Hi Adrian, Is the requirement 'just' that a VM can access a private network? Can you not make the private network routable from the network that the VM is on? Or apply a secondary IP and configure it manually for the private network (VLANs permitting).
Kind regards, Paul Angus paul.an...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue -----Original Message----- From: S. Reddit <s.reddit.mail...@gmail.com> Sent: 16 July 2018 11:21 To: users@cloudstack.apache.org Subject: Re: Advanced Zone with Security Groups Thanks for your answer, Paul! VPC would be nice, but it's not working together with security groups, correct me if I'm wrong... Regards, Adrian On Fri, Jul 13, 2018 at 9:21 PM Paul Angus <paul.an...@shapeblue.com> wrote: > Hi Adrian, > > An advanced zone with security groups is similar to a basic network in > that it doesn’t really have the concept of multiple networks for any > given VM. The security groups themselves create pseudo networks. > > You can create either a shared network on the vlan that you want to > access > - where CloudStack allocates IPs and sets the gateway or an L2 network > with a 3rd party DHCP in place. > > There is also the option of using the private gateway feature of VPCs. > > paul.an...@shapeblue.com > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue > > > > > -----Original Message----- > From: S. Reddit <s.reddit.mail...@gmail.com> > Sent: 11 July 2018 08:37 > To: users@cloudstack.apache.org > Subject: Advanced Zone with Security Groups > > Hi Group > > I am testing with an advanced zone and security group enabled networks > (KVM based). So far it works fine, but for the following features: > > - attach 2nd network to instance: > => security group(s) do not get programmed on secondary vnetXY interfaces, > hence no communication over additional network is possible > > As the zone prevents me from adding a network without security group > feature, it seems such a setup is not supported, correct? Does anyone see a > way to give instances access to a private network? Could L2-network from > 4.11 be a solution? I am still running 4.9... > > Cheers, > Adrian >
