Sonali, Correct, there is no isolated network in Adv zone with SG. No nat, no firewall, no load balancer. What you get from a network perspective is 1 NIC (IP via DHCP) and security groups, that's it.
HTH Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ----- Original Message ----- > From: "Sonali Jadhav" <son...@servercentralen.se> > To: users@cloudstack.apache.org > Sent: Friday, 6 February, 2015 11:13:55 > Subject: RE: Networking in Advance zone with security groups enabled > Ok I get it. > > But again, does that mean there would be no "shared guest" network and > "isolated > guest" network offerings in "Advance zone with security groups"? > > Coz, I understood that, in case of "isolated guest" network, VR is responsible > for NAT, firewall and load balancing functions, which doesn’t happen in case > of > "shared guest" network. So I want to know if this exist in case of ""Advance > zone with security groups" as well. > > > /Sonali > > -----Original Message----- > From: Nux! [mailto:n...@li.nux.ro] > Sent: Friday, February 6, 2015 4:10 PM > To: users@cloudstack.apache.org > Subject: Re: Networking in Advance zone with security groups enabled > > Hello Sonali, > > In an advanced zone with security groups the guest and public network are > combined in one. It's very similar to the Basic zone. > So you will end up with a network and all your VMs will be connected to it. > You > will want to use "public" IPs and there will be no NAT involved. > > Although you can add more than one network, a VM cannot be connected to more > than 1 at a time. > > You will have a VR which is there to provide DHCP, user data, passwords; it > will > not route traffic. > You will not be able to use the "firewall" feature though obviously you will > be > able to use Security Groups. There is no load balancer or VPN feature > available, as well. > > The main advantage is that the traffic of your VMs bypasses the VR and goes > out > through the host directly, the security groups (iptables rules) are also > applied on the host; this gives it significantly more performance than an > Advanced zone. > > So look at what your needs are and choose the appropriate type of zone. > > > HTH > Lucian > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro > > ----- Original Message ----- >> From: "Sonali Jadhav" <son...@servercentralen.se> >> To: users@cloudstack.apache.org >> Sent: Friday, 6 February, 2015 09:26:15 >> Subject: RE: Networking in Advance zone with security groups enabled > >> So basically in "Advance zone with security groups" on guest network >> we'll be creating both logical networks? i.e. Shared network and Isolated >> networks? >> >> So, if we use only Advance zone, then there will be guest and public >> networks, and we can create isolated network on Public traffic >> interface and shared network on Guest traffic interface. >> >> Where as in case of Advance zone with Security groups, there will be >> only Guest interface, and we can create both types of logical networks >> on same guest traffic interface. >> >> So I want to understand that, why there is this difference, what >> advantage we get in it? >> >> (actually I am planning production ready CloudStack deployment > > architecture, so want to understand what's better)
