Comments inline. On 10-Jun-2014, at 3:58 am, Yiping Zhang <yzh...@marketo.com> wrote:
> Ilya: > > Thanks for quick clarification.I¹ll check out defining my own network > offerings. I use a shared network with a pfSense based firewall at home for all my VMs. The VMs spun on the shared network have a dedicated VLAN and a default gateway set to the pfSense firewall. Security Groups policies have no affect for Vms on a shared network. http://shankerbalan.net/blog/create-a-shared-network-with-public-ips-in-cloudstack/ should be helpful. Hth. @shankerbalan > > Yiping > > On 6/9/14, 1:21 PM, "ilya musayev" <ilya.mailing.li...@gmail.com> wrote: > >> Yiping, >> >> Yes you can have non-iptables setup. Most of the enterprise >> installations don't rely on cloudstack's iptables, routing or vpc >> features and prefer to use existing physical firewalls and vlan isolation. >> >> If you have VLANs, but dont want to use iptables that comes thru virtual >> router, look into CloudStack Advanced Zone Setup with Shared Network >> Functionality. >> >> In this case, you only leverage dhcp, userdata and dns(optional). You >> can create your own network offerings and bind the network to "non-vpc >> shared network" offering. DHCP at this point in time is a required. >> Userdata and DNS can be optional. You can choose to use your own >> in-house DNS dont route DNS queries through CloudStack virtual router >> (you would need to create custom network offering, which is few clicks >> in UI). >> >> You can also bypass userdata and serve your own userdata through >> external userdata services, you would need to write something on your >> end to support it. >> >> Regards >> ilya >> On 6/9/14, 12:02 PM, Yiping Zhang wrote: >>> Hi,all: >>> >>> I am trying different network setups in my CloudStack eval effort, and >>> I am wondering if CS can be configured to not use iptables at all , >>> giving that my intended goal is for a private cloud dedicated to my own >>> company, in our own datacenter and all our networks are behind our own >>> hardware based firewalls already? >>> >>> If I can stop iptables on all system VM¹s, hypervisors and management >>> servers, then it would be much easier to trouble shoot my setups and >>> accelerate the eval process. >>> >>> Thanks, >>> >>> Yiping -- @shankerbalan M: +91 98860 60539 | O: +91 (80) 67935867 shanker.ba...@shapeblue.com | www.shapeblue.com | Twitter:@shapeblue ShapeBlue Services India LLP, 22nd floor, Unit 2201A, World Trade Centre, Bangalore - 560 055 Find out more about ShapeBlue and our range of CloudStack related services IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
