Geoff, Nooooooooooooooooooooooo... Wish I knew this a while ago. Darn it. :-) Anywho, better late than never.
But nevertheless, VLAN allocation is not automatic like in plain Adv Zone, the root admin must do that manually. Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ----- Original Message ----- > From: "Geoff Higginbottom" <geoff.higginbot...@shapeblue.com> > To: users@cloudstack.apache.org > Sent: Wednesday, 26 November, 2014 20:20:59 > Subject: Re: security group and xenserver query > Sorry Nux, but YES there are Customer Specific VLANs in a Security Group > enabled > Advanced Zone. > > When you create an Advanced Zone with Security Groups you initially create a > 'default guest network' and you allocate a VLAN and IP range to this network. > This is then used by System VMs and can also be used by all Accounts. > > However you can then, as a Root Admin, create additional Guest Networks using > the 'Offering for shared security group enabled networks' and dedicate this to > a Domain or an Account. When doing so you allocate a different VLAN for each > additional Guest Network. > > The IP range allocated to each network can be either a true Public IP range > OR a > Private IP range fronted by a Router/Firewall/Load Balancer etc but this will > be outside of CloudStack control. > > So to answer the original question it is possible to allocate a separate VLAN > to > each Guest Network and if required to front this network with a Load Balancer > and Firewall to provide additional services, but you need to manage these > devices separately so is not a typical configuration for a Public Cloud, but > could be used in a Private Cloud. > > Kind Regards > > Geoff Higginbottom > CTO / Cloud Architect > > D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 > > geoff.higginbot...@shapeblue.com | www.shapeblue.com | Twitter:@shapeblue > > ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS > > > ________________________________________ > From: Nux! <n...@li.nux.ro> > Sent: 26 November 2014 10:46 > To: users@cloudstack.apache.org > Subject: Re: security group and xenserver query > > No, in Advanced Zone with SG - just like in Basic zone - there is no per > customer VLAN; there are no firewall, load balancer or additional NICs; there > is also no IPv6. > > A VM will just get a public IP via DHCP and that's it, the customers are > isolated via "security groups" which is a fancy name for iptables rules. > > Hope this clears it up. > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro > > ----- Original Message ----- >> From: "Tejas Sheth" <tshet...@gmail.com> >> To: users@cloudstack.apache.org >> Sent: Wednesday, 26 November, 2014 10:14:11 >> Subject: Re: security group and xenserver query > >> Thanks for simplification, >> so it means that each account will have seprate VLAN with its own subnet >> and those VLANs will be created and configured in physical switch? >> >> if architecture is above mentioned way configured then how can we achieve >> NAT and loadbalancing? >> >> Thanks >> Tejas >> >> >> On Wed, Nov 26, 2014 at 3:28 PM, Geoff Higginbottom < >> geoff.higginbot...@shapeblue.com> wrote: >> >>> I like to think of Advanced Network with SG as simply multiple Basic >>> Networks, each on its own VLAN. You have the same features (or rather lack >>> of) as you would with a Basic Zone, but you have multiple Guest Networks. >>> >>> Regards >>> >>> Geoff Higginbottom >>> >>> D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 >>> >>> geoff.higginbot...@shapeblue.com >>> >>> -----Original Message----- >>> From: Tejas Sheth [mailto:tshet...@gmail.com] >>> Sent: 26 November 2014 09:53 >>> To: users@cloudstack.apache.org >>> Subject: Re: security group and xenserver query >>> >>> so NAT and loadbalancers are not possible if we use security group? >>> >>> so it meanse there will be no internal and external IPs for VMs. is it >>> correct? >>> >>> On Wed, Nov 26, 2014 at 3:14 PM, Jayapal Reddy Uradi < >>> jayapalreddy.ur...@citrix.com> wrote: >>> >>> > For SG networks there is no public network. >>> > We configure public ips for the guest network. >>> > >>> > -Jayapal >>> > >>> > On 26-Nov-2014, at 12:00 PM, Tejas Sheth <tshet...@gmail.com> >>> > wrote: >>> > >>> > > Hello, >>> > > >>> > > I have made the bridge configuration, but when i am selecting >>> > > advance zone. it is not showing public network configuration. only >>> > > guest and management is availabel. also internal CIDR ip >>> > > configuration is also not available. >>> > > i think it is cinverting to basic zone if we select security group >>> > > and xenserver as hypervisor. >>> > > >>> > > Thanks >>> > > Tejas >>> > > >>> > > On Tue, Nov 25, 2014 at 9:16 PM, Jayapal Reddy Uradi < >>> > > jayapalreddy.ur...@citrix.com> wrote: >>> > > >>> > >> >>> > >> For 6.2 you no need to install CSP. My typo mistake in last mail. >>> > >> sysctl.conf is fine. >>> > >> >>> > >> >>> > >> Thanks, >>> > >> Jayapal >>> > >> >>> > >> On 25-Nov-2014, at 8:45 PM, Tejas Sheth <tshet...@gmail.com> >>> > >> wrote: >>> > >> >>> > >>> Thanks, >>> > >>> >>> > >>> So can i take it as confirmation and proceed with only following >>> > >>> bridge configuration in xenserver 6.2? >>> > >>> >>> > >>> # xe-switch-network-backend bridge >>> > >>> >>> > >>> # vi /etc/sysctl.conf >>> > >>> net.bridge.bridge-nf-call-iptables = 1 >>> > >>> net.bridge.bridge-nf-call-ip6tables = 0 >>> > >>> net.bridge.bridge-nf-call-arptables = 1 >>> > >>> >>> > >>> # sysctl -p /etc/sysctl.conf >>> > >>> >>> > >>> Require confirmation for sysctl.cnf configuration part. >>> > >>> >>> > >>> Thanks and regards, >>> > >>> Tejas >>> > >>> >>> > >>> On Tue, Nov 25, 2014 at 8:31 PM, Vadim Kimlaychuk < >>> > >> vadim.kimlayc...@elion.ee >>> > >>>> wrote: >>> > >>> >>> > >>>> XenServer does not need any package to be expicitly installed. >>> > >>>> When >>> > you >>> > >>>> add host to CS it copies some files to the host itself and you >>> > >>>> don't >>> > >> need >>> > >>>> to bother about them usually. >>> > >>>> >>> > >>>> Vadim. >>> > >>>> >>> > >>>> -----Original Message----- >>> > >>>> From: Tejas Sheth [mailto:tshet...@gmail.com] >>> > >>>> Sent: Tuesday, November 25, 2014 4:52 PM >>> > >>>> To: users@cloudstack.apache.org >>> > >>>> Subject: security group and xenserver query >>> > >>>> >>> > >>>> Hello Jayapal, >>> > >>>> >>> > >>>> Thanks for reply, I have understood the bridge configuration part >>> > >>>> but can you clarify CSP package part. >>> > >>>> >>> > >>>> if CSP package comes with xenserver 6.2 then do we need to >>> > >>>> install it explicitly? >>> > >>>> >>> > >>>> It would be really helpful if you can send link to install CSP in >>> > >>>> xenserver 6.2 because CS 4.3 document do not have description for >>> > >> xenserver >>> > >>>> 6.2 CSP installation. >>> > >>>> ---------------------------------------------------------------- >>> > >>>> Hi Tejas, >>> > >>>> >>> > >>>> The network mode set to 'bridge' mode. >>> > >>>> #xe-switch-network-backend bridge >>> > >>>> >>> > >>>> I think Xenserver 6.2 comes with the CSP package, so you need to >>> > install >>> > >>>> it explicitly. >>> > >>>> >>> > >>>> >>> > >>>> Thanks, >>> > >>>> Jayapal >>> > >>>> >>> > >>>> >>> > >>>> On 25-Nov-2014, at 4:47 PM, Tejas Sheth <tshet...@gmail.com> >>> > >>>> wrote: >>> > >>>> >>> > >>>>> Hello, >>> > >>>>> >>> > >>>>> We are configuring advanced zone in cloudstack 4.3 in xenserver >>> 6.2. >>> > >>>>> we want to configure security group in advance zone. do we have >>> > >>>>> to do any special configuration in xenserver 6.2. >>> > >>>>> >>> > >>>>> xenserver has default networking configuration. >>> > >>>>> >>> > >>>>> Thanks and regards, >>> > >>>>> Tejas >>> > >>>> >>> > >> >>> > >> >>> > >>> > >>> Find out more about ShapeBlue and our range of CloudStack related services >>> >>> IaaS Cloud Design & Build< >>> http://shapeblue.com/iaas-cloud-design-and-build//> >>> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> >>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> >>> CloudStack Software Engineering< >>> http://shapeblue.com/cloudstack-software-engineering/> >>> CloudStack Infrastructure Support< >>> http://shapeblue.com/cloudstack-infrastructure-support/> >>> CloudStack Bootcamp Training Courses< >>> http://shapeblue.com/cloudstack-training/> >>> >>> This email and any attachments to it may be confidential and are intended >>> solely for the use of the individual to whom it is addressed. Any views or >>> opinions expressed are solely those of the author and do not necessarily >>> represent those of Shape Blue Ltd or related companies. If you are not the >>> intended recipient of this email, you must neither take any action based >>> upon its contents, nor copy or show it to anyone. Please contact the sender >>> if you believe you have received this email in error. Shape Blue Ltd is a >>> company incorporated in England & Wales. ShapeBlue Services India LLP is a >>> company incorporated in India and is operated under license from Shape Blue >>> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil >>> and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is >>> a company registered by The Republic of South Africa and is traded under >>> license from Shape Blue Ltd. ShapeBlue is a registered trademark. > Find out more about ShapeBlue and our range of CloudStack related services > > IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> > CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> > CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> > CloudStack Software > Engineering<http://shapeblue.com/cloudstack-software-engineering/> > CloudStack Infrastructure > Support<http://shapeblue.com/cloudstack-infrastructure-support/> > CloudStack Bootcamp Training > Courses<http://shapeblue.com/cloudstack-training/> > > This email and any attachments to it may be confidential and are intended > solely > for the use of the individual to whom it is addressed. Any views or opinions > expressed are solely those of the author and do not necessarily represent > those > of Shape Blue Ltd or related companies. If you are not the intended recipient > of this email, you must neither take any action based upon its contents, nor > copy or show it to anyone. Please contact the sender if you believe you have > received this email in error. Shape Blue Ltd is a company incorporated in > England & Wales. ShapeBlue Services India LLP is a company incorporated in > India and is operated under license from Shape Blue Ltd. Shape Blue Brasil > Consultoria Ltda is a company incorporated in Brasil and is operated under > license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by > The Republic of South Africa and is traded under license from Shape Blue Ltd. > ShapeBlue is a registered trademark.
