Advanced network configuration

[Josh Davis <cl...@outlook.com>]

Hi all,
I've decided to go with the advanced network. I have some questions:
1. Should the HV management interface be on a public IP or is it sufficient to have it on the private management network?2. I have 2 NICs on each HV to be split between Public, Guest & Management traffic (Storage traffic has its own 10GbE switch). Should I split them as:a. 2 NICs connected to a L3 switch with trunked ports for P,G&M VLANs orb. 1 NIC connected to a L3 switch for P&M VLANs and 1 NIC to a L2 switch with only G VLANs3. Is it advisible to mix Dell (Cisco style bulk VLAN trunking) switches with HP switches (HP style tagging each individual VLAN to ports)4. This article suggests a separate switch for the management server farm. Can I place the management server directly on the zone level L3 switch? Same for the secondary storage server. Should the hardware firewall be in front of the management server or in front of the zone level L3 switch?http://servermanagement24x7.com/wp-content/jk27/2013/07/Cloudstack-Networking-in-a-Zone.png5. What VLANs should each machine have access to?
Thanks!Josh 		 	   		  

Re: Advanced network configuration

[cl...@outlook.com]

I forgot to add that I wanted 2 links for storage to have redundancy (separate switches to cut down on points of failure.






On Sun, Feb 28, 2016 at 5:55 AM -0800, <cl...@outlook.com> wrote:







Hi,


I have no idea why my emails don't turn out like they should. They are exactly like what you formatted when I send them out. Really apologise for that. I will try to send them from another device and I apologise in advance if there's still an issue.


I'm using Dell Cloud servers as the HVs so I'm constrained by dual gigabit NICs and dual 10gbe NICs by expansion card. Currently I am planning to use both 10gbe ports as a bonded interface for storage traffic but I'm starting to wonder if it's an overkill. Maybe I'll split them between storage and guest traffic instead. Would it be advisable to trunk them or have dedicated networks?


Also, if all networks are segregated physically what is the point of VLAN tagging?


Thanks!

Josh



From: Nux!

Sent: Sunday, February 28, 21:16

Subject: Re: Advanced network configuration

To: users@cloudstack.apache.org



Here's the readable version, so others waste less time on this.

Mate you really need to learn how to format emails, if you expect any kind of positive response.


======

Hi all,


I've decided to go with the advanced network. I have some questions:


1. Should the HV management interface be on a public IP or is it sufficient to have it on the private management network?

2. I have 2 NICs on each HV to be split between Public, Guest & Management traffic (Storage traffic has its own 10GbE switch).


Should I split them as:

a. 2 NICs connected to a L3 switch with trunked ports for P,G&M VLANs or

b. 1 NIC connected to a L3 switch for P&M VLANs and 1 NIC to a L2 switch with only G VLANs

3. Is it advisible to mix Dell (Cisco style bulk VLAN trunking) switches with HP switches (HP style tagging each individual VLAN to ports)

4. This article suggests a separate switch for the management server farm.


Can I place the management server directly on the zone level L3 switch? Same for the secondary storage server.



Should the hardware firewall be in front of the management server or in front of the zone level L3 switch?

http://servermanagement24x7.com/wp-content/jk27/2013/07/Cloudstack-Networking-in-a-Zone.png5


What VLANs should each machine have access to?


Thanks!


Josh

======


And now some answers:


1. Management can be private, though it might need some sort of NAT for certain things. For example I think the management server probes template/iso URLs when you add them, so it needs to be able to reach them.


2. I would keep management completely separate, if you end up having high traffic (genuine or attacks) on Public or Guest nets, then management server might not be able to reach the HV for status checks in time and think it's down and start to do crazy things. I would add another NIC in the server for this purpose; if it's not possible then mix public and guest on a single NIC - think of the impact on performance.


No reason comes to mind as to why you shouldn't be able to add management and secondary storage zone wide; but I think at this point in time only KVM supports zone-wide sec storage, so depends which HV you are using.


HTH




--

Sent from the Delta quadrant using Borg technology!


Nux!

www.nux.ro


----- Original Message -----

> From: "Josh Davis" <cl...@outlook.com>

> To: users@cloudstack.apache.org

> Sent: Sunday, 28 February, 2016 12:21:50

> Subject: Advanced network configuration


> Hi all,

> I've decided to go with the advanced network. I have some questions:

> 1. Should the HV management interface be on a public IP or is it sufficient to

> have it on the private management network?2. I have 2 NICs on each HV to be

> split between Public, Guest & Management traffic (Storage traffic has its own

> 10GbE switch). Should I split them as:a. 2 NICs connected to a L3 switch with

> trunked ports for P,G&M VLANs orb. 1 NIC connected to a L3 switch for P&M VLANs

> and 1 NIC to a L2 switch with only G VLANs3. Is it advisible to mix Dell (Cisco

> style bulk VLAN trunking) switches with HP switches (HP style tagging each

> individual VLAN to ports)4. This article suggests a separate switch for the

> management server farm. Can I place the management server directly on the zone

> level L3 switch? Same for the secondary storage server. Should the hardware

> firewall be in front of the management server or in front of the zone level L3

> switch?http://servermanagement24x7.com/wp-content/jk27/2013/07/Cloudstack-Networking-in-a-Zone.png5.

> What VLANs should each machine have access to?

> Thanks!Josh

Re: Advanced network configuration

[cl...@outlook.com]

Hi,


I have no idea why my emails don't turn out like they should. They are exactly like what you formatted when I send them out. Really apologise for that. I will try to send them from another device and I apologise in advance if there's still an issue.


I'm using Dell Cloud servers as the HVs so I'm constrained by dual gigabit NICs and dual 10gbe NICs by expansion card. Currently I am planning to use both 10gbe ports as a bonded interface for storage traffic but I'm starting to wonder if it's an overkill. Maybe I'll split them between storage and guest traffic instead. Would it be advisable to trunk them or have dedicated networks?


Also, if all networks are segregated physically what is the point of VLAN tagging?


Thanks!

Josh



From: Nux!

Sent: Sunday, February 28, 21:16

Subject: Re: Advanced network configuration

To: users@cloudstack.apache.org



Here's the readable version, so others waste less time on this. 

Mate you really need to learn how to format emails, if you expect any kind of positive response. 


====== 

Hi all, 


I've decided to go with the advanced network. I have some questions: 


1. Should the HV management interface be on a public IP or is it sufficient to have it on the private management network? 

2. I have 2 NICs on each HV to be split between Public, Guest & Management traffic (Storage traffic has its own 10GbE switch). 


Should I split them as: 

a. 2 NICs connected to a L3 switch with trunked ports for P,G&M VLANs or 

b. 1 NIC connected to a L3 switch for P&M VLANs and 1 NIC to a L2 switch with only G VLANs 

3. Is it advisible to mix Dell (Cisco style bulk VLAN trunking) switches with HP switches (HP style tagging each individual VLAN to ports) 

4. This article suggests a separate switch for the management server farm. 


Can I place the management server directly on the zone level L3 switch? Same for the secondary storage server. 

  

Should the hardware firewall be in front of the management server or in front of the zone level L3 switch? 

http://servermanagement24x7.com/wp-content/jk27/2013/07/Cloudstack-Networking-in-a-Zone.png5 


What VLANs should each machine have access to? 


Thanks! 


Josh 

====== 


And now some answers: 


1. Management can be private, though it might need some sort of NAT for certain things. For example I think the management server probes template/iso URLs when you add them, so it needs to be able to reach them. 


2. I would keep management completely separate, if you end up having high traffic (genuine or attacks) on Public or Guest nets, then management server might not be able to reach the HV for status checks in time and think it's down and start to do crazy things. I would add another NIC in the server for this purpose; if it's not possible then mix public and guest on a single NIC - think of the impact on performance. 


No reason comes to mind as to why you shouldn't be able to add management and secondary storage zone wide; but I think at this point in time only KVM supports zone-wide sec storage, so depends which HV you are using. 


HTH 




-- 

Sent from the Delta quadrant using Borg technology! 


Nux! 

www.nux.ro 


----- Original Message ----- 

> From: "Josh Davis" <cl...@outlook.com> 

> To: users@cloudstack.apache.org 

> Sent: Sunday, 28 February, 2016 12:21:50 

> Subject: Advanced network configuration 


> Hi all, 

> I've decided to go with the advanced network. I have some questions: 

> 1. Should the HV management interface be on a public IP or is it sufficient to 

> have it on the private management network?2. I have 2 NICs on each HV to be 

> split between Public, Guest & Management traffic (Storage traffic has its own 

> 10GbE switch). Should I split them as:a. 2 NICs connected to a L3 switch with 

> trunked ports for P,G&M VLANs orb. 1 NIC connected to a L3 switch for P&M VLANs 

> and 1 NIC to a L2 switch with only G VLANs3. Is it advisible to mix Dell (Cisco 

> style bulk VLAN trunking) switches with HP switches (HP style tagging each 

> individual VLAN to ports)4. This article suggests a separate switch for the 

> management server farm. Can I place the management server directly on the zone 

> level L3 switch? Same for the secondary storage server. Should the hardware 

> firewall be in front of the management server or in front of the zone level L3 

> switch?http://servermanagement24x7.com/wp-content/jk27/2013/07/Cloudstack-Networking-in-a-Zone.png5. 

> What VLANs should each machine have access to? 

> Thanks!Josh 

Re: Advanced network configuration

[Nux! <nu...@li.nux.ro>]

Here's the readable version, so others waste less time on this.
Mate you really need to learn how to format emails, if you expect any kind of positive response.

======
Hi all,

I've decided to go with the advanced network. I have some questions:

1. Should the HV management interface be on a public IP or is it sufficient to have it on the private management network?
2. I have 2 NICs on each HV to be split between Public, Guest & Management traffic (Storage traffic has its own 10GbE switch). 

Should I split them as:
a. 2 NICs connected to a L3 switch with trunked ports for P,G&M VLANs or
b. 1 NIC connected to a L3 switch for P&M VLANs and 1 NIC to a L2 switch with only G VLANs
3. Is it advisible to mix Dell (Cisco style bulk VLAN trunking) switches with HP switches (HP style tagging each individual VLAN to ports)
4. This article suggests a separate switch for the management server farm. 

Can I place the management server directly on the zone level L3 switch? Same for the secondary storage server.
 
Should the hardware firewall be in front of the management server or in front of the zone level L3 switch?
http://servermanagement24x7.com/wp-content/jk27/2013/07/Cloudstack-Networking-in-a-Zone.png5

What VLANs should each machine have access to?

Thanks!

Josh
======

And now some answers:

1. Management can be private, though it might need some sort of NAT for certain things. For example I think the management server probes template/iso URLs when you add them, so it needs to be able to reach them.

2. I would keep management completely separate, if you end up having high traffic (genuine or attacks) on Public or Guest nets, then management server might not be able to reach the HV for status checks in time and think it's down and start to do crazy things. I would add another NIC in the server for this purpose; if it's not possible then mix public and guest on a single NIC - think of the impact on performance.

No reason comes to mind as to why you shouldn't be able to add management and secondary storage zone wide; but I think at this point in time only KVM supports zone-wide sec storage, so depends which HV you are using.

HTH



--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

----- Original Message -----
> From: "Josh Davis" <cl...@outlook.com>
> To: users@cloudstack.apache.org
> Sent: Sunday, 28 February, 2016 12:21:50
> Subject: Advanced network configuration

> Hi all,
> I've decided to go with the advanced network. I have some questions:
> 1. Should the HV management interface be on a public IP or is it sufficient to
> have it on the private management network?2. I have 2 NICs on each HV to be
> split between Public, Guest & Management traffic (Storage traffic has its own
> 10GbE switch). Should I split them as:a. 2 NICs connected to a L3 switch with
> trunked ports for P,G&M VLANs orb. 1 NIC connected to a L3 switch for P&M VLANs
> and 1 NIC to a L2 switch with only G VLANs3. Is it advisible to mix Dell (Cisco
> style bulk VLAN trunking) switches with HP switches (HP style tagging each
> individual VLAN to ports)4. This article suggests a separate switch for the
> management server farm. Can I place the management server directly on the zone
> level L3 switch? Same for the secondary storage server. Should the hardware
> firewall be in front of the management server or in front of the zone level L3
> switch?http://servermanagement24x7.com/wp-content/jk27/2013/07/Cloudstack-Networking-in-a-Zone.png5.
> What VLANs should each machine have access to?
> Thanks!Josh