Hello Wei, I was using PFsense I try with cisco and Jupiper too, and vPaloAlto. I am trying to mimic networks that I deployed before in Azure.
In this scenario you mentioned. > Internet <-> public gateway <-> isolated network with source NAT(mandatory > the CSvirtualROUTER) <-> VNF (on the isolated network and another > shared/L2/isolated network) <-> VM on user network. I created a Shared Netowk with the Virtual router but does not get a Public address assigned, While If i Use the Isolated network the CloudStack VR gets the IP. Thank you Tata Y. > On Jun 27, 2025, at 1:58 PM, Wei ZHOU <ustcweiz...@gmail.com> wrote: > > Hi Chi, > > VNF means virtual network appliance, which can provide various services, > routing, load balancer, dhcp, dns, ids, ips, etc. > it can be on the data path, or out of the data path. > > you can use pfsense VNF or similar, to replace VR. However, ACS VR has a > virtual nic on the Public network, which is not possible for VNF (which is a > special type of user vm instance). > Therefore, to access the public internet or visa versa, user has to add a > network in front of VNF, so the topology looks like > > Internet <-> public gateway <-> shared network with public IP <-> VNF (on the > shared network and another shared/L2/isolated network) <-> VM on user > network, > OR > Internet <-> public gateway <-> isolated network with source NAT <-> VNF (on > the isolated network and another shared/L2/isolated network) <-> VM on user > network. > > In my video, I used an isolated network. you can use a shared network > instead. > if you do not need public access, the isolated/shared network is not needed > then. > > > -Wei > > > On Fri, Jun 27, 2025 at 5:50 PM Chi vediamo <tatay...@gmail.com > <mailto:tatay...@gmail.com>> wrote: >> Thank you Daan >> >> Is there Any documentation about this. I read about and saw several videos, >> but none explains clearly each type versus VNF or vRouter. >> I though based on the videos I can just replace the vRouter with an >> appliance for isolated networks or a VPC. >> >> In a shared network I need the vROUTER or appliance to have a link to public >> interface while the others are behind the vRouter or appliance. I was >> unsuccessful on this one as there is no way to assign a separate port for >> Public network. >> everything is in a single VXLAN for some reason. and the VXLAN has to be >> routed, which I do not want >> >> >> I DID TRY SHARED OR L2 NETWORK: All Hypervisrors running KVM and upgraded to >> 4.20.1. >> >> Here is the Scneario: >> >> {Internet} >> | >> | >> Hypervisor1 Hypervisro2 >> |_____________________________| >> | | >> [vRouter or Appliance] | >> | | | >> | | | >> VXLAN1 VXLAN2 VXLAN2 >> | | | >> | | | >> VM1 VM2 VM3 >> >> >> Then for L2 should I be able to pick the VNF appliance instead of a vROUTER ? >> >> >> Tata Y. >> >> >> >> >> >> > On Jun 27, 2025, at 11:16 AM, Daan Hoogland <daan.hoogl...@gmail.com >> > <mailto:daan.hoogl...@gmail.com>> wrote: >> > >> > Chi, >> > I do not fully understand your use-case, but in the cases of isolated >> > network and VPC you can put an appliance behind the router, not in >> > front of it. (not sure, needs checking) >> > In an L2 network you design the routing yourself and can make your VNF >> > be the gateway >> > In a shared network also you can design a lot, except that there will >> > be layer 3 available. (I am not sure if VNFs are useful in this type >> > of env) >> > >> > On Fri, Jun 27, 2025 at 3:08 PM Chi vediamo <tatay...@gmail.com >> > <mailto:tatay...@gmail.com>> wrote: >> >> >> >> for Isolated or VPC networks, >> >> >> >> Is my understanding I am not able to put a router in front in a shared >> >> network. Or it is possible ? >> >> >> >> >> >> Tata Y. >> >> >> >>> On Jun 27, 2025, at 2:35 AM, Daan Hoogland <d...@apache.org >> >>> <mailto:d...@apache.org>> wrote: >> >>> >> >>> Tata, >> >>> >> >>> On Fri, Jun 20, 2025 at 3:05 AM Chi vediamo <tatay...@gmail.com >> >>> <mailto:tatay...@gmail.com>> wrote: >> >>>> >> >>>> Hello Team, >> >>>> >> >>>> Is there a Way to add a VNF Network Offering ? What are the steps to >> >>>> use a VNF without a vRouter in front of it. >> >>> >> >>> In an l2 network ( or a shared network?) >> >> >> > >> > >> > -- >> > Daan >>
