 January 2014 11:56 To: CloudStack-Users Subject: Re: Communication between Management Server and guest vm deployed by root admin user Comments inline. PS: I am moving this discussison to the user's list which I feel is a more appropriate place to discuss this query. On 13-Jan-2014, at 1:10 pm, Saurav Lahiri <saurav.lah...@sungard.com<mailto:saurav.lah...@sungard.com>> wrote: Hi, Would anybody know if there is a way that guest vms deployed by root admin can be included in the system management network or routing configured to allow traffic flow between the management server and this guest vm. I have a shared network called "Admin" where I run my admin services like logstash, Nagios, collectd, remote syslog server etc. L3 routes are also in place to ensure that Vms on the Public subnet can reach the admin VMs on the shared Admin network. All VMs are configured to push data to the log server, mon servers etc. What I am trying to achieve is push the management server logs to a guest vm(deployed by the root admin user) which will parse/index the log files. It appears that since the guest vm is not part of the system management network, the cloudstack management server is unable to reach it. As long as you have routes in place (and proper firewall rules to allow traffic), you would be able to push your logs from guest VMs (or physical hosts like hypervisors) to the designated log collection server(s) buffy:~ shanu$ traceroute log1.prod.internal traceroute to log1.prod.internal (192.168.65.102), 64 hops max, 52 byte packets 1 gw (192.168.44.1) 1.499 ms 1.260 ms * 2 gw2-1 (192.168.44.251) 4.906 ms 1.512 ms 10.242 ms 3 192.168.65.102 (192.168.65.102) 3.961 ms 3.597 ms 4.418 ms 192.168.44.1 is my edge router which has routes to reach my shared admin network 192.168.65.0/24 via 192.168.44.251. Hth. -- @shankerbalan M: +91 98860 60539 | O: +91 (80) 67935867 shanker.ba...@shapeblue.com<mailto:shanker.ba...@shapeblue.com> | www.shapeblue.com<http://www.shapeblue.com> | Twitter:@shapeblue ShapeBlue Services India LLP, 22nd floor, Unit 2201A, World Trade Centre, Bangalore - 560 055 Need Enterprise Grade Support for Apache CloudStack? Our CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/> offers the best 24/7 SLA for CloudStack Environments. Apache CloudStack Bootcamp training courses **NEW!** CloudStack 4.2 training<http://shapeblue.com/cloudstack-training/> 08/09 January 2014, London<http://shapeblue.com/cloudstack-training/> 13-17 January 2014, GLOBAL. Instructor led, On-line<http://shapeblue.com/cloudstack-training/> 20-24 January 2014, GLOBAL. Instructor led, On-line<http://shapeblue.com/cloudstack-training/> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark. This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark. This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
