Hi Jordan, You probably need to enable VirtualRouter (and VpcVirtualRouter if needed) in the "network service providers" tab for the physical network.
-Wei On Wed, 19 Oct 2022 at 10:02, jordan j <yordan...@gmail.com> wrote: > Thank you Nux, > > That is fine as long as I can configure Advanced Zone + Security Groups, > have one flat network and have a VR providing DNS, DHCP and USERDATA. > And that is built on top of XCP-NG. > > btw is there any example cli code on how to create an advanced zone with > security groups enabled? > I created a script that deploys such a zone + mgm and guest network + pod + > cluster and joins a host but as soon as i go to networks and try to deploy > one i don't see the network offering for Shared Network with Security > groups. > > When I deploy the same config from the GUI I can see that offering. > I wonder what enables/disables ACS showing network offerings in the network > pane. > > Regards, > Jordan > > > On Tue, Oct 18, 2022 at 3:29 PM Nux <n...@li.nux.ro> wrote: > > > Jordan, > > > > If you want Security Groups, then what you want is either a Basic zone > > (better avoided) or an Advanced Zone with Security Groups. > > > > Please note, an advanced zone with SG will use flat networks and the VR > > does not do any routing or other advanced services - like load balanced, > > firewall etc. > > --- > > Nux > > www.nux.ro > > > > > > On 2022-10-18 13:26, jordan j wrote: > > > > Thanks Wei, > > > > that has already been increased to 20 . The question is the hypervisor > > interfaces per vm as each network uses 1. > > > > @Nux <n...@li.nux.ro> in regards to the security groups for XCP-NG is > this > > only for Basic Zone or Advanced zoning too? > > Documentation says KVM only for advanced zoning. > > > > regards, > > Jordan > > > > On Tue, Oct 18, 2022 at 3:21 PM Wei ZHOU <ustcweiz...@gmail.com> wrote: > > > > Hi jordan, > > > > There is a global configuration `vpc.max.networks` to manage it. > > > > > > Kind regards, > > Wei > > > > On Tue, 18 Oct 2022 at 14:15, jordan j <yordan...@gmail.com> wrote: > > > > > Thanks Nux, > > > Great thing i will play with that :) > > > > > > I am experimenting with VPC designs and as I was making some test > > networks > > > i stumpbed that a VPC cannot have more than 5 networks (VM has 7 > > interfaces > > > max - 2 for mgm and public, 5 for guest)? > > > As far as i know KVM Supports the most per vm - 28 where vmware does 10 > > (as > > > far as i remember) so it seems pretty possible for one to exceed that > > > amount of networks. > > > > > > What if I want to have 20 or 100 networks inside a vpc? Is there a > > > technical setup that allows that? > > > > > > Regards, > > > Jordan > > > > > > On Tue, Oct 18, 2022 at 3:01 PM Nux <n...@li.nux.ro> wrote: > > > > > > > Hello, > > > > > > > > AFAIK you can have a security group zone with XCP, though you must > make > > > > sure you use bridges for your network, not openvswitch. > > > > > > > > --- > > > > Nux > > > > www.nux.ro > > > > > > > > On 2022-10-17 11:26, jordan j wrote: > > > > > Hey everyone, > > > > > > > > > > Do you have any proposals for securing vms within the same > > > > > network? > > > > > I know security groups feature is only available in KVM but > we > > > > > are > > > > > using XCP-NG for our ACS environment. > > > > > > > > > > Best regards, > > > > > Jordan > > > > > > > > > > > >
