Unfortunately, I can not add two physical networks ( wan and lan ) to single bridge ( cloudbr0 ) and yes, there is also a physical network for the management network. BPDU Guard would disable the ethernet port on my bare metal server to prevent a bridge loop. Is even reverse proxy supported for Console and Storage SystemVMs ? Seems it's totally unsupported use case. I didnt find how to set proto scheme for SSL offloading and some base URL. Thanks
st 4. 1. 2023 v 19:39 odesílatel Alex Mattioli <alex.matti...@shapeblue.com> napsal: > +1 to what Wei said. > > Can't you use that 2 IP subnet and then check which IP the Console Proxy > uses? Or do you need to know beforehand? > > > > > -----Original Message----- > From: Lukáš Mrtvý <lukas.mr...@gmail.com> > Sent: 04 January 2023 17:44 > To: users@cloudstack.apache.org > Subject: Re: Multiple public networks per zone ? > > Seems its not possible to set static ip for system vms, reverse proxy > needs to know ip of console and storage vm, of course I can use for example > subnet of two ips 192.168.0.0/31, but still its 50:50. Ideas? Thanks > > st 4. 1. 2023 v 13:59 odesílatel Wei ZHOU <ustcweiz...@gmail.com> napsal: > > > The requirement is clear now. > > > > I think it is possible. All these Ips can be RFC1918 Ipv4 addresses. > > for example, > > (1) use 192.168.0.0/24 as management Ip range. > > (2) add 192.168.1.0/24 as a public ip range reserved for system vms. > > system > > vms will have public IPs in this range. > > (3) add a real public ipv4 address for other purposes (router, lb,port > > forwarding, etc). > > (4) configure a reverse proxy for management server IP (in range 1) > > and system vms (public IPs in range 2), it should be able to connect > > to both IP ranges/VLANs. > > You can use the same physical interface for management and public > > traffic but with different VLANs. > > > > -Wei > > > > On Wed, 4 Jan 2023 at 12:10, Lukáš Mrtvý <lukas.mr...@gmail.com> wrote: > > > > > Maybe the correct question would be how to save IPv4 addresses ( non > > > RFC1918 ) ? I have only a few available of them and allocating two > > > of > > them > > > to systemVMs is quite "expensive" for me. > > > As far as I know, this is minimal set of IPs needed. > > > - UI ( Technically it sits on the management network, but I want to > > > have API available from the internet ) > > > - Console > > > - Storage > > > - Router > > > - LB/Instance > > > > > > Would be much better to use some reverse proxy for UI / Console / > > > Storage as these are not directly related to my workloads. ( Maybe > > > its not even doable, I dont know.. ) Thanks > > > > > > út 3. 1. 2023 v 17:29 odesílatel Wei ZHOU <ustcweiz...@gmail.com> > > napsal: > > > > > > > I have experience with multiple guest physical networks, not > > > > public networks. > > > > > > > > New physical network can be added via api (or cloudmonkey) > > > > > > > > 1. createPhysicalNetwork > > > > 2. updatePhysicalNetwork to Enabled 3. addTrafficType to the > > > > physical network with network label like > > > cloudbr0. > > > > > > > > Please refer to cloudstack api > > > > https://cloudstack.apache.org/api/apidocs-4.17/ > > > > > > > > For guest physical networks, tags are must. Not sure if public > > > > physical networks work without tag. > > > > > > > > -Wei > > > > > > > > On Tuesday, 3 January 2023, Lukáš Mrtvý <lukas.mr...@gmail.com> > wrote: > > > > > > > > > Yes, another physical network. > > > > > I tried to bridge eth0 and eth2 ( both are flat networks, not > > > > > VLANs), > > > but > > > > > got blocked by the telco provider in the datacenter, as eth2 is > > > > > a > > > > physical > > > > > network connected to the internet. > > > > > Can You elaborate on how is possible ( without NATting ) to have > > > > > two physical networks as "Public" networks? Of course, I want to > > > > > deploy SystemVMs to eth0. Thanks > > > > > > > > > > út 3. 1. 2023 v 16:42 odesílatel Alex Mattioli < > > > > > alex.matti...@shapeblue.com> > > > > > napsal: > > > > > > > > > > > You mean another physical network completely? That's also > > > > > > possible, > > > > but a > > > > > > bit more complex. > > > > > > In your case, can't you just use another VLAN in the same > > > > > > physical > > > > > network? > > > > > > > > > > > > Cheers, > > > > > > Alex > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: Lukáš Mrtvý <lukas.mr...@gmail.com> > > > > > > Sent: 03 January 2023 15:43 > > > > > > To: users@cloudstack.apache.org > > > > > > Subject: Re: Multiple public networks per zone ? > > > > > > > > > > > > Hello, > > > > > > I am talking about using another "cable" as another public > > > > > > network > > to > > > > > > deploy system VMs to. > > > > > > > > > > > > For example this > > > > > > > > > > > > https://mermaid.live/view#pako:eNptkDFvAjEMhf- > > > > > K5alInNoy3toulcpStiqLuRgu4uKcgiOEgP9e56Corbo9P33W8_MJu-QZW9xmGnt > > > > > 4_ 3ACkFNRztA0zTmS0JYji4KwHlLenYG1f_6DjWU9hO4X8lSRIEaY-_B2E7N_ > > > > > cHiEA8m0tPi5VNFbSLX3ZX098mVIxa-Uul214R4G98smtYAqWTzOMXKOFLz1P > > > > > FXTofZWymFr0vOGyqAOnVwMpaJpdZQOW82F51hGT8qvgSw8fpsjyWdKNm5o2 > > > > > NvMPmjKy-srp49evgCD7nXA > > > > > > > > > > > > - public network ( RFC1918 ) is reachable via router or other > > > devices ( > > > > > > haproxy, vpn ) on this network, for example haproxy doing > > > > > > reverse > > > proxy > > > > > for > > > > > > cloudstack ui > > > > > > - management network ( RFC1918 ) is available only for certain > > peope > > > > via > > > > > > conditional routing > > > > > > - public network / wan ( IPv4 pool ) is directly connected to > > > > > > the > > > > > internet > > > > > > > > > > > > út 3. 1. 2023 v 14:17 odesílatel Alex Mattioli < > > > > > > alex.matti...@shapeblue.com> > > > > > > napsal: > > > > > > > > > > > > > Hi Lukáš, > > > > > > > Definite possible. > > > > > > > You can just add a new "public" IP range to your zone and > > > > > > > select > > > the > > > > > > > option "Set Reservation" and then "SystemVM". You then need > > > > > > > to > > > > destroy > > > > > > > your SystemVMs, they will be recreated with those IPs. > > > > > > > Cheers, > > > > > > > Alex > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Lukáš Mrtvý <lukas.mr...@gmail.com> > > > > > > > Sent: 31 December 2022 10:37 > > > > > > > To: users@cloudstack.apache.org > > > > > > > Subject: Multiple public networks per zone ? > > > > > > > > > > > > > > Is possible to create multiple public networks per zone ? ( > > > traffic > > > > > > type: > > > > > > > Public ) > > > > > > > I would like to put systemvms to this network to save two > > "Public" > > > > > > > IPv4, these arent cheap these days. The use case would be to > > deploy > > > > > > > systemvms to > > > > > > > RFC1918 external network and use reverse proxy to access > > cloudstack > > > > > > > webui and systemvms from the internet via this reverse proxy. > > Other > > > > > > > one public network would be an actual WAN. ( NAT isnt > > > > > > > solution > > for > > > me > > > > > > > ) Thanks BR, LM > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > S pozdravem > > > > > > Lukáš Mrtvý > > > > > > > > > > > > > > > > > > > > > -- > > > > > S pozdravem > > > > > Lukáš Mrtvý > > > > > > > > > > > > > > > > > > -- > > > S pozdravem > > > Lukáš Mrtvý > > > > > > > > -- > S pozdravem > Lukáš Mrtvý > -- S pozdravem Lukáš Mrtvý
