I am trying to implement the non-overlapping cidrs right now and I have some questions. Does the ExternalGuestNetworkGuru create networks with non-overlapping cidrs by default? Or do I need to override it's 'design' and 'implement' methods to implement non overlapping cidrs?
If I have to write my own methods, I think I understand how to override ExternalGuestNetworkGuru and then get it to run by adding it to the components.xml (or nonoss-components.xml) as well as the componentContext.xml.in. If I do not have to actually write the logic for the non-overlapping cidrs (which i am hoping is the case), and the ExternalGuestNetworkGuru actually implements that logic, how would I get the ExternalGuestNetworkGuru into my flow without actually overriding the class? I understand that the components are loaded through the components.xml stuff, but its not clear how you specify which NetworkGuru should be used in my specific flow. I am basically working from this document<https://cwiki.apache.org/CLOUDSTACK/extending-cloudstack-networking.html>and the code. Is there any other resources I should be aware of for extending the CloudStack networking functionality? I have a good start on a Resource, ExternalFirewallElement and an ExternalFirewallService. I can currently set the Palo Alto as the provider of Firewall, SourceNat, StaticNat and Port Forwarding services. I can currently Add, List, Configure and Delete my Palo Alto provider. I am getting there, but I still feel like there are gaps in my knowledge when using the CS networking plugin functionality. Thanks, Will On Mon, Mar 18, 2013 at 2:46 AM, Murali Reddy <murali.re...@citrix.com>wrote: > On 16/03/13 1:46 AM, "Will Stevens" <wstev...@cloudops.com> wrote: > > > >1. Restrict the available subnets for each account so two accounts can't > >create overlapping subnets. > >To me, this breaks the whole concept of cloud, but for enterprise > >customers > >this is not a huge limitation because they usually solve this problem this > >way. > > > >2. Run multiple Palo Alto VM firewalls and associate one VM firewall per > >account. > >The management overhead of this is crazy, so this type of implementation > >would be very hard to work with. > > > >Since I do not like either of these approaches, I wanted to see if I could > >get some feedback on this. Are there other alternatives that would solve > >the problem more elegantly that I have not mentioned? What would be the > >best way to solve this problem in a 'CloudStack way'? > > Unfortunately vendor appliacnces CloudStack support, does not have > multi-tenancy yet. 'CloudStack way' has been both #1 and #2 to work around > this. > > Please see [1], so 'external guest network' Guru designs the network such > that no two guest networks in a zone using external network device has > overlapping Cidr's. You may use 'external guest network' guru or extend it > ensure automatically generated non-overlapping CIDR's for guest network. > > Also CloudStack already supports notion of multiple provider instances per > physical network. Using which for load balancer devices there is generic > management piece of code to allocate a dedicated (per tenant) or shared > load balancer from a pool of admin provisioned load balancers [2]. See if > this helps if you intend to support pool of firewall VM's. > > [1] server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java > [2] server/src/com/cloud/network/ExternalLoadBalancerDeviceManagerImpl.java > > -Murali > > > > > >Any feedback on this would be appreciated. > > > >Cheers, > > > >Will > > > > >
