On Thu, May 28, 2015 at 11:21 PM, Alex McWhirter <[email protected]> wrote: > > On 05/28/2015 05:16 PM, Erik Weber wrote: > >> On Thu, May 28, 2015 at 11:11 PM, Alex McWhirter < >> [email protected]> >> wrote: >> >> I'm working on a private cloud using cloudstack and im stuck on which >>> networking topology i should chose. Our network is segregated by VLANS >>> and >>> each department has it's own VLAN. I want to add each department into >>> CloudStack as a project and then add users into each project. Each >>> project >>> should have it's own VLAN. >>> >>> So the KVM hosts have two physical NIC's. One dedicated purely for NFS >>> and >>> the other for the rest of the networking. >>> >>> eth0 - General networking, VLAN trunk enabled >>> >>> eth1 - NFS, no VLAN trunking enabled. >>> >>> In the Basic mode i should be able to setup a single physical network >>> with >>> management labeled to eth0, storage labeled to eth1, and guest labeled to >>> br0 (which is attached to eth0). >>> >>> But in this scenario how can i tell each project to tag it's guests >>> traffic to a different VLAN? >>> >>> Advanced mode seems way to complex for what i want to do. I don't need a >>> public network. We have a hardware gateway for that. I don’t need any >>> virtual routers or anything like that as well. I just need a guest to >>> boot >>> tagged to a specific VLAN and the gateway should handle the DHCP and >>> routing. >>> >>> >> Basic network doesn't support multiple isolated networks (AFAIK). >> >> You would probably want to check out shared networks in advanced mode, >> that'll let you use your hardware router etc. >> I think you still need to provide a small public range for system vms and >> such, but your tenants won't have to use that, they can rely on shared >> networks. >> >> Do i have the wrong idea on what the public network is? Im taking public > as in actual public IP space on the internet? > >
It doesn't have to be public IP space, but it should have access to internet, and your users should have access to the IP space used (to download templates, access console etc.). I use private IP space for public networking all the time in the lab. If all your users are on your network(s), then that is fine. If you have external users they will obviously have a hard time reaching the console proxy or secondary storage vm if it's in private ip space. > Or is it something different like the network the management server uses > to talk to the KVM hosts? > > > Essentially how it's setup now it > > VLAN 2 - Management Server, KVM Hosts, and MySQL > VLAN 3 - NFS Servers and Clients > > VLAN 16 through 128 - Each Departments VLAN > > The hardware gateway sits on all of these VLAN's and provides DHCP and > internet routing. > You could make VLAN16-128 available as individual shared networks, I don't recall if you're able to assign them to projects or not, but that should be easy to find out. -- Erik
