SSVM Public IP, NAT and L2/L3 connectivity

2013-10-18 Thread Adrian Lewis 
Hi All,



Still in the planning stages of deploying my first CS install and I have a
question about the SSVM and the apparent requirement for a public routable
IP address. From what I can gather, the only interaction that the SSVM has
with the internet is for downloading files from user or admin supplied
URLs. Does this mean that nothing actually makes inbound connections
directly to it from the internet and that it only ever makes outbound
connections? If so, why does it need a public IP?



Would it be possible to simply have a route to the internet via the
management network or to give it an IP from private network pool that has
access to the internet via some other NAT device?



Secondly, I’ve seen some excellent slides from Geoff Higginbottom but I’m
still not quite sure whether the SSVM actually has four vNICs or whether it
simply needs access to four networks via a lesser number of vNICs. Can
anyone clarify how many vNICs each SSVM has and what the routing table
looks like on the VM itself, especially where the management server and
secondary storage server are on subnets accessible via a L3 hop and not
directly attached to either the hypervisor mgmt or SSVM vNICs (and these
subnets aren’t accessible by a default route on the SSVM)?



My main concern is the public IP requirement as I’m finding it very
difficult to get enough public IPs from my DC, especially where there
doesn’t appear to be a reason for it. I can’t simply get a nice big block
of IPv4 like some other CS users may be used to! I’m considering joining
RIPE but this is not especially cheap and doesn’t seem to guarantee that
I’d get an assignment of IPv4 addresses anyway.



Confused,



Adrian

---

Alsi Consulting Ltd

www.alsiconsulting.co.uk

T: 0845 8676586

M: 07961 127738

RE: SSVM Public IP, NAT and L2/L3 connectivity

2013-10-18 Thread Sanjeev Neelarapu 
Hi Adrian,

Please find responses inline

-Original Message-
From: Adrian Lewis [mailto:adr...@alsiconsulting.co.uk] 
Sent: Friday, October 18, 2013 4:41 PM
To: users@cloudstack.apache.org
Subject: SSVM Public IP, NAT and L2/L3 connectivity

Hi All,



Still in the planning stages of deploying my first CS install and I have a 
question about the SSVM and the apparent requirement for a public routable IP 
address. From what I can gather, the only interaction that the SSVM has with 
the internet is for downloading files from user or admin supplied URLs. Does 
this mean that nothing actually makes inbound connections directly to it from 
the internet and that it only ever makes outbound connections? If so, why does 
it need a public IP?

[Sanjeev]: I could think of one scenario which is copying templates from one 
zone to another zone where zones are at different geographical locations(i.e. 
two zones are connected using internet). 


Would it be possible to simply have a route to the internet via the management 
network or to give it an IP from private network pool that has access to the 
internet via some other NAT device?

[Sanjeev] As per the cloudstack terminology public ip does not mean that they 
are real public IPs. They can be private IPs from which internet can be 
accessed using other NAT device.


Secondly, I've seen some excellent slides from Geoff Higginbottom but I'm still 
not quite sure whether the SSVM actually has four vNICs or whether it simply 
needs access to four networks via a lesser number of vNICs. Can anyone clarify 
how many vNICs each SSVM has and what the routing table looks like on the VM 
itself, especially where the management server and secondary storage server are 
on subnets accessible via a L3 hop and not directly attached to either the 
hypervisor mgmt or SSVM vNICs (and these subnets aren't accessible by a default 
route on the SSVM)?

[Sanjeev] It is necessary that there should be four vNICs on SSVM , each 
belonging to only one network. 
Management and Storage servers need not be on the same subnet. They should be 
accessible via a L3 hop.

My main concern is the public IP requirement as I'm finding it very difficult 
to get enough public IPs from my DC, especially where there doesn't appear to 
be a reason for it. I can't simply get a nice big block of IPv4 like some other 
CS users may be used to! I'm considering joining RIPE but this is not 
especially cheap and doesn't seem to guarantee that I'd get an assignment of 
IPv4 addresses anyway.



Confused,



Adrian

---

Alsi Consulting Ltd

www.alsiconsulting.co.uk

T: 0845 8676586

M: 07961 127738