It's been a long time, honestly, I have to take a long trip down my memory to
remember the circumstance where we had problems.
On 6/11/18, 2:01 AM, "Dag Sonstebo" <dag.sonst...@shapeblue.com> wrote:
Hi Yiping,
“In the course of last three years, we found many features are NOT
implemented for this deployment mode, or API's not working properly. So be
warned!”
>> Since you have some time served on this setup it would be great if you
can share those issues, and ideally log Github issues for them
(https://github.com/apache/cloudstack/issues).
Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue
On 10/06/2018, 23:00, "Yiping Zhang" <yzh...@marketo.com> wrote:
We have been using "advanced networking with security groups" on
XenServer clusters (using linux bridge network backend, instead of open
vSwitch) for over three years now in production.. AFAICT, this is not an
officially supported/endorsed deployment scenario. We are a private
enterprise deployment. We use our external routers as GW and VLAN separation is
done at corporate network layer using real firewalls.
In the course of last three years, we found many features are NOT
implemented for this deployment mode, or API's not working properly. So be
warned!
Any improvements on this deployment scenario, or bring it to fully
supported status, will be warmly welcomed by this user
On 6/9/18, 1:31 AM, "Wido den Hollander" <w...@widodh.nl> wrote:
On 06/08/2018 03:54 PM, Dag Sonstebo wrote:
> Ivan – not sure how you deal with per-network VM bandwidth (or
what your use case is) so probably worth testing in the lab.
>
Isn't that done by libvirt in the XML? In Basic Zone at least that
works. It is part of the service offering.
> Wido – agree, I don’t see why our current “basic zone” can’t be
deprecated in the long run for “advanced zone with security groups” since they
serve the same purpose and the latter gives more flexibility. There may be use
cases where they don’t behave the same – but personally I’ve not come across
any issues.
>
I wouldn't know those cases. I'll test and see how it works out.
Give me
some time and I'll get back to this topic.
Might even be possible to convert a Basic Zone to a Advanced Zone by
doing some database mutations.
Wido
> Regards,
> Dag Sonstebo
> Cloud Architect
> ShapeBlue
>
> On 08/06/2018, 14:44, "Wido den Hollander" <w...@widodh.nl> wrote:
>
>
>
> On 06/08/2018 03:32 PM, Dag Sonstebo wrote:
> > Hi Ivan,
> >
> > Not quite – “advanced zone with security group” allows you
to have multiple “basic” type networks isolated within their own VLANs and with
security groups isolation between VMs / accounts. The VR only does DNS/DHCP,
not GW/NAT.
> >
>
> Hmm, yes, that was actually what we/I is/are looking for. The
main
> reason for Basic Networking is the shared services we offer
on a public
> cloud.
>
> A VR dies as soon as there is any flood, so that's why we
have our
> physical routers do the work.
>
> I thought that what you mentioned is "DirectAttached"
networking.
>
> But that brings me to the question why we still have Basic
Networking
> :-) In earlier conversations I had with people I think that
on the
> longer run Basic Networking can be dropped/merged in favor of
Advanced
> Networking with Security Groups then, right?
>
> Accounts/VMs are deployed Inside the same VLAN and isolation
is done by
> Security Groups.
>
> Sounds right, let me dig into that!
>
> Wido
>
> > Regards,
> > Dag Sonstebo
> > Cloud Architect
> > ShapeBlue
> >
> > On 08/06/2018, 14:26, "Ivan Kudryavtsev"
<kudryavtsev...@bw-sw.com> wrote:
> >
> > Hi, Dag. Not exactly. Advanced zone uses VR as a GW
with SNAT/DNAT which is
> > not quite good for public cloud in my case. Despite
that it really solves
> > the problem. But I would like to have it as simple as
possible, without VR
> > as a GW and xNAT.
> >
> > пт, 8 июн. 2018 г., 15:21 Dag Sonstebo
<dag.sonst...@shapeblue.com>:
> >
> > > Wido / Ivan – I’m probably missing something – but is
the feature you are
> > > looking for not the same functionality we currently
have in “advanced zones
> > > with security groups”?
> > >
> > > Regards,
> > > Dag Sonstebo
> > > Cloud Architect
> > > ShapeBlue
> > >
> > > On 08/06/2018, 14:14, "Ivan Kudryavtsev"
<kudryavtsev...@bw-sw.com> wrote:
> > >
> > > Hi Wido, I also very interested in similar
deployment, especially
> > > combined
> > > with the capability of setting different network
bandwidth for
> > > different
> > > networks, like
> > > 10.0.0.0/8 intra dc with 1g bandwidth per vm and
white ipv4/ipv6 with
> > > regular bandwidth management. But it seem it
takes very big redesign
> > > of VM
> > > settings and VR redesign is also required.
> > >
> > > When I tried to investigate if it possible with
ACS basic network,
> > > didn't
> > > succeed with any relevant information.
> > >
> > >
> > > пт, 8 июн. 2018 г., 14:56 Wido den Hollander
<w...@widodh.nl>:
> > >
> > > > Hi,
> > > >
> > > > I am looking into supporting multiple Physical
Networks inside onze
> > > > Basic Networking zone.
> > > >
> > > > First: The reason we use Basic Networking is
the simplicity and the
> > > fact
> > > > that our (Juniper) routers can do the routing
and not the VR.
> > > >
> > > > ALL our VMs have external IPv4/IPv6 addresses
and we do not use NAT
> > > > anywhere.
> > > >
> > > > But right now a Hypervisor has a single
VLAN/POD going to it
> > > terminated
> > > > on 'cloudbr0' using vlan://untagged.
> > > >
> > > > But to better utilize our physical hardware it
would be great it
> > > Basic
> > > > Networking would support multiple physical
networks using VLAN
> > > separation.
> > > >
> > > > For example:
> > > >
> > > > - PhysicalNetwork1: VLAN 100
> > > > - PhysicalNetwork2: VLAN 101
> > > > - PhysicalNetwork3: VLAN 102
> > > >
> > > > I've been looking into DirectAttached with
Advanced Networking, but I
> > > > couldn't find any reference to it on how that
exactly works.
> > > >
> > > > Right now for our use-case Basic Networking
with multiple Physical
> > > > Networks would work best for us.
> > > >
> > > > Has anybody looked at this or has any insight
of the problems we
> > > might
> > > > run in to?
> > > >
> > > > Wido
> > > >
> > >
> > >
> > >
> > > dag.sonst...@shapeblue.com
> > > www.shapeblue.com
> > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > > @shapeblue
> > >
> > >
> > >
> > >
> >
> >
> >
> > dag.sonst...@shapeblue.com
> > www.shapeblue.com
> > 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > @shapeblue
> >
> >
> >
>
>
>
> dag.sonst...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
>
>
dag.sonst...@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
