RE: IPv6 Issue in Cloudstack

2021-04-30 Thread Alex Mattioli 
Hi Hean,

What type of network and hypervisor are you using? Also, which version of ACS?

Regards,
Alex


 


-Original Message-
From: Hean Seng  
Sent: 30 April 2021 08:34
To: users@cloudstack.apache.org
Subject: IPv6 Issue in Cloudstack

Hi

I setup the IPv6 in VM.  Outbound form VM is no issue, can ping all the
Ipv6 ip outside .

But Inboud th IPv6 IP in VM seems all not accessible .

And seem there no Security Group to manange the IPv6 rules . The SG is only for 
IPv4.

and I saw ipv6tables -L , there is a lot of rules there .  Not sure is 
preconfigured by Cloudstack or Default Linux. And I guess that is blocking 
access

Anybody have experience on enabling IPv6 in Cloudstack VM and the Ipv6table 
rules there ?


--
Regards,
Hean Seng

RE: VMware vSS, vDS recommended setups

2021-04-27 Thread Alex Mattioli 
Hi Matt,
Adding from a more practical experience side of things  (I've implemented a 
rather large ACS deployed across 17 datacenters around the world, so had quite 
a bit of experience with that)

Assuming it's VMWare I'd echo what Rohit said and say that you really should go 
with dVS. I'd say that as a minimum you need 4x10Gb NICS (ideally 25Gb 
nowadays, but that depends a lot on the kind of traffic you expect to have).
I'd segregate those in at least two dVSs, one for storage and one for 
everything else. If you have more NICs then you could go for 3 dVSs using the 
3rd to segregate customer traffic from management.  I'd recommend keeping it a 
simple L2 topology and let ESX load-balance the uplinks (the default policy 
works pretty well), you can then decide if you want to use active/backup or 
active/active per portgroup. 

You'll need to choose VLANs for Storage and for Management and let ACS know 
those when creating your Zone, all over VLANs come from your public IP ranges 
and the VLAN range you select for customers, those will automatically created 
by ACS.
In your Storage dVS you'll end up with just a couple port groups and in the 
other you'll have a mgmt. portgroup (where your mgmt. VMKernel interface 
reside) plus one for each public IP range you add to ACS plus one per customer 
network.

One thing to take in consideration is how many virtual ports your switch can 
handle (depends highly on make/model), if you setup 4k VLANs on all ports in a 
48port switch you can easily overload it, so testing the limits of your switch 
is rather important.

Hope this answers your question, if you have any more questions I'll be happy 
to help, I have some diagrams I can share, just need to find them.

Cheers,
Alex

 


-Original Message-
From: Rohit Yadav  
Sent: 27 April 2021 12:25
To: users@cloudstack.apache.org
Subject: Re: VMware vSS, vDS recommended setups

Hi Matt,

Our best practices, networking and use of VMware are documented here:
http://docs.cloudstack.apache.org/en/latest/conceptsandterminology/choosing_deployment_architecture.html#best-practices
http://docs.cloudstack.apache.org/en/latest/conceptsandterminology/network_setup.html
http://docs.cloudstack.apache.org/en/latest/installguide/hypervisor/vsphere.html

In newer environments, I would suggest considering distributed vswitches. All 
other best practices of vSphere/vCenter should in general be followed, as 
CloudStack VMware plugin orchestrates most of things via vCenter (vim apis).

If you're just starting out exploring CloudStack and haven't fixed on storage 
and hypervisor, you may want to consider your requirements and CloudStack 
support: 
http://docs.cloudstack.apache.org/en/latest/conceptsandterminology/choosing_deployment_architecture.html#choosing-a-hypervisor

Regards.

From: Matthew Ritchie 
Sent: Tuesday, April 27, 2021 15:38
To: users@cloudstack.apache.org 
Subject: VMware vSS, vDS recommended setups

Hi all,

Is there a best practices guide regarding the VMware vSS and vDS setup for 
Cloudstack?

Maybe some recommendations based on your experience for the number of physical 
NICs on hosts, VLAN ID settings for the port groups, number of port groups etc.?

I understand that this is a generic question and the answer depends on one's 
plan, but I am thinking that there may exist a minimal recommended setup as a 
baseline.

best,
Matt

PS Maybe it is a good idea to gather some baseline network setups for the 
supported hosts...

rohit.ya...@shapeblue.com
www.shapeblue.com
3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK @shapeblue

RE: VMware VDS Updates on 4.15?

2021-04-27 Thread Alex Mattioli 
Hi Mike,
That doc is really out of date, dVS is supported for all network types now, I 
had it setup for mgmt, storage, public, etc… in my previous job (large ISP) and 
we even migrated from SVS to dVS without any downtime (ACS 4.11). And our lab 
at Shabeblue (4.15) also uses dVS, no issues there. If you run into any issues 
just let me know and I’d be glad to help.

Cheers,
Alex


From: Andrija Panic 
Sent: 26 April 2021 22:55
To: users ; Alex Mattioli 

Subject: Re: VMware VDS Updates on 4.15?

Hi Mike,

I'll ask my colleague @Alex Mattioli to comment - I believe both are achievable 
with some effort.
Best,



 

On Mon, 26 Apr 2021 at 22:31, Corey, Mike 
mailto:mike.co...@sap.com>> wrote:
No - I don't believe anyone responded back with my inquiry.  As I stated in my 
email the latest on a VMware VDS is from version 4.11 and was wondering if 
compatibility/supportability has changed over the recent versions of either 
Apache CloudStack and/or VMware.

Thanks!

Mike



-Original Message-
From: Andrija Panic mailto:andrija.pa...@gmail.com>>
Sent: Monday, April 26, 2021 4:10 PM
To: users mailto:users@cloudstack.apache.org>>
Subject: Re: VMware VDS Updates on 4.15?

Hi Mike,

I believe you got the answers elsewhere, am I right?

Best,

On Wed, 21 Apr 2021 at 21:19, Corey, Mike 
mailto:mike.co...@sap.com>> wrote:

> Hi,
>
>
>
> I’m looking into using VMware Virtual Distributed Switches with my next
> lab build.  Has there been any new developments on using the VDS with
> CloudStack?  The latest info seems to be in the 4.11 notes, snippet below.
> If I’m looking at this correctly, I cannot have my NFS Storage network on
> the VDS…is that still the case with 4.15?
>
>
>
> Prerequisites and Guidelines
>
>- VMware VDS is supported only on Public and Guest traffic in
>CloudStack.
>- VMware VDS does not support multiple VDS per traffic type. If a user
>has many VDS switches, only one can be used for Guest traffic and another
>one for Public traffic.
>- Additional switches of any type can be added for each cluster in the
>same zone. While adding the clusters with different switch type, traffic
>labels is overridden at the cluster level.
>- Management and Storage network does not support VDS. Therefore, use
>Standard Switch for these networks.
>- When you remove a guest network, the corresponding dvportgroup will
>not be removed on the vCenter. You must manually delete them on the 
> vCenter.
>
>
>
> Many thanks!
>
> Mike
>
>
>
>
>
>
>
> *Mike Corey*
>
>
> Technology Senior Consultant, IT CS CTW Operation & Virtualization Service
> US
>
>
> *SAP AMERICA, INC.* 3999 West Chester Pike, Newtown Square, 19073 United
> States
>
>
> T +1 610 661 0905, M +1 484 274 2658, E 
> mike.co...@sap.com<mailto:mike.co...@sap.com>
>
>
>
>
>
>
>


--

Andrija Panić


--

Andrija Panić

RE: Creating Default Firewall Rules

2021-04-15 Thread Alex Mattioli 
As far as I know not, but sounds like a very interesting future feature to me.

Alex

alex.matti...@shapeblue.com 
www.shapeblue.com
3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK
@shapeblue
  
 


-Original Message-
From: anonymousjones666  
Sent: 15 April 2021 17:09
To: users@cloudstack.apache.org
Subject: Creating Default Firewall Rules

Is it possible to create a default firewall rule in all created CS firewalls.

Example:

If we wanted to block port 25 for all customers by default then allow/remove 
the rule for each customer when we permit ?

Sent with [ProtonMail](https://protonmail.com) Secure Email.

RE: Multiple Guest Subnets Default Network

2021-04-15 Thread Alex Mattioli 
Hi,
Unfortunately I can't see the attachments.  Would be good if you could upload 
it somewhere and send  the link :)
Cheers,
Alex

alex.matti...@shapeblue.com 
www.shapeblue.com
3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK
@shapeblue
  
 


-Original Message-
From: anonymousjones666  
Sent: 15 April 2021 12:59
To: users@cloudstack.apache.org
Subject: RE: Multiple Guest Subnets Default Network

Yes you are right. We are using the legacy interface to add but when trying to 
use the subnet we can only use the subnet that was added during the network 
setup. See screenshot.


Sent with ProtonMail Secure Email.

‐‐‐ Original Message ‐‐‐
On Thursday, April 15, 2021 11:58 AM, anonymousjones666 
 wrote:

> Hi Alex.
>
> To clarify:-
>
> Right now we have a single /28 assigned to the DefaultGuestNetwork which we 
> can assign to instances.
>
> What we want is to add another public subnet ( different to our initial /28 ) 
> and also use this subnet in the DefaultGuestNetwork so we have multiple IP 
> subnets to assign to any instance deployed using this network.
>
> To answer your question - we dont want to assign 2 IPs to instances rather 
> assign a single IP to any instance from multiple public subnets. From what I 
> see now we can only use the subnet ( /28 ) that was initially added when 
> setting up the guestnetwork.
>
> I have attached a screenshot of what we did but the second IP range 
> cannot be used when deploying an instance
>
> ‐‐‐ Original Message ‐‐‐
> On Thursday, April 15, 2021 11:58 AM, anonymousjones666 
> anonymousjones...@protonmail.com wrote:
>
> > Hi Alex.
> > To clarify:-
> > Right now we have a single /28 assigned to the DefaultGuestNetwork which we 
> > can assign to instances.
> > What we want is to add another public subnet ( different to our initial /28 
> > ) and also use this subnet in the DefaultGuestNetwork so we have multiple 
> > IP subnets to assign to any instance deployed using this network.
> > To answer your question - we dont want to assign 2 IPs to instances rather 
> > assign a single IP to any instance from multiple public subnets. From what 
> > I see now we can only use the subnet ( /28 ) that was initially added when 
> > setting up the guestnetwork.
> > I have attached a screenshot of what we did but the second IP range 
> > cannot be used when deploying an instance Sent with ProtonMail Secure Email.
> > ‐‐‐ Original Message ‐‐‐
> > On Thursday, April 15, 2021 11:09 AM, Alex Mattioli 
> > alex.matti...@shapeblue.com wrote:
> >
> > > Hi Mr 666.
> > > Let me see if I got it right. You have two /28s with Public IPs and want 
> > > your VM to have one IP from each?
> > > Cheers
> > > Alex
> > > alex.matti...@shapeblue.com
> > > www.shapeblue.com
> > > 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK 
> > > @shapeblue -Original Message-
> > > From: anonymousjones666 anonymousjones...@protonmail.com.INVALID
> > > Sent: 15 April 2021 12:00
> > > To: users@cloudstack.apache.org
> > > Subject: Multiple Guest Subnets Default Network Hello Is it 
> > > possible to add multiple guest subnets to one guest network with CS 4.15 ?
> > > As an example we have a /28 subnet ( public ) and can deploy instances 
> > > from this however, we can add another subnet to the defaultGuestNetwork ( 
> > > using the legacy dashbaord ) but when deploying an instance we can only 
> > > add an IP address from the initial /28 subnet and not the other we added.
> > > Are there any options to add multiple public subnets to one single guest 
> > > network ?
> > > Thank You

RE: Multiple Guest Subnets Default Network

2021-04-15 Thread Alex Mattioli 
Hi Mr 666.

Let me see if I got it right. You have two /28s with Public IPs and want your 
VM to have one IP from each?

Cheers
Alex

alex.matti...@shapeblue.com 
www.shapeblue.com
3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK
@shapeblue
  
 


-Original Message-
From: anonymousjones666  
Sent: 15 April 2021 12:00
To: users@cloudstack.apache.org
Subject: Multiple Guest Subnets Default Network

Hello

Is it possible to add multiple guest subnets to one guest network with CS 4.15 ?

As an example we have a /28 subnet ( public ) and can deploy instances from 
this however, we can add another subnet to the defaultGuestNetwork ( using the 
legacy dashbaord ) but when deploying an instance we can only add an IP address 
from the initial /28 subnet and not the other we added.

Are there any options to add multiple public subnets to one single guest 
network ?

Thank You

RE: RE: RE: Virutal Router MTU

2021-03-25 Thread Alex Mattioli 
Hi Rafael,

I've had very similar issues in the past, with SSL and TLS so playing well with 
fragmentation.
It is the same use case indeed, in that case I needed jumbo frames for a 
certain network.

I believe this should be implemented per-network, as a setting applied when the 
network is created (but editable and applied when the network is restarted with 
clean-up).

I'll consult with my colleagues what's the best way forward and get back to you.

Cheers,
Alex

From: Rafael del Valle 
Sent: 25 March 2021 09:06
To: Alex Mattioli 
Cc: d...@cloudstack.apache.org
Subject: Re: RE: RE: Virutal Router MTU

Hi Alex,

I have now found all the detail of the 1400 MTU past incident that lead us to 
patch OpenNuebula VRs.

The problem was detected because startTLS sessions failed in our email, 
persistently and to peers such as hotmail:


2019-01-26 14:58:06 + 02 9a1d30b6d6d1 SMTP-OUT:0001: SSL error remote 
104.47.13.33:25, SSL_connect:failed in SSLv2/v3 read server hello A


We investigated the issue together with the email platform vendor, and the 
problem persisted until we patched the MTU1400 issue.

So this is a must implement for us. A workaround exists: patch VRs and use 
cloud-init to customize NICs in VMs.

I am very happy to accept your collaboration offer :)

Where should this patch implemented?

It is actually a requirement of this VLAN (vlanIpRange) and propagates to 
Virtual Routers and NICs of the involved VMs.

Is it the same in your use-case of Jumbo frames for storage oriented networks?

Perhaps we should treat this setting just like a netmask or gateway setting.

Shall we open an issue?

Rafael




alex.matti...@shapeblue.com 
www.shapeblue.com
3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK
@shapeblue
  
 

On Wed, 2021-03-24 11:08 AM, Alex Mattioli 
mailto:alex.matti...@shapeblue.com>> wrote:
Hi Raf,

Can you share with us which SDWAN vendor it is? I've tried 4 different ones 
with ACS and they all worked fine, in all cases what I did was to set the MTU 
in the SDWAN appliance to be a bit lower than 1500 (in between 1422 and 1460, 
depending on SDWAN solution). In most network you'll end up with most of your 
traffic with an MTU of around 500-600 anyway, so larger MTU doesn't help that 
much, I'd highly recommend you run some traffic analysis to try to figure out 
what's the MTU distribution for your network traffic.

With that said, I also had to change the MTU in VRs for a proof of concept on 
iSCSI between datacenters, in that situation I just wrote a script that would 
login to each VR and change the MTU of the public and private interfaces, it 
worked OK. I would strongly advise you not to change the MTU of the management 
interface, when I did (by mistake) the VRs lost communication with the 
management server.

If you want to contribute by expanding cloudstack code to add a setting for VR 
MTU I'd be more than happy to collaborate with you on that.

Hope this helps.

Cheers,
Alex


alex.matti...@shapeblue.com<mailto:alex.matti...@shapeblue.com>
http://www.shapeblue.com
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
@shapeblue




-Original Message-
From: Rafael del Valle 
<mailto:%3crva...@privaz.io.INVALID%3e>
Sent: 24 March 2021 10:33
To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>
Cc: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>; 
d...@cloudstack.apache.org<mailto:d...@cloudstack.apache.org>
Subject: Re: RE: Virutal Router MTU

Hi Alex,

In our particular use case the Public Network is an SD WAN and we have a 
requirement of slightly smaller MTU than the standard 1500.

I have assumed that our traffic will be encapsulated into something else before 
delivery, I guess that is the reason for the requirement.

What would be the easier way to add support for MTU tunning on VRs?

I would be to contribute and implement it.

Regards,





On Wed, 2021-03-24 09:39 AM, Alex Mattioli 
<mailto:%3calex.matti...@shapeblue.com%3e> wrote:
>
Hi R,
>
> There's no ACS setting for the VR's MTU size.
> Unless you are running storage traffic s in that network then jumbo frames 
> aren't of much use. I've ran some tests at the request of some customers in 
> my previous job, and with some very busy VRs and the performance gains for an 
> MTU of 9000 were statistically insignificant.
> If your VRs are saturated your best option is to increase the
> resources for its offering (if you need guidance with that, am happy
> to provide it)
>
> Anyway, what's your use case for jumbo frames?
>
> Regards,
> Alex
>
> alex.matti...@shapeblue.com<mailto:alex.matti...@shapeblue.com>
> http://www.shapeblue.com
> 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
> @shapeblue
>
>
>
>
> -Original Message-
> From: rva...@privaz.io.INVALID<mailto:rva...@privaz.io.INVALID> &q

RE: RE: Virutal Router MTU

2021-03-24 Thread Alex Mattioli 
Hi Raf,

Can you share with us which SDWAN vendor it is?  I've tried 4 different ones 
with ACS and they all worked fine, in all cases what I did was to set the MTU 
in the SDWAN appliance to be a bit lower than 1500 (in between 1422 and 1460, 
depending on SDWAN solution).  In most network you'll end up with most of your 
traffic with an MTU of around 500-600 anyway, so larger MTU doesn't help that 
much, I'd highly recommend you run some traffic analysis to try to figure out 
what's the MTU distribution for your network traffic.

With that said, I also had to change the MTU in VRs for a proof of concept on 
iSCSI between datacenters, in that situation I just wrote a script that would 
login to each VR and change the MTU of the public and private interfaces, it 
worked OK.  I would strongly advise you not to change the MTU of the management 
interface, when I did (by mistake) the VRs lost communication with the 
management server.

If you want to contribute by expanding cloudstack code to add a setting for VR 
MTU I'd be more than happy to collaborate with you on that. 

Hope this helps.

Cheers,
Alex


alex.matti...@shapeblue.com 
www.shapeblue.com
3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK
@shapeblue
  
 


-Original Message-
From: Rafael del Valle  
Sent: 24 March 2021 10:33
To: users@cloudstack.apache.org
Cc: users@cloudstack.apache.org; d...@cloudstack.apache.org
Subject: Re: RE: Virutal Router MTU

Hi Alex, 

In our particular use case the Public Network is an SD WAN and we have a 
requirement of slightly smaller MTU than the standard 1500.

I have assumed that our traffic will be encapsulated into something else before 
delivery, I guess that is the reason for the requirement.

What would be the easier way to add support for MTU tunning on VRs?

I would be to contribute and implement it.

Regards,





On Wed, 2021-03-24 09:39 AM, Alex Mattioli  wrote:
> 
Hi R,
> 
> There's no ACS setting for the VR's MTU size. 
> Unless you are running storage traffic s in that network then jumbo frames 
> aren't of much use. I've ran some tests at the request of some customers in 
> my previous job, and with some very busy VRs and the performance gains for an 
> MTU of 9000 were statistically insignificant. 
> If your VRs are saturated your best option is to increase the 
> resources for its offering (if you need guidance with that, am happy 
> to provide it)
> 
> Anyway, what's your use case for jumbo frames?
> 
> Regards,
> Alex
> 
> alex.matti...@shapeblue.com
> http://www.shapeblue.com
> 3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK 
> @shapeblue
>   
>  
> 
> 
> -Original Message-
> From: rva...@privaz.io.INVALID " 
> target="_blank">
> Sent: 24 March 2021 09:23
> To: users@cloudstack.apache.org
> Subject: Virutal Router MTU
> 
> Hi!
> 
> I can see in the Global Parameters that it is possible to specify the MTU for 
> secondary storage VM.
> 
> Is it possible to configure the MTU for a virtual router? how?
> 
> Regards,
> R.
>

RE: Virutal Router MTU

2021-03-24 Thread Alex Mattioli 
Hi R,

There's no ACS setting for the VR's MTU size. 
Unless you are running storage traffic s in that network then jumbo frames 
aren't of much use. I've ran some tests at the request of some customers in my 
previous job, and with some very busy VRs and the performance gains for an MTU 
of 9000 were statistically insignificant. 
If your VRs are saturated your best option is to increase the resources for its 
offering (if you need guidance with that, am happy to provide it)

Anyway, what's your use case for jumbo frames?

Regards,
Alex

alex.matti...@shapeblue.com 
www.shapeblue.com
3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK
@shapeblue
  
 


-Original Message-
From: rva...@privaz.io.INVALID  
Sent: 24 March 2021 09:23
To: users@cloudstack.apache.org
Subject: Virutal Router MTU

Hi!

I can see in the Global Parameters that it is possible to specify the MTU for 
secondary storage VM.

Is it possible to configure the MTU for a virtual router? how?

Regards,
R.

RE: Use Case Bare Metal CloudStack

2021-03-16 Thread Alex Mattioli 
Hi Felipe,

As far as I know baremetal in ACS hasn't been used much, the code should still 
be functional but without much new. 

If you can share your use can then we might be able to assist further.

Cheers,
Alexandre Mattioli

alex.matti...@shapeblue.com 
www.shapeblue.com
3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK
@shapeblue
  
 


-Original Message-
From: Felipe Rossi  
Sent: 16 March 2021 15:21
To: users@cloudstack.apache.org
Subject: Use Case Bare Metal CloudStack

Hello All,

We are studying about using Bare Metal on Cloud, but documentation is not good 
and cant help us.

We would like to know if someone on community has a use case or can share 
knowledge about this feature on Cloud Stack.

Att / Regards

Felipe Rossi | BRASCLOUD
*CEO*
*Cloud Architect*
fel...@brascloud.com.br | www.brascloud.com.br Contact + 55 45 99116-0094 / +55 
45 3326-4568

RE: Cloudstack lab

2021-03-08 Thread Alex Mattioli 
Hi Craig,
Building on what Rohit and others explained, it depends a lot on your goal as 
well.

If you want to develop software for ACS, then the simulator is probably the way 
to go.
If you want to dig into the physical infrastructure with multiple hypervisor 
types, etc..etc.. then your best bet is most likely to be one "large" 
hypervisor (8 cores, 32GB RAM), with that you can run a pretty realistic nested 
environment with NFS servers, multiple zones, etc
If the goal is to actually simulate a physical infra, then a bunch of PIs is a 
good option.

So, before building an actual lab I'd recommend you come up with some goals for 
your lab setup.
Hope this helps,

Cheers,
Alex

alex.matti...@shapeblue.com 
www.shapeblue.com
3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK
@shapeblue
  
 


-Original Message-
From: Rohit Yadav  
Sent: 07 March 2021 15:41
To: users@cloudstack.apache.org
Subject: Re: Cloudstack lab

Hi Craig,

The simulator is a dummy hypervisor that essentially uses the database (MySQL) 
to simulate resources (such as hosts, VMs, disks etc) while using the same 
orchestration/business logic as would any hypervisor. The CloudStack 
kernel/plugin based orchestration architecture allows developers to build 
feature that are agnostic of hypervisors/storage to be developed using the 
Simulator.

For my blog, you can attempt all-in-a-single RasberryPi4 as long as you've got 
the 8GB model, with the 4GB model it's possible but such a setup will eat all 
the available memory pretty soon (running CloudStack mgmt server, agent, mysql 
and nfs all). The toy setup I've got at home has one 4GB-ram rpi4 for mgmt 
server and two 8GB-ram rpi4s for KVM hosts, I run Ceph on all three of them, 
and on the mgmt server I run NFS server and Ceph dashboard.


Regards.


From: Craig Dunn 
Sent: Saturday, March 6, 2021 21:50
To: users@cloudstack.apache.org 
Subject: Re: Cloudstack lab

Hi

Thanks for the info Rohit, I actually found your blog when googling just didn't 
recognize your name on here.

What's the difference between the simulator and a full install? Also on your 
blog is everything installed on one pi? I assume it is but wanted to check.

Thanks


rohit.ya...@shapeblue.com
www.shapeblue.com
3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK @shapeblue
  
 

On Sat, 6 Mar 2021, 13:02 Rohit Yadav,  wrote:

> For basic app development, go for simulator based development:
>
> https://github.com/shapeblue/hackerbook/blob/master/2-dev.md#simulator
> -based-development
>
> If you've KVM or VMware workstation/fusion, you can try an appliance 
> based development as well. For KVM you can see:
> https://github.com/shapeblue/hackerbook/blob/master/2-dev.md#mbx-based
> -development (though I need to update that section on using the new 
> mbx)
>
> RaspberryPi4 based toy development/testing setup is also possible but 
> iteration on it may be slow (for users 
> https://rohityadav.cloud/blog/cloudstack-rpi4-kvm/).
>
> Regards.
>
>
> 
> From: Craig Dunn 
> Sent: Friday, March 5, 2021 20:25
> To: users@cloudstack.apache.org 
> Subject: Re: Cloudstack lab
>
> sorry I just thought as it was a simulator deployments wouldnt work
>
> On Fri, 5 Mar 2021 at 14:48, Rakesh v 
>  http://www.rakeshv@gmail.com>> wrote:
>
> > I'm not sure what you mean by deployment won't work.  You can deploy 
> > VM very well and you can hack into DB as well
> >
> > Sent from my iPhone
> >
> > > On Mar 5, 2021, at 3:13 PM, Craig Dunn  .invalid>
> > wrote:
> > >
> > > thanks thats looks interesting, I know its a simulation so 
> > > deployments probably dont work but is there a DB and stuff you can play 
> > > with?
> > >
> > >> On Fri, 5 Mar 2021 at 13:40, Rakesh v 
> > >>  http://www.rakeshv@gmail.com>>
> > wrote:
> > >>
> > >> You can probably try running the docker simulator
> > >>
> > >> Sent from my iPhone
> > >>
> > >>> On Mar 5, 2021, at 2:39 PM, Craig Dunn  > .invalid>
> > >> wrote:
> > >>>
> > >>> Hey all,
> > >>>
> > >>> I have been reading the cloudstack hackers book which was shared 
> > >>> last
> > >> week,
> > >>> which is really interesting. My employer uses cloudstack as 
> > >>> their
> main
> > >>> platform. so I have some Cloudstack experience.
> > >>>
> > >>> However I would like to know more and I think the only way is to 
> > >>> get
> a
> > >> lab
> > >>> going so I can break/fix it. As I live in a tiny flat I dont 
> > >>> have the
> > >> room
> > >>> for a rack or full of servers, so I was thinking if I could do 
> > >>> it
> with
> > >>> raspberry pi's, I would need a few 1 for the management server,
> another
> > >> for
> > >>> the database, another to run VMWare. I dont expect to run 
> > >>> anything of
> > any
> > >>> substance but as a testing environment and as a learning tool 
> > >>> would
> > this
> > >> be
> > >>> possible?
> > >>>

RE: Storage and storage network setups

2021-03-04 Thread Alex Mattioli 
Hi Vash,

Your understanding is correct indeed and your approach sounds solid, but I'd 
recommend (if possible at all for you) to already start with a separate storage 
network, although possible, is quite a bit of work to add a separate storage 
network later on (and you'd need deep knowledge of ACS to be able to carry that 
out).

Primary storage traffic will depend more on the type of workload you run on 
your VMs than on the actual number of VMs. I've had ACS zones with 20VMs 
saturate 20Gbps and other zones with thousands of VMs use at the most 3Gbps.
I'd recommend to try and analyse what kind of traffic you are likely to have, 
the number of hosts and try to figure out what you need. With that said, 
nowadays the safe bet would be to go with 4 x 25Gbps per host, or at least 4 x 
10 (again, depending on how large your hosts are).

Hope that helps.
Cheers,
Alex


alex.matti...@shapeblue.com 
www.shapeblue.com
3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK
@shapeblue
  
 


-Original Message-
From: vas...@gmx.de  
Sent: 03 March 2021 21:55
To: users@cloudstack.apache.org
Subject: Storage and storage network setups

Hi,

as I am taking a closer look into cloudstack, i wanted to ask some questions 
regarding storage and storage networks.

First my understanding of different setups - please correct me if my 
understanding was wrong.

As far as I understand (until now ;-) ) there are several ways of providing 
dedicated storage networks for the use of primary and secondary storage.
In the "basic" setup, storage traffic and management traffic would be transfert 
via the same interface (in the docs named "cloudbr0").
The next way of configuring storage / a storage network would be to give the 
secondary storage it's own physical network - usully named storage nework in 
the docs - which can be configured during a zone-setup and using a own Tag. 
Still management traffic and primary storage traffic would share the same 
interface.
The third possible setup regarding storage / storage network would be to 
provide the hosts an dedicated nic for primary storage. This physical network 
won't need a dedicated traffic label as the hypervisor on the hosts would be 
able to connect to the storage-targets /-shares directly via the dedicated 
interface and IP-Address.
This way only on the management labeled physical network only management would 
be transfered . The traffic for primary / secondary storage would be separated 
(combining storage-labeled physical network and direct attached storage network 
for the hosts).

Another point i would need some information are in regards of changeing the 
above mentionend setups.
So that in an small-scale setup i would start with the "minimal"
approach using one interface for management and primary- / secondary storage 
and when needed e.g. separate the primary storage from management traffic?

Last but not least can anybody suggest a suitable bandwith for a primary 
storage network or can provide reallife experience for example how 50 vms are 
running while using an 10Gb/s network for primary storage? (I know there are 
several other factors beside the actural network bandwith. This is just to get 
an impression about the performance of the system).

Thanks in advance!
Chris

RE: Pfsense like external firewall with CloudStack

2020-04-30 Thread Alex Mattioli 
Hi Vivek,
You mean that you want the virtual appliance to be in a network in one of the 
VPC tiers?
If so, am not sure how that would work, maybe StaticNAT works, but your routing 
will be quite messy. I always placed the FW virtual appliance in a Guest 
Network by itself and set that to be on the same VLAN of the Private Gateway.
Cheers,

Alex

alex.matti...@shapeblue.com 
www.shapeblue.com
3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK
@shapeblue
  
 


-Original Message-
From: Vivek Kumar  
Sent: 30 April 2020 10:54
To: users@cloudstack.apache.org
Subject: Re: Pfsense like external firewall with CloudStack

Hello Alex,

Thanks for the response.

I have implemented  second case multiple time multiple times  when I create s2s 
between my firewall and end customer’s device, and then extend the connectivity 
from firewall to VR via Private Gateway and that works pretty perfect. But in 
this  particular case we can’t use firewall so that’s why I wanted to use any 
virtually appliance under a VPC which can give me any alternative, So how do we 
achieve the connectivity of Virtual appliance since Tier will use the private 
subnet so if I use the Static NAT with PFsense will it work ? Because in 
pfsense it will always identified as a private IP. 


Vivek Kumar


This message is intended only for the use of the individual or entity to which 
it is addressed and may contain information that is confidential and/or 
privileged. If you are not the intended recipient please delete the original 
message and any copy of it from your computer system. You are hereby notified 
that any dissemination, distribution or copying of this communication is 
strictly prohibited unless proper authorization has been obtained for such 
action. If you have received this communication in error, please notify the 
sender immediately. Although IndiQus attempts to sweep e-mail and attachments 
for viruses, it does not guarantee that both are virus-free and accepts no 
liability for any damage sustained as a result of viruses.

> On 30-Apr-2020, at 2:11 PM, Alex Mattioli  wrote:
> 
> Hi Vivek,
> I've actually done exactly that with both PaloAlto and Checkpoint firewalls. 
> In one case created the VPC with a "public" IP in the same network as the 
> FW's Inside interface, which is a bit too much work to be honest (and can get 
> messy).
> In another case in a POC I just used the VPC's Private Gateway function to 
> connect it to the FW, which could then be either physical or virtual.
> 
> Cheers,
> Alex Mattioli
> 
> alex.matti...@shapeblue.com
> www.shapeblue.com
> 3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK 
> @shapeblue
> 
> 
> 
> 
> -Original Message-
> From: Vivek Kumar 
> Sent: 29 April 2020 21:39
> To: users@cloudstack.apache.org
> Subject: Pfsense like external firewall with CloudStack
> 
> Hello Folks,
> 
> Have someone ever tried to deploy a pfsense or any other virtual firewall 
> appliance under a VPC to extend the security feature. Let’s say if I want to 
> use site-to-site between my tiers and remote destination and I don’t want to 
> use VR for site-to-site. Has someone tried that scenario ?
> 
> Let me give an use case, I have a VPC with multiple Tier and VMs running, I 
> am using a old version of CloudStack 4.7.1  with XenServer 7.0 in this we 
> don’t have options to choose  options like  IKE Hash SHA256,384,512 and same 
> for ESP Hash , IKE DH group 14,15,16 ( which is pretty much available in 4.13 
> ).  So I want to establish a site-2-site using these security parameters 
> which doesn’t exist in my version of CloudStack. Is there any way to achieve 
> it for my older version ? So I wanted to check if someone has worked on this 
> scenario and use any third party firewall appliance. 
> 
> 
> 
> Vivek Kumar
> 
>

RE: Pfsense like external firewall with CloudStack

2020-04-30 Thread Alex Mattioli 
Hi Vivek,
I've actually done exactly that with both PaloAlto and Checkpoint firewalls. In 
one case created the VPC with a "public" IP in the same network as the FW's 
Inside interface, which is a bit too much work to be honest (and can get messy).
In another case in a POC I just used the VPC's Private Gateway function to 
connect it to the FW, which could then be either physical or virtual.

Cheers,
Alex Mattioli

alex.matti...@shapeblue.com 
www.shapeblue.com
3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK
@shapeblue
  
 


-Original Message-
From: Vivek Kumar  
Sent: 29 April 2020 21:39
To: users@cloudstack.apache.org
Subject: Pfsense like external firewall with CloudStack

Hello Folks, 

Have someone ever tried to deploy a pfsense or any other virtual firewall 
appliance under a VPC to extend the security feature. Let’s say if I want to 
use site-to-site between my tiers and remote destination and I don’t want to 
use VR for site-to-site. Has someone tried that scenario ?

Let me give an use case, I have a VPC with multiple Tier and VMs running, I am 
using a old version of CloudStack 4.7.1  with XenServer 7.0 in this we don’t 
have options to choose  options like  IKE Hash SHA256,384,512 and same for ESP 
Hash , IKE DH group 14,15,16 ( which is pretty much available in 4.13 ).  So I 
want to establish a site-2-site using these security parameters which doesn’t 
exist in my version of CloudStack. Is there any way to achieve it for my older 
version ? So I wanted to check if someone has worked on this scenario and use 
any third party firewall appliance. 



Vivek Kumar

<    1   2