CloudStack Networking Paul Angus Cloud Architect ShapeBlue - - PowerPoint PPT Presentation

cloudstack networking
SMART_READER_LITE
LIVE PREVIEW

CloudStack Networking Paul Angus Cloud Architect ShapeBlue - - PowerPoint PPT Presentation

Mar 04, 2023 899 likes •1.25k views

CloudStack Networking Paul Angus Cloud Architect ShapeBlue paul.angus@shapeblue.com @CloudyAngus @ShapeBlue About Me Cloud Architect with ShapeBlue Worked with CloudStack since 2.2.13 Specialising in deployment of CloudStack and

slide-1
SLIDE 1

CloudStack Networking

Paul Angus Cloud Architect ShapeBlue paul.angus@shapeblue.com @CloudyAngus @ShapeBlue

slide-2
SLIDE 2

@ShapeBlue #CloudStack #CCCNA14

 Cloud Architect with ShapeBlue  Worked with CloudStack since 2.2.13  Specialising in deployment of CloudStack

and supporting infrastructure

 Orange, TomTom, PaddyPower, Ascenty,

BSkyB, SunGard, T‐Mobile

 I view CloudStack from a ‘What can cloud

consumers practically do with it’ point‐of‐ view

About Me

slide-3
SLIDE 3

@ShapeBlue #CloudStack #CCCNA14

“ShapeBlue are expert builders of public & private

  • clouds. They are the leading global CloudStack /

CloudPlatform integrator & consultancy” About ShapeBlue

slide-4
SLIDE 4

@ShapeBlue #CloudStack #CCCNA14

slide-5
SLIDE 5

@ShapeBlue #CloudStack #CCCNA14

Why NaaS – The Use Cases

VPS Cloud

NaaS

slide-6
SLIDE 6

@ShapeBlue #CloudStack #CCCNA14

 Logical Networking Models

 Basic  Advanced

CloudStack Networking

slide-7
SLIDE 7

@ShapeBlue #CloudStack #CCCNA14

 AWS Style L3 isolation – Massive Scale  Simple Flat Network  Each POD has a unique CIDR  Optional Guest Isolation via Security Groups  Optional NetScaler Integration ‐ Elastic IPs and Elastic LB  Optional Nicira NVP Integration

Basic Networking

slide-8
SLIDE 8

@ShapeBlue #CloudStack #CCCNA14

 Isolate traffic between VMs  Available for both Basic and Advanced Networking  XenServer must use Linux Bridge and not Open vSwitch

 xe‐switch‐network‐backend bridge  Edit sysctl to enable net.bridge.bridge‐nf‐call‐iptables and

net.bridge.bridge‐nf‐call‐arptables

 Must be implemented before adding to CloudStack

Security Groups

slide-9
SLIDE 9

@ShapeBlue #CloudStack #CCCNA14

Security Groups

 Rules can be mapped to CIDR or another Account/Security Group

slide-10
SLIDE 10

@ShapeBlue #CloudStack #CCCNA14

 This network model provides the most flexibility in defining

guest networks and providing custom network offerings such as firewall, VPN, Load Balancer & VPC functionality.

 Guest isolation is provided through layer‐2 means such as VLANs

  • r SDN technologies

Advanced Networking

slide-11
SLIDE 11

@ShapeBlue #CloudStack #CCCNA14

 Private and Shared Guest Networks  Multiple Physical Networks  Virtual Router for each Network providing:

 DNS & DHCP  Firewall  Client VPN  Load Balancing  Source / Static NAT  Port Forwarding

Advanced Networking

slide-12
SLIDE 12

@ShapeBlue #CloudStack #CCCNA14

 Effectively enables the deployment of multiple ‘Basic’ style

networks which use Security Groups for isolation of VMs, but with each Network encapsulated within a unique VLAN.

Advanced Networking & Security Groups

slide-13
SLIDE 13

@ShapeBlue #CloudStack #CCCNA14

Management Network

Traffic between CloudStack Management Servers and the various cloud components (Hosts, System VMs, Storage*, vCenter etc)

slide-14
SLIDE 14

@ShapeBlue #CloudStack #CCCNA14

Guest Network – Basic & Advanced

slide-15
SLIDE 15

@ShapeBlue #CloudStack #CCCNA14

Guest Network – Basic Zone EIP / ELB

slide-16
SLIDE 16

@ShapeBlue #CloudStack #CCCNA14

Public Network – Basic & Advanced

slide-17
SLIDE 17

@ShapeBlue #CloudStack #CCCNA14

Public Network – System VMs

CPVM, SSVM & VRs have a connection to the Public Network *VRs only have public connection in Advanced Network

slide-18
SLIDE 18

@ShapeBlue #CloudStack #CCCNA14

Storage Network

slide-19
SLIDE 19

@ShapeBlue #CloudStack #CCCNA14

Physical Connectivity

slide-20
SLIDE 20

@ShapeBlue #CloudStack #CCCNA14

Basic Zone – Example IP Schema

slide-21
SLIDE 21

@ShapeBlue #CloudStack #CCCNA14

Advanced Zone – Example IP Schema

slide-22
SLIDE 22

@ShapeBlue #CloudStack #CCCNA14

 A Hardware or Virtual Appliance that provide Network Services

to CloudStack e.g.

Network Service Providers

 Virtual Router  VPC Virtual Router  Internal LBVM  Citrix NetScaler  F5 Load Balancer  Juniper SRX Firewall  Nicira Nvp  Midokura Midonet  BigSwitch Vns  Cisco VNMC  Baremetal DHCP*  Baremetal PXE*  Palo Alto*  Ovs (GRE/VXLAN)

*new in 4.3

slide-23
SLIDE 23

@ShapeBlue #CloudStack #CCCNA14

 Private multi‐tiered Virtual Networks  ACLs to control traffic isolation  Inter VLAN Routing  Site‐2‐Site VPN  Private Gateway  VPC‐2‐VPC VPN*  User VPN*

Virtual Private Clouds (VPC)

*new in 4.3

slide-24
SLIDE 24

@ShapeBlue #CloudStack #CCCNA14

VPC Components

Virtual Router – Connects all the VPC Components Network Tiers – Isolated Networks, each with unique VLAN and CIDR

slide-25
SLIDE 25

@ShapeBlue #CloudStack #CCCNA14

VPC Components

Public Gateway

slide-26
SLIDE 26

@ShapeBlue #CloudStack #CCCNA14

VPC Components

Site‐2‐Site VPN Linked to Public Gateway

slide-27
SLIDE 27

@ShapeBlue #CloudStack #CCCNA14

VPC Components

User VPN Linked to Public Gateway

slide-28
SLIDE 28

@ShapeBlue #CloudStack #CCCNA14

VPC Components

VPC‐2‐VPC VPN Linked to Public Gateway

slide-29
SLIDE 29

@ShapeBlue #CloudStack #CCCNA14

Private Gateway Created by Root Admins Configured by Users (Static Routes)

VPC Components

slide-30
SLIDE 30

@ShapeBlue #CloudStack #CCCNA14

VPC Components

slide-31
SLIDE 31

@ShapeBlue #CloudStack #CCCNA14

VPC Components

slide-32
SLIDE 32

@ShapeBlue #CloudStack #CCCNA14

VPC Components

slide-33
SLIDE 33

@ShapeBlue #CloudStack #CCCNA14

Communication Ports