You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Ron Wheeler <rw...@artifact-software.com> on 2015/09/29 07:03:45 UTC
CloudStack networking documentation
http://docs.cloudstack.apache.org/en/master/concepts.html#what-is-apache-cloudstack
In the opening paragraph of About Physical Networks" it says
"The network corresponds to a NIC on the hypervisor host."
In Basic Zone Network Traffic Types it says that there is only one
physical network in the zone but later on in the middle of discussing
the various traffic types there is a note
"We strongly recommend the use of separate NICs for management traffic
and guest traffic".
There is no reason given for this statement.
No suggestion about what tradeoff is being made if you go with a single
NIC.
Is it performance or security concerns that prompts this?
It might be helpful to describe what is meant by a single physical
network with multiple NICs.
The note itself appears to be out of place since it is in the middle of
some definitions rather that in a discussion block.
It also looks like it applies to Advanced Networks but is missing in
that section.
"CIDR of the pod" is used without any description of what this is and
how it gets setup.
Might be helpful to add a sentence or two about this. It seems important.
"guest virtual router" is another concept that seems important but has
no definition or discussion.
Ron
--
Ron Wheeler
President
Artifact Software Inc
email: rwheeler@artifact-software.com
skype: ronaldmwheeler
phone: 866-970-2435, ext 102
Re: CloudStack networking documentation
Posted by Dag Sonstebo <Da...@shapeblue.com>.
Hi Ron,
In the opening paragraph of About Physical Networks" it says "The
network corresponds to a NIC on the hypervisor host."
>> Yes - a physical network can be associated with a NIC or more typically
>>in production environments - a bonded pair of NICs for resilience.
In Basic Zone Network Traffic Types it says that there is only one
physical network in the zone but later on in the middle of discussing the
various traffic types there is a note "We strongly recommend the use of
separate NICs for management traffic and guest traffic".
There is no reason given for this statement.
>> Have a look at Paul¹s blog post at
>>http://www.shapeblue.com/understanding-cloudstacks-physical-networking-ar
>>chitecture/ which will give you more in depth information.
No suggestion about what tradeoff is being made if you go with a single
NIC.
Is it performance or security concerns that prompts this?
>> Both - while security is covered by the internal networking model many
>>CloudStack users still choose to separate the management traffic from
>>the guest traffic. More importantly though the guest traffic is at the
>>end of the day open for use by the public - and you can get yourself
>>into scenarios where guest traffic floods a physical network which then
>>negatively impacts the management traffic - in other words a customer
>>could in theory take down your CloudStack back end if there is no other
>>network equipment / throttling in place. A similar concept applies when
>>you use IP storage - you generally try to isolate storage traffic to
>>it¹s own network to prevent performance / bandwidth issues for other
>>CloudStack traffic.
"CIDR of the pod" is used without any description of what this is and how
it gets setup.
>> The CIDR is the overlying layer 3 network IP range you configure in
>>CloudStack for guests to use.
"guest virtual router" is another concept that seems important but has no
definition or discussion.
>> In advanced zones each guest network has it¹s own layer 2 network -
>>using either VLANs or another software defined networking isolation
>>models. This in itself does not provide layer 3 routing - which is where
>>the virtual router comes into play. The virtual router is a small VM
>>with multiple interfaces - one linked to the customers private network,
>>one pointing to the public internet and one connected to the management
>>network. This VR provides networking services (DHCP, etc), routing and
>>firewall services to the end user private network. More information at
>>http://docs.cloudstack.apache.org/en/master/administration_guide.html?hig
>>hlight=virtual%20router#virtual-router
Hope this helps, please ask if anything unclear. We will look into getting
the sections you¹ve mentioned updated in the official documentation.
Regards,
Dag Sonstebo
ShapeBlue
On 30/09/2015 17:12, "Giles Sirett" <gi...@shapeblue.com> wrote:
>Paul is travelling this week - I'll ping somebody else to answer Rons
>questions
>
>Regards
>
>Giles
>
>-----Original Message-----
>From: Sebastien Goasguen [mailto:runseb@gmail.com]
>Sent: 30 September 2015 11:34
>To: dev@cloudstack.apache.org; Paul Angus <pa...@shapeblue.com>
>Subject: Re: CloudStack networking documentation
>
>Pinging Paul Angus, who can surely answer these questions.
>We can then edit the docs.
>
>> On Sep 29, 2015, at 7:03 AM, Ron Wheeler
>><rw...@artifact-software.com> wrote:
>>
>> http://docs.cloudstack.apache.org/en/master/concepts.html#what-is-apac
>> he-cloudstack
>>
>> In the opening paragraph of About Physical Networks" it says "The
>> network corresponds to a NIC on the hypervisor host."
>>
>> In Basic Zone Network Traffic Types it says that there is only one
>> physical network in the zone but later on in the middle of discussing
>>the various traffic types there is a note "We strongly recommend the use
>>of separate NICs for management traffic and guest traffic".
>> There is no reason given for this statement.
>> No suggestion about what tradeoff is being made if you go with a single
>>NIC.
>> Is it performance or security concerns that prompts this?
>>
>> It might be helpful to describe what is meant by a single physical
>>network with multiple NICs.
>>
>> The note itself appears to be out of place since it is in the middle of
>>some definitions rather that in a discussion block.
>> It also looks like it applies to Advanced Networks but is missing in
>>that section.
>>
>> "CIDR of the pod" is used without any description of what this is and
>>how it gets setup.
>> Might be helpful to add a sentence or two about this. It seems
>>important.
>>
>> "guest virtual router" is another concept that seems important but has
>>no definition or discussion.
>>
>> Ron
>>
>> --
>> Ron Wheeler
>> President
>> Artifact Software Inc
>> email: rwheeler@artifact-software.com
>> skype: ronaldmwheeler
>> phone: 866-970-2435, ext 102
>>
>
>Find out more about ShapeBlue and our range of CloudStack related services
>
>IaaS Cloud Design &
>Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>CSForge rapid IaaS deployment framework<http://shapeblue.com/csforge/>
>CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>CloudStack Software
>Engineering<http://shapeblue.com/cloudstack-software-engineering/>
>CloudStack Infrastructure
>Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>CloudStack Bootcamp Training
>Courses<http://shapeblue.com/cloudstack-training/>
>
>This email and any attachments to it may be confidential and are intended
>solely for the use of the individual to whom it is addressed. Any views
>or opinions expressed are solely those of the author and do not
>necessarily represent those of Shape Blue Ltd or related companies. If
>you are not the intended recipient of this email, you must neither take
>any action based upon its contents, nor copy or show it to anyone. Please
>contact the sender if you believe you have received this email in error.
>Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue
>Services India LLP is a company incorporated in India and is operated
>under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is
>a company incorporated in Brasil and is operated under license from Shape
>Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of
>South Africa and is traded under license from Shape Blue Ltd. ShapeBlue
>is a registered trademark.
Find out more about ShapeBlue and our range of CloudStack related services
IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//>
CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
CloudStack Software Engineering<http://shapeblue.com/cloudstack-software-engineering/>
CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/>
CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/>
This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
RE: CloudStack networking documentation
Posted by Giles Sirett <gi...@shapeblue.com>.
Paul is travelling this week - I'll ping somebody else to answer Rons questions
Regards
Giles
-----Original Message-----
From: Sebastien Goasguen [mailto:runseb@gmail.com]
Sent: 30 September 2015 11:34
To: dev@cloudstack.apache.org; Paul Angus <pa...@shapeblue.com>
Subject: Re: CloudStack networking documentation
Pinging Paul Angus, who can surely answer these questions.
We can then edit the docs.
> On Sep 29, 2015, at 7:03 AM, Ron Wheeler <rw...@artifact-software.com> wrote:
>
> http://docs.cloudstack.apache.org/en/master/concepts.html#what-is-apac
> he-cloudstack
>
> In the opening paragraph of About Physical Networks" it says "The
> network corresponds to a NIC on the hypervisor host."
>
> In Basic Zone Network Traffic Types it says that there is only one
> physical network in the zone but later on in the middle of discussing the various traffic types there is a note "We strongly recommend the use of separate NICs for management traffic and guest traffic".
> There is no reason given for this statement.
> No suggestion about what tradeoff is being made if you go with a single NIC.
> Is it performance or security concerns that prompts this?
>
> It might be helpful to describe what is meant by a single physical network with multiple NICs.
>
> The note itself appears to be out of place since it is in the middle of some definitions rather that in a discussion block.
> It also looks like it applies to Advanced Networks but is missing in that section.
>
> "CIDR of the pod" is used without any description of what this is and how it gets setup.
> Might be helpful to add a sentence or two about this. It seems important.
>
> "guest virtual router" is another concept that seems important but has no definition or discussion.
>
> Ron
>
> --
> Ron Wheeler
> President
> Artifact Software Inc
> email: rwheeler@artifact-software.com
> skype: ronaldmwheeler
> phone: 866-970-2435, ext 102
>
Find out more about ShapeBlue and our range of CloudStack related services
IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//>
CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
CloudStack Software Engineering<http://shapeblue.com/cloudstack-software-engineering/>
CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/>
CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/>
This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
Re: CloudStack networking documentation
Posted by Sebastien Goasguen <ru...@gmail.com>.
Pinging Paul Angus, who can surely answer these questions.
We can then edit the docs.
> On Sep 29, 2015, at 7:03 AM, Ron Wheeler <rw...@artifact-software.com> wrote:
>
> http://docs.cloudstack.apache.org/en/master/concepts.html#what-is-apache-cloudstack
>
> In the opening paragraph of About Physical Networks" it says
> "The network corresponds to a NIC on the hypervisor host."
>
> In Basic Zone Network Traffic Types it says that there is only one physical network in the zone but later on in the middle of discussing the various traffic types there is a note
> "We strongly recommend the use of separate NICs for management traffic and guest traffic".
> There is no reason given for this statement.
> No suggestion about what tradeoff is being made if you go with a single NIC.
> Is it performance or security concerns that prompts this?
>
> It might be helpful to describe what is meant by a single physical network with multiple NICs.
>
> The note itself appears to be out of place since it is in the middle of some definitions rather that in a discussion block.
> It also looks like it applies to Advanced Networks but is missing in that section.
>
> "CIDR of the pod" is used without any description of what this is and how it gets setup.
> Might be helpful to add a sentence or two about this. It seems important.
>
> "guest virtual router" is another concept that seems important but has no definition or discussion.
>
> Ron
>
> --
> Ron Wheeler
> President
> Artifact Software Inc
> email: rwheeler@artifact-software.com
> skype: ronaldmwheeler
> phone: 866-970-2435, ext 102
>