ccc14 - cloudstack networking · @shapeblue #cloudstack #cccna14 isolate traffic between vms...
TRANSCRIPT
![Page 2: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/2.jpg)
@ShapeBlue #CloudStack #CCCNA14
Cloud Architect with ShapeBlue Worked with CloudStack since 2.2.13 Specialising in deployment of CloudStack
and supporting infrastructure Orange, TomTom, PaddyPower, Ascenty,
BSkyB, SunGard, T‐Mobile I view CloudStack from a ‘What can cloud
consumers practically do with it’ point‐of‐view
About Me
![Page 3: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/3.jpg)
@ShapeBlue #CloudStack #CCCNA14
“ShapeBlue are expert builders of public & private clouds. They are the leading global CloudStack /
CloudPlatform integrator & consultancy”
About ShapeBlue
![Page 4: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/4.jpg)
@ShapeBlue #CloudStack #CCCNA14
![Page 5: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/5.jpg)
@ShapeBlue #CloudStack #CCCNA14
Why NaaS – The Use CasesVPS Cloud
NaaS
![Page 6: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/6.jpg)
@ShapeBlue #CloudStack #CCCNA14
Logical Networking Models Basic Advanced
CloudStack Networking
![Page 7: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/7.jpg)
@ShapeBlue #CloudStack #CCCNA14
AWS Style L3 isolation – Massive Scale Simple Flat Network Each POD has a unique CIDR Optional Guest Isolation via Security Groups Optional NetScaler Integration ‐ Elastic IPs and Elastic LB Optional Nicira NVP Integration
Basic Networking
![Page 8: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/8.jpg)
@ShapeBlue #CloudStack #CCCNA14
Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not Open vSwitch
xe‐switch‐network‐backend bridge Edit sysctl to enable net.bridge.bridge‐nf‐call‐iptables and
net.bridge.bridge‐nf‐call‐arptables Must be implemented before adding to CloudStack
Security Groups
![Page 9: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/9.jpg)
@ShapeBlue #CloudStack #CCCNA14
Security Groups Rules can be mapped to CIDR or another Account/Security Group
![Page 10: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/10.jpg)
@ShapeBlue #CloudStack #CCCNA14
This network model provides the most flexibility in defining guest networks and providing custom network offerings such as firewall, VPN, Load Balancer & VPC functionality.
Guest isolation is provided through layer‐2 means such as VLANs or SDN technologies
Advanced Networking
![Page 11: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/11.jpg)
@ShapeBlue #CloudStack #CCCNA14
Private and Shared Guest Networks Multiple Physical Networks Virtual Router for each Network providing:
DNS & DHCP Firewall Client VPN Load Balancing Source / Static NAT Port Forwarding
Advanced Networking
![Page 12: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/12.jpg)
@ShapeBlue #CloudStack #CCCNA14
Effectively enables the deployment of multiple ‘Basic’ style networks which use Security Groups for isolation of VMs, but with each Network encapsulated within a unique VLAN.
Advanced Networking & Security Groups
![Page 13: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/13.jpg)
@ShapeBlue #CloudStack #CCCNA14
Management Network
Traffic between CloudStack Management Servers and the various cloud components (Hosts, System VMs, Storage*, vCenter etc)
![Page 14: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/14.jpg)
@ShapeBlue #CloudStack #CCCNA14
Guest Network – Basic & Advanced
![Page 15: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/15.jpg)
@ShapeBlue #CloudStack #CCCNA14
Guest Network – Basic Zone EIP / ELB
![Page 16: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/16.jpg)
@ShapeBlue #CloudStack #CCCNA14
Public Network – Basic & Advanced
![Page 17: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/17.jpg)
@ShapeBlue #CloudStack #CCCNA14
Public Network – System VMs
CPVM, SSVM & VRs have a connection to the Public Network*VRs only have public connection in Advanced Network
![Page 18: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/18.jpg)
@ShapeBlue #CloudStack #CCCNA14
Storage Network
![Page 19: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/19.jpg)
@ShapeBlue #CloudStack #CCCNA14
Physical Connectivity
![Page 20: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/20.jpg)
@ShapeBlue #CloudStack #CCCNA14
Basic Zone – Example IP Schema
![Page 21: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/21.jpg)
@ShapeBlue #CloudStack #CCCNA14
Advanced Zone – Example IP Schema
![Page 22: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/22.jpg)
@ShapeBlue #CloudStack #CCCNA14
A Hardware or Virtual Appliance that provide Network Services to CloudStack e.g.
Network Service Providers
Virtual Router VPC Virtual Router Internal LBVM Citrix NetScaler F5 Load Balancer Juniper SRX Firewall Nicira Nvp
Midokura Midonet BigSwitch Vns Cisco VNMC Baremetal DHCP* Baremetal PXE* Palo Alto* Ovs (GRE/VXLAN) *new in 4.3
![Page 23: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/23.jpg)
@ShapeBlue #CloudStack #CCCNA14
Private multi‐tiered Virtual Networks ACLs to control traffic isolation Inter VLAN Routing Site‐2‐Site VPN Private Gateway VPC‐2‐VPC VPN* User VPN*
Virtual Private Clouds (VPC)
*new in 4.3
![Page 24: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/24.jpg)
@ShapeBlue #CloudStack #CCCNA14
VPC Components
Virtual Router – Connects all the VPC Components
Network Tiers – Isolated Networks, each with unique VLAN and CIDR
![Page 25: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/25.jpg)
@ShapeBlue #CloudStack #CCCNA14
VPC Components
Public Gateway
![Page 26: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/26.jpg)
@ShapeBlue #CloudStack #CCCNA14
VPC Components
Site‐2‐Site VPNLinked to Public Gateway
![Page 27: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/27.jpg)
@ShapeBlue #CloudStack #CCCNA14
VPC Components
User VPNLinked to Public Gateway
![Page 28: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/28.jpg)
@ShapeBlue #CloudStack #CCCNA14
VPC Components
VPC‐2‐VPC VPNLinked to Public Gateway
![Page 29: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/29.jpg)
@ShapeBlue #CloudStack #CCCNA14
Private GatewayCreated by Root AdminsConfigured by Users (Static Routes)
VPC Components
![Page 30: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/30.jpg)
@ShapeBlue #CloudStack #CCCNA14
VPC Components
![Page 31: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/31.jpg)
@ShapeBlue #CloudStack #CCCNA14
VPC Components
![Page 32: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/32.jpg)
@ShapeBlue #CloudStack #CCCNA14
VPC Components
![Page 33: CCC14 - CloudStack Networking · @ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not](https://reader036.vdocuments.us/reader036/viewer/2022063009/5fbedd2ee18bd9029f7f2948/html5/thumbnails/33.jpg)
@ShapeBlue #CloudStack #CCCNA14
Communication Ports