Re: Usage of public IP space

Wed, 20 Jan 2016 07:13:36 -0800 

Yes, that is correct. The /24 that I have is routable and there are ACLs + 
Router controlling incoming and outgoing traffic through that space (e.g. a VM 
in that space can not access other resources of the organisation and vice 
versa). 

Thus, I want to use the rest of the space to assign it to my VMs and not just 
assign the full IP space to Cloudstack’s public network.  I do have my own VLAN 
range so I can do L2 separation of traffic and enforce my own security 
boundaries, however I am CL is not very flexible on that. 

Cheers
Stavros

> On 20 Jan 2016, at 16:01, Simon Weller <swel...@ena.com> wrote:
> 
> Cloudstack does enforce networking boundaries and in any production setup, 
> that's honestly what you want it to do. 
> 
> Since you're getting delegated a network, it sounds as if your upstream 
> network folks are expecting you to manage and subnet said networks as you see 
> fit.
> 
> I'm assuming the /24 you have is routable public space and not RFC 1918 
> space, correct?
> 
> If so, what are you doing in terms of protecting assets? Do you have a 
> firewall in front of it that can do layer 3 routing?
> 
> - Si
> ________________________________________
> From: Stavros Konstantaras <s.konstanta...@uva.nl>
> Sent: Wednesday, January 20, 2016 8:07 AM
> To: users@cloudstack.apache.org
> Subject: Re: Usage of public IP space
> 
> Ok that’s one option. I could use the head node as a router/gateway with some 
> VLAN translation but this will increase the complexity of the setup and will 
> add some administration overhead (we use CS to make our lives simpler, 
> correct? ).
> 
> Shall I assume that there is no other way to solve that easily inside?
> 
> Cheers
> Stavros
> 
>> On 20 Jan 2016, at 14:51, Simon Weller <swel...@ena.com> wrote:
>> 
>> Stavros,
>> 
>> One option you have is to place a linux (or *bsd)  box between your router 
>> and Cloudstack and use that to break out your subnets). You could then hand 
>> off routed vlans to CS.
>> 
>> - Si
>> 
>> 
>> ________________________________________
>> From: Stavros Konstantaras <s.konstanta...@uva.nl>
>> Sent: Wednesday, January 20, 2016 7:47 AM
>> To: users@cloudstack.apache.org
>> Subject: Re: Usage of public IP space
>> 
>> Hi Simon,
>> 
>> Thought of it already but I can’t touch the router of my network to make and 
>> register subnets on it. So I need to work around CS to make it work.
>> 
>> Regards
>> Stavros
>> 
>>> On 20 Jan 2016, at 14:40, Simon Weller <swel...@ena.com> wrote:
>>> 
>>> Can't you subnet it out to a /27?
>>> 
>>> 
>>> 
>>> ________________________________________
>>> From: Stavros Konstantaras <s.konstanta...@uva.nl>
>>> Sent: Wednesday, January 20, 2016 7:13 AM
>>> To: users@cloudstack.apache.org
>>> Subject: Usage of public IP space
>>> 
>>> Hi all,
>>> 
>>> I have a question regarding the public network on CS 4.6.
>>> 
>>> Currently, I have a /24 network of public & routable IP addresses. I want 
>>> to assign the first 30 of them to Cloudstack’s public network for using it 
>>> in the system VMs while keeping the rest of this space for my instances.
>>> 
>>> However, I don’t see it possible as I get the following exception when I 
>>> register the rest of the space in shared networks: "The IP range with tag: 
>>> vlan://869 in zone NewZone has overlapped with the subnet. Please specify a 
>>> different gateway/netmask.”
>>> 
>>> Does anyone know a trick to make this happen? Thanks in advance
>>> 
>>> Kind Regards
>>> Stavros Konstantaras
>>> 
>>> ----------------------------
>>> Stavros Konstantaras
>>> Science faculty Research IT support (FEIOG)
>>> University of Amsterdam, Science Park 904, 1098 XH
>>> 
>>> Fingerprint: E5E5 9B19 D1CD 88CD 4763  3465 A8DC 7C92 330F D59A
>>> 
>> 
>

Reply via email to