introduction to cloudstack 4.3 networking
DESCRIPTION
Geoff, ShapeBlue CTO gives an overview of Cloudstack 4.3 networkingTRANSCRIPT
Introduction to CloudStack 4.3 Networking
Geoff HigginbottomCTO ShapeBlue
[email protected]: @CloudStackGuru
www.shapeblue.com
@CloudStackGuru
Cloud Architect & ShapeBlue CTO Specialise in….
Designing & Building Clouds based on Apache CloudStack / Citrix CloudPlatform
Developing CloudStack training Blogging and sharing CloudStack knowledge
Involved with CloudStack before donation to Apache Designed Clouds for SunGard, Ascenty, BskyB, Trader Media,
M5 Hosting, Team Cymru, Interoute, University of Pennsylvania.…
CloudStack Committer (non-developer)
About Me
www.shapeblue.com
@CloudStackGuru
Why NaaS – The Use CasesVPS Cloud
www
VPS
VPS
VPS
NaaS
VM
VM
VM`
VM
VM
VM
www
www.shapeblue.com
@CloudStackGuru
Why NaaS – The Use CasesTier 1
Tier 2
Tier 3
NaaSVMVM
VMVM
VMVM
www
ACLs
ACLs
www.shapeblue.com
@CloudStackGuru
AWS Style L3 isolation – Massive Scale Simple Flat Network Each POD has a unique CIDR Optional Guest Isolation via Security Groups Optional NetScaler Integration - Elastic IPs and Elastic
LB Optional Nicira NVP Integration
Basic Networking
www.shapeblue.com
@CloudStackGuru
Isolate traffic between VMs Available for both Basic and Advanced Networking Only supported on XenServer 6.x and KVM XenServer 6.0.x requires the Cloud Support Package XenServer must use Linux Bridge and not Open
vSwitch xe-switch-network-backend bridge Must be implemented before adding to CloudStack
Security Groups
www.shapeblue.com
@CloudStackGuru
Security Groups Rules can be mapped to CIDR or another
Account/Security Group
www.shapeblue.com
@CloudStackGuru
This network model provides the most flexibility in defining guest networks and providing custom network offerings such as firewall, VPN, Load Balancer & VPC functionality.
Guest isolation is provided through layer-2 means such as VLANs or SDN technologies
Advanced Networking
www.shapeblue.com
@CloudStackGuru
Private and Shared Guest Networks Multiple Physical Networks Virtual Router for each Network providing:
DNS & DHCP Firewall Client VPN Load Balancing Source / Static NAT Port Forwarding
Advanced Networking
www.shapeblue.com
@CloudStackGuru
Effectively enables the deployment of multiple ‘Basic’ style networks which use Security Groups for isolation of VMs, but with each Network encapsulated within a unique VLAN.
Advanced Networking & Security Groups
www.shapeblue.com
@CloudStackGuru
Management Network
Secondary Storage*
Management
Server(s)
MySQLDB(s)
Hosts
SSVM
CPVM
www.shapeblue.com
@CloudStackGuru
Guest Network – Basic & Advanced
Virtual Router
www
VMVM
VM
VMVM
VM
www
www.shapeblue.com
@CloudStackGuru
Guest Network – Basic Zone EIP / ELB
www
VMVM
VM
Citrix NetScaler
www.shapeblue.com
@CloudStackGuru
Public Network – Basic & Advanced
Virtual Router
www
VMVM
VM
www
VMVM
VM
Citrix NetScaler
www.shapeblue.com
@CloudStackGuru
Public Network – System VMs
SSVM
www
CPVM
CPVM & SSVM both have a connection to the Public Network
www.shapeblue.com
@CloudStackGuru
Storage Network
Secondary Storage
Management
Server(s)
Hosts
SSVM
www.shapeblue.com
@CloudStackGuru
Physical ConnectivityUsers
Router
POD 1
Hosts
PrimaryStorage
Secondary Storage
Management
Server(s)
MySQLDB(s)
Admins & Users
POD 2
POD n
www.shapeblue.com
@CloudStackGuru
Basic Zone – Example IP Schema
L3 Switch
Host n
Host 1
POD 1192.168.0.0/2
6Res IPs 0.10 -
0.29Hosts 0.30 –
0.62
VR
DHCPDNSUserDataSec Groups
VMVM
VMVM
L2 Switch
www
Host n
Host 1
POD 2192.168.0.64/26
Res IPs 0.73 - 0.92Hosts 0.93 - 0.126
Guest IPs:172.16.2.2- 3.254
GW 172.16.2.1
L2 Switch
Host n
Host 1
POD 3192.168.0.128/26
Res IPs 0.138 – 0.147Hosts 0.149 – 0.190
Guest IPs:172.16.4.2 - 5.254
GW 172.16.4.1
L2 Switch
Guest IPs:172.16.0.2 -
1.254GW 172.16.0.1
www.shapeblue.com
@CloudStackGuru
Advanced Zone – Example IP Schema
L3 Switch
www
Host n
Host 2
POD 1 - XenServer
192.168.0.0/26Res IPs 0.10 -
0.29Hosts 0.30 –
0.62
Host 1
L2 SwitchVMb1
VRb VMb2
VRaVMa2
VMa1
VMa3Host n
Host 2
POD 2 - vSphere
192.168.2.0/23Res IPs 2.43 -
3.254Hosts 2.10 –
2.42
Host 1
L2 Switch
VMc3
VRc
VMc2
VMc1
Guest Networks10.1.1.0/24GW 10.1.1.1
Guest IPs 1.2 - 1.254
VLANs
VLANs
www.shapeblue.com
@CloudStackGuru
A Hardware or Virtual Appliance that provide Network Services to CloudStack e.g.
Network Service Providers
Virtual Router VPC Virtual Router Internal LBVM Citrix NetScaler F5 Load Balancer Juniper SRX Firewall Nicira Nvp
Midokura Midonet BigSwitch Vns Cisco VNMC Baremetal DHCP* Baremetal PXE* Palo Alto* Ovs* *new in 4.3
www.shapeblue.com
@CloudStackGuru
Private multi-tiered Virtual Networks ACLs to control traffic isolation Inter VLAN Routing Site-2-Site VPN Private Gateway VPC-2-VPC VPN* User VPN*
Virtual Private Clouds (VPC)
*new in 4.3
www.shapeblue.com
@CloudStackGuru
VPC Components
Virtual Router – Connects all the VPC Components
Network Tiers – Isolated Networks, each with unique VLAN and CIDR
VMVM
VMVM
VMVM
Tier 1VLAN 101
Tier 2VLAN 102
Tier 3VLAN 103
Virtual Router
www.shapeblue.com
@CloudStackGuru
VPC Components
Public Gateway
wwwVM
VM
VMVM
VMVM
Tier 1VLAN 101
Tier 2VLAN 102
Tier 3VLAN 103
Virtual Router
www.shapeblue.com
@CloudStackGuru
VPC Components
wwwVM
VM
VMVM
VMVM
Tier 1VLAN 101
Tier 2VLAN 102
Tier 3VLAN 103
Site-2-Site VPNLinked to Public Gateway
Remote DC or
Corporate Office
Virtual Router
www.shapeblue.com
@CloudStackGuru
VPC Components
wwwVM
VM
VMVM
VMVM
Tier 1VLAN 101
Tier 2VLAN 102
Tier 3VLAN 103
User VPNLinked to Public Gateway
Remote Laptop / PC
Virtual Router
www.shapeblue.com
@CloudStackGuru
VM
VM
VM
VM
VM
VM
VPC Components
www
wwwVMVM
VMVM
VMVM
Tier 1VLAN 101
Tier 2VLAN 102
Tier 3VLAN 103
Virtual Router
VPC-2-VPC VPNLinked to Public Gateway
Virtual Router
www.shapeblue.com
@CloudStackGuru
Private GatewayCreated by Root AdminsConfigured by Users (Static Routes)
VPC Components
wwwVM
VM
VMVM
VMVM
Tier 1VLAN 101
Tier 2VLAN 102
Tier 3VLAN 103
Virtual Router
www.shapeblue.com
@CloudStackGuru
VPC Components
www
Physical Equipme
nt
Remote DC
Router
VMVM
VMVM
VMVM
Tier 1VLAN 101
Tier 2VLAN 102
Tier 3VLAN 103
Virtual Router
www.shapeblue.com
@CloudStackGuru
MPLS
VPC Components
wwwVM
VM
VMVM
VMVM
Tier 1VLAN 101
Tier 2VLAN 102
Tier 3VLAN 103
Virtual Router
www.shapeblue.com
@CloudStackGuru
Virtual Router
VM
VM
VM
VM
VM
VM
VPC Components
www
wwwVMVM
VMVM
VMVM
Tier 1VLAN 101
Tier 2VLAN 102
Tier 3VLAN 103
Virtual Router
www.shapeblue.com
@CloudStackGuru
Communication Ports
443
HTTPSConsole Access
80/443
HTTPFile
Share
ESXiKVM
XenServervCenter
2222/80/443
443
User – CSMAN 8080/8096CSMAN – CSMAN 9090/8250
CloudStack Management Servers
8250
CPVM
Virtual Router
SSVM
3922
CSMAN – MySQL 3306MySQL – MySQL 3306
MySQL Master & Slave
Secondary Storage
111/2049
www.shapeblue.com
@CloudStackGuru
Lots of great technical info on http://shapeblue.com/blog/
These slides can be found at www.slideshare.net/shapeblue
[email protected] @CloudStackGuru
Further Information