You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Lukáš Mrtvý <lu...@gmail.com> on 2022/12/31 09:36:37 UTC
Multiple public networks per zone ?
Is possible to create multiple public networks per zone ? ( traffic type:
Public )
I would like to put systemvms to this network to save two "Public" IPv4,
these arent cheap these days. The use case would be to deploy systemvms
to RFC1918 external network and use reverse proxy to access cloudstack
webui and systemvms from the internet via this reverse proxy. Other one
public network would be an actual WAN. ( NAT isnt solution for me )
Thanks
BR,
LM
Re: Multiple public networks per zone ?
Posted by Lukáš Mrtvý <lu...@gmail.com>.
Hello,
út 3. 1. 2023 v 14:17 odesílatel Alex Mattioli <Al...@shapeblue.com>
napsal:
> Hi Lukáš,
> Definite possible.
> You can just add a new "public" IP range to your zone and select the
> option "Set Reservation" and then "SystemVM". You then need to destroy your
> SystemVMs, they will be recreated with those IPs.
> Cheers,
> Alex
>
>
>
>
>
> -----Original Message-----
> From: Lukáš Mrtvý <lu...@gmail.com>
> Sent: 31 December 2022 10:37
> To: users@cloudstack.apache.org
> Subject: Multiple public networks per zone ?
>
> Is possible to create multiple public networks per zone ? ( traffic type:
> Public )
> I would like to put systemvms to this network to save two "Public" IPv4,
> these arent cheap these days. The use case would be to deploy systemvms to
> RFC1918 external network and use reverse proxy to access cloudstack webui
> and systemvms from the internet via this reverse proxy. Other one public
> network would be an actual WAN. ( NAT isnt solution for me ) Thanks BR, LM
>
--
S pozdravem
Lukáš Mrtvý
Re: Multiple public networks per zone ?
Posted by Lukáš Mrtvý <lu...@gmail.com>.
Unfortunately, I can not add two physical networks ( wan and lan ) to
single bridge ( cloudbr0 ) and yes, there is also a physical network for
the management network. BPDU Guard would disable the ethernet port on my
bare metal server to prevent a bridge loop.
Is even reverse proxy supported for Console and Storage SystemVMs ? Seems
it's totally unsupported use case. I didnt find how to set proto scheme for
SSL offloading and some base URL. Thanks
st 4. 1. 2023 v 19:39 odesílatel Alex Mattioli <Al...@shapeblue.com>
napsal:
> +1 to what Wei said.
>
> Can't you use that 2 IP subnet and then check which IP the Console Proxy
> uses? Or do you need to know beforehand?
>
>
>
>
> -----Original Message-----
> From: Lukáš Mrtvý <lu...@gmail.com>
> Sent: 04 January 2023 17:44
> To: users@cloudstack.apache.org
> Subject: Re: Multiple public networks per zone ?
>
> Seems its not possible to set static ip for system vms, reverse proxy
> needs to know ip of console and storage vm, of course I can use for example
> subnet of two ips 192.168.0.0/31, but still its 50:50. Ideas? Thanks
>
> st 4. 1. 2023 v 13:59 odesílatel Wei ZHOU <us...@gmail.com> napsal:
>
> > The requirement is clear now.
> >
> > I think it is possible. All these Ips can be RFC1918 Ipv4 addresses.
> > for example,
> > (1) use 192.168.0.0/24 as management Ip range.
> > (2) add 192.168.1.0/24 as a public ip range reserved for system vms.
> > system
> > vms will have public IPs in this range.
> > (3) add a real public ipv4 address for other purposes (router, lb,port
> > forwarding, etc).
> > (4) configure a reverse proxy for management server IP (in range 1)
> > and system vms (public IPs in range 2), it should be able to connect
> > to both IP ranges/VLANs.
> > You can use the same physical interface for management and public
> > traffic but with different VLANs.
> >
> > -Wei
> >
> > On Wed, 4 Jan 2023 at 12:10, Lukáš Mrtvý <lu...@gmail.com> wrote:
> >
> > > Maybe the correct question would be how to save IPv4 addresses ( non
> > > RFC1918 ) ? I have only a few available of them and allocating two
> > > of
> > them
> > > to systemVMs is quite "expensive" for me.
> > > As far as I know, this is minimal set of IPs needed.
> > > - UI ( Technically it sits on the management network, but I want to
> > > have API available from the internet )
> > > - Console
> > > - Storage
> > > - Router
> > > - LB/Instance
> > >
> > > Would be much better to use some reverse proxy for UI / Console /
> > > Storage as these are not directly related to my workloads. ( Maybe
> > > its not even doable, I dont know.. ) Thanks
> > >
> > > út 3. 1. 2023 v 17:29 odesílatel Wei ZHOU <us...@gmail.com>
> > napsal:
> > >
> > > > I have experience with multiple guest physical networks, not
> > > > public networks.
> > > >
> > > > New physical network can be added via api (or cloudmonkey)
> > > >
> > > > 1. createPhysicalNetwork
> > > > 2. updatePhysicalNetwork to Enabled 3. addTrafficType to the
> > > > physical network with network label like
> > > cloudbr0.
> > > >
> > > > Please refer to cloudstack api
> > > > https://cloudstack.apache.org/api/apidocs-4.17/
> > > >
> > > > For guest physical networks, tags are must. Not sure if public
> > > > physical networks work without tag.
> > > >
> > > > -Wei
> > > >
> > > > On Tuesday, 3 January 2023, Lukáš Mrtvý <lu...@gmail.com>
> wrote:
> > > >
> > > > > Yes, another physical network.
> > > > > I tried to bridge eth0 and eth2 ( both are flat networks, not
> > > > > VLANs),
> > > but
> > > > > got blocked by the telco provider in the datacenter, as eth2 is
> > > > > a
> > > > physical
> > > > > network connected to the internet.
> > > > > Can You elaborate on how is possible ( without NATting ) to have
> > > > > two physical networks as "Public" networks? Of course, I want to
> > > > > deploy SystemVMs to eth0. Thanks
> > > > >
> > > > > út 3. 1. 2023 v 16:42 odesílatel Alex Mattioli <
> > > > > Alex.Mattioli@shapeblue.com>
> > > > > napsal:
> > > > >
> > > > > > You mean another physical network completely? That's also
> > > > > > possible,
> > > > but a
> > > > > > bit more complex.
> > > > > > In your case, can't you just use another VLAN in the same
> > > > > > physical
> > > > > network?
> > > > > >
> > > > > > Cheers,
> > > > > > Alex
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: Lukáš Mrtvý <lu...@gmail.com>
> > > > > > Sent: 03 January 2023 15:43
> > > > > > To: users@cloudstack.apache.org
> > > > > > Subject: Re: Multiple public networks per zone ?
> > > > > >
> > > > > > Hello,
> > > > > > I am talking about using another "cable" as another public
> > > > > > network
> > to
> > > > > > deploy system VMs to.
> > > > > >
> > > > > > For example this
> > > > > >
> > > > > > https://mermaid.live/view#pako:eNptkDFvAjEMhf-
> > > > > K5alInNoy3toulcpStiqLuRgu4uKcgiOEgP9e56Corbo9P33W8_MJu-QZW9xmGnt
> > > > > 4_ 3ACkFNRztA0zTmS0JYji4KwHlLenYG1f_6DjWU9hO4X8lSRIEaY-_B2E7N_
> > > > > cHiEA8m0tPi5VNFbSLX3ZX098mVIxa-Uul214R4G98smtYAqWTzOMXKOFLz1P
> > > > > FXTofZWymFr0vOGyqAOnVwMpaJpdZQOW82F51hGT8qvgSw8fpsjyWdKNm5o2
> > > > > NvMPmjKy-srp49evgCD7nXA
> > > > > >
> > > > > > - public network ( RFC1918 ) is reachable via router or other
> > > devices (
> > > > > > haproxy, vpn ) on this network, for example haproxy doing
> > > > > > reverse
> > > proxy
> > > > > for
> > > > > > cloudstack ui
> > > > > > - management network ( RFC1918 ) is available only for certain
> > peope
> > > > via
> > > > > > conditional routing
> > > > > > - public network / wan ( IPv4 pool ) is directly connected to
> > > > > > the
> > > > > internet
> > > > > >
> > > > > > út 3. 1. 2023 v 14:17 odesílatel Alex Mattioli <
> > > > > > Alex.Mattioli@shapeblue.com>
> > > > > > napsal:
> > > > > >
> > > > > > > Hi Lukáš,
> > > > > > > Definite possible.
> > > > > > > You can just add a new "public" IP range to your zone and
> > > > > > > select
> > > the
> > > > > > > option "Set Reservation" and then "SystemVM". You then need
> > > > > > > to
> > > > destroy
> > > > > > > your SystemVMs, they will be recreated with those IPs.
> > > > > > > Cheers,
> > > > > > > Alex
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Lukáš Mrtvý <lu...@gmail.com>
> > > > > > > Sent: 31 December 2022 10:37
> > > > > > > To: users@cloudstack.apache.org
> > > > > > > Subject: Multiple public networks per zone ?
> > > > > > >
> > > > > > > Is possible to create multiple public networks per zone ? (
> > > traffic
> > > > > > type:
> > > > > > > Public )
> > > > > > > I would like to put systemvms to this network to save two
> > "Public"
> > > > > > > IPv4, these arent cheap these days. The use case would be to
> > deploy
> > > > > > > systemvms to
> > > > > > > RFC1918 external network and use reverse proxy to access
> > cloudstack
> > > > > > > webui and systemvms from the internet via this reverse proxy.
> > Other
> > > > > > > one public network would be an actual WAN. ( NAT isnt
> > > > > > > solution
> > for
> > > me
> > > > > > > ) Thanks BR, LM
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > S pozdravem
> > > > > > Lukáš Mrtvý
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > S pozdravem
> > > > > Lukáš Mrtvý
> > > > >
> > > >
> > >
> > >
> > > --
> > > S pozdravem
> > > Lukáš Mrtvý
> > >
> >
>
>
> --
> S pozdravem
> Lukáš Mrtvý
>
--
S pozdravem
Lukáš Mrtvý
RE: Multiple public networks per zone ?
Posted by Alex Mattioli <Al...@shapeblue.com>.
+1 to what Wei said.
Can't you use that 2 IP subnet and then check which IP the Console Proxy uses? Or do you need to know beforehand?
-----Original Message-----
From: Lukáš Mrtvý <lu...@gmail.com>
Sent: 04 January 2023 17:44
To: users@cloudstack.apache.org
Subject: Re: Multiple public networks per zone ?
Seems its not possible to set static ip for system vms, reverse proxy needs to know ip of console and storage vm, of course I can use for example subnet of two ips 192.168.0.0/31, but still its 50:50. Ideas? Thanks
st 4. 1. 2023 v 13:59 odesílatel Wei ZHOU <us...@gmail.com> napsal:
> The requirement is clear now.
>
> I think it is possible. All these Ips can be RFC1918 Ipv4 addresses.
> for example,
> (1) use 192.168.0.0/24 as management Ip range.
> (2) add 192.168.1.0/24 as a public ip range reserved for system vms.
> system
> vms will have public IPs in this range.
> (3) add a real public ipv4 address for other purposes (router, lb,port
> forwarding, etc).
> (4) configure a reverse proxy for management server IP (in range 1)
> and system vms (public IPs in range 2), it should be able to connect
> to both IP ranges/VLANs.
> You can use the same physical interface for management and public
> traffic but with different VLANs.
>
> -Wei
>
> On Wed, 4 Jan 2023 at 12:10, Lukáš Mrtvý <lu...@gmail.com> wrote:
>
> > Maybe the correct question would be how to save IPv4 addresses ( non
> > RFC1918 ) ? I have only a few available of them and allocating two
> > of
> them
> > to systemVMs is quite "expensive" for me.
> > As far as I know, this is minimal set of IPs needed.
> > - UI ( Technically it sits on the management network, but I want to
> > have API available from the internet )
> > - Console
> > - Storage
> > - Router
> > - LB/Instance
> >
> > Would be much better to use some reverse proxy for UI / Console /
> > Storage as these are not directly related to my workloads. ( Maybe
> > its not even doable, I dont know.. ) Thanks
> >
> > út 3. 1. 2023 v 17:29 odesílatel Wei ZHOU <us...@gmail.com>
> napsal:
> >
> > > I have experience with multiple guest physical networks, not
> > > public networks.
> > >
> > > New physical network can be added via api (or cloudmonkey)
> > >
> > > 1. createPhysicalNetwork
> > > 2. updatePhysicalNetwork to Enabled 3. addTrafficType to the
> > > physical network with network label like
> > cloudbr0.
> > >
> > > Please refer to cloudstack api
> > > https://cloudstack.apache.org/api/apidocs-4.17/
> > >
> > > For guest physical networks, tags are must. Not sure if public
> > > physical networks work without tag.
> > >
> > > -Wei
> > >
> > > On Tuesday, 3 January 2023, Lukáš Mrtvý <lu...@gmail.com> wrote:
> > >
> > > > Yes, another physical network.
> > > > I tried to bridge eth0 and eth2 ( both are flat networks, not
> > > > VLANs),
> > but
> > > > got blocked by the telco provider in the datacenter, as eth2 is
> > > > a
> > > physical
> > > > network connected to the internet.
> > > > Can You elaborate on how is possible ( without NATting ) to have
> > > > two physical networks as "Public" networks? Of course, I want to
> > > > deploy SystemVMs to eth0. Thanks
> > > >
> > > > út 3. 1. 2023 v 16:42 odesílatel Alex Mattioli <
> > > > Alex.Mattioli@shapeblue.com>
> > > > napsal:
> > > >
> > > > > You mean another physical network completely? That's also
> > > > > possible,
> > > but a
> > > > > bit more complex.
> > > > > In your case, can't you just use another VLAN in the same
> > > > > physical
> > > > network?
> > > > >
> > > > > Cheers,
> > > > > Alex
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: Lukáš Mrtvý <lu...@gmail.com>
> > > > > Sent: 03 January 2023 15:43
> > > > > To: users@cloudstack.apache.org
> > > > > Subject: Re: Multiple public networks per zone ?
> > > > >
> > > > > Hello,
> > > > > I am talking about using another "cable" as another public
> > > > > network
> to
> > > > > deploy system VMs to.
> > > > >
> > > > > For example this
> > > > >
> > > > > https://mermaid.live/view#pako:eNptkDFvAjEMhf-
> > > > K5alInNoy3toulcpStiqLuRgu4uKcgiOEgP9e56Corbo9P33W8_MJu-QZW9xmGnt
> > > > 4_ 3ACkFNRztA0zTmS0JYji4KwHlLenYG1f_6DjWU9hO4X8lSRIEaY-_B2E7N_
> > > > cHiEA8m0tPi5VNFbSLX3ZX098mVIxa-Uul214R4G98smtYAqWTzOMXKOFLz1P
> > > > FXTofZWymFr0vOGyqAOnVwMpaJpdZQOW82F51hGT8qvgSw8fpsjyWdKNm5o2
> > > > NvMPmjKy-srp49evgCD7nXA
> > > > >
> > > > > - public network ( RFC1918 ) is reachable via router or other
> > devices (
> > > > > haproxy, vpn ) on this network, for example haproxy doing
> > > > > reverse
> > proxy
> > > > for
> > > > > cloudstack ui
> > > > > - management network ( RFC1918 ) is available only for certain
> peope
> > > via
> > > > > conditional routing
> > > > > - public network / wan ( IPv4 pool ) is directly connected to
> > > > > the
> > > > internet
> > > > >
> > > > > út 3. 1. 2023 v 14:17 odesílatel Alex Mattioli <
> > > > > Alex.Mattioli@shapeblue.com>
> > > > > napsal:
> > > > >
> > > > > > Hi Lukáš,
> > > > > > Definite possible.
> > > > > > You can just add a new "public" IP range to your zone and
> > > > > > select
> > the
> > > > > > option "Set Reservation" and then "SystemVM". You then need
> > > > > > to
> > > destroy
> > > > > > your SystemVMs, they will be recreated with those IPs.
> > > > > > Cheers,
> > > > > > Alex
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: Lukáš Mrtvý <lu...@gmail.com>
> > > > > > Sent: 31 December 2022 10:37
> > > > > > To: users@cloudstack.apache.org
> > > > > > Subject: Multiple public networks per zone ?
> > > > > >
> > > > > > Is possible to create multiple public networks per zone ? (
> > traffic
> > > > > type:
> > > > > > Public )
> > > > > > I would like to put systemvms to this network to save two
> "Public"
> > > > > > IPv4, these arent cheap these days. The use case would be to
> deploy
> > > > > > systemvms to
> > > > > > RFC1918 external network and use reverse proxy to access
> cloudstack
> > > > > > webui and systemvms from the internet via this reverse proxy.
> Other
> > > > > > one public network would be an actual WAN. ( NAT isnt
> > > > > > solution
> for
> > me
> > > > > > ) Thanks BR, LM
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > S pozdravem
> > > > > Lukáš Mrtvý
> > > > >
> > > >
> > > >
> > > > --
> > > > S pozdravem
> > > > Lukáš Mrtvý
> > > >
> > >
> >
> >
> > --
> > S pozdravem
> > Lukáš Mrtvý
> >
>
--
S pozdravem
Lukáš Mrtvý
Re: Multiple public networks per zone ?
Posted by Lukáš Mrtvý <lu...@gmail.com>.
Seems its not possible to set static ip for system vms, reverse proxy needs
to know ip of console and storage vm, of course I can use for example
subnet of two ips 192.168.0.0/31, but still its 50:50. Ideas? Thanks
st 4. 1. 2023 v 13:59 odesílatel Wei ZHOU <us...@gmail.com> napsal:
> The requirement is clear now.
>
> I think it is possible. All these Ips can be RFC1918 Ipv4 addresses.
> for example,
> (1) use 192.168.0.0/24 as management Ip range.
> (2) add 192.168.1.0/24 as a public ip range reserved for system vms.
> system
> vms will have public IPs in this range.
> (3) add a real public ipv4 address for other purposes (router, lb,port
> forwarding, etc).
> (4) configure a reverse proxy for management server IP (in range 1) and
> system vms (public IPs in range 2), it should be able to connect to both IP
> ranges/VLANs.
> You can use the same physical interface for management and public traffic
> but with different VLANs.
>
> -Wei
>
> On Wed, 4 Jan 2023 at 12:10, Lukáš Mrtvý <lu...@gmail.com> wrote:
>
> > Maybe the correct question would be how to save IPv4 addresses ( non
> > RFC1918 ) ? I have only a few available of them and allocating two of
> them
> > to systemVMs is quite "expensive" for me.
> > As far as I know, this is minimal set of IPs needed.
> > - UI ( Technically it sits on the management network, but I want to have
> > API available from the internet )
> > - Console
> > - Storage
> > - Router
> > - LB/Instance
> >
> > Would be much better to use some reverse proxy for UI / Console / Storage
> > as these are not directly related to my workloads. ( Maybe its not even
> > doable, I dont know.. )
> > Thanks
> >
> > út 3. 1. 2023 v 17:29 odesílatel Wei ZHOU <us...@gmail.com>
> napsal:
> >
> > > I have experience with multiple guest physical networks, not public
> > > networks.
> > >
> > > New physical network can be added via api (or cloudmonkey)
> > >
> > > 1. createPhysicalNetwork
> > > 2. updatePhysicalNetwork to Enabled
> > > 3. addTrafficType to the physical network with network label like
> > cloudbr0.
> > >
> > > Please refer to cloudstack api
> > > https://cloudstack.apache.org/api/apidocs-4.17/
> > >
> > > For guest physical networks, tags are must. Not sure if public physical
> > > networks work without tag.
> > >
> > > -Wei
> > >
> > > On Tuesday, 3 January 2023, Lukáš Mrtvý <lu...@gmail.com> wrote:
> > >
> > > > Yes, another physical network.
> > > > I tried to bridge eth0 and eth2 ( both are flat networks, not VLANs),
> > but
> > > > got blocked by the telco provider in the datacenter, as eth2 is a
> > > physical
> > > > network connected to the internet.
> > > > Can You elaborate on how is possible ( without NATting ) to have two
> > > > physical networks as "Public" networks? Of course, I want to deploy
> > > > SystemVMs to eth0. Thanks
> > > >
> > > > út 3. 1. 2023 v 16:42 odesílatel Alex Mattioli <
> > > > Alex.Mattioli@shapeblue.com>
> > > > napsal:
> > > >
> > > > > You mean another physical network completely? That's also possible,
> > > but a
> > > > > bit more complex.
> > > > > In your case, can't you just use another VLAN in the same physical
> > > > network?
> > > > >
> > > > > Cheers,
> > > > > Alex
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: Lukáš Mrtvý <lu...@gmail.com>
> > > > > Sent: 03 January 2023 15:43
> > > > > To: users@cloudstack.apache.org
> > > > > Subject: Re: Multiple public networks per zone ?
> > > > >
> > > > > Hello,
> > > > > I am talking about using another "cable" as another public network
> to
> > > > > deploy system VMs to.
> > > > >
> > > > > For example this
> > > > >
> > > > > https://mermaid.live/view#pako:eNptkDFvAjEMhf-
> > > > K5alInNoy3toulcpStiqLuRgu4uKcgiOEgP9e56Corbo9P33W8_MJu-QZW9xmGnt4_
> > > > 3ACkFNRztA0zTmS0JYji4KwHlLenYG1f_6DjWU9hO4X8lSRIEaY-_B2E7N_
> > > > cHiEA8m0tPi5VNFbSLX3ZX098mVIxa-Uul214R4G98smtYAqWTzOMXKOFLz1P
> > > > FXTofZWymFr0vOGyqAOnVwMpaJpdZQOW82F51hGT8qvgSw8fpsjyWdKNm5o2
> > > > NvMPmjKy-srp49evgCD7nXA
> > > > >
> > > > > - public network ( RFC1918 ) is reachable via router or other
> > devices (
> > > > > haproxy, vpn ) on this network, for example haproxy doing reverse
> > proxy
> > > > for
> > > > > cloudstack ui
> > > > > - management network ( RFC1918 ) is available only for certain
> peope
> > > via
> > > > > conditional routing
> > > > > - public network / wan ( IPv4 pool ) is directly connected to the
> > > > internet
> > > > >
> > > > > út 3. 1. 2023 v 14:17 odesílatel Alex Mattioli <
> > > > > Alex.Mattioli@shapeblue.com>
> > > > > napsal:
> > > > >
> > > > > > Hi Lukáš,
> > > > > > Definite possible.
> > > > > > You can just add a new "public" IP range to your zone and select
> > the
> > > > > > option "Set Reservation" and then "SystemVM". You then need to
> > > destroy
> > > > > > your SystemVMs, they will be recreated with those IPs.
> > > > > > Cheers,
> > > > > > Alex
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: Lukáš Mrtvý <lu...@gmail.com>
> > > > > > Sent: 31 December 2022 10:37
> > > > > > To: users@cloudstack.apache.org
> > > > > > Subject: Multiple public networks per zone ?
> > > > > >
> > > > > > Is possible to create multiple public networks per zone ? (
> > traffic
> > > > > type:
> > > > > > Public )
> > > > > > I would like to put systemvms to this network to save two
> "Public"
> > > > > > IPv4, these arent cheap these days. The use case would be to
> deploy
> > > > > > systemvms to
> > > > > > RFC1918 external network and use reverse proxy to access
> cloudstack
> > > > > > webui and systemvms from the internet via this reverse proxy.
> Other
> > > > > > one public network would be an actual WAN. ( NAT isnt solution
> for
> > me
> > > > > > ) Thanks BR, LM
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > S pozdravem
> > > > > Lukáš Mrtvý
> > > > >
> > > >
> > > >
> > > > --
> > > > S pozdravem
> > > > Lukáš Mrtvý
> > > >
> > >
> >
> >
> > --
> > S pozdravem
> > Lukáš Mrtvý
> >
>
--
S pozdravem
Lukáš Mrtvý
Re: Multiple public networks per zone ?
Posted by Wei ZHOU <us...@gmail.com>.
The requirement is clear now.
I think it is possible. All these Ips can be RFC1918 Ipv4 addresses.
for example,
(1) use 192.168.0.0/24 as management Ip range.
(2) add 192.168.1.0/24 as a public ip range reserved for system vms. system
vms will have public IPs in this range.
(3) add a real public ipv4 address for other purposes (router, lb,port
forwarding, etc).
(4) configure a reverse proxy for management server IP (in range 1) and
system vms (public IPs in range 2), it should be able to connect to both IP
ranges/VLANs.
You can use the same physical interface for management and public traffic
but with different VLANs.
-Wei
On Wed, 4 Jan 2023 at 12:10, Lukáš Mrtvý <lu...@gmail.com> wrote:
> Maybe the correct question would be how to save IPv4 addresses ( non
> RFC1918 ) ? I have only a few available of them and allocating two of them
> to systemVMs is quite "expensive" for me.
> As far as I know, this is minimal set of IPs needed.
> - UI ( Technically it sits on the management network, but I want to have
> API available from the internet )
> - Console
> - Storage
> - Router
> - LB/Instance
>
> Would be much better to use some reverse proxy for UI / Console / Storage
> as these are not directly related to my workloads. ( Maybe its not even
> doable, I dont know.. )
> Thanks
>
> út 3. 1. 2023 v 17:29 odesílatel Wei ZHOU <us...@gmail.com> napsal:
>
> > I have experience with multiple guest physical networks, not public
> > networks.
> >
> > New physical network can be added via api (or cloudmonkey)
> >
> > 1. createPhysicalNetwork
> > 2. updatePhysicalNetwork to Enabled
> > 3. addTrafficType to the physical network with network label like
> cloudbr0.
> >
> > Please refer to cloudstack api
> > https://cloudstack.apache.org/api/apidocs-4.17/
> >
> > For guest physical networks, tags are must. Not sure if public physical
> > networks work without tag.
> >
> > -Wei
> >
> > On Tuesday, 3 January 2023, Lukáš Mrtvý <lu...@gmail.com> wrote:
> >
> > > Yes, another physical network.
> > > I tried to bridge eth0 and eth2 ( both are flat networks, not VLANs),
> but
> > > got blocked by the telco provider in the datacenter, as eth2 is a
> > physical
> > > network connected to the internet.
> > > Can You elaborate on how is possible ( without NATting ) to have two
> > > physical networks as "Public" networks? Of course, I want to deploy
> > > SystemVMs to eth0. Thanks
> > >
> > > út 3. 1. 2023 v 16:42 odesílatel Alex Mattioli <
> > > Alex.Mattioli@shapeblue.com>
> > > napsal:
> > >
> > > > You mean another physical network completely? That's also possible,
> > but a
> > > > bit more complex.
> > > > In your case, can't you just use another VLAN in the same physical
> > > network?
> > > >
> > > > Cheers,
> > > > Alex
> > > >
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Lukáš Mrtvý <lu...@gmail.com>
> > > > Sent: 03 January 2023 15:43
> > > > To: users@cloudstack.apache.org
> > > > Subject: Re: Multiple public networks per zone ?
> > > >
> > > > Hello,
> > > > I am talking about using another "cable" as another public network to
> > > > deploy system VMs to.
> > > >
> > > > For example this
> > > >
> > > > https://mermaid.live/view#pako:eNptkDFvAjEMhf-
> > > K5alInNoy3toulcpStiqLuRgu4uKcgiOEgP9e56Corbo9P33W8_MJu-QZW9xmGnt4_
> > > 3ACkFNRztA0zTmS0JYji4KwHlLenYG1f_6DjWU9hO4X8lSRIEaY-_B2E7N_
> > > cHiEA8m0tPi5VNFbSLX3ZX098mVIxa-Uul214R4G98smtYAqWTzOMXKOFLz1P
> > > FXTofZWymFr0vOGyqAOnVwMpaJpdZQOW82F51hGT8qvgSw8fpsjyWdKNm5o2
> > > NvMPmjKy-srp49evgCD7nXA
> > > >
> > > > - public network ( RFC1918 ) is reachable via router or other
> devices (
> > > > haproxy, vpn ) on this network, for example haproxy doing reverse
> proxy
> > > for
> > > > cloudstack ui
> > > > - management network ( RFC1918 ) is available only for certain peope
> > via
> > > > conditional routing
> > > > - public network / wan ( IPv4 pool ) is directly connected to the
> > > internet
> > > >
> > > > út 3. 1. 2023 v 14:17 odesílatel Alex Mattioli <
> > > > Alex.Mattioli@shapeblue.com>
> > > > napsal:
> > > >
> > > > > Hi Lukáš,
> > > > > Definite possible.
> > > > > You can just add a new "public" IP range to your zone and select
> the
> > > > > option "Set Reservation" and then "SystemVM". You then need to
> > destroy
> > > > > your SystemVMs, they will be recreated with those IPs.
> > > > > Cheers,
> > > > > Alex
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: Lukáš Mrtvý <lu...@gmail.com>
> > > > > Sent: 31 December 2022 10:37
> > > > > To: users@cloudstack.apache.org
> > > > > Subject: Multiple public networks per zone ?
> > > > >
> > > > > Is possible to create multiple public networks per zone ? (
> traffic
> > > > type:
> > > > > Public )
> > > > > I would like to put systemvms to this network to save two "Public"
> > > > > IPv4, these arent cheap these days. The use case would be to deploy
> > > > > systemvms to
> > > > > RFC1918 external network and use reverse proxy to access cloudstack
> > > > > webui and systemvms from the internet via this reverse proxy. Other
> > > > > one public network would be an actual WAN. ( NAT isnt solution for
> me
> > > > > ) Thanks BR, LM
> > > > >
> > > >
> > > >
> > > > --
> > > > S pozdravem
> > > > Lukáš Mrtvý
> > > >
> > >
> > >
> > > --
> > > S pozdravem
> > > Lukáš Mrtvý
> > >
> >
>
>
> --
> S pozdravem
> Lukáš Mrtvý
>
Re: Multiple public networks per zone ?
Posted by Lukáš Mrtvý <lu...@gmail.com>.
Maybe the correct question would be how to save IPv4 addresses ( non
RFC1918 ) ? I have only a few available of them and allocating two of them
to systemVMs is quite "expensive" for me.
As far as I know, this is minimal set of IPs needed.
- UI ( Technically it sits on the management network, but I want to have
API available from the internet )
- Console
- Storage
- Router
- LB/Instance
Would be much better to use some reverse proxy for UI / Console / Storage
as these are not directly related to my workloads. ( Maybe its not even
doable, I dont know.. )
Thanks
út 3. 1. 2023 v 17:29 odesílatel Wei ZHOU <us...@gmail.com> napsal:
> I have experience with multiple guest physical networks, not public
> networks.
>
> New physical network can be added via api (or cloudmonkey)
>
> 1. createPhysicalNetwork
> 2. updatePhysicalNetwork to Enabled
> 3. addTrafficType to the physical network with network label like cloudbr0.
>
> Please refer to cloudstack api
> https://cloudstack.apache.org/api/apidocs-4.17/
>
> For guest physical networks, tags are must. Not sure if public physical
> networks work without tag.
>
> -Wei
>
> On Tuesday, 3 January 2023, Lukáš Mrtvý <lu...@gmail.com> wrote:
>
> > Yes, another physical network.
> > I tried to bridge eth0 and eth2 ( both are flat networks, not VLANs), but
> > got blocked by the telco provider in the datacenter, as eth2 is a
> physical
> > network connected to the internet.
> > Can You elaborate on how is possible ( without NATting ) to have two
> > physical networks as "Public" networks? Of course, I want to deploy
> > SystemVMs to eth0. Thanks
> >
> > út 3. 1. 2023 v 16:42 odesílatel Alex Mattioli <
> > Alex.Mattioli@shapeblue.com>
> > napsal:
> >
> > > You mean another physical network completely? That's also possible,
> but a
> > > bit more complex.
> > > In your case, can't you just use another VLAN in the same physical
> > network?
> > >
> > > Cheers,
> > > Alex
> > >
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Lukáš Mrtvý <lu...@gmail.com>
> > > Sent: 03 January 2023 15:43
> > > To: users@cloudstack.apache.org
> > > Subject: Re: Multiple public networks per zone ?
> > >
> > > Hello,
> > > I am talking about using another "cable" as another public network to
> > > deploy system VMs to.
> > >
> > > For example this
> > >
> > > https://mermaid.live/view#pako:eNptkDFvAjEMhf-
> > K5alInNoy3toulcpStiqLuRgu4uKcgiOEgP9e56Corbo9P33W8_MJu-QZW9xmGnt4_
> > 3ACkFNRztA0zTmS0JYji4KwHlLenYG1f_6DjWU9hO4X8lSRIEaY-_B2E7N_
> > cHiEA8m0tPi5VNFbSLX3ZX098mVIxa-Uul214R4G98smtYAqWTzOMXKOFLz1P
> > FXTofZWymFr0vOGyqAOnVwMpaJpdZQOW82F51hGT8qvgSw8fpsjyWdKNm5o2
> > NvMPmjKy-srp49evgCD7nXA
> > >
> > > - public network ( RFC1918 ) is reachable via router or other devices (
> > > haproxy, vpn ) on this network, for example haproxy doing reverse proxy
> > for
> > > cloudstack ui
> > > - management network ( RFC1918 ) is available only for certain peope
> via
> > > conditional routing
> > > - public network / wan ( IPv4 pool ) is directly connected to the
> > internet
> > >
> > > út 3. 1. 2023 v 14:17 odesílatel Alex Mattioli <
> > > Alex.Mattioli@shapeblue.com>
> > > napsal:
> > >
> > > > Hi Lukáš,
> > > > Definite possible.
> > > > You can just add a new "public" IP range to your zone and select the
> > > > option "Set Reservation" and then "SystemVM". You then need to
> destroy
> > > > your SystemVMs, they will be recreated with those IPs.
> > > > Cheers,
> > > > Alex
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Lukáš Mrtvý <lu...@gmail.com>
> > > > Sent: 31 December 2022 10:37
> > > > To: users@cloudstack.apache.org
> > > > Subject: Multiple public networks per zone ?
> > > >
> > > > Is possible to create multiple public networks per zone ? ( traffic
> > > type:
> > > > Public )
> > > > I would like to put systemvms to this network to save two "Public"
> > > > IPv4, these arent cheap these days. The use case would be to deploy
> > > > systemvms to
> > > > RFC1918 external network and use reverse proxy to access cloudstack
> > > > webui and systemvms from the internet via this reverse proxy. Other
> > > > one public network would be an actual WAN. ( NAT isnt solution for me
> > > > ) Thanks BR, LM
> > > >
> > >
> > >
> > > --
> > > S pozdravem
> > > Lukáš Mrtvý
> > >
> >
> >
> > --
> > S pozdravem
> > Lukáš Mrtvý
> >
>
--
S pozdravem
Lukáš Mrtvý
Re: Multiple public networks per zone ?
Posted by Wei ZHOU <us...@gmail.com>.
I have experience with multiple guest physical networks, not public
networks.
New physical network can be added via api (or cloudmonkey)
1. createPhysicalNetwork
2. updatePhysicalNetwork to Enabled
3. addTrafficType to the physical network with network label like cloudbr0.
Please refer to cloudstack api
https://cloudstack.apache.org/api/apidocs-4.17/
For guest physical networks, tags are must. Not sure if public physical
networks work without tag.
-Wei
On Tuesday, 3 January 2023, Lukáš Mrtvý <lu...@gmail.com> wrote:
> Yes, another physical network.
> I tried to bridge eth0 and eth2 ( both are flat networks, not VLANs), but
> got blocked by the telco provider in the datacenter, as eth2 is a physical
> network connected to the internet.
> Can You elaborate on how is possible ( without NATting ) to have two
> physical networks as "Public" networks? Of course, I want to deploy
> SystemVMs to eth0. Thanks
>
> út 3. 1. 2023 v 16:42 odesílatel Alex Mattioli <
> Alex.Mattioli@shapeblue.com>
> napsal:
>
> > You mean another physical network completely? That's also possible, but a
> > bit more complex.
> > In your case, can't you just use another VLAN in the same physical
> network?
> >
> > Cheers,
> > Alex
> >
> >
> >
> >
> > -----Original Message-----
> > From: Lukáš Mrtvý <lu...@gmail.com>
> > Sent: 03 January 2023 15:43
> > To: users@cloudstack.apache.org
> > Subject: Re: Multiple public networks per zone ?
> >
> > Hello,
> > I am talking about using another "cable" as another public network to
> > deploy system VMs to.
> >
> > For example this
> >
> > https://mermaid.live/view#pako:eNptkDFvAjEMhf-
> K5alInNoy3toulcpStiqLuRgu4uKcgiOEgP9e56Corbo9P33W8_MJu-QZW9xmGnt4_
> 3ACkFNRztA0zTmS0JYji4KwHlLenYG1f_6DjWU9hO4X8lSRIEaY-_B2E7N_
> cHiEA8m0tPi5VNFbSLX3ZX098mVIxa-Uul214R4G98smtYAqWTzOMXKOFLz1P
> FXTofZWymFr0vOGyqAOnVwMpaJpdZQOW82F51hGT8qvgSw8fpsjyWdKNm5o2
> NvMPmjKy-srp49evgCD7nXA
> >
> > - public network ( RFC1918 ) is reachable via router or other devices (
> > haproxy, vpn ) on this network, for example haproxy doing reverse proxy
> for
> > cloudstack ui
> > - management network ( RFC1918 ) is available only for certain peope via
> > conditional routing
> > - public network / wan ( IPv4 pool ) is directly connected to the
> internet
> >
> > út 3. 1. 2023 v 14:17 odesílatel Alex Mattioli <
> > Alex.Mattioli@shapeblue.com>
> > napsal:
> >
> > > Hi Lukáš,
> > > Definite possible.
> > > You can just add a new "public" IP range to your zone and select the
> > > option "Set Reservation" and then "SystemVM". You then need to destroy
> > > your SystemVMs, they will be recreated with those IPs.
> > > Cheers,
> > > Alex
> > >
> > >
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Lukáš Mrtvý <lu...@gmail.com>
> > > Sent: 31 December 2022 10:37
> > > To: users@cloudstack.apache.org
> > > Subject: Multiple public networks per zone ?
> > >
> > > Is possible to create multiple public networks per zone ? ( traffic
> > type:
> > > Public )
> > > I would like to put systemvms to this network to save two "Public"
> > > IPv4, these arent cheap these days. The use case would be to deploy
> > > systemvms to
> > > RFC1918 external network and use reverse proxy to access cloudstack
> > > webui and systemvms from the internet via this reverse proxy. Other
> > > one public network would be an actual WAN. ( NAT isnt solution for me
> > > ) Thanks BR, LM
> > >
> >
> >
> > --
> > S pozdravem
> > Lukáš Mrtvý
> >
>
>
> --
> S pozdravem
> Lukáš Mrtvý
>
Re: Multiple public networks per zone ?
Posted by Lukáš Mrtvý <lu...@gmail.com>.
Yes, another physical network.
I tried to bridge eth0 and eth2 ( both are flat networks, not VLANs), but
got blocked by the telco provider in the datacenter, as eth2 is a physical
network connected to the internet.
Can You elaborate on how is possible ( without NATting ) to have two
physical networks as "Public" networks? Of course, I want to deploy
SystemVMs to eth0. Thanks
út 3. 1. 2023 v 16:42 odesílatel Alex Mattioli <Al...@shapeblue.com>
napsal:
> You mean another physical network completely? That's also possible, but a
> bit more complex.
> In your case, can't you just use another VLAN in the same physical network?
>
> Cheers,
> Alex
>
>
>
>
> -----Original Message-----
> From: Lukáš Mrtvý <lu...@gmail.com>
> Sent: 03 January 2023 15:43
> To: users@cloudstack.apache.org
> Subject: Re: Multiple public networks per zone ?
>
> Hello,
> I am talking about using another "cable" as another public network to
> deploy system VMs to.
>
> For example this
>
> https://mermaid.live/view#pako:eNptkDFvAjEMhf-K5alInNoy3toulcpStiqLuRgu4uKcgiOEgP9e56Corbo9P33W8_MJu-QZW9xmGnt4_3ACkFNRztA0zTmS0JYji4KwHlLenYG1f_6DjWU9hO4X8lSRIEaY-_B2E7N_cHiEA8m0tPi5VNFbSLX3ZX098mVIxa-Uul214R4G98smtYAqWTzOMXKOFLz1PFXTofZWymFr0vOGyqAOnVwMpaJpdZQOW82F51hGT8qvgSw8fpsjyWdKNm5o2NvMPmjKy-srp49evgCD7nXA
>
> - public network ( RFC1918 ) is reachable via router or other devices (
> haproxy, vpn ) on this network, for example haproxy doing reverse proxy for
> cloudstack ui
> - management network ( RFC1918 ) is available only for certain peope via
> conditional routing
> - public network / wan ( IPv4 pool ) is directly connected to the internet
>
> út 3. 1. 2023 v 14:17 odesílatel Alex Mattioli <
> Alex.Mattioli@shapeblue.com>
> napsal:
>
> > Hi Lukáš,
> > Definite possible.
> > You can just add a new "public" IP range to your zone and select the
> > option "Set Reservation" and then "SystemVM". You then need to destroy
> > your SystemVMs, they will be recreated with those IPs.
> > Cheers,
> > Alex
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: Lukáš Mrtvý <lu...@gmail.com>
> > Sent: 31 December 2022 10:37
> > To: users@cloudstack.apache.org
> > Subject: Multiple public networks per zone ?
> >
> > Is possible to create multiple public networks per zone ? ( traffic
> type:
> > Public )
> > I would like to put systemvms to this network to save two "Public"
> > IPv4, these arent cheap these days. The use case would be to deploy
> > systemvms to
> > RFC1918 external network and use reverse proxy to access cloudstack
> > webui and systemvms from the internet via this reverse proxy. Other
> > one public network would be an actual WAN. ( NAT isnt solution for me
> > ) Thanks BR, LM
> >
>
>
> --
> S pozdravem
> Lukáš Mrtvý
>
--
S pozdravem
Lukáš Mrtvý
RE: Multiple public networks per zone ?
Posted by Alex Mattioli <Al...@shapeblue.com>.
You mean another physical network completely? That's also possible, but a bit more complex.
In your case, can't you just use another VLAN in the same physical network?
Cheers,
Alex
-----Original Message-----
From: Lukáš Mrtvý <lu...@gmail.com>
Sent: 03 January 2023 15:43
To: users@cloudstack.apache.org
Subject: Re: Multiple public networks per zone ?
Hello,
I am talking about using another "cable" as another public network to deploy system VMs to.
For example this
https://mermaid.live/view#pako:eNptkDFvAjEMhf-K5alInNoy3toulcpStiqLuRgu4uKcgiOEgP9e56Corbo9P33W8_MJu-QZW9xmGnt4_3ACkFNRztA0zTmS0JYji4KwHlLenYG1f_6DjWU9hO4X8lSRIEaY-_B2E7N_cHiEA8m0tPi5VNFbSLX3ZX098mVIxa-Uul214R4G98smtYAqWTzOMXKOFLz1PFXTofZWymFr0vOGyqAOnVwMpaJpdZQOW82F51hGT8qvgSw8fpsjyWdKNm5o2NvMPmjKy-srp49evgCD7nXA
- public network ( RFC1918 ) is reachable via router or other devices ( haproxy, vpn ) on this network, for example haproxy doing reverse proxy for cloudstack ui
- management network ( RFC1918 ) is available only for certain peope via conditional routing
- public network / wan ( IPv4 pool ) is directly connected to the internet
út 3. 1. 2023 v 14:17 odesílatel Alex Mattioli <Al...@shapeblue.com>
napsal:
> Hi Lukáš,
> Definite possible.
> You can just add a new "public" IP range to your zone and select the
> option "Set Reservation" and then "SystemVM". You then need to destroy
> your SystemVMs, they will be recreated with those IPs.
> Cheers,
> Alex
>
>
>
>
>
> -----Original Message-----
> From: Lukáš Mrtvý <lu...@gmail.com>
> Sent: 31 December 2022 10:37
> To: users@cloudstack.apache.org
> Subject: Multiple public networks per zone ?
>
> Is possible to create multiple public networks per zone ? ( traffic type:
> Public )
> I would like to put systemvms to this network to save two "Public"
> IPv4, these arent cheap these days. The use case would be to deploy
> systemvms to
> RFC1918 external network and use reverse proxy to access cloudstack
> webui and systemvms from the internet via this reverse proxy. Other
> one public network would be an actual WAN. ( NAT isnt solution for me
> ) Thanks BR, LM
>
--
S pozdravem
Lukáš Mrtvý
Re: Multiple public networks per zone ?
Posted by Lukáš Mrtvý <lu...@gmail.com>.
Hello,
I am talking about using another "cable" as another public network to
deploy system VMs to.
For example this
https://mermaid.live/view#pako:eNptkDFvAjEMhf-K5alInNoy3toulcpStiqLuRgu4uKcgiOEgP9e56Corbo9P33W8_MJu-QZW9xmGnt4_3ACkFNRztA0zTmS0JYji4KwHlLenYG1f_6DjWU9hO4X8lSRIEaY-_B2E7N_cHiEA8m0tPi5VNFbSLX3ZX098mVIxa-Uul214R4G98smtYAqWTzOMXKOFLz1PFXTofZWymFr0vOGyqAOnVwMpaJpdZQOW82F51hGT8qvgSw8fpsjyWdKNm5o2NvMPmjKy-srp49evgCD7nXA
- public network ( RFC1918 ) is reachable via router or other devices (
haproxy, vpn ) on this network, for example haproxy doing reverse proxy for
cloudstack ui
- management network ( RFC1918 ) is available only for certain peope via
conditional routing
- public network / wan ( IPv4 pool ) is directly connected to the internet
út 3. 1. 2023 v 14:17 odesílatel Alex Mattioli <Al...@shapeblue.com>
napsal:
> Hi Lukáš,
> Definite possible.
> You can just add a new "public" IP range to your zone and select the
> option "Set Reservation" and then "SystemVM". You then need to destroy your
> SystemVMs, they will be recreated with those IPs.
> Cheers,
> Alex
>
>
>
>
>
> -----Original Message-----
> From: Lukáš Mrtvý <lu...@gmail.com>
> Sent: 31 December 2022 10:37
> To: users@cloudstack.apache.org
> Subject: Multiple public networks per zone ?
>
> Is possible to create multiple public networks per zone ? ( traffic type:
> Public )
> I would like to put systemvms to this network to save two "Public" IPv4,
> these arent cheap these days. The use case would be to deploy systemvms to
> RFC1918 external network and use reverse proxy to access cloudstack webui
> and systemvms from the internet via this reverse proxy. Other one public
> network would be an actual WAN. ( NAT isnt solution for me ) Thanks BR, LM
>
--
S pozdravem
Lukáš Mrtvý
RE: Multiple public networks per zone ?
Posted by Alex Mattioli <Al...@shapeblue.com>.
Hi Lukáš,
Definite possible.
You can just add a new "public" IP range to your zone and select the option "Set Reservation" and then "SystemVM". You then need to destroy your SystemVMs, they will be recreated with those IPs.
Cheers,
Alex
-----Original Message-----
From: Lukáš Mrtvý <lu...@gmail.com>
Sent: 31 December 2022 10:37
To: users@cloudstack.apache.org
Subject: Multiple public networks per zone ?
Is possible to create multiple public networks per zone ? ( traffic type:
Public )
I would like to put systemvms to this network to save two "Public" IPv4, these arent cheap these days. The use case would be to deploy systemvms to RFC1918 external network and use reverse proxy to access cloudstack webui and systemvms from the internet via this reverse proxy. Other one public network would be an actual WAN. ( NAT isnt solution for me ) Thanks BR, LM