Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Introduction to CloudStack Networking


Published on

Introduction to the different CloudStack Networking models, CloudStack Networks and System VMs

Published in: Technology
  • Be the first to comment

Introduction to CloudStack Networking

  1. 1. Introduction to CloudStack Networking Geoff Higginbottom CTO ShapeBlue Twitter: @CloudStackGuru @ShapeBlue
  2. 2. About Me   Cloud Architect & ShapeBlue CTO Specialise in….       Designing & Building Clouds based on Apache CloudStack / Citrix CloudPlatform Developing CloudStack training Blogging and sharing CloudStack knowledge Involved with CloudStack before donation to Apache Designed Clouds for SunGard, Ascenty, BskyB, Trader Media, M5 Hosting, Team Cymru, Interoute, University of Pennsylvania.… CloudStack Committer (non-developer) @ShapeBlue #CloudStack #CCCEU13
  3. 3. About ShapeBlue “ShapeBlue are expert builders of public & private clouds. They are the leading global independent CloudStack / CloudPlatform integrator & consultancy” @ShapeBlue #CloudStack #CCCEU13
  4. 4. Why NaaS – The Use Cases VPS Cloud @ShapeBlue #CloudStack #CCCEU13
  5. 5. Why NaaS – The Use Cases @ShapeBlue #CloudStack #CCCEU13
  6. 6. Basic Networking       AWS Style L3 isolation – Massive Scale Simple Flat Network Each POD has a unique CIDR Optional Guest Isolation via Security Groups Optional NetScaler Integration - Elastic IPs and Elastic LB Optional Nicira NVP Integration @ShapeBlue #CloudStack #CCCEU13
  7. 7. Security Groups      Isolate traffic between VMs Available for both Basic and Advanced Networking Only supported on XenServer 6.x and KVM XenServer 6.0.x requires the Cloud Support Package XenServer must use Linux Bridge and not Open vSwitch   xe-switch-network-backend bridge Must be implemented before adding to CloudStack @ShapeBlue #CloudStack #CCCEU13
  8. 8. Security Groups  Rules can be mapped to CIDR or another Account/Security Group @ShapeBlue #CloudStack #CCCEU13
  9. 9. Advanced Networking   This network model provides the most flexibility in defining guest networks and providing custom network offerings such as firewall, VPN, Load Balancer & VPC functionality. Guest isolation is provided through layer-2 means such as VLANs or SDN technologies @ShapeBlue #CloudStack #CCCEU13
  10. 10. Advanced Networking    Private and Shared Guest Networks Multiple Physical Networks Virtual Router for each Network providing:       DNS & DHCP Firewall Client VPN Load Balancing Source / Static NAT Port Forwarding @ShapeBlue #CloudStack #CCCEU13
  11. 11. Advanced Networking & Security Groups  Effectively enables the deployment of multiple ‘Basic’ style networks which use Security Groups for isolation of VMs, but with each Network encapsulated within a unique VLAN. @ShapeBlue #CloudStack #CCCEU13
  12. 12. Management Network Traffic between CloudStack Management Servers and the various cloud components (Hosts, System VMs, Storage*, vCenter etc) @ShapeBlue #CloudStack #CCCEU13
  13. 13. Guest Network – Advanced Zone Traffic between VMs within an Account, and their Virtual Router, Physical Load Balancer or Physical Firewall @ShapeBlue #CloudStack #CCCEU13
  14. 14. Guest Network – Basic Zone Traffic between VMs on the network and their Internet Gateway @ShapeBlue #CloudStack #CCCEU13
  15. 15. Guest Network – Basic Zone EIP / ELB Traffic between VMs and the Internal Interface of the NetScaler @ShapeBlue #CloudStack #CCCEU13
  16. 16. Public Network – Advanced Zone Traffic between the Virtual Router and the Internet Gateway @ShapeBlue #CloudStack #CCCEU13
  17. 17. Public Network - Basic Zone EIP / ELB Only present in a Basic Zone when a Citrix NetScaler is used to provide Elastic IP and Elastic LB @ShapeBlue #CloudStack #CCCEU13
  18. 18. Public Network – System VMs CPVM & SSVM both have a connection to the Public Network @ShapeBlue #CloudStack #CCCEU13
  19. 19. Storage Network     Traffic between SSVM and the Secondary Storage Optional Network, traffic will use the Management Network if not configured. If configured, there must be a route between Management and Storage Networks It is NOT for Primary Storage Traffic @ShapeBlue #CloudStack #CCCEU13
  20. 20. Physical Connectivity @ShapeBlue #CloudStack #CCCEU13
  21. 21. Basic Zone – Example IP Schema @ShapeBlue #CloudStack #CCCEU13
  22. 22. Advanced Zone – Example IP Schema @ShapeBlue #CloudStack #CCCEU13
  23. 23. Network Service Providers  A Hardware or Virtual Appliance that provide Network Services to CloudStack e.g.  Virtual Router VPC Virtual Router Internal LBVM Citrix NetScaler F5 Load Balancer Juniper SRX Firewall          Nicira Nvp Midokura Midonet BigSwitch Vns Cisco VNMC @ShapeBlue #CloudStack #CCCEU13
  24. 24. Virtual Private Clouds (VPC)      Private multi-tiered Virtual Networks ACLs to control traffic isolation Inter VLAN Routing Site-2-Site VPN Private Gateway @ShapeBlue #CloudStack #CCCEU13
  25. 25. VPC Components Virtual Router – Connects all the VPC Components Network Tiers – Isolated Networks, each with unique VLAN and CIDR @ShapeBlue #CloudStack #CCCEU13
  26. 26. VPC Components Public Gateway Site-2-Site VPN Linked to Public Gateway @ShapeBlue #CloudStack #CCCEU13
  27. 27. VPC Components Private Gateway Created by Root Admins Configured by Users (Static Routes) @ShapeBlue #CloudStack #CCCEU13
  28. 28. VPC Components @ShapeBlue #CloudStack #CCCEU13
  29. 29. VPC Components @ShapeBlue #CloudStack #CCCEU13
  30. 30. VPC Components @ShapeBlue #CloudStack #CCCEU13
  31. 31. Communication Ports @ShapeBlue #CloudStack #CCCEU13
  32. 32. System VMs & Their Networks Virtual Router @ShapeBlue #CloudStack #CCCEU13
  33. 33. System VMs & Their Networks Virtual Router @ShapeBlue #CloudStack #CCCEU13
  34. 34. System VMs & Their Networks Secondary Storage VM @ShapeBlue #CloudStack #CCCEU13
  35. 35. System VMs & Their Networks SSVM – VM Image / ISO Upload Workflow @ShapeBlue #CloudStack #CCCEU13
  36. 36. System VMs & Their Networks Console Proxy VM @ShapeBlue #CloudStack #CCCEU13
  37. 37. System VMs & Their Networks CPVM – Remote Connection @ShapeBlue #CloudStack #CCCEU13
  38. 38. Recent Networking Improvements (4.1 & 4.2)           Numerous VPC Improvements Add & Remove NICs / Networks Multiple IPs on Single NIC Persistent Networks Configurable Default Egress Behaviour Non Contiguous VLAN Ranges Enhanced SRX & F5 Support PVLANs GLSB IPv6 – (Technical Demo) @ShapeBlue #CloudStack #CCCEU13
  39. 39. Further Information     Lots of great technical info on These slides can be found at @CloudStackGuru @ShapeBlue #CloudStack #CCCEU13