Hi, Soeren: Thanks for quick reply.
I have not tried any setup of advanced networking yet in my lab, due to lack of available vlan setup in this environment. So I have lots of questions on the actual steps and choices to be made during various steps. First, using ³security group² implies using iptables to manage accessing to VM¹s, correct ? I was trying to make things simpler by not using ³security groups² and avoiding dealing with iptables rules, because this is an internal deployment. Also, I plan to dedicate zones to production and non-production domains, so that hypervisors for production zones will only host VM¹s for production and hypervisors for non-production zones will only host non-production VM¹s. Is this a reasonable approach ? Coming back to your answer, using advanced networking with security group. In this setup, I only need one zone to support all guest vlans. Then how do I best make sure that certain hypervisor dedicated for production will only host VM for production, and visa versa for non production hypervisors ? I assumed that one can use tags on various components for this purpose? Again, without actual hands-on experiences with tags, I find concept and use of ³tags² in CS are very confusing and poorly documented. I sort of understand that there are tags for host, network, and storage, but they all simply referred as tags in documents and which type of tags are consumed where are not very clear at all by simply reading docs. Thanks again, Yiping On 8/1/14, 12:21 PM, "Soeren Malchow" <[email protected]> wrote: >Dear Yiping, > >If you choose "Advanced" with security groups, then you have only the >"guestnetwork", we do this geustnetwork on a bond and then on a bridge >and the uplinks to the bond are tagged (do not forget to assign a vlan >tag during setup), then you are able to create more tagged networks. This >guest network can use an Cloudstack external Router or Firewall as >gateway and the network can be any IP range. >During setup you only create one guest vlan, but you can create >additional vlan later on. > >I hope that answers you question > >Cheers >soeren > >-----Original Message----- >From: Yiping Zhang [mailto:[email protected]] >Sent: Freitag, 1. August 2014 21:16 >To: [email protected] >Subject: questions on configuring advanced networking > >Hi, all: > >I am doing planning of a CloudStack deployment using advanced networking. > I have a few questions about configurations: > > 1. Since this is an internal deployment, most of zones won't really >need public IP, so how can I tell CS that I don't need VLAN for public >traffic ? Do I still need to give it something, say 192.168.1.0/24, >without actually configure such network ? > 2. I have multiple guest vlans to support, I assume I have to create >one zone for each of supported guest vlans, IOW, I assumed that there can >be only one guest CIDR for each zone. I have not found a definitive >answer to this question from docs, is this assumption correct ? > 3. I also assumed that different zones can use the same management and >storage VLANs, just reserve different ip ranges for systemVM's on >different zones. Is this correct ? > >Appreciate all helps. > >Best regards, > >Yiping
