apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-02 20:02:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

portable IP

Browse Source
This commit is contained in:
radhikap 2013-05-17 18:57:59 +05:30
parent 4eb310e926
commit b3e9b2a5dc
1 changed files with 87 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

161
docs/en-US/elastic-ip.xml
View File

@ -26,78 +26,91 @@
choice from the EIP pool of your account. Later if required you can reassign the IP address to a
different VM. This feature is extremely helpful during VM failure. Instead of replacing the VM
which is down, the IP address can be reassigned to a new VM in your account. </para>
<para>Similar to the public IP address, Elastic IP addresses are mapped to their associated
private IP addresses by using StaticNAT. The EIP service is equipped with StaticNAT (1:1)
service in an EIP-enabled basic zone. The default network offering,
DefaultSharedNetscalerEIPandELBNetworkOffering, provides your network with EIP and ELB network
services if a NetScaler device is deployed in your zone. Consider the following illustration for
more details.</para>
<mediaobject>
<imageobject>
<imagedata fileref="./images/eip-ns-basiczone.png"/>
</imageobject>
<textobject>
<phrase>eip-ns-basiczone.png: Elastic IP in a NetScaler-enabled Basic Zone.</phrase>
</textobject>
</mediaobject>
<para>In the illustration, a NetScaler appliance is the default entry or exit point for the
&PRODUCT; instances, and firewall is the default entry or exit point for the rest of the data
center. Netscaler provides LB services and staticNAT service to the guest networks. The guest
traffic in the pods and the Management Server are on different subnets / VLANs. The policy-based
routing in the data center core switch sends the public traffic through the NetScaler, whereas
the rest of the data center goes through the firewall. </para>
<para>The EIP work flow is as follows:</para>
<itemizedlist>
<listitem>
<para>When a user VM is deployed, a public IP is automatically acquired from the pool of
public IPs configured in the zone. This IP is owned by the VM's account.</para>
</listitem>
<listitem>
<para>Each VM will have its own private IP. When the user VM starts, Static NAT is provisioned
on the NetScaler device by using the Inbound Network Address Translation (INAT) and Reverse
NAT (RNAT) rules between the public IP and the private IP.</para>
<note>
<para>Inbound NAT (INAT) is a type of NAT supported by NetScaler, in which the destination
IP address is replaced in the packets from the public network, such as the Internet, with
the private IP address of a VM in the private network. Reverse NAT (RNAT) is a type of NAT
supported by NetScaler, in which the source IP address is replaced in the packets
generated by a VM in the private network with the public IP address.</para>
</note>
</listitem>
<listitem>
<para>This default public IP will be released in two cases:</para>
<itemizedlist>
<listitem>
<para>When the VM is stopped. When the VM starts, it again receives a new public IP, not
necessarily the same one allocated initially, from the pool of Public IPs.</para>
</listitem>
<listitem>
<para>The user acquires a public IP (Elastic IP). This public IP is associated with the
account, but will not be mapped to any private IP. However, the user can enable Static
NAT to associate this IP to the private IP of a VM in the account. The Static NAT rule
for the public IP can be disabled at any time. When Static NAT is disabled, a new public
IP is allocated from the pool, which is not necessarily be the same one allocated
initially.</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
<para>For the deployments where public IPs are limited resources, you have the flexibility to
choose not to allocate a public IP by default. You can use the Associate Public IP option to
turn on or off the automatic public IP assignment in the EIP-enabled Basic zones. If you turn
off the automatic public IP assignment while creating a network offering, only a private IP is
assigned to a VM when the VM is deployed with that network offering. Later, the user can acquire
an IP for the VM and enable static NAT.</para>
<para condition="admin">For more information on the Associate Public IP option, see <xref
linkend="creating-network-offerings"/>.</para>
<para condition="install">For more information on the Associate Public IP option, see the
Administration Guide.</para>
<note>
<para>The Associate Public IP feature is designed only for use with user VMs. The System VMs
continue to get both public IP and private by default, irrespective of the network offering
configuration.</para>
</note>
<para>New deployments which use the default shared network offering with EIP and ELB services to
create a shared network in the Basic zone will continue allocating public IPs to each user
VM.</para>
<section id="about-eip">
<title>Elastic IPs in Basic Zone</title>
<para>Similar to the public IP address, Elastic IP addresses are mapped to their associated
private IP addresses by using StaticNAT. The EIP service is equipped with StaticNAT (1:1)
service in an EIP-enabled basic zone. The default network offering,
DefaultSharedNetscalerEIPandELBNetworkOffering, provides your network with EIP and ELB network
services if a NetScaler device is deployed in your zone. Consider the following illustration
for more details.</para>
<mediaobject>
<imageobject>
<imagedata fileref="./images/eip-ns-basiczone.png"/>
</imageobject>
<textobject>
<phrase>eip-ns-basiczone.png: Elastic IP in a NetScaler-enabled Basic Zone.</phrase>
</textobject>
</mediaobject>
<para>In the illustration, a NetScaler appliance is the default entry or exit point for the
&PRODUCT; instances, and firewall is the default entry or exit point for the rest of the data
center. Netscaler provides LB services and staticNAT service to the guest networks. The guest
traffic in the pods and the Management Server are on different subnets / VLANs. The
policy-based routing in the data center core switch sends the public traffic through the
NetScaler, whereas the rest of the data center goes through the firewall. </para>
<para>The EIP work flow is as follows:</para>
<itemizedlist>
<listitem>
<para>When a user VM is deployed, a public IP is automatically acquired from the pool of
public IPs configured in the zone. This IP is owned by the VM's account.</para>
</listitem>
<listitem>
<para>Each VM will have its own private IP. When the user VM starts, Static NAT is
provisioned on the NetScaler device by using the Inbound Network Address Translation
(INAT) and Reverse NAT (RNAT) rules between the public IP and the private IP.</para>
<note>
<para>Inbound NAT (INAT) is a type of NAT supported by NetScaler, in which the destination
IP address is replaced in the packets from the public network, such as the Internet,
with the private IP address of a VM in the private network. Reverse NAT (RNAT) is a type
of NAT supported by NetScaler, in which the source IP address is replaced in the packets
generated by a VM in the private network with the public IP address.</para>
</note>
</listitem>
<listitem>
<para>This default public IP will be released in two cases:</para>
<itemizedlist>
<listitem>
<para>When the VM is stopped. When the VM starts, it again receives a new public IP, not
necessarily the same one allocated initially, from the pool of Public IPs.</para>
</listitem>
<listitem>
<para>The user acquires a public IP (Elastic IP). This public IP is associated with the
account, but will not be mapped to any private IP. However, the user can enable Static
NAT to associate this IP to the private IP of a VM in the account. The Static NAT rule
for the public IP can be disabled at any time. When Static NAT is disabled, a new
public IP is allocated from the pool, which is not necessarily be the same one
allocated initially.</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
<para>For the deployments where public IPs are limited resources, you have the flexibility to
choose not to allocate a public IP by default. You can use the Associate Public IP option to
turn on or off the automatic public IP assignment in the EIP-enabled Basic zones. If you turn
off the automatic public IP assignment while creating a network offering, only a private IP is
assigned to a VM when the VM is deployed with that network offering. Later, the user can
acquire an IP for the VM and enable static NAT.</para>
<para condition="admin">For more information on the Associate Public IP option, see <xref
linkend="creating-network-offerings"/>.</para>
<para condition="install">For more information on the Associate Public IP option, see the
Administration Guide.</para>
<note>
<para>The Associate Public IP feature is designed only for use with user VMs. The System VMs
continue to get both public IP and private by default, irrespective of the network offering
configuration.</para>
</note>
<para>New deployments which use the default shared network offering with EIP and ELB services to
create a shared network in the Basic zone will continue allocating public IPs to each user
VM.</para>
</section>
<section id="portable-ip">
<title>About Portable IP</title>
<para>Portable IPs in &PRODUCT; are nothing but elastic IPs that can be transferred across
geographically separated zones. As an administrator, you can provision a pool of portable IPs
at region level and are available for user consumption. The users can acquire portable IPs if
admin has provisioned portable public IPs at the region level they are part of. These IPs can
be use for any service within an advanced zone. You can also use portable IPs for EIP service
in basic zones. Additionally, a portable IP can be transferred from one network to another
network.</para>
</section>
</section>