I do agree that the docs are confusing, especially if you have a limited knowledge of networking concepts.
In terms of the complexity, a lot of that has to do with the fact that every company has different service requirements and ACS needs to be flexible enough to accommodate very different underlying needs. It's always best to start with a basic zone, unless you REALLY need some functionality within an advanced zone. As soon as you move into advanced zone networking, you need to have a good understanding of layer 2/3 networking. If all you want to do is place public IP addresses on VMs directly, then a basic zone is what you want. If you want to build complicated relationships between VMs using separate L2 segments (with L3 routing within ACS), then you'll need advanced networking. Advanced networking does open up a lot of exciting possibilities, including various SDN controllers, native VXLAN (on KVM), GRE and many more options. Before you dive into the more specialized areas of ACS networking, it's always best to start with something simple, so you can get your head around some of the general concepts. So Ron, to answer your questions more directly: Basic Zone guest network is what you use for public ips. Basic zone is very simple and doesn't offering any physical private from public traffic separation. That's where security groups come in (Think AWS style networking here). Now you can use multiple interfaces though I believe, although I've never tried that before. In terms of DNS, you can use the same DNS server for both. I wasn't actually aware basic zone gave you this option. Normally this is used for split DNS, where you may have internal records not exposed publicly. As Lucian pointed out, ISCSI should be an available option under XenServer when you create the primary storage. There should be no need for your primary storage network to need to talk to the management server. The secondary storage network will need to be able to talk to the management server when you pre-seed the XenServer specific templates during setup. All of our clouds are advanced networking based, so team, feel free to jump in if I've stated anything incorrectly ;-) - Si ________________________________________ From: Ron Wheeler <rwhee...@artifact-software.com> Sent: Saturday, February 27, 2016 8:13 AM To: users@cloudstack.apache.org Subject: Re: Really really confused about Cloudstack networking I am also stuck trying to sort out networking so Josh has my sympathies. The networking docs are really confusing. They wander from general to specific. They mix the general architecture with specific hardware discussions without any context for the switch or any explanation of why the hardware specific note needs to be known to everyone. I have earlier made specific suggestions about how reorganize the docs but no one seems to be working in this area. I think that part of the problem is that the larger organizations have dedicated network experts who are working in networking everyday whereas smaller organizations have generalists and once the network is set up, it runs on its own for years until you want to do something like Cloudstack. To help this type of user, the docs need to be reorganized and simplified. The Shapeblue article is much better than the Cloudstack docs. It is great that it is available but the official docs should be improved. I did ask where the drawing sources are located but did not get a response. Ron On 27/02/2016 3:27 AM, Nux! wrote: > Hello Josh, > > Networking is the single biggest cause of headaches with Cloudstack, once you > get it right the rest is easier. > I recommend to read > http://www.shapeblue.com/understanding-cloudstacks-physical-networking-architecture/ > > >From what you described, it looks like what you need is either a Basic Zone > >or Advanced Zone with Security Groups. > > I have a ACS+Xenserver setup and when I go to Infrastructure > Primary > Storage I definitely see "iscsi" as an option in the storage type. > > HTH > Lucian > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro > > ----- Original Message ----- >> From: "Josh Davis" <cloudstackh...@outlook.com> >> To: users@cloudstack.apache.org >> Sent: Saturday, 27 February, 2016 01:00:49 >> Subject: Really really confused about Cloudstack networking >> I have been tinkering about cloudstack but every single guide seems to be >> centered around the public IPs being NATed to the guest VMs. To be honest the >> more I think about it the more I get confused so I'm posting here in hopes >> that >> someone will guide me through this. >> I have tried to pen down what I'm looking for and I hope it's clear enough:- >> I >> have a block of public routable IPs which I want to assign to individual VMs- >> These VMs run linux and are intended to function as web servers- I have no >> need >> for inter-VM private interactions except for via the public network- These >> VMs >> all reside in a single cloudstack cloud for high availability and resource >> balancing- The HVs in the cloud are connected to a central SAN running iSCSI- >> The HVs run XenServer >> I'm confused with:- Do I set the guest network as the public IP range?- >> Internal >> DNS = Public DNS?- Does the management server need to have access to the >> storage network?- Why don't I have the option to choose iSCSI when I try to >> add >> a primary storage?- Basically everything -- Ron Wheeler President Artifact Software Inc email: rwhee...@artifact-software.com skype: ronaldmwheeler phone: 866-970-2435, ext 102
