No, 1 guest NIC can be associated with 1 VLAN tag. Regards, Somesh
-----Original Message----- From: Sonali Jadhav [mailto:son...@servercentralen.se] Sent: Friday, February 06, 2015 8:04 AM To: users@cloudstack.apache.org Subject: RE: Networking in Advance zone with security groups enabled Ok, then can we add multiple vlans on that guest NIC? /Sonali -----Original Message----- From: Nux! [mailto:n...@li.nux.ro] Sent: Friday, February 6, 2015 6:04 PM To: users@cloudstack.apache.org Subject: Re: Networking in Advance zone with security groups enabled Sonali, Correct, there is no isolated network in Adv zone with SG. No nat, no firewall, no load balancer. What you get from a network perspective is 1 NIC (IP via DHCP) and security groups, that's it. HTH Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ----- Original Message ----- > From: "Sonali Jadhav" <son...@servercentralen.se> > To: users@cloudstack.apache.org > Sent: Friday, 6 February, 2015 11:13:55 > Subject: RE: Networking in Advance zone with security groups enabled > Ok I get it. > > But again, does that mean there would be no "shared guest" network and > "isolated guest" network offerings in "Advance zone with security groups"? > > Coz, I understood that, in case of "isolated guest" network, VR is > responsible for NAT, firewall and load balancing functions, which > doesn’t happen in case of "shared guest" network. So I want to know if > this exist in case of ""Advance zone with security groups" as well. > > > /Sonali > > -----Original Message----- > From: Nux! [mailto:n...@li.nux.ro] > Sent: Friday, February 6, 2015 4:10 PM > To: users@cloudstack.apache.org > Subject: Re: Networking in Advance zone with security groups enabled > > Hello Sonali, > > In an advanced zone with security groups the guest and public network > are combined in one. It's very similar to the Basic zone. > So you will end up with a network and all your VMs will be connected > to it. You will want to use "public" IPs and there will be no NAT involved. > > Although you can add more than one network, a VM cannot be connected > to more than 1 at a time. > > You will have a VR which is there to provide DHCP, user data, > passwords; it will not route traffic. > You will not be able to use the "firewall" feature though obviously > you will be able to use Security Groups. There is no load balancer or > VPN feature available, as well. > > The main advantage is that the traffic of your VMs bypasses the VR and > goes out through the host directly, the security groups (iptables > rules) are also applied on the host; this gives it significantly more > performance than an Advanced zone. > > So look at what your needs are and choose the appropriate type of zone. > > > HTH > Lucian > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro > > ----- Original Message ----- >> From: "Sonali Jadhav" <son...@servercentralen.se> >> To: users@cloudstack.apache.org >> Sent: Friday, 6 February, 2015 09:26:15 >> Subject: RE: Networking in Advance zone with security groups enabled > >> So basically in "Advance zone with security groups" on guest network >> we'll be creating both logical networks? i.e. Shared network and >> Isolated networks? >> >> So, if we use only Advance zone, then there will be guest and public >> networks, and we can create isolated network on Public traffic >> interface and shared network on Guest traffic interface. >> >> Where as in case of Advance zone with Security groups, there will be >> only Guest interface, and we can create both types of logical >> networks on same guest traffic interface. >> >> So I want to understand that, why there is this difference, what >> advantage we get in it? >> >> (actually I am planning production ready CloudStack deployment > > architecture, so want to understand what's better)
