alright in regards to the example design post it seems i was wrong. The traffic to cloudstack goes through the PODID interface so things are fine there.
On Fri, Dec 16, 2022 at 10:55 AM jordan j <yordan...@gmail.com> wrote: > And one more in regards to SSVM. > > If a new system vm (console or storage) offering is created is there a > way to select which one is chosen for the zone operation? > For example, I created one with a host and storage tags so the SSVM sits > on specific servers, how can i tell the system to use it? > > > On Fri, Dec 16, 2022 at 8:13 AM jordan j <yordan...@gmail.com> wrote: > >> By design, Cloudstack networks and user networks should be fully >> isolated. The problem is that as the Public network is not present the >> SSVMs user network interface takes the responsibilities of the public one. >> Here is an example: >> - ACS server 10.10.10.10/24 >> - XCP-NG hosts 10.10.11.10 to 10.10.11.19/24 (POD network is >> 10.10.10.11.0/24) >> - user networks: >> -> 192.168.1.0/24 >> -> 192.168.2.0/24 >> -> 192.168.3.0/24 >> >> When SSVMs are created they take 2 ips, one from the pod network and one >> from a random network below. For example: >> - Console SVM - 10.10.11.20/24 and 192.168.2.20 - 192.168.2.20 is the ip >> used by users to view VM consoles in Cloudstack. The problem is that >> Cloudstack management networks ( ACS and XCP) are accessed from VPN MGMT >> where user networks are accessed from VPN USERS. So the system admin cannot >> view consoles. >> - Storage SVM - 10.10.11.21/24 and 192.168.2.21 - 192.168.2.21' is the >> ip used to go to the internet and get ISOs. >> Both of the issues above are not that important. What is important though >> is that the 192.168.2.X IPs are used to connect SSVM to ACS and report >> online state and we don't want to do that OR if we do to be from specific >> IPs that do not change (which is impossible). >> >> An alternative that comes to my mind is somehow make the SVMs pod ip ( >> 10.10.11.0/24) to take the role of the public interface instead but i >> dont know if that is possible at all. >> >> Best regards, >> Jordan >> >> On Thu, Dec 15, 2022 at 6:51 PM Nux <n...@li.nux.ro> wrote: >> >>> Hello, >>> >>> Then I do not think there is a setting to help you. >>> >>> What exactly is the problem with the system VMs getting IPs "randomly" >>> from multiple networks? Perhaps we can find another solution to help you. >>> >>> Cheers >>> --- >>> Nux >>> www.nux.ro >>> >>> >>> On 2022-12-15 16:42, jordan j wrote: >>> >>> Thank you Nux, >>> >>> My question was related to guest networks. >>> For management I have already dedicated network range. >>> >>> I am doing tests with 5 networks but they may become more later in >>> production. >>> >>> Regards, >>> Jordan >>> >>> On Thu, Dec 15, 2022 at 6:36 PM Nux <n...@li.nux.ro> wrote: >>> >>> Hi, >>> >>> Yes and no, depends how many network traffic types you have. For example >>> if you have defined 2 physical networks in the zone, one with traffic type >>> "management" and another one with type "guest", then your system VM will >>> use an IP from both. >>> Usually in the "management" traffic type you can add another "IP range" >>> and dedicate it to system VMs[1], but you can't do this in the "guest" >>> network. >>> So at most you can have a dedicated range for system VMs in the >>> management network, but not in the guest one.. >>> So what is your situation, how many networks do you have? >>> >>> >>> [1] see screenshot below >>> >>> >>> >>> --- >>> Nux >>> www.nux.ro >>> >>> >>> On 2022-12-15 13:12, jordan j wrote: >>> >>> Dear all, >>> >>> I have the following setup. >>> >>> ACS 4.17.1 + XCP-NG 8.2.1 with network bridge + Advanced network with >>> security groups. >>> Because Security Groups are enabled there is no public network in the >>> zone >>> so instead system VMs use the user network. The setup has multiple such >>> networks so SSVMs use one randomly during creation, is it possible to >>> force >>> them to use a specific network? >>> >>> Regards, >>> Jordan >>> >>>
