%BOOK_ENTITIES; ]>

To create a network offering: Log in with admin privileges to the &PRODUCT; UI. In the left navigation bar, click Service Offerings. In Select Offering, choose Network Offering. Click Add Network Offering. In the dialog, make the following choices: Name. Any desired name for the network offering. Description. A short description of the offering that can be displayed to users. Network Rate. Allowed data transfer rate in MB per second. Guest Type. Choose whether the guest network is isolated or shared. For a description of this term, see . For a description of this term, see the Administration Guide. Persistent. Indicate whether the guest network is persistent or not. The network that you can provision without having to deploy a VM on it is termed persistent network. For more information, see . Specify VLAN. (Isolated guest networks only) Indicate whether a VLAN could be specified when this offering is used. If you select this option and later use this network offering while creating a VPC tier or an isolated network, you will be able to specify a VLAN ID for the network you create. VPC. This option indicate whether the guest network is Virtual Private Cloud-enabled. A Virtual Private Cloud (VPC) is a private, isolated part of &PRODUCT;. A VPC can have its own virtual network topology that resembles a traditional physical network. For more information on VPCs, see . Supported Services. Select one or more of the possible network services. For some services, you must also choose the service provider; for example, if you select Load Balancer, you can choose the &PRODUCT; virtual router or any other load balancers that have been configured in the cloud. Depending on which services you choose, additional fields may appear in the rest of the dialog box. Based on the guest network type selected, you can see the following supported services: Supported Services Description Isolated Shared DHCP For more information, see . Supported Supported DNS For more information, see . Supported Supported Load Balancer If you select Load Balancer, you can choose the &PRODUCT; virtual router or any other load balancers that have been configured in the cloud. Supported Supported Firewall For more information, see . For more information, see the Administration Guide. Supported Supported Source NAT If you select Source NAT, you can choose the &PRODUCT; virtual router or any other Source NAT providers that have been configured in the cloud. Supported Supported Static NAT If you select Static NAT, you can choose the &PRODUCT; virtual router or any other Static NAT providers that have been configured in the cloud. Supported Supported Port Forwarding If you select Port Forwarding, you can choose the &PRODUCT; virtual router or any other Port Forwarding providers that have been configured in the cloud. Supported Not Supported VPN For more information, see . Supported Not Supported User Data For more information, see . For more information, see the Administration Guide. Not Supported Supported Network ACL For more information, see . Supported Not Supported Security Groups For more information, see . Not Supported Supported System Offering. If the service provider for any of the services selected in Supported Services is a virtual router, the System Offering field appears. Choose the system service offering that you want virtual routers to use in this network. For example, if you selected Load Balancer in Supported Services and selected a virtual router to provide load balancing, the System Offering field appears so you can choose between the &PRODUCT; default system service offering and any custom system service offerings that have been defined by the &PRODUCT; root administrator. For more information, see . For more information, see the Administration Guide. LB Isolation: Specify what type of load balancer isolation you want for the network: Shared or Dedicated. Dedicated: If you select dedicated LB isolation, a dedicated load balancer device is assigned for the network from the pool of dedicated load balancer devices provisioned in the zone. If no sufficient dedicated load balancer devices are available in the zone, network creation fails. Dedicated device is a good choice for the high-traffic networks that make full use of the device's resources. Shared: If you select shared LB isolation, a shared load balancer device is assigned for the network from the pool of shared load balancer devices provisioned in the zone. While provisioning &PRODUCT; picks the shared load balancer device that is used by the least number of accounts. Once the device reaches its maximum capacity, the device will not be allocated to a new account. Mode: You can select either Inline mode or Side by Side mode: Inline mode: Supported only for Juniper SRX firewall and BigF5 load balancer devices. In inline mode, a firewall device is placed in front of a load balancing device. The firewall acts as the gateway for all the incoming traffic, then redirect the load balancing traffic to the load balancer behind it. The load balancer in this case will not have the direct access to the public network. Side by Side: In side by side mode, a firewall device is deployed in parallel with the load balancer device. So the traffic to the load balancer public IP is not routed through the firewall, and therefore, is exposed to the public network. Associate Public IP: Select this option if you want to assign a public IP address to the VMs deployed in the guest network. This option is available only if Guest network is shared. StaticNAT is enabled. Elastic IP is enabled. For information on Elastic IP, see . Redundant router capability: Available only when Virtual Router is selected as the Source NAT provider. Select this option if you want to use two virtual routers in the network for uninterrupted connection: one operating as the master virtual router and the other as the backup. The master virtual router receives requests from and sends responses to the user’s VM. The backup virtual router is activated only when the master is down. After the failover, the backup becomes the master virtual router. &PRODUCT; deploys the routers on different hosts to ensure reliability if one host is down. Conserve mode: Indicate whether to use conserve mode. In this mode, network resources are allocated only when the first virtual machine starts in the network. When conservative mode is off, the public IP can only be used for a single service. For example, a public IP used for a port forwarding rule cannot be used for defining other services, such as StaticNAT or load balancing. When the conserve mode is on, you can define more than one service on the same public IP. If StaticNAT is enabled, irrespective of the status of the conserve mode, no port forwarding or load balancing rule can be created for the IP. However, you can add the firewall rules by using the createFirewallRule command. Tags: Network tag to specify which physical network to use. Default egress policy: Configure the default policy for firewall egress rules. Options are Allow and Deny. Default is Allow if no egress policy is specified, which indicates that all the egress traffic is accepted when a guest network is created from this offering. To block the egress traffic for a guest network, select Deny. In this case, when you configure an egress rules for an isolated guest network, rules are added to allow the specified traffic. Click Add.