On 5/17/12 7:58 AM, "Murali Reddy" <murali.re...@citrix.com> wrote:
>I was working on bug CS-14862 [1] which made me wonder if a basic zone >with/without security group can be used to build a public clouds. [snip] "Basic zone" or L3 isolation is the most scalable way to build public clouds. > >Clearly having EIP/ELB support in CloudStack enables to public cloud's >with basic zones using private address. While EIP does the NATing for >inbound traffic into the cloud instances, as there is source NAT service >what happens to the outbound traffic from cloud instances when there is no >EIP assigned to it? > >[1] http://bugs.cloudstack.org/browse/CS-14862 EIP/ELB - SSVM and CPVM >should be given an ip address from the public ip address range. When EIP feature is enabled, all tenant instances automatically get a public IP that is 1:1 NAT to their RFC1918 IP. For the service VMs that provide edge services (CPVM and SSVM), we have to choose a couple of ips from the public IP pool when starting these VMs. The tricky part is if the public IP range is added after the first hypervisor is added to the zone. The latter triggers auto-creation of system vms. At that point the public VLAN may not be provisioned. -- Chiradeep
