Thank you Nux, That is fine as long as I can configure Advanced Zone + Security Groups, have one flat network and have a VR providing DNS, DHCP and USERDATA. And that is built on top of XCP-NG.
btw is there any example cli code on how to create an advanced zone with security groups enabled? I created a script that deploys such a zone + mgm and guest network + pod + cluster and joins a host but as soon as i go to networks and try to deploy one i don't see the network offering for Shared Network with Security groups. When I deploy the same config from the GUI I can see that offering. I wonder what enables/disables ACS showing network offerings in the network pane. Regards, Jordan On Tue, Oct 18, 2022 at 3:29 PM Nux <n...@li.nux.ro> wrote: > Jordan, > > If you want Security Groups, then what you want is either a Basic zone > (better avoided) or an Advanced Zone with Security Groups. > > Please note, an advanced zone with SG will use flat networks and the VR > does not do any routing or other advanced services - like load balanced, > firewall etc. > --- > Nux > www.nux.ro > > > On 2022-10-18 13:26, jordan j wrote: > > Thanks Wei, > > that has already been increased to 20 . The question is the hypervisor > interfaces per vm as each network uses 1. > > @Nux <n...@li.nux.ro> in regards to the security groups for XCP-NG is this > only for Basic Zone or Advanced zoning too? > Documentation says KVM only for advanced zoning. > > regards, > Jordan > > On Tue, Oct 18, 2022 at 3:21 PM Wei ZHOU <ustcweiz...@gmail.com> wrote: > > Hi jordan, > > There is a global configuration `vpc.max.networks` to manage it. > > > Kind regards, > Wei > > On Tue, 18 Oct 2022 at 14:15, jordan j <yordan...@gmail.com> wrote: > > > Thanks Nux, > > Great thing i will play with that :) > > > > I am experimenting with VPC designs and as I was making some test > networks > > i stumpbed that a VPC cannot have more than 5 networks (VM has 7 > interfaces > > max - 2 for mgm and public, 5 for guest)? > > As far as i know KVM Supports the most per vm - 28 where vmware does 10 > (as > > far as i remember) so it seems pretty possible for one to exceed that > > amount of networks. > > > > What if I want to have 20 or 100 networks inside a vpc? Is there a > > technical setup that allows that? > > > > Regards, > > Jordan > > > > On Tue, Oct 18, 2022 at 3:01 PM Nux <n...@li.nux.ro> wrote: > > > > > Hello, > > > > > > AFAIK you can have a security group zone with XCP, though you must make > > > sure you use bridges for your network, not openvswitch. > > > > > > --- > > > Nux > > > www.nux.ro > > > > > > On 2022-10-17 11:26, jordan j wrote: > > > > Hey everyone, > > > > > > > > Do you have any proposals for securing vms within the same > > > > network? > > > > I know security groups feature is only available in KVM but we > > > > are > > > > using XCP-NG for our ACS environment. > > > > > > > > Best regards, > > > > Jordan > > > > > > >
