Understanding isolated networks

[Jeremy Hansen <je...@skidrow.la>]

I’m working through my initial setup of Cloudstack. I added a second vm host so I could test live migration. Worked out the vlan kinks and that’s now working great. 

I launched a second guest and noticed it did not allocate a new public IP.  My expectation was that it would allocate another public IP from the range I defined and the second instance would have its own virtual router/firewall/port forwarding, etc, but that doesn’t seem to be the case.  I can configure the firewall on the existing virtual router to port forward to the second instance, but I’d prefer it just allocate another public IP from the range and allow me to configure each instance as a separate entity without port conflicts.  Is this possible?

Thanks
-jeremy

Re: Understanding isolated networks

[Alireza Eskandari <as...@gmail.com>]

You should acquire a new public ip for the isolated network. Then you can
configure firewall, portforwarder or loadbalancer on that ip.
You are not limited to use a single public ip in isolated network.

On Wed, Jun 2, 2021, 13:39 Jeremy Hansen <je...@skidrow.la> wrote:

> I’m working through my initial setup of Cloudstack. I added a second vm
> host so I could test live migration. Worked out the vlan kinks and that’s
> now working great.
>
> I launched a second guest and noticed it did not allocate a new public
> IP.  My expectation was that it would allocate another public IP from the
> range I defined and the second instance would have its own virtual
> router/firewall/port forwarding, etc, but that doesn’t seem to be the
> case.  I can configure the firewall on the existing virtual router to port
> forward to the second instance, but I’d prefer it just allocate another
> public IP from the range and allow me to configure each instance as a
> separate entity without port conflicts.  Is this possible?
>
> Thanks
> -jeremy
>

Re: Understanding isolated networks

[Andrija Panic <an...@gmail.com>]

Isolated network = VR connected to both Public and Guest network (singe
network), plus 1 or more instances behind that VR, in that SINGLE network
VPC = VR (as above) + 1 or MORE networks, with instances in each network

If you want to really assign Public IP to your instances (old school VPS
style hosting) - you would want (as cloud admin) to create a Shared Guest
network on a dedicated VLAN, with a dedicated Public IP range (technically
can be any private/public range, doesn't matter - but you want public) -
and then when DIFFERENT TENANTS/users see this network, they can deploy a
VM in it (so, different tenants are sharing the common network = security
problem...), while there is also a VR for that network that does ONLY
dhcp/dns (userdata/metadata also) - the instances' gateway is some physical
routing device outside of ACS (not the VR <-- which is the case for VMs in
Isolated and VPC networks)

Hope that helps
Andrija

On Wed, 2 Jun 2021 at 11:09, Jeremy Hansen <je...@skidrow.la> wrote:

> I’m working through my initial setup of Cloudstack. I added a second vm
> host so I could test live migration. Worked out the vlan kinks and that’s
> now working great.
>
> I launched a second guest and noticed it did not allocate a new public
> IP.  My expectation was that it would allocate another public IP from the
> range I defined and the second instance would have its own virtual
> router/firewall/port forwarding, etc, but that doesn’t seem to be the
> case.  I can configure the firewall on the existing virtual router to port
> forward to the second instance, but I’d prefer it just allocate another
> public IP from the range and allow me to configure each instance as a
> separate entity without port conflicts.  Is this possible?
>
> Thanks
> -jeremy
>


-- 

Andrija Panić