RE: Advanced networking CloudStack 4.3
So to break down the infrastructure. My hosts have 4 NIC's but are using 3. eth0 = 10 gig = Public VLAN - 205.x.x.x same subnet as where I want to deploy VM's with Public traffic. eth1 = 10 gig = primary storage connection to ISCSI with MPIO this has multiple VLAN's coming into it on a bridge interface from the 5596t so I have eth1.830 and eth1.831 expanded to eth1.832 and eth1.833 when I get the extra 10gig connections to my san's. eth2 = 1 gig = management VLAN - 10.81.0.x where each of my following servers are connected to each other .3 is my management server .4 is my SQL server .5 is my first host .6 is my second host expanding .7 and .8 as the next two hosts once we migrate from SolusVM to CloudStack. eth3 = 1 gig = not used if I need to break anything up and move it to this NIC let me know I built eth0 and eth2 to have bridged interfaces Eth0 bridges to cloudbr0 Eth2 bridges to cloudbr2 I was under the assumption that the "Storage" was used for all storage not just assigned for secondary storage. I guess I blanked that the hosts already have connectivity to the CLVM's and that CloudStack doesn't need to know that traffic. I will go through my CloudStack deployment again and see what these changes and better understanding does for me. Thank for the explanation. BTW thanks for the youtube video it helps. Jeremy -Original Message- From: Geoff Higginbottom [mailto:geoff.higginbot...@shapeblue.com] Sent: Friday, October 3, 2014 1:32 AM To: users@cloudstack.apache.org Subject: RE: Advanced networking CloudStack 4.3 Morning Jeremy Some more detail of your infrastructure would be helpful such as total number of NICs (I assume you have two), whether your storage (on eth 1) is only Primary Storage and if so where your Secondary Storage will be located (and which NIC will access it) etc CloudStack maps its Physical Networks to a Bridge, and a Bridge is mapped to either a single Interface or a Bond - see http://wiki.centos.org/TipsAndTricks/BondingInterfaces for more info Recommended Bonding Modes when LACP is not available on the switch stack are Mode1 for Management and Storage Mode 6 For Guest and Public IF you want both Networks where the VMs are behind a Virtual Router, and you also want VMs with a real Public IP directly connected to the Internet, then you want to use standard Advanced Networking, and not Advanced with Security Groups. System VMs recycling are a sign that when they are booting they cannot communicate with either the Management Server or the 'Internal' DNS Servers or they cannot PING the Public Gateway. This is often caused by the KVM Traffic Labels not being set to the appropriate Bridge Name for each type of CloudStack Traffic (Management, Guest and Public). Note the CloudStack 'Storage' is optional, and only really required if you have a NIC (or pair of NICs bonded) which you want to use specifically for Secondary Storage Traffic, otherwise the SSVM will simply use its Management Interface to access the NFS Sec Storage. It looks like you have the following NIC Allocations eth 0 - Public eth 1 - Management eth 2 - Primary Storage Therefore you need to create Bridge for each one such as eth 0 = cloudbr0, eth 1 = cloudbr1 etc and when adding the Zone, set the traffic labels to Management - cloudbr1 Guest - cloudbr0 Public - cloudbr0 (yes the same as public as the physical NIC will handle both) Storage - Optional and probably not used if your NFS Storage is accessible from eth 1 Note: You do not tell cloudstack which NIC to use for Primary Storage, your hypervisor works this out based in the CIDR of the Primary Storage You will then create 'Isolated' networks for VMs to sit behind a Virtual Router, and Shared Networks with an IP schema in the available Public IP range for VMs requiring direct Internet Public IPs etc Check out these links for more info http://www.youtube.com/watch?v=wzEZomU4FrM http://www.slideshare.net/ShapeBlue/introduction-to-cloudstack-43-networking http://shapeblue.com/cloudstack/understanding-cloudstacks-physical-networking-architecture/ http://docs.cloudstack.apache.org/projects/cloudstack-installation/en/latest/ Regards Geoff Higginbottom D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 geoff.higginbot...@shapeblue.com -Original Message- From: Jeremy Peterson [mailto:jpeter...@acentek.net] Sent: 02 October 2014 22:16 To: users@cloudstack.apache.org Subject: Advanced networking CloudStack 4.3 Good afternoon all or morning depending where you are, Truly looking for some help. This question has probably been asked a hundred times but I cannot find a good resource for it. I am looking to deploy CloudStack using KVM on centos 6.5 using ISCSI multipath hence the reason for CLVM. I want advanced networking because I've using CLVM as primary storage. I want to offer virtual routers with publ
RE: Advanced networking CloudStack 4.3
Morning Jeremy Some more detail of your infrastructure would be helpful such as total number of NICs (I assume you have two), whether your storage (on eth 1) is only Primary Storage and if so where your Secondary Storage will be located (and which NIC will access it) etc CloudStack maps its Physical Networks to a Bridge, and a Bridge is mapped to either a single Interface or a Bond - see http://wiki.centos.org/TipsAndTricks/BondingInterfaces for more info Recommended Bonding Modes when LACP is not available on the switch stack are Mode1 for Management and Storage Mode 6 For Guest and Public IF you want both Networks where the VMs are behind a Virtual Router, and you also want VMs with a real Public IP directly connected to the Internet, then you want to use standard Advanced Networking, and not Advanced with Security Groups. System VMs recycling are a sign that when they are booting they cannot communicate with either the Management Server or the 'Internal' DNS Servers or they cannot PING the Public Gateway. This is often caused by the KVM Traffic Labels not being set to the appropriate Bridge Name for each type of CloudStack Traffic (Management, Guest and Public). Note the CloudStack 'Storage' is optional, and only really required if you have a NIC (or pair of NICs bonded) which you want to use specifically for Secondary Storage Traffic, otherwise the SSVM will simply use its Management Interface to access the NFS Sec Storage. It looks like you have the following NIC Allocations eth 0 - Public eth 1 - Management eth 2 - Primary Storage Therefore you need to create Bridge for each one such as eth 0 = cloudbr0, eth 1 = cloudbr1 etc and when adding the Zone, set the traffic labels to Management - cloudbr1 Guest - cloudbr0 Public - cloudbr0 (yes the same as public as the physical NIC will handle both) Storage - Optional and probably not used if your NFS Storage is accessible from eth 1 Note: You do not tell cloudstack which NIC to use for Primary Storage, your hypervisor works this out based in the CIDR of the Primary Storage You will then create 'Isolated' networks for VMs to sit behind a Virtual Router, and Shared Networks with an IP schema in the available Public IP range for VMs requiring direct Internet Public IPs etc Check out these links for more info http://www.youtube.com/watch?v=wzEZomU4FrM http://www.slideshare.net/ShapeBlue/introduction-to-cloudstack-43-networking http://shapeblue.com/cloudstack/understanding-cloudstacks-physical-networking-architecture/ http://docs.cloudstack.apache.org/projects/cloudstack-installation/en/latest/ Regards Geoff Higginbottom D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 geoff.higginbot...@shapeblue.com -Original Message- From: Jeremy Peterson [mailto:jpeter...@acentek.net] Sent: 02 October 2014 22:16 To: users@cloudstack.apache.org Subject: Advanced networking CloudStack 4.3 Good afternoon all or morning depending where you are, Truly looking for some help. This question has probably been asked a hundred times but I cannot find a good resource for it. I am looking to deploy CloudStack using KVM on centos 6.5 using ISCSI multipath hence the reason for CLVM. I want advanced networking because I've using CLVM as primary storage. I want to offer virtual routers with public IP's and be able to deploy VM's with a public IP directly attached. If that's not possible that's ok. When I deploy advanced networking do I choose security groups or not? Now I've done it both ways and had issues with each. If there is a good way to do it let me know because I can't find it. My SSVM and console VM's have recycled 100's of times. I've had issues where my SSVM is trying to bridge on eth2 where eth2 is my management NIC on the hypervisor. Currently I sit at a clean install of cloudstack-management and my cloudstack-agent is stopped on my two kvm hosts. My storage is on eth1 and public is on cloudbr0 which is bridged off eth0. Jeremy Peterson Find out more about ShapeBlue and our range of CloudStack related services IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its
Advanced networking CloudStack 4.3
Good afternoon all or morning depending where you are, Truly looking for some help. This question has probably been asked a hundred times but I cannot find a good resource for it. I am looking to deploy CloudStack using KVM on centos 6.5 using ISCSI multipath hence the reason for CLVM. I want advanced networking because I've using CLVM as primary storage. I want to offer virtual routers with public IP's and be able to deploy VM's with a public IP directly attached. If that's not possible that's ok. When I deploy advanced networking do I choose security groups or not? Now I've done it both ways and had issues with each. If there is a good way to do it let me know because I can't find it. My SSVM and console VM's have recycled 100's of times. I've had issues where my SSVM is trying to bridge on eth2 where eth2 is my management NIC on the hypervisor. Currently I sit at a clean install of cloudstack-management and my cloudstack-agent is stopped on my two kvm hosts. My storage is on eth1 and public is on cloudbr0 which is bridged off eth0. Jeremy Peterson