Hi Chi,
I am not very clear what you said.
> Shared Netowk with the Virtual router but does not get a Public address
assigned,
I guess you meant that the shared network in front of the VNF. If so, the
shared network should use public IP, the gateway is configured on your
upstream router. similar to public IP range for isolated networks.
> While If i Use the Isolated network the CloudStack VR gets the IP.
Yes, ACS allocates an IP from the IP range for the VR of isolated network.
The IP is used as source nat IP of vm instances on the isolated network.
ACS does not allocate a public IP to VR of a shared network as it is not
required (VR only acts as dhcp/dns/metadata/password server).
-Wei
On Fri, Jun 27, 2025 at 9:01 PM Chi vediamo <tatay...@gmail.com> wrote:
> Hello Wei,
>
> I was using PFsense I try with cisco and Jupiper too, and vPaloAlto. I am
> trying to mimic networks that I deployed before in Azure.
>
> In this scenario you mentioned.
>
> Internet <-> public gateway <-> isolated network with source NAT*(mandatory
> the CSvirtualROUTER)* <-> VNF (on the isolated network and another
> shared/L2/isolated network) <-> VM on user network.
>
>
> I created a Shared Netowk with the Virtual router but does not get a
> Public address assigned, While If i Use the Isolated network the CloudStack
> VR gets the IP.
>
> Thank you
>
> Tata Y.
>
>
>
> On Jun 27, 2025, at 1:58 PM, Wei ZHOU <ustcweiz...@gmail.com> wrote:
>
> Hi Chi,
>
> VNF means virtual network appliance, which can provide various services,
> routing, load balancer, dhcp, dns, ids, ips, etc.
> it can be on the data path, or out of the data path.
>
> you can use pfsense VNF or similar, to replace VR. However, ACS VR has a
> virtual nic on the Public network, which is not possible for VNF (which is
> a special type of user vm instance).
> Therefore, to access the public internet or visa versa, user has to add a
> network in front of VNF, so the topology looks like
>
> Internet <-> public gateway <-> shared network with public IP <-> VNF (on
> the shared network and another shared/L2/isolated network) <-> VM on user
> network,
> OR
> Internet <-> public gateway <-> isolated network with source NAT <-> VNF
> (on the isolated network and another shared/L2/isolated network) <-> VM on
> user network.
>
> In my video, I used an isolated network. you can use a shared network
> instead.
> if you do not need public access, the isolated/shared network is not
> needed then.
>
>
> -Wei
>
>
> On Fri, Jun 27, 2025 at 5:50 PM Chi vediamo <tatay...@gmail.com> wrote:
>
>> Thank you Daan
>>
>> Is there Any documentation about this. I read about and saw several
>> videos, but none explains clearly each type versus VNF or vRouter.
>> I though based on the videos I can just replace the vRouter with an
>> appliance for isolated networks or a VPC.
>>
>> In a shared network I need the vROUTER or appliance to have a link to
>> public interface while the others are behind the vRouter or appliance. I
>> was unsuccessful on this one as there is no way to assign a separate port
>> for Public network.
>> everything is in a single VXLAN for some reason. and the VXLAN has to be
>> routed, which I do not want
>>
>>
>> I DID TRY SHARED OR L2 NETWORK: All Hypervisrors running KVM and upgraded
>> to 4.20.1.
>>
>> Here is the Scneario:
>>
>> {Internet}
>> |
>> |
>> Hypervisor1 Hypervisro2
>> |_____________________________|
>> | |
>> [vRouter or Appliance] |
>> | | |
>> | | |
>> VXLAN1 VXLAN2 VXLAN2
>> | | |
>> | | |
>> VM1 VM2 VM3
>>
>>
>> Then for L2 should I be able to pick the VNF appliance instead of a
>> vROUTER ?
>>
>>
>> Tata Y.
>>
>>
>>
>>
>>
>> > On Jun 27, 2025, at 11:16 AM, Daan Hoogland <daan.hoogl...@gmail.com>
>> wrote:
>> >
>> > Chi,
>> > I do not fully understand your use-case, but in the cases of isolated
>> > network and VPC you can put an appliance behind the router, not in
>> > front of it. (not sure, needs checking)
>> > In an L2 network you design the routing yourself and can make your VNF
>> > be the gateway
>> > In a shared network also you can design a lot, except that there will
>> > be layer 3 available. (I am not sure if VNFs are useful in this type
>> > of env)
>> >
>> > On Fri, Jun 27, 2025 at 3:08 PM Chi vediamo <tatay...@gmail.com> wrote:
>> >>
>> >> for Isolated or VPC networks,
>> >>
>> >> Is my understanding I am not able to put a router in front in a shared
>> network. Or it is possible ?
>> >>
>> >>
>> >> Tata Y.
>> >>
>> >>> On Jun 27, 2025, at 2:35 AM, Daan Hoogland <d...@apache.org> wrote:
>> >>>
>> >>> Tata,
>> >>>
>> >>> On Fri, Jun 20, 2025 at 3:05 AM Chi vediamo <tatay...@gmail.com>
>> wrote:
>> >>>>
>> >>>> Hello Team,
>> >>>>
>> >>>> Is there a Way to add a VNF Network Offering ? What are the steps to
>> use a VNF without a vRouter in front of it.
>> >>>
>> >>> In an l2 network ( or a shared network?)
>> >>
>> >
>> >
>> > --
>> > Daan
>>
>>
>
