Hi Nick What you are trying to do is achievable, but you need to start again, as once you have created a network which has taken its VLAN from the Default Guest VLAN range you cannot change the network Offering to one which has the 'Specify VLAN' option set.
Fortunately you can create the new networks you need using the correct Network Offerings, then use the 'addNicToVirtualMachine' and 'removeNicFromVirtualMachine' API commands to add the new Networks to the VM, and remove the old ones. I would create two network offerings, I'll call them 'External' and 'Internal' 'External' should not have any 'Services' as it does not need them, that way no VR will be created for this Network. Assign a 'Name'& 'Description', and check the 'Specify VLAN' option as you want to manually set the VLAN ID so it can connect to your external physical Router. You do not need the 'Persistent' feature as there will be no VR. 'Internal' should have 'Specify VLAN' checked and 'DHCP' and 'DNS' services enabled, all set to 'Virtual Router' You don't need the 'Persistent' option as this simply keeps the VR running when you have no VMs, and as you want to run a 'Intrusion Detection' VM you will always have one running, and the VLAN is persistent even if do shut all VMs down, as you used the 'Specify VLAN' option. To actually create the networks you cannot use the main 'Network' tab, you must navigate to: Infrastructure / Zones / your-zone-name / Physical Network Tab / your-network-name (the one with Guest Traffic) / Guest-Configure / Network Tab Then click 'Add Guest Network' and set the 'scope' to account, you will now see the two new Network Offerings listed (as long as you enabled them). Create the 'External' Network with 'VLAN ID' of 200 and 'Guest Gateway' set to the IP of the Physical Router connected to the Internet. Set the 'Guest Start IP' and 'Guest End IP' range so that it spans the IP you want to allocate to the External interface of your VM. Although you will be setting the IP on the VM manually, and even though we did not assign the DHCP service to this Network, CloudStack will still allocate an IP to this VM and this will appear in the GUI. To keep things neat I always use the API to allocate the IP of the VM when I create it so that the CloudStack allocated IP and my manually configured IP are the same. Repeat the process to create your 'Internal' network, setting the 'VLAN ID' to 100, the 'Guest Gateway' to the IP you intend to allocate to the Internal Interface of your Intrusion Detection VM, and setting 'Guest Start IP' and 'Guest End IP', ensuring they do not overlap the Guest Gateway. Note that the VR which gets created to handle the DHCP and DNS will be allocated the 1st IP from the Guest Range. Now create your Intrusion Detection VM using the API and not the GUI so you can specify the IPs for the External and Internal Interfaces, and set the External as the Default. Once created, you can add additional VMs onto the Internal Network, and they will use the 'Intrusion Detection VM' as their Gateway. Note that the VLANs you use for the External and Internal networks must be outside of the default Guest VLAN Range. Regards Geoff Higginbottom D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 geoff.higginbot...@shapeblue.com -----Original Message----- From: Nick Burke [mailto:n...@nickburke.com] Sent: 04 September 2013 18:56 To: users@cloudstack.apache.org Subject: Re: Some network offerings missing after creating them Hello Geoff, Thank you for replying! I went there and tried to change it to the service offering I wanted, but once again the only one available is DefaultIsolatedNetworkOfferingWithSourceNatService. There is no associated VM's with this network. I can't add anything on that scree Here is a screenshot: http://imgur.com/ljrVYgP I think I'm missing something dreadfully obvious or I'm not being clear on what I'm trying to accomplish... or both! :-) Here is my end goal: IE: VLAN100 has a public/static IP of 4.2.2.2/24 (internet facing) -> Intrusion Prevention System (aka, a cloudstack VMserver running linux) -> VLAN200 public/static 4.3.3.3/24 Both virtual nics are public IP addresses. One side is on one vlan, the other side is on a different one. All traffic routed from the internet must go through this virtual machine to reach the target 4.3.3.3/24 network and vice versa. On Wed, Sep 4, 2013 at 2:59 PM, Geoff Higginbottom < geoff.higginbot...@shapeblue.com> wrote: > Nick, > > You need to go to Infrastructure / Zone / Phys Networks / Guest > Networks etc to use this type of network offering. > > The Networks Tab only shows network offerings which have the 'Source NAT' > service enabled > > Regards > > Geoff Higginbottom > CTO / Cloud Architect > > > D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel: > +442036030540> | M: +447968161581<tel:+447968161581> > > geoff.higginbot...@shapeblue.com<mailto:geoff.higginbottom@shapeblue.c > om> > | www.shapeblue.com > > ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS > > > > On 4 Sep 2013, at 17:53, "Nick Burke" <n...@nickburke.com<mailto: > n...@nickburke.com>> wrote: > > Thank you for the reply! > > I am logged in through the GUI as the default admin user under the > ROOT domain. Just a quick clarification: I can see it under "Network > Offerings", but I can't actually use it/see it when I try to deploy an > instance and/or when creating a network. > > According to cloudmonkey, it's enabled (this is the default system > created one I'd like to use); > > CLOUD> list networkofferings > count = 8 > networkoffering: > name = DefaultIsolatedNetworkOffering > id = 14b2f56b-b941-4495-a9e6-377a756bee70 > availability = Optional > conservemode = True > displaytext = Offering for Isolated networks with no Source Nat > service forvpc = False guestiptype = Isolated isdefault = True > ispersistent = False networkrate = 200 > service: > name = Dhcp > provider: > name = VirtualRouter > > ====================================================================== > ========== > name = UserData > provider: > name = VirtualRouter > > ====================================================================== > ========== > name = Dns > provider: > name = VirtualRouter > > ====================================================================== > ========== serviceofferingid = d430a7fc-e294-4940-bd32-bb57a9caff3e > specifyipranges = True > specifyvlan = True > state = Enabled > traffictype = Guest > > > This is the one I created myself: > > CLOUD> list networkofferings id="e00234b0-9252-4541-9f82-7d575b8b131e" > count = 1 > networkoffering: > name = test > id = e00234b0-9252-4541-9f82-7d575b8b131e > availability = Optional > conservemode = False > displaytext = test > forvpc = False > guestiptype = Isolated > isdefault = False > ispersistent = True > networkrate = 200 > service: > name = Dhcp > provider: > name = VirtualRouter > > ====================================================================== > ========== > name = UserData > provider: > name = VirtualRouter > > ====================================================================== > ========== > name = Dns > provider: > name = VirtualRouter > > ====================================================================== > ========== serviceofferingid = d430a7fc-e294-4940-bd32-bb57a9caff3e > specifyipranges = True > specifyvlan = True > state = Enabled > traffictype = Guest > > > > > On Wed, Sep 4, 2013 at 1:48 PM, Chiradeep Vittal < > chiradeep.vit...@citrix.com<mailto:chiradeep.vit...@citrix.com>> wrote: > > If the offering has 'specify VLAN', then only the admin should be able > to see it. > You can also use cloudmonkey to verify the offerings. > > > On 9/4/13 12:00 PM, "Nick Burke" <n...@nickburke.com<mailto: > n...@nickburke.com>> wrote: > > I've read the documents, but I can't seem to find anything about this > even after google searching. > > Here is what I'm trying to accomplish: I'd like to have an external > hardware router handle the routing for certain networks. It's on VLAN10. > > Here is what I'm seeing: Only one network offering is showing up under > "network offering" in create a network and for instances. It is " > DefaultIsolatedNetworkOfferingWithSourceNatService" > > > I've tried creating a new network offering with specify vlan and > specify IP addresses, but it doesn't seem to ever show up to be used. > Additionally, there is a system created one that looks like it could > do it, "DefaultIsolatedNetworkOffering" but it too doesn't show up. > > If I create a network offering with the exact same options as as > DefaultIsolatedNetworkOfferingWithSourceNatService, it does show up > and can be used. > > > I'm in advanced networking mode for the zone, and as far as I can tell > everything is working well as expected. > > Does anyone have any place they can point me to for this or offer some > advice as to why at least the system DefaultIsolatedNetworkOffering > can't be used? > > -- > Nick > > *'What is a human being, then?' > 'A seed' > 'A... seed?' > 'An acorn that is unafraid to destroy itself in growing into a tree.' > -David Zindell, A Requiem for Homo Sapiens* > > > > > -- > Nick > > *'What is a human being, then?' > 'A seed' > 'A... seed?' > 'An acorn that is unafraid to destroy itself in growing into a tree.' > -David Zindell, A Requiem for Homo Sapiens* This email and any > attachments to it may be confidential and are intended solely for the > use of the individual to whom it is addressed. Any views or opinions > expressed are solely those of the author and do not necessarily > represent those of Shape Blue Ltd or related companies. If you are not > the intended recipient of this email, you must neither take any action > based upon its contents, nor copy or show it to anyone. Please contact > the sender if you believe you have received this email in error. Shape > Blue Ltd is a company incorporated in England & Wales. ShapeBlue > Services India LLP is operated under license from Shape Blue Ltd. > ShapeBlue is a registered trademark. > -- Nick *'What is a human being, then?' 'A seed' 'A... seed?' 'An acorn that is unafraid to destroy itself in growing into a tree.' -David Zindell, A Requiem for Homo Sapiens* This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
