cloudstack networking
play

CloudStack Networking Paul Angus Cloud Architect ShapeBlue - PowerPoint PPT Presentation

CloudStack Networking Paul Angus Cloud Architect ShapeBlue paul.angus@shapeblue.com @CloudyAngus @ShapeBlue About Me Cloud Architect with ShapeBlue Worked with CloudStack since 2.2.13 Specialising in deployment of CloudStack and


  1. CloudStack Networking Paul Angus Cloud Architect ShapeBlue paul.angus@shapeblue.com @CloudyAngus @ShapeBlue

  2. About Me  Cloud Architect with ShapeBlue  Worked with CloudStack since 2.2.13  Specialising in deployment of CloudStack and supporting infrastructure  Orange, TomTom, PaddyPower, Ascenty, BSkyB, SunGard, T ‐ Mobile  I view CloudStack from a ‘What can cloud consumers practically do with it’ point ‐ of ‐ view @ShapeBlue #CloudStack #CCCNA14

  3. About ShapeBlue “ShapeBlue are expert builders of public & private clouds. They are the leading global CloudStack / CloudPlatform integrator & consultancy” @ShapeBlue #CloudStack #CCCNA14

  4. @ShapeBlue #CloudStack #CCCNA14

  5. Why NaaS – The Use Cases VPS Cloud NaaS @ShapeBlue #CloudStack #CCCNA14

  6. CloudStack Networking  Logical Networking Models  Basic  Advanced @ShapeBlue #CloudStack #CCCNA14

  7. Basic Networking  AWS Style L3 isolation – Massive Scale  Simple Flat Network  Each POD has a unique CIDR  Optional Guest Isolation via Security Groups  Optional NetScaler Integration ‐ Elastic IPs and Elastic LB  Optional Nicira NVP Integration @ShapeBlue #CloudStack #CCCNA14

  8. Security Groups  Isolate traffic between VMs  Available for both Basic and Advanced Networking  XenServer must use Linux Bridge and not Open vSwitch  xe ‐ switch ‐ network ‐ backend bridge  Edit sysctl to enable net.bridge.bridge ‐ nf ‐ call ‐ iptables and net.bridge.bridge ‐ nf ‐ call ‐ arptables  Must be implemented before adding to CloudStack @ShapeBlue #CloudStack #CCCNA14

  9. Security Groups  Rules can be mapped to CIDR or another Account/Security Group @ShapeBlue #CloudStack #CCCNA14

  10. Advanced Networking  This network model provides the most flexibility in defining guest networks and providing custom network offerings such as firewall, VPN, Load Balancer & VPC functionality.  Guest isolation is provided through layer ‐ 2 means such as VLANs or SDN technologies @ShapeBlue #CloudStack #CCCNA14

  11. Advanced Networking  Private and Shared Guest Networks  Multiple Physical Networks  Virtual Router for each Network providing:  DNS & DHCP  Firewall  Client VPN  Load Balancing  Source / Static NAT  Port Forwarding @ShapeBlue #CloudStack #CCCNA14

  12. Advanced Networking & Security Groups  Effectively enables the deployment of multiple ‘Basic’ style networks which use Security Groups for isolation of VMs, but with each Network encapsulated within a unique VLAN. @ShapeBlue #CloudStack #CCCNA14

  13. Management Network Traffic between CloudStack Management Servers and the various cloud components (Hosts, System VMs, Storage*, vCenter etc) @ShapeBlue #CloudStack #CCCNA14

  14. Guest Network – Basic & Advanced @ShapeBlue #CloudStack #CCCNA14

  15. Guest Network – Basic Zone EIP / ELB @ShapeBlue #CloudStack #CCCNA14

  16. Public Network – Basic & Advanced @ShapeBlue #CloudStack #CCCNA14

  17. Public Network – System VMs CPVM, SSVM & VRs have a connection to the Public Network *VRs only have public connection in Advanced Network @ShapeBlue #CloudStack #CCCNA14

  18. Storage Network @ShapeBlue #CloudStack #CCCNA14

  19. Physical Connectivity @ShapeBlue #CloudStack #CCCNA14

  20. Basic Zone – Example IP Schema @ShapeBlue #CloudStack #CCCNA14

  21. Advanced Zone – Example IP Schema @ShapeBlue #CloudStack #CCCNA14

  22. Network Service Providers  A Hardware or Virtual Appliance that provide Network Services to CloudStack e.g.  Virtual Router  Midokura Midonet  VPC Virtual Router  BigSwitch Vns  Internal LBVM  Cisco VNMC  Citrix NetScaler  Baremetal DHCP*  F5 Load Balancer  Baremetal PXE*  Juniper SRX Firewall  Palo Alto*  Nicira Nvp  Ovs (GRE/VXLAN) *new in 4.3 @ShapeBlue #CloudStack #CCCNA14

  23. Virtual Private Clouds (VPC)  Private multi ‐ tiered Virtual Networks  ACLs to control traffic isolation  Inter VLAN Routing  Site ‐ 2 ‐ Site VPN  Private Gateway  VPC ‐ 2 ‐ VPC VPN*  User VPN* *new in 4.3 @ShapeBlue #CloudStack #CCCNA14

  24. VPC Components Virtual Router – Connects all the VPC Components Network Tiers – Isolated Networks, each with unique VLAN and CIDR @ShapeBlue #CloudStack #CCCNA14

  25. VPC Components Public Gateway @ShapeBlue #CloudStack #CCCNA14

  26. VPC Components Site ‐ 2 ‐ Site VPN Linked to Public Gateway @ShapeBlue #CloudStack #CCCNA14

  27. VPC Components User VPN Linked to Public Gateway @ShapeBlue #CloudStack #CCCNA14

  28. VPC Components VPC ‐ 2 ‐ VPC VPN Linked to Public Gateway @ShapeBlue #CloudStack #CCCNA14

  29. VPC Components Private Gateway Created by Root Admins Configured by Users (Static Routes) @ShapeBlue #CloudStack #CCCNA14

  30. VPC Components @ShapeBlue #CloudStack #CCCNA14

  31. VPC Components @ShapeBlue #CloudStack #CCCNA14

  32. VPC Components @ShapeBlue #CloudStack #CCCNA14

  33. Communication Ports @ShapeBlue #CloudStack #CCCNA14

Recommend


More recommend