apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
cloudstack/docs/en-US/add-gateway-vpc.xml

152 lines
6.3 KiB
XML
Raw Blame History

<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="add-gateway-vpc">
<title>Adding a Private Gateway to a VPC</title>
<para>A private gateway can be added by the root admin only. The VPC private network has 1:1
relationship with the NIC of the physical network. You can configure multiple private gateways
to a single VPC. No gateways with duplicated VLAN and IP are allowed in the same data center.</para>
<orderedlist>
<listitem>
<para>Log in to the &PRODUCT; UI as an administrator or end user.</para>
</listitem>
<listitem>
<para>In the left navigation, choose Network.</para>
</listitem>
<listitem>
<para>In the Select view, select VPC.</para>
<para>All the VPCs that you have created for the account is listed in the page.</para>
</listitem>
<listitem>
<para>Click the Configure button of the VPC to which you want to configure load balancing
rules.</para>
<para>The VPC page is displayed where all the tiers you created are listed in a
diagram.</para>
</listitem>
<listitem>
<para>Click the Settings icon.</para>
<para>The following options are displayed.</para>
<itemizedlist>
<listitem>
<para>Internal LB</para>
</listitem>
<listitem>
<para>Public LB IP</para>
</listitem>
<listitem>
<para>Static NAT</para>
</listitem>
<listitem>
<para>Virtual Machines</para>
</listitem>
<listitem>
<para>CIDR</para>
</listitem>
</itemizedlist>
<para>The following router information is displayed:</para>
<itemizedlist>
<listitem>
<para>Private Gateways</para>
</listitem>
<listitem>
<para>Public IP Addresses</para>
</listitem>
<listitem>
<para>Site-to-Site VPNs</para>
</listitem>
<listitem>
<para>Network ACL Lists</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Select Private Gateways.</para>
<para>The Gateways page is displayed.</para>
</listitem>
<listitem>
<para>Click Add new gateway:</para>
<mediaobject>
<imageobject>
<imagedata fileref="./images/add-new-gateway-vpc.png"/>
</imageobject>
<textobject>
<phrase>add-new-gateway-vpc.png: adding a private gateway for the VPC.</phrase>
</textobject>
</mediaobject>
</listitem>
<listitem>
<para>Specify the following:</para>
<itemizedlist>
<listitem>
<para><emphasis role="bold">Physical Network</emphasis>: The physical network you have
created in the zone.</para>
</listitem>
<listitem>
<para><emphasis role="bold">IP Address</emphasis>: The IP address associated with the VPC
gateway.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Gateway</emphasis>: The gateway through which the traffic is
routed to and from the VPC.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Netmask</emphasis>: The netmask associated with the VPC
gateway.</para>
</listitem>
<listitem>
<para><emphasis role="bold">VLAN</emphasis>: The VLAN associated with the VPC
gateway.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Source NAT</emphasis>: Select this option to enable the source
NAT service on the VPC private gateway.</para>
<para>See <xref linkend="sourcenat-private-gateway"/>.</para>
</listitem>
<listitem>
<para><emphasis role="bold">ACL</emphasis>: Controls both ingress and egress traffic on a
VPC private gateway. By default, all the traffic is blocked.</para>
<para>See <xref linkend="acl-private-gateway"/>.</para>
</listitem>
</itemizedlist>
<para>The new gateway appears in the list. You can repeat these steps to add more gateway for
this VPC.</para>
</listitem>
</orderedlist>
<section id="sourcenat-private-gateway">
<title>Source NAT on Private Gateway</title>
<para>You might want to deploy multiple VPCs with the same super CIDR and guest tier CIDR.
Therefore, multiple guest VMs from different VPCs can have the same IPs to reach a enterprise
data center through the private gateway. In such cases, a NAT service need to be configured on
the private gateway. If Source NAT is enabled, the guest VMs in VPC reaches the enterprise
network via private gateway IP address by using the NAT service. </para>
<para>The Source NAT service on a private gateway can be enabled while adding the private
gateway. On deletion of a private gateway, source NAT rules specific to the private gateway
are deleted.</para>
</section>
<section id="acl-private-gateway">
<title>ACL on Private Gateway</title>
<para>The traffic on the VPC private gateway is controlled by creating both ingress and egress
network ACL rules. The ACLs contains both allow and deny rules. As per the rule, all the
ingress traffic to the private gateway interface and all the egress traffic out from the
private gateway interface are blocked. You can change this default behaviour while creating a
private gateway.</para>
</section>
</section>
Reference in New Issue View Git Blame Copy Permalink