Yes, that is correct. The /24 that I have is routable and there are ACLs + Router controlling incoming and outgoing traffic through that space (e.g. a VM in that space can not access other resources of the organisation and vice versa).
Thus, I want to use the rest of the space to assign it to my VMs and not just assign the full IP space to Cloudstack’s public network. I do have my own VLAN range so I can do L2 separation of traffic and enforce my own security boundaries, however I am CL is not very flexible on that. Cheers Stavros > On 20 Jan 2016, at 16:01, Simon Weller <swel...@ena.com> wrote: > > Cloudstack does enforce networking boundaries and in any production setup, > that's honestly what you want it to do. > > Since you're getting delegated a network, it sounds as if your upstream > network folks are expecting you to manage and subnet said networks as you see > fit. > > I'm assuming the /24 you have is routable public space and not RFC 1918 > space, correct? > > If so, what are you doing in terms of protecting assets? Do you have a > firewall in front of it that can do layer 3 routing? > > - Si > ________________________________________ > From: Stavros Konstantaras <s.konstanta...@uva.nl> > Sent: Wednesday, January 20, 2016 8:07 AM > To: users@cloudstack.apache.org > Subject: Re: Usage of public IP space > > Ok that’s one option. I could use the head node as a router/gateway with some > VLAN translation but this will increase the complexity of the setup and will > add some administration overhead (we use CS to make our lives simpler, > correct? ). > > Shall I assume that there is no other way to solve that easily inside? > > Cheers > Stavros > >> On 20 Jan 2016, at 14:51, Simon Weller <swel...@ena.com> wrote: >> >> Stavros, >> >> One option you have is to place a linux (or *bsd) box between your router >> and Cloudstack and use that to break out your subnets). You could then hand >> off routed vlans to CS. >> >> - Si >> >> >> ________________________________________ >> From: Stavros Konstantaras <s.konstanta...@uva.nl> >> Sent: Wednesday, January 20, 2016 7:47 AM >> To: users@cloudstack.apache.org >> Subject: Re: Usage of public IP space >> >> Hi Simon, >> >> Thought of it already but I can’t touch the router of my network to make and >> register subnets on it. So I need to work around CS to make it work. >> >> Regards >> Stavros >> >>> On 20 Jan 2016, at 14:40, Simon Weller <swel...@ena.com> wrote: >>> >>> Can't you subnet it out to a /27? >>> >>> >>> >>> ________________________________________ >>> From: Stavros Konstantaras <s.konstanta...@uva.nl> >>> Sent: Wednesday, January 20, 2016 7:13 AM >>> To: users@cloudstack.apache.org >>> Subject: Usage of public IP space >>> >>> Hi all, >>> >>> I have a question regarding the public network on CS 4.6. >>> >>> Currently, I have a /24 network of public & routable IP addresses. I want >>> to assign the first 30 of them to Cloudstack’s public network for using it >>> in the system VMs while keeping the rest of this space for my instances. >>> >>> However, I don’t see it possible as I get the following exception when I >>> register the rest of the space in shared networks: "The IP range with tag: >>> vlan://869 in zone NewZone has overlapped with the subnet. Please specify a >>> different gateway/netmask.” >>> >>> Does anyone know a trick to make this happen? Thanks in advance >>> >>> Kind Regards >>> Stavros Konstantaras >>> >>> ---------------------------- >>> Stavros Konstantaras >>> Science faculty Research IT support (FEIOG) >>> University of Amsterdam, Science Park 904, 1098 XH >>> >>> Fingerprint: E5E5 9B19 D1CD 88CD 4763 3465 A8DC 7C92 330F D59A >>> >> >