Hi Parth,
If you want a KVM networking introduction take a look at my blog post from a
couple of years back – this is still valid:
http://www.shapeblue.com/networking-kvm-for-cloudstack/
In short – you don’t set up VLAN tagging for isolated networks on the KVM host
– you set up the bridge and then specify your VLAN range when you set up your
zone in CloudStack. CloudStack then takes care of creating the isolated VLAN
isolated networks on the host. So in short – you create your bridges, then use
the bridge names in the advanced zone setup.
Virtual bridge – yes this is similar to the cloud0 bridge, and yes you create
the bridge without a physical interface.
Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue
dag.sonst...@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
On 29/03/2018, 11:14, "Parth Patel" <parthpatel2...@gmail.com> wrote:
Hi Dag,
Thanks for helping me understand the requirement of advanced networking.
Sorry if I have missed something obvious or my question seems stupid, but I
am just starting to learn. Can you help me out on how to setup VLAN
"tagging" on one machine? I have tried several methods and tutorials I
could find on the internet for VLANs, but none mention "tagging".
Also, I do not fully understand private virtual bridge..... Means I create
an interface file for bridge but mention no physical interface device? Is
it similar to how cloud0 is configured for link local network of System
VMs? I could probably do that, but I don't know much about configuring VLAN
tagging. I would appreciate if you could give me some guidance or point me
where you think some good documentation is given for CentOS/RHEL hosts for
configuring bridges with VLAN tagging (I have tried but failed to
understand most of them). I am especially stuck at understanding this
"tagging" of VLANs.
Thanks,
Parth Patel
On Thu, 29 Mar 2018 at 15:17 Dag Sonstebo <dag.sonst...@shapeblue.com>
wrote:
> Hi Parth,
>
> Yes and no.
>
> No – you cannot do advanced zones with *all three* KVM hosts and advanced
> networking without using VLANs (or another isolation mechanism) and still
> expect traffic to flow between VMs/VRs on different KVM hosts.
>
> Yes – you can probably do this *on a single KVM host* – but you will have
> to use VLAN tagging internally – this can however be done on a virtual
> bridge interface, i.e. the L2 traffic doesn’t ever leave that host.
>
> Without deep diving into this I think it would look like this:
>
> Physical eth0 -> cloudbr0 > handles management and public
> No nic -> private virtual bridge cloudbr1 > handles isolated guest traffic
> but allows for isolated VLANs internally on the host
>
> Regards,
> Dag Sonstebo
> Cloud Architect
> ShapeBlue
>
>
> dag.sonst...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
>
>
> On 29/03/2018, 09:25, "Parth Patel" <parthpatel2...@gmail.com> wrote:
>
> Hi Dag,
>
> Thanks for the reply. I am trying to use Shapeblue CCS (Container as a
> Service) with ACS, but for that Isolated networks are required which
> are
> only available in Advanced Zone. Further, I want to explore Cloudstack
> further and am also aiming to test and configure other advanced
> features
> such as load balancing and auto scaling without netscaler device. For
> that
> I badly need Advanced Zone networking (especially isolated networks
> offerings). I just want to know if Advanced Zone can succesfully
> function
> with two networks, one physcial NIC and no VLAN tagging.
>
> Thanks,
> Parth Patel
>
> On Thu, 29 Mar 2018 at 13:48 Dag Sonstebo <dag.sonst...@shapeblue.com>
> wrote:
>
> > Hi Parth,
> >
> > Not sure if I follow. Generally, your management network is
untagged,
> > whilst your public and isolated networks tagged. The underlying idea
> of
> > advanced zones is you must have network isolation between multiple
> guest
> > networks, otherwise you have no privacy/security. You can do this
> either at
> > L2 with VLAN tagging, which is the simplest, or with L3 using
> various SDN
> > overlay network solutions (more complicated and comes at a cost).
> >
> > If you don’t want to tag anything you’re probably better off using
> basic
> > networks, where I believe you could use a single flat subnet (happy
> to be
> > proven wrong).
> >
> > Regards,
> > Dag Sonstebo
> > Cloud Architect
> > ShapeBlue
> >
> >
> > dag.sonst...@shapeblue.com
> > www.shapeblue.com
> > 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > @shapeblue
> >
> >
> >
> > On 29/03/2018, 08:48, "Parth Patel" <parthpatel2...@gmail.com>
> wrote:
> >
> > Hi all,
> >
> > After banging my head with different network configuration
> > permutations, I
> > don't understand what is the issue with Network Guru here and
> why it
> > can't
> > implement the isolated guest network. I just want to know if
> Advanced
> > Zone
> > can be successfully setup or has someone configured an advanced
> zone
> > using
> > untagged VLAN traffic?
> >
> > I have the following configuration of components:
> > - I have 3 (16 GB Ram and 4 Cores) machines each with 1 physical
> NIC.
> > - I have two networks: 192.168.20.0/24 (using this for isolated
> guest
> > network) and 172.16.20.0/16 (management server and NFS servers
> > network)
> > - I am using KVM hypervisor and NFS for storage.
> > - Currently, the output of brctl show is (when the Cloudstack is
> not
> > running, other wise the interface are populated with three vnets
> for
> > cloud0
> > and 4-5 vnets for cloudbr0):
> > bridge name bridge id STP enabled
> interfaces
> > cloud0 8000.000000000000 no
> > cloudbr0 8000.3464a92a083a no
> eno1
> > virbr0 8000.525400daae23 yes
> virbr0-nic
> >
> > My earlier doubt was if I can configure advanced zone with one
> physical
> > interface available in each host, but that was resolved when I
> read
> > this
> > post of ShankerBalan:
> >
> >
> https://shankerbalan.net/blog/cloudstack-simple-advanced-network-example/
> >
> > ACS throws InsufficientVirtualNetworkCapacity exception and
> lines like:
> > "NetworkGuru can't implement network [275||15]" are printed in
> > management
> > server logs when I try to create a simple CentOS 5.5 NoGUI KVM
> instance
> > after a complete and fresh install of ACS (even of CentOS).
> >
> > My main doubt here is if I can successfully configure an
> advanced zone
> > with
> > two networks but with untagged VLAN traffic ? I can't currently
> > configure
> > the router or switches to allow tagged VLAN networking as I am
> doing
> > this
> > project in my university. But, I have requested and gained
> access to
> > the
> > mentioned two networks: 192.168.20.0/24 and 172.16.20.0/16 and
> both
> > networks are pingable and have internet access across all three
> > machines.
> > Can anyone help me with this please?
> >
> > Thanks,
> > Parth Patel
> >
> >
> >
>
>
>
