mirror of
https://github.com/apache/cloudstack.git
synced 2025-10-26 08:42:29 +01:00
286 lines
16 KiB
XML
286 lines
16 KiB
XML
<?xml version='1.0' encoding='utf-8' ?>
|
||
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
||
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
|
||
%BOOK_ENTITIES;
|
||
]>
|
||
|
||
<!-- Licensed to the Apache Software Foundation (ASF) under one
|
||
or more contributor license agreements. See the NOTICE file
|
||
distributed with this work for additional information
|
||
regarding copyright ownership. The ASF licenses this file
|
||
to you under the Apache License, Version 2.0 (the
|
||
"License"); you may not use this file except in compliance
|
||
with the License. You may obtain a copy of the License at
|
||
|
||
http://www.apache.org/licenses/LICENSE-2.0
|
||
|
||
Unless required by applicable law or agreed to in writing,
|
||
software distributed under the License is distributed on an
|
||
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||
KIND, either express or implied. See the License for the
|
||
specific language governing permissions and limitations
|
||
under the License.
|
||
-->
|
||
<section id="creating-network-offerings">
|
||
<title>Creating a New Network Offering</title>
|
||
<para>To create a network offering:</para>
|
||
<orderedlist>
|
||
<listitem>
|
||
<para>Log in with admin privileges to the &PRODUCT; UI.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>In the left navigation bar, click Service Offerings.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>In Select Offering, choose Network Offering.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>Click Add Network Offering.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>In the dialog, make the following choices:</para>
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para><emphasis role="bold">Name</emphasis>. Any desired name for the network
|
||
offering.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Description</emphasis>. A short description of the offering
|
||
that can be displayed to users.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Network Rate</emphasis>. Allowed data transfer rate in MB per
|
||
second.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Guest Type</emphasis>. Choose whether the guest network is
|
||
isolated or shared. </para>
|
||
<para condition="admin">For a description of this term, see <xref
|
||
linkend="about-virtual-networks"/>.</para>
|
||
<para condition="install">For a description of this term, see the Administration Guide.
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Persistent</emphasis>. Indicate whether the guest network is
|
||
persistent or not. The network that you can provision without having to deploy a VM on
|
||
it is termed persistent network. For more information, see <xref
|
||
linkend="persistent-network"/>.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Specify VLAN</emphasis>. (Isolated guest networks only)
|
||
Indicate whether a VLAN could be specified when this offering is used. If you select
|
||
this option and later use this network offering while creating a VPC tier or an isolated
|
||
network, you will be able to specify a VLAN ID for the network you create.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">VPC</emphasis>. This option indicate whether the guest network
|
||
is Virtual Private Cloud-enabled. A Virtual Private Cloud (VPC) is a private, isolated
|
||
part of &PRODUCT;. A VPC can have its own virtual network topology that resembles a
|
||
traditional physical network. For more information on VPCs, see <xref linkend="vpc"/>.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Supported Services</emphasis>. Select one or more of the
|
||
possible network services. For some services, you must also choose the service provider;
|
||
for example, if you select Load Balancer, you can choose the &PRODUCT; virtual router or
|
||
any other load balancers that have been configured in the cloud. Depending on which
|
||
services you choose, additional fields may appear in the rest of the dialog box.</para>
|
||
<para>Based on the guest network type selected, you can see the following supported
|
||
services:</para>
|
||
<informaltable>
|
||
<tgroup cols="4" align="left" colsep="1" rowsep="1">
|
||
<thead>
|
||
<row>
|
||
<entry><para>Supported Services</para></entry>
|
||
<entry><para>Description</para></entry>
|
||
<entry><para>Isolated</para></entry>
|
||
<entry><para>Shared</para></entry>
|
||
</row>
|
||
</thead>
|
||
<tbody>
|
||
<row>
|
||
<entry><para>DHCP</para></entry>
|
||
<entry><para>For more information, see <xref linkend="dns-dhcp"/>.</para></entry>
|
||
<entry><para>Supported</para></entry>
|
||
<entry><para>Supported</para></entry>
|
||
</row>
|
||
<row>
|
||
<entry><para>DNS</para></entry>
|
||
<entry><para>For more information, see <xref linkend="dns-dhcp"/>.</para></entry>
|
||
<entry><para>Supported</para></entry>
|
||
<entry><para>Supported</para></entry>
|
||
</row>
|
||
<row>
|
||
<entry><para>Load Balancer</para></entry>
|
||
<entry><para>If you select Load Balancer, you can choose the &PRODUCT; virtual
|
||
router or any other load balancers that have been configured in the
|
||
cloud.</para></entry>
|
||
<entry><para>Supported</para></entry>
|
||
<entry><para>Supported</para></entry>
|
||
</row>
|
||
<row>
|
||
<entry><para>Firewall</para></entry>
|
||
<entry><para condition="install">For more information, see <xref
|
||
linkend="firewall-rules"/>.</para>
|
||
<para condition="admin">For more information, see the Administration
|
||
Guide.</para></entry>
|
||
<entry><para>Supported</para></entry>
|
||
<entry><para>Supported</para></entry>
|
||
</row>
|
||
<row>
|
||
<entry><para>Source NAT</para></entry>
|
||
<entry><para>If you select Source NAT, you can choose the &PRODUCT; virtual router
|
||
or any other Source NAT providers that have been configured in the
|
||
cloud.</para></entry>
|
||
<entry><para>Supported</para></entry>
|
||
<entry><para>Supported</para></entry>
|
||
</row>
|
||
<row>
|
||
<entry><para>Static NAT</para></entry>
|
||
<entry><para>If you select Static NAT, you can choose the &PRODUCT; virtual router
|
||
or any other Static NAT providers that have been configured in the
|
||
cloud.</para></entry>
|
||
<entry><para>Supported</para></entry>
|
||
<entry><para>Supported</para></entry>
|
||
</row>
|
||
<row>
|
||
<entry><para>Port Forwarding</para></entry>
|
||
<entry><para>If you select Port Forwarding, you can choose the &PRODUCT; virtual
|
||
router or any other Port Forwarding providers that have been configured in the
|
||
cloud.</para></entry>
|
||
<entry><para>Supported</para></entry>
|
||
<entry><para>Not Supported</para></entry>
|
||
</row>
|
||
<row>
|
||
<entry><para>VPN</para></entry>
|
||
<entry><para>For more information, see <xref linkend="vpn"/>.</para></entry>
|
||
<entry><para>Supported</para></entry>
|
||
<entry><para>Not Supported</para></entry>
|
||
</row>
|
||
<row>
|
||
<entry><para>User Data</para></entry>
|
||
<entry><para condition="admin">For more information, see <xref
|
||
linkend="user-data-and-meta-data"/>.</para>
|
||
<para condition="install">For more information, see the Administration
|
||
Guide.</para></entry>
|
||
<entry><para>Not Supported</para></entry>
|
||
<entry><para>Supported</para></entry>
|
||
</row>
|
||
<row>
|
||
<entry><para>Network ACL</para></entry>
|
||
<entry><para>For more information, see <xref linkend="configure-acl"
|
||
/>.</para></entry>
|
||
<entry><para>Supported</para></entry>
|
||
<entry><para>Not Supported</para></entry>
|
||
</row>
|
||
<row>
|
||
<entry><para>Security Groups</para></entry>
|
||
<entry><para>For more information, see <xref linkend="add-security-group"
|
||
/>.</para></entry>
|
||
<entry><para>Not Supported</para></entry>
|
||
<entry><para>Supported</para></entry>
|
||
</row>
|
||
</tbody>
|
||
</tgroup>
|
||
</informaltable>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">System Offering</emphasis>. If the service provider for any of
|
||
the services selected in Supported Services is a virtual router, the System Offering
|
||
field appears. Choose the system service offering that you want virtual routers to use
|
||
in this network. For example, if you selected Load Balancer in Supported Services and
|
||
selected a virtual router to provide load balancing, the System Offering field appears
|
||
so you can choose between the &PRODUCT; default system service offering and any custom
|
||
system service offerings that have been defined by the &PRODUCT; root
|
||
administrator.</para>
|
||
<para condition="admin">For more information, see <xref linkend="system-service-offerings"/>.</para>
|
||
<para condition="install">For more information, see the Administration Guide.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">LB Isolation</emphasis>: Specify what type of load balancer
|
||
isolation you want for the network: Shared or Dedicated.</para>
|
||
<para><emphasis role="bold">Dedicated</emphasis>: If you select dedicated LB isolation, a
|
||
dedicated load balancer device is assigned for the network from the pool of dedicated
|
||
load balancer devices provisioned in the zone. If no sufficient dedicated load balancer
|
||
devices are available in the zone, network creation fails. Dedicated device is a good
|
||
choice for the high-traffic networks that make full use of the device's
|
||
resources.</para>
|
||
<para><emphasis role="bold">Shared</emphasis>: If you select shared LB isolation, a shared
|
||
load balancer device is assigned for the network from the pool of shared load balancer
|
||
devices provisioned in the zone. While provisioning &PRODUCT; picks the shared load
|
||
balancer device that is used by the least number of accounts. Once the device reaches
|
||
its maximum capacity, the device will not be allocated to a new account.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Mode</emphasis>: You can select either Inline mode or Side by
|
||
Side mode:</para>
|
||
<para><emphasis role="bold">Inline mode</emphasis>: Supported only for Juniper SRX
|
||
firewall and BigF5 load balancer devices. In inline mode, a firewall device is placed in
|
||
front of a load balancing device. The firewall acts as the gateway for all the incoming
|
||
traffic, then redirect the load balancing traffic to the load balancer behind it. The
|
||
load balancer in this case will not have the direct access to the public network. </para>
|
||
<para><emphasis role="bold">Side by Side</emphasis>: In side by side mode, a firewall
|
||
device is deployed in parallel with the load balancer device. So the traffic to the load
|
||
balancer public IP is not routed through the firewall, and therefore, is exposed to the
|
||
public network.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Associate Public IP</emphasis>: Select this option if you want
|
||
to assign a public IP address to the VMs deployed in the guest network. This option is
|
||
available only if</para>
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para>Guest network is shared.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>StaticNAT is enabled.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>Elastic IP is enabled.</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
<para>For information on Elastic IP, see <xref linkend="elastic-ip"/>.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Redundant router capability</emphasis>: Available only when
|
||
Virtual Router is selected as the Source NAT provider. Select this option if you want to
|
||
use two virtual routers in the network for uninterrupted connection: one operating as
|
||
the master virtual router and the other as the backup. The master virtual router
|
||
receives requests from and sends responses to the user’s VM. The backup virtual router
|
||
is activated only when the master is down. After the failover, the backup becomes the
|
||
master virtual router. &PRODUCT; deploys the routers on different hosts to ensure
|
||
reliability if one host is down.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Conserve mode</emphasis>: Indicate whether to use conserve
|
||
mode. In this mode, network resources are allocated only when the first virtual machine
|
||
starts in the network. When conservative mode is off, the public IP can only be used for
|
||
a single service. For example, a public IP used for a port forwarding rule cannot be
|
||
used for defining other services, such as StaticNAT or load balancing. When the conserve
|
||
mode is on, you can define more than one service on the same public IP.</para>
|
||
<note>
|
||
<para>If StaticNAT is enabled, irrespective of the status of the conserve mode, no port
|
||
forwarding or load balancing rule can be created for the IP. However, you can add the
|
||
firewall rules by using the createFirewallRule command.</para>
|
||
</note>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Tags</emphasis>: Network tag to specify which physical network
|
||
to use.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Default egress policy</emphasis>: Configure the default policy
|
||
for firewall egress rules. Options are Allow and Deny. Default is Allow if no egress
|
||
policy is specified, which indicates that all the egress traffic is accepted when a
|
||
guest network is created from this offering. </para>
|
||
<para>To block the egress traffic for a guest network, select Deny. In this case, when you
|
||
configure an egress rules for an isolated guest network, rules are added to allow the
|
||
specified traffic.</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
</listitem>
|
||
<listitem>
|
||
<para>Click Add.</para>
|
||
</listitem>
|
||
</orderedlist>
|
||
</section>
|