Introduction to cloudstack 4.2 networking

3,978 views

Published on

Geoff Higginbottom did a short “Introduction to Cloudstack Networking” talk . Many people acknowledge that there’s nobody on planet earth who knows as much about Cloudstack Networking as Geoff. Luckily he decided to throttle back a little on his usual detail levels and did an excellent job of explaining the key cloudstack networking features and also had a good look that the new & improved VPC functionality available in Cloudstack 4.2

Published in: Technology
0 Comments
13 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,978
On SlideShare
0
From Embeds
0
Number of Embeds
156
Actions
Shares
0
Downloads
17
Comments
0
Likes
13
Embeds 0
No embeds

No notes for slide

Introduction to cloudstack 4.2 networking

  1. 1. Introduction to CloudStack Networking Geoff Higginbottom CTO ShapeBlue geoff.higginbottom@shapeblue.com Twitter: @ShapeBlue, @CloudStackGuru
  2. 2. Why NaaS – The Use Cases VPS Cloud www.shapeblue.com @CloudStackGuru
  3. 3. Why NaaS – The Use Cases www.shapeblue.com @CloudStackGuru
  4. 4. Management Network www.shapeblue.com @CloudStackGuru
  5. 5. Public Network – Advanced Zone www.shapeblue.com @CloudStackGuru
  6. 6. Public Network - Basic Zone EIP / ELB www.shapeblue.com @CloudStackGuru
  7. 7. Public Network – System VMs www.shapeblue.com @CloudStackGuru
  8. 8. Guest Network – Advanced Zone www.shapeblue.com @CloudStackGuru
  9. 9. Guest Network – Basic Zone www.shapeblue.com @CloudStackGuru
  10. 10. Guest Network – Basic Zone www.shapeblue.com @CloudStackGuru
  11. 11. Guest Network – Basic Zone EIP / ELB www.shapeblue.com @CloudStackGuru
  12. 12. Storage Network www.shapeblue.com @CloudStackGuru
  13. 13. Physical Connectivity www.shapeblue.com @CloudStackGuru
  14. 14. Network Service Providers www.shapeblue.com @CloudStackGuru
  15. 15. Basic Networking       AWS Style L3 isolation – Massive Scale Simple Flat Network Each POD has a unique CIDR Optional Guest Isolation via Security Groups Optional NetScaler Integration - Elastic IPs and Elastic LB Optional Nicira NVP Integration www.shapeblue.com @CloudStackGuru
  16. 16. Security Groups      Isolate traffic between VMs Available for both Basic and Advanced Networking Only supported on XenServer 6.x and KVM XenServer 6.0.x requires the Cloud Support Package XenServer must use Linux Bridge and not Open vSwitch   xe-switch-network-backend bridge Must be implemented before adding to CloudStack www.shapeblue.com @CloudStackGuru
  17. 17. Security Groups     Must be specified when the Zone is created Uses Ingress and Egress Rules to control traffic flow Default is all outbound traffic allowed, all inbound denied Rules can be mapped to CIDR or another Account/Security Group www.shapeblue.com @CloudStackGuru
  18. 18. Security Groups     Must be specified when the Zone is created Uses Ingress and Egress Rules to control traffic flow Default is all outbound traffic allowed, all inbound denied Rules can be mapped to CIDR or another Account/Security Group www.shapeblue.com @CloudStackGuru
  19. 19. Basic Zone – Example IP Schema www.shapeblue.com @CloudStackGuru
  20. 20. Using Multiple NICs www.shapeblue.com @CloudStackGuru
  21. 21. Using Multiple NICs www.shapeblue.com @CloudStackGuru
  22. 22. Advanced Networking     Guest Networks isolated by VLANs Private and Shared Guest Networks Multiple Physical Networks Virtual Router for each Network providing:       DNS & DHCP Firewall Client VPN Load Balancing Source / Static NAT Port Forwarding www.shapeblue.com @CloudStackGuru
  23. 23. Adv Zone – Example IP Schema www.shapeblue.com @CloudStackGuru
  24. 24. Adv Zone - Egress Rules  Blocks all outbound traffic by default Example of an ‘Allow All’ Egress Rule www.shapeblue.com @CloudStackGuru
  25. 25. Adv Zone - Firewall & Port Forwarding  Firewall   Allow traffic into network Port Forwarding  Pass traffic to a specified VM www.shapeblue.com @CloudStackGuru
  26. 26. Adv Zone - Load Balancing  Load Balancing Algorithms     Round Robin Least Connections Source Stickiness     None Source Based AppCookie LBCookie www.shapeblue.com @CloudStackGuru
  27. 27. Adv Zone - User VPN  User VPN    IPSec VPN Win/MAC Connects to Guest Network www.shapeblue.com @CloudStackGuru
  28. 28. Adv Zone - Static NAT  Enable Static NAT www.shapeblue.com @CloudStackGuru
  29. 29. Adv Zone - Static NAT  Allocate VM www.shapeblue.com @CloudStackGuru
  30. 30. Adv Zone - Static NAT   Only Firewall Rules exist due to 1-2-1 mapping Public IP is also used for Outbound Traffic from this VM www.shapeblue.com @CloudStackGuru
  31. 31. Virtual Private Clouds (VPC)      Private multi-tiered Virtual Networks ACLs to control traffic isolation Inter VLAN Routing Site-2-Site VPN Private Gateway www.shapeblue.com @CloudStackGuru
  32. 32. Virtual Private Clouds (VPC)  No Conserve Mode so unique Public IP Required for:     Source NAT Port Forwarding Load Balancing Cannot operate in Redundant Mode (VRRP) www.shapeblue.com @CloudStackGuru
  33. 33. VPC Components Virtual Router – Connects all the VPC Components Network Tiers – Isolated Networks, each with unique VLAN and CIDR www.shapeblue.com @CloudStackGuru
  34. 34. VPC Components Public Gateway Site-2-Site VPN Linked to Public Gateway www.shapeblue.com @CloudStackGuru
  35. 35. VPC Components Private Gateway Created by Root Admins Configured by Users (Static Routes) www.shapeblue.com @CloudStackGuru
  36. 36. VPC Components www.shapeblue.com @CloudStackGuru
  37. 37. VPC Components www.shapeblue.com @CloudStackGuru
  38. 38. VPC Components www.shapeblue.com @CloudStackGuru
  39. 39. VPC 4.2 Enhancements         Support for KVM Load Balancing between Tiers Citrix NetScaler as External LB Enhanced Access Control Lists Deploy VM to both VPC & Shared Network from UI Multiple VPN Gateways Multiple Private Gateways ACLs & Black Lists for Private Gateways www.shapeblue.com @CloudStackGuru
  40. 40. System VMs & Their Networks Virtual Router www.shapeblue.com @CloudStackGuru
  41. 41. System VMs & Their Networks Virtual Router www.shapeblue.com @CloudStackGuru
  42. 42. System VMs & Their Networks Secondary Storage VM www.shapeblue.com @CloudStackGuru
  43. 43. System VMs & Their Networks SSVM – VM Image / ISO Upload Workflow www.shapeblue.com @CloudStackGuru
  44. 44. System VMs & Their Networks Console Proxy VM www.shapeblue.com @CloudStackGuru
  45. 45. System VMs & Their Networks CPVM – Remote Connection www.shapeblue.com @CloudStackGuru
  46. 46. Communication Ports www.shapeblue.com @CloudStackGuru
  47. 47. Recent Networking Improvements (4.1 & 4.2)           Numerous VPC Improvements Add & Remove NICs / Networks Multiple IPs on Single NIC Persistent Networks Configurable Default Egress Behaviour Non Contiguous VLAN Ranges Enhanced SRX & F5 Support PVLANs GLSB IPv6 – (Technical Demo) www.shapeblue.com @CloudStackGuru
  48. 48. Questions? www.shapeblue.com @CloudStackGuru
  49. 49. Introduction to CloudStack Networking Geoff Higginbottom CTO ShapeBlue geoff.higginbottom@shapeblue.com Twitter: @ShapeBlue, @CloudStackGuru

×