GitHub user Kukunin edited a comment on the discussion: Elastic IP without hardware
Yes, it sounds correct. So I did an extra research, and here is what I found. I'm going to leave it here, so if it serves for other people that will find this question, and to validate my thoughts **TL;DR:** it's outside cloudstack's scope and should be implemented on a side. A longer answer, that took some time for me to click is the following: ### Basics CloudStack has a notion of 4 networks: * management * guest * public * storage (if defined. by default uses management) Each type of network should be assigned to a physical network (bridge interface), and have some kind of subnet. The physical networks are **configured outside cloudstack**, there is just an assumption that all nodes and management servers are reachable within the network. Guest network is used to host accounts' VMs. There are three types of guest networks: * shared * isolated * L2 In my case I need isolated, because I want each client to be totally isolated from each other. CloudStack handles guest to public networks routing via Virtual Router (VR). It supports features like SNAT, Port Forwarding, Load Balancing, IP assignments etc. ### Public network Now it's becoming interesting. VMs are hosted in guests networks, and they use CloudStack's VR to get access to the Public network. Public network should be a common for the whole zone, all nodes should be reachable from any hypervisor to make Live Migrations and other features work. Public network can be both publicly routable (more corporate world with dedicated IPv4 blocks assigned) or RFC1819 (private LAN, e.g. 192.168.x.x). In my case it has to be RFC1819. The answer is that this is the place where cloudstack's responsibility ends. If we have a VM in a guest network with IP 10.1.1.15/24, routed to the public network and has a Public IP 192.168.3.5/24 assigned, it's our job to: * Make sure there is another gateway in our Public network that would give Internet access to VMs * Control NAT rules to assign public IP (e.g. 15.204.56.58) to 192.168.3.5. **Question 1**: is there any notion for true public IPs in cloudstack for RFC1819 public networks? It was confusing that public IPs are not public, and there are true routable public IPs. **Question 2**: are there any hooks to allow users to configure this outside router in CloudStack management UI? Literally add Elastic IP functionality, with custom backend. I guess I'd need to write a plugin for this. ### Alternatives The most of the network configurations are outside of CloudStack's responsibility, which makes sense for flexibility. CloudStack just gives some functionality and provides different types of network. With Isolated Networks there are two gateways: guest <> public and public <> internet. You can eliminate the first cloudstack VR by using L2 networks. <img width="972" alt="image" src="https://github.com/user-attachments/assets/99d8c76f-38d5-41f8-bd84-450b971ee8f8"; /> ### Potential solutions for this foreign router I'm not a big network expert, so everything is pretty new for me. The main challenge is that each hypervisor has its own internet gateway. Public IPs are assigned to hypervisors. Ideally, VMs running on a hypervisor should use its local gateway. But there are cases, where Public IP from Hypervisor A is assigned to a VM running on Hypervisor B. Then the traffic should be routed via Hypervisor A. Also, there are Live migrations, where VM transparently moves between hypervisors. Ideally, we can also load balance the ISP gateways, so if Hypervisor A's public traffic bandwidth is almost full, the traffic goes via Hypervisor B. So far, I found the following viable free solutions for this external gateway: * frrouting on hypervisors * VYOS in a VM I see some support for 3rd-party proprietary vendors like Netscaler HPX or Nicira NVP, but I'm not sure how actual they are. For now, I'm going to start easy, with hard-coded NAT rules (iptables) and static routes (ip route), but on a scale, there has to be something more sophisticated. So, the bottom line is that with RFC1819 Public networks, it's completely outside CloudStack to build the proper functionality. The only my question remained is that how to integrate my custom solution into management so users can assign public IPs themselves. GitHub link: https://github.com/apache/cloudstack/discussions/10685#discussioncomment-12807466 ---- This is an automatically sent email for users@cloudstack.apache.org. To unsubscribe, please send an email to: users-unsubscr...@cloudstack.apache.org
