Hi Dag, Thanks for helping me understand the requirement of advanced networking. Sorry if I have missed something obvious or my question seems stupid, but I am just starting to learn. Can you help me out on how to setup VLAN "tagging" on one machine? I have tried several methods and tutorials I could find on the internet for VLANs, but none mention "tagging".
Also, I do not fully understand private virtual bridge..... Means I create an interface file for bridge but mention no physical interface device? Is it similar to how cloud0 is configured for link local network of System VMs? I could probably do that, but I don't know much about configuring VLAN tagging. I would appreciate if you could give me some guidance or point me where you think some good documentation is given for CentOS/RHEL hosts for configuring bridges with VLAN tagging (I have tried but failed to understand most of them). I am especially stuck at understanding this "tagging" of VLANs. Thanks, Parth Patel On Thu, 29 Mar 2018 at 15:17 Dag Sonstebo <dag.sonst...@shapeblue.com> wrote: > Hi Parth, > > Yes and no. > > No – you cannot do advanced zones with *all three* KVM hosts and advanced > networking without using VLANs (or another isolation mechanism) and still > expect traffic to flow between VMs/VRs on different KVM hosts. > > Yes – you can probably do this *on a single KVM host* – but you will have > to use VLAN tagging internally – this can however be done on a virtual > bridge interface, i.e. the L2 traffic doesn’t ever leave that host. > > Without deep diving into this I think it would look like this: > > Physical eth0 -> cloudbr0 > handles management and public > No nic -> private virtual bridge cloudbr1 > handles isolated guest traffic > but allows for isolated VLANs internally on the host > > Regards, > Dag Sonstebo > Cloud Architect > ShapeBlue > > > dag.sonst...@shapeblue.com > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > @shapeblue > > > > On 29/03/2018, 09:25, "Parth Patel" <parthpatel2...@gmail.com> wrote: > > Hi Dag, > > Thanks for the reply. I am trying to use Shapeblue CCS (Container as a > Service) with ACS, but for that Isolated networks are required which > are > only available in Advanced Zone. Further, I want to explore Cloudstack > further and am also aiming to test and configure other advanced > features > such as load balancing and auto scaling without netscaler device. For > that > I badly need Advanced Zone networking (especially isolated networks > offerings). I just want to know if Advanced Zone can succesfully > function > with two networks, one physcial NIC and no VLAN tagging. > > Thanks, > Parth Patel > > On Thu, 29 Mar 2018 at 13:48 Dag Sonstebo <dag.sonst...@shapeblue.com> > wrote: > > > Hi Parth, > > > > Not sure if I follow. Generally, your management network is untagged, > > whilst your public and isolated networks tagged. The underlying idea > of > > advanced zones is you must have network isolation between multiple > guest > > networks, otherwise you have no privacy/security. You can do this > either at > > L2 with VLAN tagging, which is the simplest, or with L3 using > various SDN > > overlay network solutions (more complicated and comes at a cost). > > > > If you don’t want to tag anything you’re probably better off using > basic > > networks, where I believe you could use a single flat subnet (happy > to be > > proven wrong). > > > > Regards, > > Dag Sonstebo > > Cloud Architect > > ShapeBlue > > > > > > dag.sonst...@shapeblue.com > > www.shapeblue.com > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > > @shapeblue > > > > > > > > On 29/03/2018, 08:48, "Parth Patel" <parthpatel2...@gmail.com> > wrote: > > > > Hi all, > > > > After banging my head with different network configuration > > permutations, I > > don't understand what is the issue with Network Guru here and > why it > > can't > > implement the isolated guest network. I just want to know if > Advanced > > Zone > > can be successfully setup or has someone configured an advanced > zone > > using > > untagged VLAN traffic? > > > > I have the following configuration of components: > > - I have 3 (16 GB Ram and 4 Cores) machines each with 1 physical > NIC. > > - I have two networks: 192.168.20.0/24 (using this for isolated > guest > > network) and 172.16.20.0/16 (management server and NFS servers > > network) > > - I am using KVM hypervisor and NFS for storage. > > - Currently, the output of brctl show is (when the Cloudstack is > not > > running, other wise the interface are populated with three vnets > for > > cloud0 > > and 4-5 vnets for cloudbr0): > > bridge name bridge id STP enabled > interfaces > > cloud0 8000.000000000000 no > > cloudbr0 8000.3464a92a083a no > eno1 > > virbr0 8000.525400daae23 yes > virbr0-nic > > > > My earlier doubt was if I can configure advanced zone with one > physical > > interface available in each host, but that was resolved when I > read > > this > > post of ShankerBalan: > > > > > https://shankerbalan.net/blog/cloudstack-simple-advanced-network-example/ > > > > ACS throws InsufficientVirtualNetworkCapacity exception and > lines like: > > "NetworkGuru can't implement network [275||15]" are printed in > > management > > server logs when I try to create a simple CentOS 5.5 NoGUI KVM > instance > > after a complete and fresh install of ACS (even of CentOS). > > > > My main doubt here is if I can successfully configure an > advanced zone > > with > > two networks but with untagged VLAN traffic ? I can't currently > > configure > > the router or switches to allow tagged VLAN networking as I am > doing > > this > > project in my university. But, I have requested and gained > access to > > the > > mentioned two networks: 192.168.20.0/24 and 172.16.20.0/16 and > both > > networks are pingable and have internet access across all three > > machines. > > Can anyone help me with this please? > > > > Thanks, > > Parth Patel > > > > > > > > >
