On 06/08/2018 03:54 PM, Dag Sonstebo wrote:
> Ivan – not sure how you deal with per-network VM bandwidth (or what your use
> case is) so probably worth testing in the lab.
>
Isn't that done by libvirt in the XML? In Basic Zone at least that
works. It is part of the service offering.
> Wido – agree, I don’t see why our current “basic zone” can’t be deprecated in
> the long run for “advanced zone with security groups” since they serve the
> same purpose and the latter gives more flexibility. There may be use cases
> where they don’t behave the same – but personally I’ve not come across any
> issues.
>
I wouldn't know those cases. I'll test and see how it works out. Give me
some time and I'll get back to this topic.
Might even be possible to convert a Basic Zone to a Advanced Zone by
doing some database mutations.
Wido
> Regards,
> Dag Sonstebo
> Cloud Architect
> ShapeBlue
>
> On 08/06/2018, 14:44, "Wido den Hollander" <w...@widodh.nl> wrote:
>
>
>
> On 06/08/2018 03:32 PM, Dag Sonstebo wrote:
> > Hi Ivan,
> >
> > Not quite – “advanced zone with security group” allows you to have
> multiple “basic” type networks isolated within their own VLANs and with
> security groups isolation between VMs / accounts. The VR only does DNS/DHCP,
> not GW/NAT.
> >
>
> Hmm, yes, that was actually what we/I is/are looking for. The main
> reason for Basic Networking is the shared services we offer on a public
> cloud.
>
> A VR dies as soon as there is any flood, so that's why we have our
> physical routers do the work.
>
> I thought that what you mentioned is "DirectAttached" networking.
>
> But that brings me to the question why we still have Basic Networking
> :-) In earlier conversations I had with people I think that on the
> longer run Basic Networking can be dropped/merged in favor of Advanced
> Networking with Security Groups then, right?
>
> Accounts/VMs are deployed Inside the same VLAN and isolation is done by
> Security Groups.
>
> Sounds right, let me dig into that!
>
> Wido
>
> > Regards,
> > Dag Sonstebo
> > Cloud Architect
> > ShapeBlue
> >
> > On 08/06/2018, 14:26, "Ivan Kudryavtsev" <kudryavtsev...@bw-sw.com>
> wrote:
> >
> > Hi, Dag. Not exactly. Advanced zone uses VR as a GW with SNAT/DNAT
> which is
> > not quite good for public cloud in my case. Despite that it really
> solves
> > the problem. But I would like to have it as simple as possible,
> without VR
> > as a GW and xNAT.
> >
> > пт, 8 июн. 2018 г., 15:21 Dag Sonstebo <dag.sonst...@shapeblue.com>:
> >
> > > Wido / Ivan – I’m probably missing something – but is the feature
> you are
> > > looking for not the same functionality we currently have in
> “advanced zones
> > > with security groups”?
> > >
> > > Regards,
> > > Dag Sonstebo
> > > Cloud Architect
> > > ShapeBlue
> > >
> > > On 08/06/2018, 14:14, "Ivan Kudryavtsev"
> <kudryavtsev...@bw-sw.com> wrote:
> > >
> > > Hi Wido, I also very interested in similar deployment,
> especially
> > > combined
> > > with the capability of setting different network bandwidth for
> > > different
> > > networks, like
> > > 10.0.0.0/8 intra dc with 1g bandwidth per vm and white
> ipv4/ipv6 with
> > > regular bandwidth management. But it seem it takes very big
> redesign
> > > of VM
> > > settings and VR redesign is also required.
> > >
> > > When I tried to investigate if it possible with ACS basic
> network,
> > > didn't
> > > succeed with any relevant information.
> > >
> > >
> > > пт, 8 июн. 2018 г., 14:56 Wido den Hollander <w...@widodh.nl>:
> > >
> > > > Hi,
> > > >
> > > > I am looking into supporting multiple Physical Networks
> inside onze
> > > > Basic Networking zone.
> > > >
> > > > First: The reason we use Basic Networking is the simplicity
> and the
> > > fact
> > > > that our (Juniper) routers can do the routing and not the
> VR.
> > > >
> > > > ALL our VMs have external IPv4/IPv6 addresses and we do not
> use NAT
> > > > anywhere.
> > > >
> > > > But right now a Hypervisor has a single VLAN/POD going to it
> > > terminated
> > > > on 'cloudbr0' using vlan://untagged.
> > > >
> > > > But to better utilize our physical hardware it would be
> great it
> > > Basic
> > > > Networking would support multiple physical networks using
> VLAN
> > > separation.
> > > >
> > > > For example:
> > > >
> > > > - PhysicalNetwork1: VLAN 100
> > > > - PhysicalNetwork2: VLAN 101
> > > > - PhysicalNetwork3: VLAN 102
> > > >
> > > > I've been looking into DirectAttached with Advanced
> Networking, but I
> > > > couldn't find any reference to it on how that exactly works.
> > > >
> > > > Right now for our use-case Basic Networking with multiple
> Physical
> > > > Networks would work best for us.
> > > >
> > > > Has anybody looked at this or has any insight of the
> problems we
> > > might
> > > > run in to?
> > > >
> > > > Wido
> > > >
> > >
> > >
> > >
> > > dag.sonst...@shapeblue.com
> > > www.shapeblue.com
> > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > > @shapeblue
> > >
> > >
> > >
> > >
> >
> >
> >
> > dag.sonst...@shapeblue.com
> > www.shapeblue.com
> > 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> > @shapeblue
> >
> >
> >
>
>
>
> dag.sonst...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
>
>
