Transcription
CloudStack NetworkingPaul AngusCloud Architect eBlue
About Me Cloud Architect with ShapeBlueWorked with CloudStack since 2.2.13Specialising in deployment of CloudStackand supporting infrastructureOrange, TomTom, PaddyPower, Ascenty,BSkyB, SunGard, T‐MobileI view CloudStack from a ‘What can cloudconsumers practically do with it’ point‐of‐view@ShapeBlue #CloudStack #CCCNA14
About ShapeBlue“ShapeBlue are expert builders of public & privateclouds. They are the leading global CloudStack /CloudPlatform integrator & consultancy”@ShapeBlue #CloudStack #CCCNA14
@ShapeBlue #CloudStack #CCCNA14
Why NaaS – The Use CasesVPSCloudNaaS@ShapeBlue #CloudStack #CCCNA14
CloudStack Networking Logical Networking Models BasicAdvanced@ShapeBlue #CloudStack #CCCNA14
Basic Networking AWS Style L3 isolation – Massive ScaleSimple Flat NetworkEach POD has a unique CIDROptional Guest Isolation via Security GroupsOptional NetScaler Integration ‐ Elastic IPs and Elastic LBOptional Nicira NVP Integration@ShapeBlue #CloudStack #CCCNA14
Security Groups Isolate traffic between VMsAvailable for both Basic and Advanced NetworkingXenServer must use Linux Bridge and not Open vSwitch xe‐switch‐network‐backend bridgeEdit sysctl to enable net.bridge.bridge‐nf‐call‐iptables andnet.bridge.bridge‐nf‐call‐arptablesMust be implemented before adding to CloudStack@ShapeBlue #CloudStack #CCCNA14
Security Groups Rules can be mapped to CIDR or another Account/Security Group@ShapeBlue #CloudStack #CCCNA14
Advanced Networking This network model provides the most flexibility in definingguest networks and providing custom network offerings such asfirewall, VPN, Load Balancer & VPC functionality. Guest isolation is provided through layer‐2 means such as VLANsor SDN technologies@ShapeBlue #CloudStack #CCCNA14
Advanced Networking Private and Shared Guest NetworksMultiple Physical NetworksVirtual Router for each Network providing: DNS & DHCPFirewallClient VPNLoad BalancingSource / Static NATPort Forwarding@ShapeBlue #CloudStack #CCCNA14
Advanced Networking & Security Groups Effectively enables the deployment of multiple ‘Basic’ stylenetworks which use Security Groups for isolation of VMs, butwith each Network encapsulated within a unique VLAN.@ShapeBlue #CloudStack #CCCNA14
Management NetworkTraffic between CloudStackManagement Servers and thevarious cloud components (Hosts,System VMs, Storage*, vCenter etc)@ShapeBlue #CloudStack #CCCNA14
Guest Network – Basic & Advanced@ShapeBlue #CloudStack #CCCNA14
Guest Network – Basic Zone EIP / ELB@ShapeBlue #CloudStack #CCCNA14
Public Network – Basic & Advanced@ShapeBlue #CloudStack #CCCNA14
Public Network – System VMsCPVM, SSVM & VRs have a connection to the Public Network*VRs only have public connection in Advanced Network@ShapeBlue #CloudStack #CCCNA14
Storage Network@ShapeBlue #CloudStack #CCCNA14
Physical Connectivity@ShapeBlue #CloudStack #CCCNA14
Basic Zone – Example IP Schema@ShapeBlue #CloudStack #CCCNA14
Advanced Zone – Example IP Schema@ShapeBlue #CloudStack #CCCNA14
Network Service Providers A Hardware or Virtual Appliance that provide Network Servicesto CloudStack e.g. Virtual RouterVPC Virtual RouterInternal LBVMCitrix NetScalerF5 Load BalancerJuniper SRX FirewallNicira Nvp Midokura MidonetBigSwitch VnsCisco VNMCBaremetal DHCP*Baremetal PXE*Palo Alto*Ovs (GRE/VXLAN)@ShapeBlue #CloudStack #CCCNA14*new in 4.3
Virtual Private Clouds (VPC) Private multi‐tiered Virtual NetworksACLs to control traffic isolationInter VLAN RoutingSite‐2‐Site VPNPrivate GatewayVPC‐2‐VPC VPN*User VPN**new in 4.3@ShapeBlue #CloudStack #CCCNA14
VPC ComponentsVirtual Router – Connectsall the VPC ComponentsNetwork Tiers – Isolated Networks,each with unique VLAN and CIDR@ShapeBlue #CloudStack #CCCNA14
VPC ComponentsPublic Gateway@ShapeBlue #CloudStack #CCCNA14
VPC ComponentsSite‐2‐Site VPNLinked to Public Gateway@ShapeBlue #CloudStack #CCCNA14
VPC ComponentsUser VPNLinked to Public Gateway@ShapeBlue #CloudStack #CCCNA14
VPC ComponentsVPC‐2‐VPC VPNLinked to Public Gateway@ShapeBlue #CloudStack #CCCNA14
VPC ComponentsPrivate GatewayCreated by Root AdminsConfigured by Users (Static Routes)@ShapeBlue #CloudStack #CCCNA14
VPC Components@ShapeBlue #CloudStack #CCCNA14
VPC Components@ShapeBlue #CloudStack #CCCNA14
VPC Components@ShapeBlue #CloudStack #CCCNA14
Communication Ports@ShapeBlue #CloudStack #CCCNA14
@ShapeBlue #CloudStack #CCCNA14 Isolate traffic between VMs Available for both Basic and Advanced Networking XenServer must use Linux Bridge and not Open vSwitch xe‐switch‐network‐backend bridge Edit sysctlto enable net.bridge.bridge‐nf‐call‐iptablesand net.bridge.bridge‐nf‐call‐arptables Must be implemented before adding to CloudStack
