Introduction to CloudStack Networking


Published on

Introduction to the different CloudStack Networking models, CloudStack Networks and System VMs

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • eSkyCityBroker BinSunGardCiscoOrangeT-Mobile
  • Guest VMs and Hosts can be on different VLANs even though Admin Guide states they cannot
  • XenServer requires the CloudStack Support Package to be installed BEFORE adding to CloudStack in order to use Security GroupsSecurity Groups - Guest VM will be assigned to ‘default’ security Group if none is specified – Denies all inbound but allows all outbound. VMs can belong to multiple security groups but not the Default SG and another SG. Ingress and Egress rules control the flow of traffic into and out of Security Groups. If no Egress rules have been specified all outbound traffic is allowed, however once an Egress Rule has been created, only traffic specified by Egress Rules, in response to an Ingress Rule or related to DHCP & DNS queries is allowed out.
  • A Zone can be either Basic OR Advanced
  • Private – limited to one accountShared – Accessible to either the whole Zone, a Domain (with or without subdomains), an Account or Project
  • A Zone can be either Basic OR Advanced
  • Traffic between CloudStack Management Servers and the various cloud componentsSecondary Storage also uses the Management Network of the optional ‘Storage’ network has not been configured.
  • Advanced ZoneTraffic between VMs and their VR
  • Basic Zone
  • Basic Zone with EIP / ELB has a Public Network
  • Enables services such as:Source NATStatic NATLoad BalancingPort ForwardingFirewallVPN
  • Netscaler EIP & ELB
  • SSVM & CPVM each have a Public Interface
  • Optional NetworkSSVMManagement ServersHostsNOT FOR PRIMARY STORAGE
  • Virtual RouterVPC Virtual RouterInternal Load Balancer VMCitrix NetScalerF5 Load BalancerJuniper SRX FirewallNicira Network Virtualization PlatformMidokuraMidonetBigSwitch Virtual Network SegmentsCisco Virtual Network Management Center
  • 23 min
  • 27 min
  • 29 min
  • 31 min
  • 33 min
  • 35 min
  • 37 min
  • Introduction to CloudStack Networking

    1. 1. Introduction to CloudStack Networking Geoff Higginbottom CTO ShapeBlue Twitter: @CloudStackGuru @ShapeBlue
    2. 2. About Me   Cloud Architect & ShapeBlue CTO Specialise in….       Designing & Building Clouds based on Apache CloudStack / Citrix CloudPlatform Developing CloudStack training Blogging and sharing CloudStack knowledge Involved with CloudStack before donation to Apache Designed Clouds for SunGard, Ascenty, BskyB, Trader Media, M5 Hosting, Team Cymru, Interoute, University of Pennsylvania.… CloudStack Committer (non-developer) @ShapeBlue #CloudStack #CCCEU13
    3. 3. About ShapeBlue “ShapeBlue are expert builders of public & private clouds. They are the leading global independent CloudStack / CloudPlatform integrator & consultancy” @ShapeBlue #CloudStack #CCCEU13
    4. 4. Why NaaS – The Use Cases VPS Cloud @ShapeBlue #CloudStack #CCCEU13
    5. 5. Why NaaS – The Use Cases @ShapeBlue #CloudStack #CCCEU13
    6. 6. Basic Networking       AWS Style L3 isolation – Massive Scale Simple Flat Network Each POD has a unique CIDR Optional Guest Isolation via Security Groups Optional NetScaler Integration - Elastic IPs and Elastic LB Optional Nicira NVP Integration @ShapeBlue #CloudStack #CCCEU13
    7. 7. Security Groups      Isolate traffic between VMs Available for both Basic and Advanced Networking Only supported on XenServer 6.x and KVM XenServer 6.0.x requires the Cloud Support Package XenServer must use Linux Bridge and not Open vSwitch   xe-switch-network-backend bridge Must be implemented before adding to CloudStack @ShapeBlue #CloudStack #CCCEU13
    8. 8. Security Groups  Rules can be mapped to CIDR or another Account/Security Group @ShapeBlue #CloudStack #CCCEU13
    9. 9. Advanced Networking   This network model provides the most flexibility in defining guest networks and providing custom network offerings such as firewall, VPN, Load Balancer & VPC functionality. Guest isolation is provided through layer-2 means such as VLANs or SDN technologies @ShapeBlue #CloudStack #CCCEU13
    10. 10. Advanced Networking    Private and Shared Guest Networks Multiple Physical Networks Virtual Router for each Network providing:       DNS & DHCP Firewall Client VPN Load Balancing Source / Static NAT Port Forwarding @ShapeBlue #CloudStack #CCCEU13
    11. 11. Advanced Networking & Security Groups  Effectively enables the deployment of multiple ‘Basic’ style networks which use Security Groups for isolation of VMs, but with each Network encapsulated within a unique VLAN. @ShapeBlue #CloudStack #CCCEU13
    12. 12. Management Network Traffic between CloudStack Management Servers and the various cloud components (Hosts, System VMs, Storage*, vCenter etc) @ShapeBlue #CloudStack #CCCEU13
    13. 13. Guest Network – Advanced Zone Traffic between VMs within an Account, and their Virtual Router, Physical Load Balancer or Physical Firewall @ShapeBlue #CloudStack #CCCEU13
    14. 14. Guest Network – Basic Zone Traffic between VMs on the network and their Internet Gateway @ShapeBlue #CloudStack #CCCEU13
    15. 15. Guest Network – Basic Zone EIP / ELB Traffic between VMs and the Internal Interface of the NetScaler @ShapeBlue #CloudStack #CCCEU13
    16. 16. Public Network – Advanced Zone Traffic between the Virtual Router and the Internet Gateway @ShapeBlue #CloudStack #CCCEU13
    17. 17. Public Network - Basic Zone EIP / ELB Only present in a Basic Zone when a Citrix NetScaler is used to provide Elastic IP and Elastic LB @ShapeBlue #CloudStack #CCCEU13
    18. 18. Public Network – System VMs CPVM & SSVM both have a connection to the Public Network @ShapeBlue #CloudStack #CCCEU13
    19. 19. Storage Network     Traffic between SSVM and the Secondary Storage Optional Network, traffic will use the Management Network if not configured. If configured, there must be a route between Management and Storage Networks It is NOT for Primary Storage Traffic @ShapeBlue #CloudStack #CCCEU13
    20. 20. Physical Connectivity @ShapeBlue #CloudStack #CCCEU13
    21. 21. Basic Zone – Example IP Schema @ShapeBlue #CloudStack #CCCEU13
    22. 22. Advanced Zone – Example IP Schema @ShapeBlue #CloudStack #CCCEU13
    23. 23. Network Service Providers  A Hardware or Virtual Appliance that provide Network Services to CloudStack e.g.  Virtual Router VPC Virtual Router Internal LBVM Citrix NetScaler F5 Load Balancer Juniper SRX Firewall          Nicira Nvp Midokura Midonet BigSwitch Vns Cisco VNMC @ShapeBlue #CloudStack #CCCEU13
    24. 24. Virtual Private Clouds (VPC)      Private multi-tiered Virtual Networks ACLs to control traffic isolation Inter VLAN Routing Site-2-Site VPN Private Gateway @ShapeBlue #CloudStack #CCCEU13
    25. 25. VPC Components Virtual Router – Connects all the VPC Components Network Tiers – Isolated Networks, each with unique VLAN and CIDR @ShapeBlue #CloudStack #CCCEU13
    26. 26. VPC Components Public Gateway Site-2-Site VPN Linked to Public Gateway @ShapeBlue #CloudStack #CCCEU13
    27. 27. VPC Components Private Gateway Created by Root Admins Configured by Users (Static Routes) @ShapeBlue #CloudStack #CCCEU13
    28. 28. VPC Components @ShapeBlue #CloudStack #CCCEU13
    29. 29. VPC Components @ShapeBlue #CloudStack #CCCEU13
    30. 30. VPC Components @ShapeBlue #CloudStack #CCCEU13
    31. 31. Communication Ports @ShapeBlue #CloudStack #CCCEU13
    32. 32. System VMs & Their Networks Virtual Router @ShapeBlue #CloudStack #CCCEU13
    33. 33. System VMs & Their Networks Virtual Router @ShapeBlue #CloudStack #CCCEU13
    34. 34. System VMs & Their Networks Secondary Storage VM @ShapeBlue #CloudStack #CCCEU13
    35. 35. System VMs & Their Networks SSVM – VM Image / ISO Upload Workflow @ShapeBlue #CloudStack #CCCEU13
    36. 36. System VMs & Their Networks Console Proxy VM @ShapeBlue #CloudStack #CCCEU13
    37. 37. System VMs & Their Networks CPVM – Remote Connection @ShapeBlue #CloudStack #CCCEU13
    38. 38. Recent Networking Improvements (4.1 & 4.2)           Numerous VPC Improvements Add & Remove NICs / Networks Multiple IPs on Single NIC Persistent Networks Configurable Default Egress Behaviour Non Contiguous VLAN Ranges Enhanced SRX & F5 Support PVLANs GLSB IPv6 – (Technical Demo) @ShapeBlue #CloudStack #CCCEU13
    39. 39. Further Information     Lots of great technical info on These slides can be found at @CloudStackGuru @ShapeBlue #CloudStack #CCCEU13