Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
CloudStack Virtual Router        Alex Huang      November 5 2012
CloudStack Virtual Router (Virtual                Router)• The Virtual Router will be deployed once (when the first  insta...
CloudStack Virtual Router• The Virtual Router will have 3 NICs:    –   Eth0 will be connected to the Isolated Guest Networ...
Virtual Router Information (applies to                 all Sys. VMs)•   Debian 6.0 ("Squeeze"), 2.6.32 kernel with the lat...
Upcoming SlideShare
Loading in …5
×

4 virtual router CloudStack Developer Day

2,106 views

Published on

4 virtual router CloudStack Developer Day

By Alex Huang
Architect, Cloud Platforms Group, Citrix Systems Inc.

Published in: Technology
  • Be the first to comment

4 virtual router CloudStack Developer Day

  1. 1. CloudStack Virtual Router Alex Huang November 5 2012
  2. 2. CloudStack Virtual Router (Virtual Router)• The Virtual Router will be deployed once (when the first instance is deployed in a Zone) when a Shared Network is used providing DHCP and DNS services for the Zone’s Instances (IPs will be allocated from the Public IP Range entered in CloudStack)• When Advanced is used the Router will be deployed Per- Account (and Per Unique Isolated Guest Network)• Virtual Router can serve and isolate VMs even if deployed on a different Hypervisor
  3. 3. CloudStack Virtual Router• The Virtual Router will have 3 NICs: – Eth0 will be connected to the Isolated Guest Network (for Advanced VLAN). It will have the first IP in the CIDR (for example10.1.1.1) and it will be the DNS, DHCP and Gateway for the Instances in the Private Guest Network. – Eth1 resides on local-link network (only for KVM and XenServer) or the Management Network (on VMware) and is used by CloudStack to configure the virtual router. On VMware it will use an IPs from the Management Network IP Range (e.g. Pod Private Range) – Eth2 resides on the Public Network and assigned with a Public IP from the range entered in CloudStack (users can ‘Acquire New IPs’ if needed)• In the default Isolated Mode - Source NAT is automatically configured on the virtual router to forward outbound traffic for all guest VMs and block all incoming traffic (users can manage incoming rules from UI)
  4. 4. Virtual Router Information (applies to all Sys. VMs)• Debian 6.0 ("Squeeze"), 2.6.32 kernel with the latest security patches from the Debian security APT repository. No extraneous accounts• 32-bit for enhanced performance on Xen/VMWare• Only essential software packages are installed. Services such as, printing, ftp, telnet, X, kudzu, dns, sendmail are not installed.• SSHd only listens on the private/link-local interface. SSH port has been changed to a non- standard port. SSH logins only using keys (keys are generated at install time and are unique for every customer)• pvops kernel with Xen paravirt drivers + KVM virtio drivers + VMware tools for optimum performance on all hypervisors. Xen tools inclusion allows performance monitoring• Template is built from scratch and is not polluted with any old logs or history• Latest versions of haproxy, iptables, ipsec, apache from debian repository ensures improved security and speed• Latest version of jre from Oracle ensures improved security and speed

×