cloudstack/docs/en-US/elastic-ip.xml

<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
    or more contributor license agreements.  See the NOTICE file
    distributed with this work for additional information
    regarding copyright ownership.  The ASF licenses this file
    to you under the Apache License, Version 2.0 (the
    "License"); you may not use this file except in compliance
    with the License.  You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
    Unless required by applicable law or agreed to in writing,
    software distributed under the License is distributed on an
    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    KIND, either express or implied.  See the License for the
    specific language governing permissions and limitations
    under the License.
-->
<section id="elastic-ip">
  <title>About Elastic IP</title>
  <para>Elastic IP (EIP) addresses are the IP addresses that are associated with an account, and act
    as static IP addresses. The account owner has the complete control over the Elastic IP addresses
    that belong to the account. As an account owner, you can allocate an Elastic IP to a VM of your
    choice from the EIP pool of your account. Later if required you can reassign the IP address to a
    different VM. This feature is extremely helpful during VM failure. Instead of replacing the VM
    which is down, the IP address can be reassigned to a new VM in your account. </para>
  <section id="about-eip">
    <title>Elastic IPs in Basic Zone</title>
    <para>Similar to the public IP address, Elastic IP addresses are mapped to their associated
      private IP addresses by using StaticNAT. The EIP service is equipped with StaticNAT (1:1)
      service in an EIP-enabled basic zone. The default network offering,
      DefaultSharedNetscalerEIPandELBNetworkOffering, provides your network with EIP and ELB network
      services if a NetScaler device is deployed in your zone. Consider the following illustration
      for more details.</para>
    <mediaobject>
      <imageobject>
        <imagedata fileref="./images/eip-ns-basiczone.png"/>
      </imageobject>
      <textobject>
        <phrase>eip-ns-basiczone.png: Elastic IP in a NetScaler-enabled Basic Zone.</phrase>
      </textobject>
    </mediaobject>
    <para>In the illustration, a NetScaler appliance is the default entry or exit point for the
      &PRODUCT; instances, and firewall is the default entry or exit point for the rest of the data
      center. Netscaler provides LB services and staticNAT service to the guest networks. The guest
      traffic in the pods and the Management Server are on different subnets / VLANs. The
      policy-based routing in the data center core switch sends the public traffic through the
      NetScaler, whereas the rest of the data center goes through the firewall. </para>
    <para>The EIP work flow is as follows:</para>
    <itemizedlist>
      <listitem>
        <para>When a user VM is deployed, a public IP is automatically acquired from the pool of
          public IPs configured in the zone. This IP is owned by the VM's account.</para>
      </listitem>
      <listitem>
        <para>Each VM will have its own private IP. When the user VM starts, Static NAT is
          provisioned on the NetScaler device by using the Inbound Network Address Translation
          (INAT) and Reverse NAT (RNAT) rules between the public IP and the private IP.</para>
        <note>
          <para>Inbound NAT (INAT) is a type of NAT supported by NetScaler, in which the destination
            IP address is replaced in the packets from the public network, such as the Internet,
            with the private IP address of a VM in the private network. Reverse NAT (RNAT) is a type
            of NAT supported by NetScaler, in which the source IP address is replaced in the packets
            generated by a VM in the private network with the public IP address.</para>
        </note>
      </listitem>
      <listitem>
        <para>This default public IP will be released in two cases:</para>
        <itemizedlist>
          <listitem>
            <para>When the VM is stopped. When the VM starts, it again receives a new public IP, not
              necessarily the same one allocated initially, from the pool of Public IPs.</para>
          </listitem>
          <listitem>
            <para>The user acquires a public IP (Elastic IP). This public IP is associated with the
              account, but will not be mapped to any private IP. However, the user can enable Static
              NAT to associate this IP to the private IP of a VM in the account. The Static NAT rule
              for the public IP can be disabled at any time. When Static NAT is disabled, a new
              public IP is allocated from the pool, which is not necessarily be the same one
              allocated initially.</para>
          </listitem>
        </itemizedlist>
      </listitem>
    </itemizedlist>
    <para>For the deployments where public IPs are limited resources, you have the flexibility to
      choose not to allocate a public IP by default. You can use the Associate Public IP option to
      turn on or off the automatic public IP assignment in the EIP-enabled Basic zones. If you turn
      off the automatic public IP assignment while creating a network offering, only a private IP is
      assigned to a VM when the VM is deployed with that network offering. Later, the user can
      acquire an IP for the VM and enable static NAT.</para>
    <para condition="admin">For more information on the Associate Public IP option, see <xref
        linkend="creating-network-offerings"/>.</para>
    <para condition="install">For more information on the Associate Public IP option, see the
      Administration Guide.</para>
    <note>
      <para>The Associate Public IP feature is designed only for use with user VMs. The System VMs
        continue to get both public IP and private by default, irrespective of the network offering
        configuration.</para>
    </note>
    <para>New deployments which use the default shared network offering with EIP and ELB services to
      create a shared network in the Basic zone will continue allocating public IPs to each user
      VM.</para>
  </section>
  <section id="portable-ip">
    <title>About Portable IP</title>
    <para>Portable IPs in &PRODUCT; are nothing but elastic IPs that can be transferred across
      geographically separated zones. As an administrator, you can provision a pool of portable IPs
      at region level and are available for user consumption. The users can acquire portable IPs if
      admin has provisioned portable public IPs at the region level they are part of. These IPs can
      be use for any service within an advanced zone. You can also use portable IPs for EIP service
      in basic zones. Additionally, a portable IP can be transferred from one network to another
      network.</para>
  </section>
</section>