SSVM Public IP, NAT and L2/L3 connectivity

[Adrian Lewis <ad...@alsiconsulting.co.uk>]

Hi All,



Still in the planning stages of deploying my first CS install and I have a
question about the SSVM and the apparent requirement for a public routable
IP address. From what I can gather, the only interaction that the SSVM has
with the internet is for downloading files from user or admin supplied
URLs. Does this mean that nothing actually makes inbound connections
directly to it from the internet and that it only ever makes outbound
connections? If so, why does it need a public IP?



Would it be possible to simply have a route to the internet via the
management network or to give it an IP from private network pool that has
access to the internet via some other NAT device?



Secondly, I’ve seen some excellent slides from Geoff Higginbottom but I’m
still not quite sure whether the SSVM actually has four vNICs or whether it
simply needs access to four networks via a lesser number of vNICs. Can
anyone clarify how many vNICs each SSVM has and what the routing table
looks like on the VM itself, especially where the management server and
secondary storage server are on subnets accessible via a L3 hop and not
directly attached to either the hypervisor mgmt or SSVM vNICs (and these
subnets aren’t accessible by a default route on the SSVM)?



My main concern is the public IP requirement as I’m finding it very
difficult to get enough public IPs from my DC, especially where there
doesn’t appear to be a reason for it. I can’t simply get a nice big block
of IPv4 like some other CS users may be used to! I’m considering joining
RIPE but this is not especially cheap and doesn’t seem to guarantee that
I’d get an assignment of IPv4 addresses anyway.



Confused,



Adrian

---

Alsi Consulting Ltd

www.alsiconsulting.co.uk

T: 0845 8676586

M: 07961 127738

RE: SSVM Public IP, NAT and L2/L3 connectivity

[Sanjeev Neelarapu <sa...@citrix.com>]

Hi Adrian,

Please find responses inline

-----Original Message-----
From: Adrian Lewis [mailto:adrian@alsiconsulting.co.uk] 
Sent: Friday, October 18, 2013 4:41 PM
To: users@cloudstack.apache.org
Subject: SSVM Public IP, NAT and L2/L3 connectivity

Hi All,



Still in the planning stages of deploying my first CS install and I have a question about the SSVM and the apparent requirement for a public routable IP address. From what I can gather, the only interaction that the SSVM has with the internet is for downloading files from user or admin supplied URLs. Does this mean that nothing actually makes inbound connections directly to it from the internet and that it only ever makes outbound connections? If so, why does it need a public IP?

[Sanjeev]: I could think of one scenario which is copying templates from one zone to another zone where zones are at different geographical locations(i.e. two zones are connected using internet). 


Would it be possible to simply have a route to the internet via the management network or to give it an IP from private network pool that has access to the internet via some other NAT device?

[Sanjeev] As per the cloudstack terminology public ip does not mean that they are real public IPs. They can be private IPs from which internet can be accessed using other NAT device.


Secondly, I've seen some excellent slides from Geoff Higginbottom but I'm still not quite sure whether the SSVM actually has four vNICs or whether it simply needs access to four networks via a lesser number of vNICs. Can anyone clarify how many vNICs each SSVM has and what the routing table looks like on the VM itself, especially where the management server and secondary storage server are on subnets accessible via a L3 hop and not directly attached to either the hypervisor mgmt or SSVM vNICs (and these subnets aren't accessible by a default route on the SSVM)?

[Sanjeev] It is necessary that there should be four vNICs on SSVM , each belonging to only one network. 
Management and Storage servers need not be on the same subnet. They should be accessible via a L3 hop.

My main concern is the public IP requirement as I'm finding it very difficult to get enough public IPs from my DC, especially where there doesn't appear to be a reason for it. I can't simply get a nice big block of IPv4 like some other CS users may be used to! I'm considering joining RIPE but this is not especially cheap and doesn't seem to guarantee that I'd get an assignment of IPv4 addresses anyway.



Confused,



Adrian

---

Alsi Consulting Ltd

www.alsiconsulting.co.uk

T: 0845 8676586

M: 07961 127738