Correct Jon – as you add guest networks (keeping in mind in this model your 
guest network is the same as your public) you add these with a VLAN tag and 
CloudStack takes care of orchestrating the IP addressing, i.e. the hypervisor 
host does not need to have an IP address on this interface, only on the 
management interface.

Dag Sonstebo
Cloud Architect

On 10/08/2018, 09:07, "Jon Marshall" <> wrote:

    Just a quick follow up on this.
    I haven't tried security groups with advanced networking so tried to set up 
yesterday but had issues adding host.
    For normal advanced network (no security groups) I configure the NIC for VM 
traffic (and public) without an IP and set the switch port to be a trunk and 
then ACS just creates the subinterfaces internally when I add networks.
    With advanced and security groups I assume I do the same for the guest VM 
traffic NIC (no public) and just configure it as a trunk as there will be 
multiple vlans on it ?
    So no IP address assigned to that NIC, correct ?
    From: Dag Sonstebo <>
    Sent: 09 August 2018 10:13
    Subject: Re: Basic vs advanced networking
    Hi Jon,
    In short you are right – advanced networking offers a lot more features, 
and the only benefit of basic networking is a simpler setup (no VRs) as well as 
to a certain degree more scalability since you can run relatively large L3 
networks (with the proviso that broadcast traffic may be a limiting factor). As 
security groups rely on access to underlying networking on the hypervisor they 
will also most likely never work on VMware due to the proprietary nature of 
    If you look through the user@ / dev@ mailing list you’ll see we have 
started discussions around deprecating basic networks for advanced zone with 
security groups – since the latter offers the same networking functionality as 
basic (security groups, no VRs) but offers the scalability of running multiple 
of these basic type networks (a traditional basic zone can only run one 
    So all in all if you are looking at longer term strategy whilst wanting the 
simplicity of basic networking you should look at this option (looks like you 
might have played with this already).
    Dag Sonstebo
    Cloud Architect
    On 09/08/2018, 07:54, "Jon Marshall" <> wrote:
        Having looked at both in a lab environment I am wondering what the 
advantages of running basic networking are.
        Obviously with basic you can use security groups (although you can with 
advanced if using KVM) but apart from that advanced seems to offer all the 
features of basic plus a whole lot more.
        The only downside I have found with advanced is that VRs seems to be 
the most "flaky" aspect of ACS and obviously you end up with a whole lot more 
of them.
        Would be interested to hear opinions either way.
    Shapeblue - The CloudStack Company<>
    ShapeBlue are the largest independent integrator of CloudStack technologies 
globally and are specialists in the design and implementation of IaaS cloud 
infrastructures for both private and public cloud implementations.
    53 Chandos Place, Covent Garden, London  WC2N 4HSUK
53 Chandos Place, Covent Garden, London  WC2N 4HSUK

Reply via email to