Correct Jon – as you add guest networks (keeping in mind in this model your guest network is the same as your public) you add these with a VLAN tag and CloudStack takes care of orchestrating the IP addressing, i.e. the hypervisor host does not need to have an IP address on this interface, only on the management interface.
Regards, Dag Sonstebo Cloud Architect ShapeBlue On 10/08/2018, 09:07, "Jon Marshall" <jms....@hotmail.co.uk> wrote: Dag Just a quick follow up on this. I haven't tried security groups with advanced networking so tried to set up yesterday but had issues adding host. For normal advanced network (no security groups) I configure the NIC for VM traffic (and public) without an IP and set the switch port to be a trunk and then ACS just creates the subinterfaces internally when I add networks. With advanced and security groups I assume I do the same for the guest VM traffic NIC (no public) and just configure it as a trunk as there will be multiple vlans on it ? So no IP address assigned to that NIC, correct ? Jon ________________________________ From: Dag Sonstebo <dag.sonst...@shapeblue.com> Sent: 09 August 2018 10:13 To: firstname.lastname@example.org Subject: Re: Basic vs advanced networking Hi Jon, In short you are right – advanced networking offers a lot more features, and the only benefit of basic networking is a simpler setup (no VRs) as well as to a certain degree more scalability since you can run relatively large L3 networks (with the proviso that broadcast traffic may be a limiting factor). As security groups rely on access to underlying networking on the hypervisor they will also most likely never work on VMware due to the proprietary nature of ESXi. If you look through the user@ / dev@ mailing list you’ll see we have started discussions around deprecating basic networks for advanced zone with security groups – since the latter offers the same networking functionality as basic (security groups, no VRs) but offers the scalability of running multiple of these basic type networks (a traditional basic zone can only run one network). So all in all if you are looking at longer term strategy whilst wanting the simplicity of basic networking you should look at this option (looks like you might have played with this already). Regards, Dag Sonstebo Cloud Architect ShapeBlue On 09/08/2018, 07:54, "Jon Marshall" <jms....@hotmail.co.uk> wrote: Having looked at both in a lab environment I am wondering what the advantages of running basic networking are. Obviously with basic you can use security groups (although you can with advanced if using KVM) but apart from that advanced seems to offer all the features of basic plus a whole lot more. The only downside I have found with advanced is that VRs seems to be the most "flaky" aspect of ACS and obviously you end up with a whole lot more of them. Would be interested to hear opinions either way. Thanks dag.sonst...@shapeblue.com www.shapeblue.com<http://www.shapeblue.com> Shapeblue - The CloudStack Company<http://www.shapeblue.com/> www.shapeblue.com ShapeBlue are the largest independent integrator of CloudStack technologies globally and are specialists in the design and implementation of IaaS cloud infrastructures for both private and public cloud implementations. 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue dag.sonst...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue