Hi Parth,
Yes and no.
No – you cannot do advanced zones with *all three* KVM hosts and advanced
networking without using VLANs (or another isolation mechanism) and still
expect traffic to flow between VMs/VRs on different KVM hosts.
Yes – you can probably do this *on a single KVM host* – but you will have to
use VLAN tagging internally – this can however be done on a virtual bridge
interface, i.e. the L2 traffic doesn’t ever leave that host.
Without deep diving into this I think it would look like this:
Physical eth0 -> cloudbr0 > handles management and public
No nic -> private virtual bridge cloudbr1 > handles isolated guest traffic but
allows for isolated VLANs internally on the host
Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue
dag.sonst...@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
On 29/03/2018, 09:25, "Parth Patel" <parthpatel2...@gmail.com> wrote:
Hi Dag,
Thanks for the reply. I am trying to use Shapeblue CCS (Container as a
Service) with ACS, but for that Isolated networks are required which are
only available in Advanced Zone. Further, I want to explore Cloudstack
further and am also aiming to test and configure other advanced features
such as load balancing and auto scaling without netscaler device. For that
I badly need Advanced Zone networking (especially isolated networks
offerings). I just want to know if Advanced Zone can succesfully function
with two networks, one physcial NIC and no VLAN tagging.
Thanks,
Parth Patel
On Thu, 29 Mar 2018 at 13:48 Dag Sonstebo <dag.sonst...@shapeblue.com>
wrote:
> Hi Parth,
>
> Not sure if I follow. Generally, your management network is untagged,
> whilst your public and isolated networks tagged. The underlying idea of
> advanced zones is you must have network isolation between multiple guest
> networks, otherwise you have no privacy/security. You can do this either
at
> L2 with VLAN tagging, which is the simplest, or with L3 using various SDN
> overlay network solutions (more complicated and comes at a cost).
>
> If you don’t want to tag anything you’re probably better off using basic
> networks, where I believe you could use a single flat subnet (happy to be
> proven wrong).
>
> Regards,
> Dag Sonstebo
> Cloud Architect
> ShapeBlue
>
>
> dag.sonst...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
>
>
> On 29/03/2018, 08:48, "Parth Patel" <parthpatel2...@gmail.com> wrote:
>
> Hi all,
>
> After banging my head with different network configuration
> permutations, I
> don't understand what is the issue with Network Guru here and why it
> can't
> implement the isolated guest network. I just want to know if Advanced
> Zone
> can be successfully setup or has someone configured an advanced zone
> using
> untagged VLAN traffic?
>
> I have the following configuration of components:
> - I have 3 (16 GB Ram and 4 Cores) machines each with 1 physical NIC.
> - I have two networks: 192.168.20.0/24 (using this for isolated guest
> network) and 172.16.20.0/16 (management server and NFS servers
> network)
> - I am using KVM hypervisor and NFS for storage.
> - Currently, the output of brctl show is (when the Cloudstack is not
> running, other wise the interface are populated with three vnets for
> cloud0
> and 4-5 vnets for cloudbr0):
> bridge name bridge id STP enabled interfaces
> cloud0 8000.000000000000 no
> cloudbr0 8000.3464a92a083a no eno1
> virbr0 8000.525400daae23 yes virbr0-nic
>
> My earlier doubt was if I can configure advanced zone with one
physical
> interface available in each host, but that was resolved when I read
> this
> post of ShankerBalan:
>
> https://shankerbalan.net/blog/cloudstack-simple-advanced-network-example/
>
> ACS throws InsufficientVirtualNetworkCapacity exception and lines
like:
> "NetworkGuru can't implement network [275||15]" are printed in
> management
> server logs when I try to create a simple CentOS 5.5 NoGUI KVM
instance
> after a complete and fresh install of ACS (even of CentOS).
>
> My main doubt here is if I can successfully configure an advanced zone
> with
> two networks but with untagged VLAN traffic ? I can't currently
> configure
> the router or switches to allow tagged VLAN networking as I am doing
> this
> project in my university. But, I have requested and gained access to
> the
> mentioned two networks: 192.168.20.0/24 and 172.16.20.0/16 and both
> networks are pingable and have internet access across all three
> machines.
> Can anyone help me with this please?
>
> Thanks,
> Parth Patel
>
>
>
