Josh, You are right, we should specifiy traffic lables if we want to use multiple nics. VPC is not supported with security groupd. We don't need to use GRE isolation for guest networks in VPC. It works only with VLAN isolation.
Thanks, Sanjeev -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Tuesday, March 08, 2016 3:10 PM To: [email protected] Subject: RE: No public network on zone Hi Sanjeev Does it mean that if I have two guest NICs I tag them Guest1 and Guest2? Because the last time I tried to have two guest NICs the setup gave an error about not knowing which label to use. Also, is VPC only available without security groups isolation? I can't seem to find the network in the drop down list if I'm using sg isolation. Also, do I need to use GRE isolation for guest network for VPC? Thanks Josh From: Sanjeev Neelarapu Sent: Tuesday, March 8, 15:03 Subject: RE: No public network on zone To: [email protected] Hi Josh, If you are using advanced zone with vlan isolation you can't use security groups for guest traffic isolation, whereas if you use advanced zone with security groups enabled(instead of vlan isolation) you can use security groups. If we are using more than one physical network and wants to have guest traffic in all the physical network, we have to specify tags on the physical network, and traffic labels for each traffic type in all the physical networks. These traffic lables should match with the nic names on the hypervisor. Please refer to traffic labels in apache cloudstack admin guide. Thanks, Sanjeev -----Original Message----- From: [email protected] [ mailto:[email protected]] Sent: Monday, March 07, 2016 7:08 PM To: [email protected] Subject: RE: No public network on zone Hi all, I've played around more with the system. Am I correct to say that the following setup would not be possible? 1. Advanced group with security group isolation 2. Two separate NICs as Guest networks but only one with a public routable subnet The only way would be to bond the dual NICs, trunk both subnets and hope that either network doesn't overload the interface? I tried setting up a fresh zone with two physical NICs tagged as Guest traffic and it throws the error "failed to create a guest network for basic zone. Error: More than one physical networks exist in zone id=11 and no tags are specified in order to make a choice". The problem is I selected the Advanced zone. Is there something wrong with the UI? For the record, this is what I am trying to achieve: 1. System VMs that are able to take on both public and private IPs 2. Bandwidth throttling/limiting/control for public network but none for guest network 3. Users can control guest traffic isolation by putting up security group isolations instead of starting separate guest VLANs as my switch can only trunk VLANs individually instead of by block 4. Ability to create an entire private network fronted by a single public IP for VPN purposes to extend a physical network Help is greatly appreciated. I feel like I am almost getting what I require. Thanks Josh On Mon, Mar 7, 2016 at 12:08 AM -0800, <[email protected]> wrote: Hi Sanjeev How does this traffic reach the VMs without a public network? How do I assign public IPs to the VMs without being able to add them in the guest network form if I can't select the NIC they should be routed via? Thanks On Mon, Mar 7, 2016 at 12:04 AM -0800, "Sanjeev Neelarapu" <[email protected]> wrote: There is no way we can convert the zone type. Routable IPs means, any IPs reachable without any NAT devices in between. -----Original Message----- From: [email protected] [ mailto:[email protected]] Sent: Monday, March 07, 2016 1:27 PM To: [email protected]; [email protected] Subject: RE: No public network on zone Is there a way to convert the zone type after creation and add the Public network or do I have to start with a fresh zone? What do you mean by routable public IPs? How do I add public IPs to the zone with security groups? Thanks Josh From: Sanjeev Neelarapu Sent: Monday, March 7, 13:30 Subject: RE: No public network on zone To: [email protected] Hi Josh, In Advanced zone with Security Groups public traffic is not supported. Assumption is guest vms will have a routable public IPs. That's why we don't see the option to add public traffic. We can use updatePhysicalNetwork and updateTrafficType APIs for updating zone and traffic types if it is supported. Thanks, Sanjeev N -----Original Message----- From: [email protected] [ mailto:[email protected]] Sent: Sunday, March 06, 2016 11:11 PM To: [email protected] Subject: No public network on zone Hi all, Apologies for flooding. I feel like I've made new progress with understanding CS. I have run into a bit more problems but I think I understand most of it. It seems that I have setup my zone incorrectly. I accidentally clicked the security groups isolation under advanced network and as a result I did not have the Public network tag under the physical network setup screen. I didn't think much about it up and went about setting up everything including adding a couple of XS hosts. Everything is nice except I have 0/0 public IP addresses. Now I'm trying to add a public subnet to the zone but I can't select the Public network because I don't have it set up. I go to the Zone page and there is no option to add physical network. I go to add a new zone, this time not selecting the security group isolation option and I see the Public tag on the next page. Surely there is a way to add the public network to the zone without creating a new zone? I don't want to clear everything and start all over again. Thanks Josh DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails. DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails. DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails. DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
