In CloudStack, it is possible to create a “shared network” with public subnet. VM instance created inside this “shared network” will have a public IP assigned directly to its network interface. Why would you need a “shared network” with public subnet? Many hosting providers prefer to create VPS instances where a public IP address is directly allocated to the customer’s VM.
A CloudStack shared network solves many requirements of hosting providers like:
- To avoid any network translation (NAT)
- To remove dependency on a virtual firewall for routing traffic
- To use a physical router/firewall for performance and security reasons
- Allow sharing of the same subnet among multiple customers who require VPS hosting
In CloudStack 4.1.1, due to a bug (CLOUDSTACK-4323), its not possible to create a shared network using the management UI. It can however easily be created using the CloudMonkey tool and the createNetwork API
cloudmonkey> create network displaytext=ExternalNetwork name=ExternalNetwork networkofferingid=DefaultSharedNetworkOfferingId zoneid=ZoneId startip=x.x.x.x endid=x.x.x.y netmask=255.255.255.0 vlan=vlanid
Remember to use real Public IPs for startip and endip
It is also possible to have a public subnet dedicated to a customer’s domain (and his subdomains) by using the domainid option. Only accounts belonging to a specific customer domain will be able to see and create VM instances on this shared network.
cloudmonkey> create network displaytext=ExternalNetwork name=ExternalNetwork networkofferingid=DefaultSharedNetworkOfferingId zoneid=ZoneId startip=x.x.x.x endid=x.x.x.y netmask=255.255.255.0 vlan=vlanid domainid=domainid aclType=Domain subdomainaccess=True
In CloudStack 4.2.0, the UI bug has been fixed. The shared network can be created using the UI.
The VM that you create would have an IP in the 100.100.100.0 range instead of the usual 10.0.0.0/8, 172.16.0.0/16 or 192.168.0.0/24 RFC1918 private segment.
Please substitute 100.100.100.x with a real valid IP range for your network. This would be a routable subnet assigned by your Internet Service Provider.
Shanker Balan
Shanker Balan is a devops and infrastructure freelancer with over 14 years of industry experience in large scale Internet systems. He is available for both short term and long term projects on contract. Please use the Contact Form for any enquiry.
Follow Me:
So, you are using “guest network type”, right ? I also had that “problem”, and did it the way you did. So no way to use “public network” to give VMs public IPs, right ? Thanks, Andrew
Are you referring to the CloudStack’s “public” traffic type? If so, In ACS 4.2, while adding the shared guest network, you can select the physical network by selecting the traffic label as ‘public’. This will ensure that the traffic flows through the “public network” that’s assigned for “public” traffic.
Would it be possible to create a “direct-public” shared-guest network without the use of VLANs?
In my case the physical hosts have one interface eth0 which speak to the internet without vlans, and one interface eth1 which supports vlans for internal communication.
Hi Konstantinos,
You require VLANs for creating a shared network inside a CloudStack Advanced network.
@Konstantinos , you could use Basci zone, instead of Advanced, and you would not need Vlans at all
Thanks for info, unfortunately I need to keep using the already advanced networking zone and on top of a shared-public network without using vlans.
@Shanker
Your articles have been very helpful.
When I create my shared network only the private NIC shows up NIC0 my public card is NIC2, but it is not in the list. Any idea why my public NIC does not show up in the list when I go to create a network like this? Is there a setting I need to set to make that happen?
Thank you
As a follow up to my previous question. I believe the problem is I did not add “guest” traffic type to this physical network interface when I setup the zone. Is it possible to modify that after the fact?
One more follow up. I was able to add the guest to the public physical network by hacking the database. I added the Guest type to the physical_network_traffic_types table and then had to assign a tag to the existing and newly created guest networks and place that tag into each NetworkOfferings (one tag per offering).
Hi Shanker Balan! I need to use CloudStack’s “public” traffic type. but In ACS 4.4.2. while adding the shared guest network, I can’t select the physical network by selecting the traffic label as ‘public’ only ‘guest’ is possible. I have ‘public’, ‘guest’ and management labels.
Error 431: The IP range with tag: vlan://2 in zone CNPA has overlapped with the subnet. Please specify a different gateway/netmask.