Successfully reported this slideshow.
Introduction to CloudStack 4.3
Networking
Geoff Higginbottom
CTO ShapeBlue
geoff.higginbottom@shapeblue.com
Twitter: @Clou...
www.shapeblue.com @CloudStackGuru
 Cloud Architect & ShapeBlue CTO
 Specialise in….
 Designing & Building Clouds based ...
www.shapeblue.com @CloudStackGuru
Why NaaS – The Use Cases
VPS Cloud
www.shapeblue.com @CloudStackGuru
Why NaaS – The Use Cases
www.shapeblue.com @CloudStackGuru
 AWS Style L3 isolation – Massive Scale
 Simple Flat Network
 Each POD has a unique C...
www.shapeblue.com @CloudStackGuru
 Isolate traffic between VMs
 Available for both Basic and Advanced Networking
 Only ...
www.shapeblue.com @CloudStackGuru
Security Groups
 Rules can be mapped to CIDR or another Account/Security Group
www.shapeblue.com @CloudStackGuru
 This network model provides the most flexibility in defining
guest networks and provid...
www.shapeblue.com @CloudStackGuru
 Private and Shared Guest Networks
 Multiple Physical Networks
 Virtual Router for ea...
www.shapeblue.com @CloudStackGuru
 Effectively enables the deployment of multiple ‘Basic’ style
networks which use Securi...
www.shapeblue.com @CloudStackGuru
Management Network
www.shapeblue.com @CloudStackGuru
Guest Network – Basic & Advanced
www.shapeblue.com @CloudStackGuru
Guest Network – Basic Zone EIP / ELB
www.shapeblue.com @CloudStackGuru
Public Network – Basic & Advanced
www.shapeblue.com @CloudStackGuru
Public Network – System VMs
CPVM & SSVM both have a connection to the Public Network
www.shapeblue.com @CloudStackGuru
Storage Network
www.shapeblue.com @CloudStackGuru
Physical Connectivity
www.shapeblue.com @CloudStackGuru
Basic Zone – Example IP Schema
www.shapeblue.com @CloudStackGuru
Advanced Zone – Example IP Schema
www.shapeblue.com @CloudStackGuru
 A Hardware or Virtual Appliance that provide Network Services
to CloudStack e.g.
Netwo...
www.shapeblue.com @CloudStackGuru
 Private multi-tiered Virtual Networks
 ACLs to control traffic isolation
 Inter VLAN...
www.shapeblue.com @CloudStackGuru
VPC Components
Virtual Router – Connects
all the VPC Components
Network Tiers – Isolated...
www.shapeblue.com @CloudStackGuru
VPC Components
Public Gateway
www.shapeblue.com @CloudStackGuru
VPC Components
Site-2-Site VPN
Linked to Public Gateway
www.shapeblue.com @CloudStackGuru
VPC Components
User VPN
Linked to Public Gateway
www.shapeblue.com @CloudStackGuru
VPC Components
VPC-2-VPC VPN
Linked to Public Gateway
www.shapeblue.com @CloudStackGuru
Private Gateway
Created by Root Admins
Configured by Users (Static Routes)
VPC Components
www.shapeblue.com @CloudStackGuru
VPC Components
www.shapeblue.com @CloudStackGuru
VPC Components
www.shapeblue.com @CloudStackGuru
VPC Components
www.shapeblue.com @CloudStackGuru
Communication Ports
www.shapeblue.com @CloudStackGuru
 Lots of great technical info on http://shapeblue.com/blog/
 These slides can be found...
Upcoming SlideShare
Loading in …5
×

Introduction to cloudstack 4.3 networking

2,059 views

Published on

Geoff, ShapeBlue CTO gives an overview of Cloudstack 4.3 networking

Published in: Technology
  • Be the first to comment

Introduction to cloudstack 4.3 networking

  1. 1. Introduction to CloudStack 4.3 Networking Geoff Higginbottom CTO ShapeBlue geoff.higginbottom@shapeblue.com Twitter: @CloudStackGuru
  2. 2. www.shapeblue.com @CloudStackGuru  Cloud Architect & ShapeBlue CTO  Specialise in….  Designing & Building Clouds based on Apache CloudStack / Citrix CloudPlatform  Developing CloudStack training  Blogging and sharing CloudStack knowledge  Involved with CloudStack before donation to Apache  Designed Clouds for SunGard, Ascenty, BskyB, Trader Media, M5 Hosting, Team Cymru, Interoute, University of Pennsylvania.…  CloudStack Committer (non-developer) About Me
  3. 3. www.shapeblue.com @CloudStackGuru Why NaaS – The Use Cases VPS Cloud
  4. 4. www.shapeblue.com @CloudStackGuru Why NaaS – The Use Cases
  5. 5. www.shapeblue.com @CloudStackGuru  AWS Style L3 isolation – Massive Scale  Simple Flat Network  Each POD has a unique CIDR  Optional Guest Isolation via Security Groups  Optional NetScaler Integration - Elastic IPs and Elastic LB  Optional Nicira NVP Integration Basic Networking
  6. 6. www.shapeblue.com @CloudStackGuru  Isolate traffic between VMs  Available for both Basic and Advanced Networking  Only supported on XenServer 6.x and KVM  XenServer 6.0.x requires the Cloud Support Package  XenServer must use Linux Bridge and not Open vSwitch  xe-switch-network-backend bridge  Must be implemented before adding to CloudStack Security Groups
  7. 7. www.shapeblue.com @CloudStackGuru Security Groups  Rules can be mapped to CIDR or another Account/Security Group
  8. 8. www.shapeblue.com @CloudStackGuru  This network model provides the most flexibility in defining guest networks and providing custom network offerings such as firewall, VPN, Load Balancer & VPC functionality.  Guest isolation is provided through layer-2 means such as VLANs or SDN technologies Advanced Networking
  9. 9. www.shapeblue.com @CloudStackGuru  Private and Shared Guest Networks  Multiple Physical Networks  Virtual Router for each Network providing:  DNS & DHCP  Firewall  Client VPN  Load Balancing  Source / Static NAT  Port Forwarding Advanced Networking
  10. 10. www.shapeblue.com @CloudStackGuru  Effectively enables the deployment of multiple ‘Basic’ style networks which use Security Groups for isolation of VMs, but with each Network encapsulated within a unique VLAN. Advanced Networking & Security Groups
  11. 11. www.shapeblue.com @CloudStackGuru Management Network
  12. 12. www.shapeblue.com @CloudStackGuru Guest Network – Basic & Advanced
  13. 13. www.shapeblue.com @CloudStackGuru Guest Network – Basic Zone EIP / ELB
  14. 14. www.shapeblue.com @CloudStackGuru Public Network – Basic & Advanced
  15. 15. www.shapeblue.com @CloudStackGuru Public Network – System VMs CPVM & SSVM both have a connection to the Public Network
  16. 16. www.shapeblue.com @CloudStackGuru Storage Network
  17. 17. www.shapeblue.com @CloudStackGuru Physical Connectivity
  18. 18. www.shapeblue.com @CloudStackGuru Basic Zone – Example IP Schema
  19. 19. www.shapeblue.com @CloudStackGuru Advanced Zone – Example IP Schema
  20. 20. www.shapeblue.com @CloudStackGuru  A Hardware or Virtual Appliance that provide Network Services to CloudStack e.g. Network Service Providers  Virtual Router  VPC Virtual Router  Internal LBVM  Citrix NetScaler  F5 Load Balancer  Juniper SRX Firewall  Nicira Nvp  Midokura Midonet  BigSwitch Vns  Cisco VNMC  Baremetal DHCP*  Baremetal PXE*  Palo Alto*  Ovs* *new in 4.3
  21. 21. www.shapeblue.com @CloudStackGuru  Private multi-tiered Virtual Networks  ACLs to control traffic isolation  Inter VLAN Routing  Site-2-Site VPN  Private Gateway  VPC-2-VPC VPN*  User VPN* Virtual Private Clouds (VPC) *new in 4.3
  22. 22. www.shapeblue.com @CloudStackGuru VPC Components Virtual Router – Connects all the VPC Components Network Tiers – Isolated Networks, each with unique VLAN and CIDR
  23. 23. www.shapeblue.com @CloudStackGuru VPC Components Public Gateway
  24. 24. www.shapeblue.com @CloudStackGuru VPC Components Site-2-Site VPN Linked to Public Gateway
  25. 25. www.shapeblue.com @CloudStackGuru VPC Components User VPN Linked to Public Gateway
  26. 26. www.shapeblue.com @CloudStackGuru VPC Components VPC-2-VPC VPN Linked to Public Gateway
  27. 27. www.shapeblue.com @CloudStackGuru Private Gateway Created by Root Admins Configured by Users (Static Routes) VPC Components
  28. 28. www.shapeblue.com @CloudStackGuru VPC Components
  29. 29. www.shapeblue.com @CloudStackGuru VPC Components
  30. 30. www.shapeblue.com @CloudStackGuru VPC Components
  31. 31. www.shapeblue.com @CloudStackGuru Communication Ports
  32. 32. www.shapeblue.com @CloudStackGuru  Lots of great technical info on http://shapeblue.com/blog/  These slides can be found at www.slideshare.net/shapeblue  geoff.higginbottom@shapeblue.com  @CloudStackGuru Further Information

×