Thanks Dag. Appreciate it. Will try this out. On Thu, 29 Mar 2018 at 16:02 Dag Sonstebo <dag.sonst...@shapeblue.com> wrote:
> Hi Parth, > > If you want a KVM networking introduction take a look at my blog post from > a couple of years back – this is still valid: > http://www.shapeblue.com/networking-kvm-for-cloudstack/ > > In short – you don’t set up VLAN tagging for isolated networks on the KVM > host – you set up the bridge and then specify your VLAN range when you set > up your zone in CloudStack. CloudStack then takes care of creating the > isolated VLAN isolated networks on the host. So in short – you create your > bridges, then use the bridge names in the advanced zone setup. > > Virtual bridge – yes this is similar to the cloud0 bridge, and yes you > create the bridge without a physical interface. > > Regards, > Dag Sonstebo > Cloud Architect > ShapeBlue > > > dag.sonst...@shapeblue.com > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > @shapeblue > > > > On 29/03/2018, 11:14, "Parth Patel" <parthpatel2...@gmail.com> wrote: > > Hi Dag, > > Thanks for helping me understand the requirement of advanced > networking. > Sorry if I have missed something obvious or my question seems stupid, > but I > am just starting to learn. Can you help me out on how to setup VLAN > "tagging" on one machine? I have tried several methods and tutorials I > could find on the internet for VLANs, but none mention "tagging". > > Also, I do not fully understand private virtual bridge..... Means I > create > an interface file for bridge but mention no physical interface device? > Is > it similar to how cloud0 is configured for link local network of System > VMs? I could probably do that, but I don't know much about configuring > VLAN > tagging. I would appreciate if you could give me some guidance or > point me > where you think some good documentation is given for CentOS/RHEL hosts > for > configuring bridges with VLAN tagging (I have tried but failed to > understand most of them). I am especially stuck at understanding this > "tagging" of VLANs. > > Thanks, > Parth Patel > > On Thu, 29 Mar 2018 at 15:17 Dag Sonstebo <dag.sonst...@shapeblue.com> > wrote: > > > Hi Parth, > > > > Yes and no. > > > > No – you cannot do advanced zones with *all three* KVM hosts and > advanced > > networking without using VLANs (or another isolation mechanism) and > still > > expect traffic to flow between VMs/VRs on different KVM hosts. > > > > Yes – you can probably do this *on a single KVM host* – but you will > have > > to use VLAN tagging internally – this can however be done on a > virtual > > bridge interface, i.e. the L2 traffic doesn’t ever leave that host. > > > > Without deep diving into this I think it would look like this: > > > > Physical eth0 -> cloudbr0 > handles management and public > > No nic -> private virtual bridge cloudbr1 > handles isolated guest > traffic > > but allows for isolated VLANs internally on the host > > > > Regards, > > Dag Sonstebo > > Cloud Architect > > ShapeBlue > > > > > > dag.sonst...@shapeblue.com > > www.shapeblue.com > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > > @shapeblue > > > > > > > > On 29/03/2018, 09:25, "Parth Patel" <parthpatel2...@gmail.com> > wrote: > > > > Hi Dag, > > > > Thanks for the reply. I am trying to use Shapeblue CCS > (Container as a > > Service) with ACS, but for that Isolated networks are required > which > > are > > only available in Advanced Zone. Further, I want to explore > Cloudstack > > further and am also aiming to test and configure other advanced > > features > > such as load balancing and auto scaling without netscaler > device. For > > that > > I badly need Advanced Zone networking (especially isolated > networks > > offerings). I just want to know if Advanced Zone can succesfully > > function > > with two networks, one physcial NIC and no VLAN tagging. > > > > Thanks, > > Parth Patel > > > > On Thu, 29 Mar 2018 at 13:48 Dag Sonstebo < > dag.sonst...@shapeblue.com> > > wrote: > > > > > Hi Parth, > > > > > > Not sure if I follow. Generally, your management network is > untagged, > > > whilst your public and isolated networks tagged. The > underlying idea > > of > > > advanced zones is you must have network isolation between > multiple > > guest > > > networks, otherwise you have no privacy/security. You can do > this > > either at > > > L2 with VLAN tagging, which is the simplest, or with L3 using > > various SDN > > > overlay network solutions (more complicated and comes at a > cost). > > > > > > If you don’t want to tag anything you’re probably better off > using > > basic > > > networks, where I believe you could use a single flat subnet > (happy > > to be > > > proven wrong). > > > > > > Regards, > > > Dag Sonstebo > > > Cloud Architect > > > ShapeBlue > > > > > > > > > dag.sonst...@shapeblue.com > > > www.shapeblue.com > > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > > > @shapeblue > > > > > > > > > > > > On 29/03/2018, 08:48, "Parth Patel" <parthpatel2...@gmail.com> > > wrote: > > > > > > Hi all, > > > > > > After banging my head with different network configuration > > > permutations, I > > > don't understand what is the issue with Network Guru here > and > > why it > > > can't > > > implement the isolated guest network. I just want to know > if > > Advanced > > > Zone > > > can be successfully setup or has someone configured an > advanced > > zone > > > using > > > untagged VLAN traffic? > > > > > > I have the following configuration of components: > > > - I have 3 (16 GB Ram and 4 Cores) machines each with 1 > physical > > NIC. > > > - I have two networks: 192.168.20.0/24 (using this for > isolated > > guest > > > network) and 172.16.20.0/16 (management server and NFS > servers > > > network) > > > - I am using KVM hypervisor and NFS for storage. > > > - Currently, the output of brctl show is (when the > Cloudstack is > > not > > > running, other wise the interface are populated with three > vnets > > for > > > cloud0 > > > and 4-5 vnets for cloudbr0): > > > bridge name bridge id STP enabled > > interfaces > > > cloud0 8000.000000000000 no > > > cloudbr0 8000.3464a92a083a no > > eno1 > > > virbr0 8000.525400daae23 yes > > virbr0-nic > > > > > > My earlier doubt was if I can configure advanced zone with > one > > physical > > > interface available in each host, but that was resolved > when I > > read > > > this > > > post of ShankerBalan: > > > > > > > > > https://shankerbalan.net/blog/cloudstack-simple-advanced-network-example/ > > > > > > ACS throws InsufficientVirtualNetworkCapacity exception and > > lines like: > > > "NetworkGuru can't implement network [275||15]" are > printed in > > > management > > > server logs when I try to create a simple CentOS 5.5 NoGUI > KVM > > instance > > > after a complete and fresh install of ACS (even of CentOS). > > > > > > My main doubt here is if I can successfully configure an > > advanced zone > > > with > > > two networks but with untagged VLAN traffic ? I can't > currently > > > configure > > > the router or switches to allow tagged VLAN networking as > I am > > doing > > > this > > > project in my university. But, I have requested and gained > > access to > > > the > > > mentioned two networks: 192.168.20.0/24 and 172.16.20.0/16 > and > > both > > > networks are pingable and have internet access across all > three > > > machines. > > > Can anyone help me with this please? > > > > > > Thanks, > > > Parth Patel > > > > > > > > > > > > > > > > > >
