source/locale/pot/networking2.pot

# SOME DESCRIPTIVE TITLE.
# Copyright (C) 
# This file is distributed under the same license as the Apache CloudStack Administration Documentation package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: Apache CloudStack Administration Documentation 4\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2014-03-31 14:08-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#: ../../networking2.rst:18
# 4c134b7a710148a3ab2766ead2eecc37
msgid "Managing Networks and Traffic"
msgstr ""

#: ../../networking2.rst:20
# 3dea6f52fda445569cf65ce098c1b84c
msgid "In a CloudStack, guest VMs can communicate with each other using shared infrastructure with the security and user perception that the guests have a private LAN. The CloudStack virtual router is the main component providing networking features for guest traffic."
msgstr ""

#: ../../networking2.rst:26
# c845ad86dd2c41e091ae6234539d6672
msgid "Guest Traffic"
msgstr ""

#: ../../networking2.rst:28
# d8fc8ee73a5d4bc5915b1fd2e4eb7108
msgid "A network can carry guest traffic only between VMs within one zone. Virtual machines in different zones cannot communicate with each other using their IP addresses; they must communicate with each other by routing through a public IP address."
msgstr ""

#: ../../networking2.rst:33
# e56f7eded9f441659c145763662800d5
msgid "See a typical guest traffic setup given below:"
msgstr ""

#: ../../networking2.rst:35
# 6823c848cad04848a61dbff31215055b
msgid "|guest-traffic-setup.png|"
msgstr ""

#: ../../networking2.rst:37
# 5cc5110f1ee142468aaacae83aca4060
msgid "Typically, the Management Server automatically creates a virtual router for each network. A virtual router is a special virtual machine that runs on the hosts. Each virtual router in an isolated network has three network interfaces. If multiple public VLAN is used, the router will have multiple public interfaces. Its eth0 interface serves as the gateway for the guest traffic and has the IP address of 10.1.1.1. Its eth1 interface is used by the system to configure the virtual router. Its eth2 interface is assigned a public IP address for public traffic. If multiple public VLAN is used, the router will have multiple public interfaces."
msgstr ""

#: ../../networking2.rst:48
# b252663b377641b6a497a33ae549a1c3
msgid "The virtual router provides DHCP and will automatically assign an IP address for each guest VM within the IP range assigned for the network. The user can manually reconfigure guest VMs to assume different IP addresses."
msgstr ""

#: ../../networking2.rst:53
# 08366e677b394ff486de117a98b53a1c
msgid "Source NAT is automatically configured in the virtual router to forward outbound traffic for all guest VMs"
msgstr ""

#: ../../networking2.rst:57
# 8db3692749f44d209bc4b6643b4bed42
msgid "Networking in a Pod"
msgstr ""

#: ../../networking2.rst:59
# f92d73cb904740b69bb3044663745ef9
msgid "The figure below illustrates network setup within a single pod. The hosts are connected to a pod-level switch. At a minimum, the hosts should have one physical uplink to each switch. Bonded NICs are supported as well. The pod-level switch is a pair of redundant gigabit switches with 10 G uplinks."
msgstr ""

#: ../../networking2.rst:65
# 3cf0b62b19c942899bbf90f9c3e111be
msgid "|networksinglepod.png|"
msgstr ""

#: ../../networking2.rst:67
# 61fa2a0f3f6046b2a1d038ab3e5ea255
msgid "Servers are connected as follows:"
msgstr ""

#: ../../networking2.rst:71
# 9dd3a988270c471db1794e964c4a56c7
msgid "Storage devices are connected to only the network that carries management traffic."
msgstr ""

#: ../../networking2.rst:76
# 2e2c8c8881fa4cd5be1de3eec14c1d1c
msgid "Hosts are connected to networks for both management traffic and public traffic."
msgstr ""

#: ../../networking2.rst:81
# 3e2f4aed8c924b9e80395bdf1e1c2f73
msgid "Hosts are also connected to one or more networks carrying guest traffic."
msgstr ""

#: ../../networking2.rst:84
# d85f7dccd3784410a2b1d16863f27a73
msgid "We recommend the use of multiple physical Ethernet cards to implement each network interface as well as redundant switch fabric in order to maximize throughput and improve reliability."
msgstr ""

#: ../../networking2.rst:89
# d776e46765c84e1181b3e580c688c626
msgid "Networking in a Zone"
msgstr ""

#: ../../networking2.rst:91
# d239d21a20c649aba205a75b8c13f10d
msgid "The following figure illustrates the network setup within a single zone."
msgstr ""

#: ../../networking2.rst:93
# a576182d84c04ab98566ba031289abb1
msgid "|networksetupzone.png|"
msgstr ""

#: ../../networking2.rst:95
# f9ec1f6b949e428b918524444e4e4c2d
msgid "A firewall for management traffic operates in the NAT mode. The network typically is assigned IP addresses in the 192.168.0.0/16 Class B private address space. Each pod is assigned IP addresses in the 192.168.\\*.0/24 Class C private address space."
msgstr ""

#: ../../networking2.rst:100
# f0acacb8a1ac4f92b32c742e22c0aa30
msgid "Each zone has its own set of public IP addresses. Public IP addresses from different zones do not overlap."
msgstr ""

#: ../../networking2.rst:104
# 48df0d18a8e448909a0b484414468735
msgid "Basic Zone Physical Network Configuration"
msgstr ""

#: ../../networking2.rst:106
# 20494f4a5f604216bed0571fa51a7ddb
msgid "In a basic network, configuring the physical network is fairly straightforward. You only need to configure one guest network to carry traffic that is generated by guest VMs. When you first add a zone to CloudStack, you set up the guest network through the Add Zone screens."
msgstr ""

#: ../../networking2.rst:112
# b5ca7152b69d4a2d8fcc434cb9267f7c
msgid "Advanced Zone Physical Network Configuration"
msgstr ""

#: ../../networking2.rst:114
# 954218a2f4204be989c2436ecd73edc1
msgid "Within a zone that uses advanced networking, you need to tell the Management Server how the physical network is set up to carry different kinds of traffic in isolation."
msgstr ""

#: ../../networking2.rst:119
# b3ba0f73a0df4d36a3cb4f204c4dee2d
msgid "Configure Guest Traffic in an Advanced Zone"
msgstr ""

#: ../../networking2.rst:121
# ecd9d16a0a0c4dff9373a2dbf58e4c09
msgid "These steps assume you have already logged in to the CloudStack UI. To configure the base guest network:"
msgstr ""

#: ../../networking2.rst:126
# 78523deb5f20412383b00c879c3b21aa
msgid "In the left navigation, choose Infrastructure. On Zones, click View More, then click the zone to which you want to add a network."
msgstr ""

#: ../../networking2.rst:131
#: ../../networking2.rst:215
#: ../../networking2.rst:1597
# 6257a61390924cb3bd8aeeac1a071780
# 991bb1da835442988405cc08b7001c28
# 61c9a678d28f40d599b72b6c2670f13d
msgid "Click the Network tab."
msgstr ""

#: ../../networking2.rst:135
#: ../../networking2.rst:219
#: ../../networking2.rst:1601
# 81ea8b8553864a83843ba71e6bf101af
# 2d5debf29d7e42428b6c6d0ea25b7b92
# e156f160e7c64f60a6d9c5bd8b8164a9
msgid "Click Add guest network."
msgstr ""

#: ../../networking2.rst:137
# 7b664064e09a4c25ac5afbc839d6bf94
msgid "The Add guest network window is displayed:"
msgstr ""

#: ../../networking2.rst:139
# 467663954a4745be91a92b1d95b23080
msgid "|addguestnetwork.png|"
msgstr ""

#: ../../networking2.rst:143
#: ../../networking2.rst:4200
#: ../../networking2.rst:5082
# a7bd588835354863bf7622de307358f6
# e19b9c5096354c629c5cb237adbb7845
# d0d70642a5104df08ab13289bdd0c02b
msgid "Provide the following information:"
msgstr ""

#: ../../networking2.rst:147
# 02150922f26d47f3b7a13ca653f96421
msgid "**Name**. The name of the network. This will be user-visible"
msgstr ""

#: ../../networking2.rst:151
# 71b93ff5fc154455a9e31bb96fc71d72
msgid "**Display Text**: The description of the network. This will be user-visible"
msgstr ""

#: ../../networking2.rst:156
# 3aa2ff94b2f3453caf3cf8a60cf57294
msgid "**Zone**: The zone in which you are configuring the guest network."
msgstr ""

#: ../../networking2.rst:160
# 8020d9a242d94611b622a7fbbf730632
msgid "**Network offering**: If the administrator has configured multiple network offerings, select the one you want to use for this network"
msgstr ""

#: ../../networking2.rst:165
# 409cf198865e4ed4a4ceda18fb9c08f8
msgid "**Guest Gateway**: The gateway that the guests should use"
msgstr ""

#: ../../networking2.rst:169
# 1b24f9a1dc1a468fa60412939100a476
msgid "**Guest Netmask**: The netmask in use on the subnet the guests will use"
msgstr ""

#: ../../networking2.rst:174
#: ../../networking2.rst:870
#: ../../networking2.rst:1251
#: ../../networking2.rst:1428
#: ../../networking2.rst:1755
#: ../../networking2.rst:3144
#: ../../networking2.rst:3662
#: ../../networking2.rst:4319
#: ../../networking2.rst:4355
#: ../../networking2.rst:5118
#: ../../networking2.rst:5211
#: ../../networking2.rst:5458
#: ../../networking2.rst:5499
#: ../../networking2.rst:6953
# 91173c96c5184ed8a0542f56f340c125
# 6968c572935348d89aa2cfe9419c00cd
# 9ee0ac806d854e47bd3f486e9e128034
# 5d45344f6070463bb25599b8c1ac7145
# 0527e80fdbfe4508a05ede62a047cd51
# c6016b8b267942548713429d3c7e74e0
# 3ccbb578962b42588bd495e0dbd57f76
# f5954071e2a24961b74b3dcca98a33b1
# e6ab2eac57564f63bfeea06d1691c574
# 6d9b635b27544fb3adc30d7e8bc3070b
# aae381906435443489b7db544138dc66
# 0218e655795843808690f324bad3bbf9
# 2c8c3e70a3904e0fb57a195a43305818
# bc97ad0f132944ffbb337c4649b00a51
msgid "Click OK."
msgstr ""

#: ../../networking2.rst:177
# bb8994cf25ed4d0f9c1738b0a288a66d
msgid "Configure Public Traffic in an Advanced Zone"
msgstr ""

#: ../../networking2.rst:179
# 53d266b50a684d08b2b57469d0ba2117
msgid "In a zone that uses advanced networking, you need to configure at least one range of IP addresses for Internet traffic."
msgstr ""

#: ../../networking2.rst:183
# 173ecef5b8d34d51b8690fdff5bcfc1f
msgid "Configuring a Shared Guest Network"
msgstr ""

#: ../../networking2.rst:187
#: ../../networking2.rst:761
#: ../../networking2.rst:1569
# 93a4d181244541b381a3a70d1daea74e
# 55cf11dd995e463eb0015820a7998825
# 648d4dddf66542dd975f89802e4efaec
msgid "Log in to the CloudStack UI as administrator."
msgstr ""

#: ../../networking2.rst:191
#: ../../networking2.rst:1363
#: ../../networking2.rst:1573
# ef46dafa14464c0580eef19b6347e754
# f88933a8ce404a74b4dbfb012972639e
# 1a1e2e9b76e842d2ad6653556d716440
msgid "In the left navigation, choose Infrastructure."
msgstr ""

#: ../../networking2.rst:195
#: ../../networking2.rst:1577
# e6266ec66e47425eaefdebd94b55e3d6
# 9b6fa85ad73145c2a68b917e13c4dd74
msgid "On Zones, click View More."
msgstr ""

#: ../../networking2.rst:199
#: ../../networking2.rst:1581
# ae18ac4302694c399605762c754adc89
# a83fd7a01a4d4702815c49eabf8d6f45
msgid "Click the zone to which you want to add a guest network."
msgstr ""

#: ../../networking2.rst:203
#: ../../networking2.rst:777
#: ../../networking2.rst:898
#: ../../networking2.rst:1585
# 35ace6a71a514813adb835b0e291e59a
# 92a70044e0a64276aca71c727238658c
# e7a6054e0cac452abbdf14af1fcf9ab7
# 1dc7e2ce80f242c792c3eadfdf57d1f8
msgid "Click the Physical Network tab."
msgstr ""

#: ../../networking2.rst:207
#: ../../networking2.rst:1589
# 7d1c35e3c6fb45268f88743d4f33fc4a
# 5d24c24102dc463b8df955cea14e8321
msgid "Click the physical network you want to work with."
msgstr ""

#: ../../networking2.rst:211
#: ../../networking2.rst:1593
# d69f9202aba443119708b15355371054
# b50eb62ce8e94fdf956d6c49a9d8c539
msgid "On the Guest node of the diagram, click Configure."
msgstr ""

#: ../../networking2.rst:221
#: ../../networking2.rst:1603
# 61f94d523e2b4257ac005b54b2300cd1
# e69e4aa9dc5d4b77b59760f32d4410e5
msgid "The Add guest network window is displayed."
msgstr ""

#: ../../networking2.rst:225
#: ../../networking2.rst:806
#: ../../networking2.rst:822
#: ../../networking2.rst:856
#: ../../networking2.rst:916
#: ../../networking2.rst:1227
#: ../../networking2.rst:1400
#: ../../networking2.rst:1607
#: ../../networking2.rst:2480
#: ../../networking2.rst:3177
#: ../../networking2.rst:5166
#: ../../networking2.rst:5592
#: ../../networking2.rst:6347
#: ../../networking2.rst:6741
# 4af18c5d61a6456caf73f7a9369e2fee
# cd3004192b7247d6b3d8df85d071c687
# cefbbdc700e1418791c24fa0e9ff9991
# 7d7d79ee61514455a6bd14b72d23c697
# 9eddccf9e3ed490ba485fed483665910
# ad7396c2fa194389a72869772975a651
# ba22f3a686da4d51be0844159353ec45
# 813ce0c39bee45a6b48988f7b8abcccd
# 49c644d753054859b04b0040656835a6
# 6851774e7c7b4a888987619af18e594a
# 5bb2026725a84546bbf11325cca1e760
# ca837cbb6534464a8d34b465a79f3b42
# 1766498324004d1b9d70c399f1671335
# 3fcb97db48704b65b73bdf48cfc719df
msgid "Specify the following:"
msgstr ""

#: ../../networking2.rst:229
#: ../../networking2.rst:1611
# 8779be8d9d6846f085dbce3da3461bc3
# b0b915aaeb67486684b659dc291d6454
msgid "**Name**: The name of the network. This will be visible to the user."
msgstr ""

#: ../../networking2.rst:234
#: ../../networking2.rst:1616
# 5074f17c728f4f3a8a7f794e8374c034
# 0a5db820304048068d1845c134b8df63
msgid "**Description**: The short description of the network that can be displayed to users."
msgstr ""

#: ../../networking2.rst:239
#: ../../networking2.rst:1621
# 2b82a4bc6aa046f3b00d043934c959d7
# 41c1edb5305a4945842709a1c5cf1ad6
msgid "**VLAN ID**: The unique ID of the VLAN."
msgstr ""

#: ../../networking2.rst:243
# 418bb2fcab5742fb987163b73807d96b
msgid "**Isolated VLAN ID**: The unique ID of the Secondary Isolated VLAN."
msgstr ""

#: ../../networking2.rst:248
#: ../../networking2.rst:1633
# f26b6b49568f43ac84898deb5855609f
# 969c263588994f74ac62592a499a4b31
msgid "**Scope**: The available scopes are Domain, Account, Project, and All."
msgstr ""

#: ../../networking2.rst:253
#: ../../networking2.rst:1638
# 178c532fedf44f0fb1a2993bf0f625a0
# 15faa541a4ce4327913cfce7e0c3f217
msgid "**Domain**: Selecting Domain limits the scope of this guest network to the domain you specify. The network will not be available for other domains. If you select Subdomain Access, the guest network is available to all the sub domains within the selected domain."
msgstr ""

#: ../../networking2.rst:261
#: ../../networking2.rst:1646
# 91422a2eb500489a88e0a6f4b976e5c8
# eb7d195938c445079e17b8d4de34c9b0
msgid "**Account**: The account for which the guest network is being created for. You must specify the domain the account belongs to."
msgstr ""

#: ../../networking2.rst:267
#: ../../networking2.rst:1652
# acbed03163c746f394f0b6065ac5d267
# b6481103a23442a698dd33a8241fd4a5
msgid "**Project**: The project for which the guest network is being created for. You must specify the domain the project belongs to."
msgstr ""

#: ../../networking2.rst:273
#: ../../networking2.rst:1658
# 7515546501ea4a229f3d24cb1957114c
# 14055c49cff34a97af7586b6692b395f
msgid "**All**: The guest network is available for all the domains, account, projects within the selected zone."
msgstr ""

#: ../../networking2.rst:278
#: ../../networking2.rst:1663
# 9e7d75c438d04916a6c8e41212a5add4
# d311a00faddf44fb969a7362e8525846
msgid "**Network Offering**: If the administrator has configured multiple network offerings, select the one you want to use for this network."
msgstr ""

#: ../../networking2.rst:284
#: ../../networking2.rst:1669
# 3b34a00342f74aabb8f06ef47a71928f
# cec7265b43cc44c985fc19c1aada24ca
msgid "**Gateway**: The gateway that the guests should use."
msgstr ""

#: ../../networking2.rst:288
#: ../../networking2.rst:1673
# e8b1ed0c13f24b28b17097da6a906553
# e376b4730d514e9cb67f58490f5323da
msgid "**Netmask**: The netmask in use on the subnet the guests will use."
msgstr ""

#: ../../networking2.rst:292
#: ../../networking2.rst:1677
# e95322f93824448f8b5213679edb09a1
# f9867bf0fe584ea68c8d8697b398a35d
msgid "**IP Range**: A range of IP addresses that are accessible from the Internet and are assigned to the guest VMs."
msgstr ""

#: ../../networking2.rst:295
# e30dfcdbb56b4fdab7ac50d318f8cfee
msgid "If one NIC is used, these IPs should be in the same CIDR in the case of IPv6."
msgstr ""

#: ../../networking2.rst:300
# c999c7758e4644bb960bd36b4934a153
msgid "**IPv6 CIDR**: The network prefix that defines the guest network subnet. This is the CIDR that describes the IPv6 addresses in use in the guest networks in this zone. To allot IP addresses from within a particular address block, enter a CIDR."
msgstr ""

#: ../../networking2.rst:307
#: ../../networking2.rst:1682
# 06222d5aca4f4401b3e50b9562eafd93
# bdec8ee29ad7416da22dd28dfee5836c
msgid "**Network Domain**: A custom DNS suffix at the level of a network. If you want to assign a special domain name to the guest VM network, specify a DNS suffix."
msgstr ""

#: ../../networking2.rst:313
#: ../../networking2.rst:1688
#: ../../networking2.rst:3215
#: ../../networking2.rst:3256
#: ../../networking2.rst:4559
# 6cbf270deb434c49a37109538320e729
# e3f042ecf42f48179722b1f43ed74365
# 6a7ddea8dd2248ce9c184a2ecb2a727c
# 3048777b2bf143b7b0cf2d931ebf1461
# 007a1927e30b4659b6f5b8dad349a236
msgid "Click OK to confirm."
msgstr ""

#: ../../networking2.rst:316
# 6dae7352ba9441b4ab5afb0eb736de8e
msgid "Using Multiple Guest Networks"
msgstr ""

#: ../../networking2.rst:318
# 2b127f6d5dfd4f3aa7e896c69fa530fc
msgid "In zones that use advanced networking, additional networks for guest traffic may be added at any time after the initial installation. You can also customize the domain name associated with the network by specifying a DNS suffix for each network."
msgstr ""

#: ../../networking2.rst:323
# 57493d5abb6d42e29119db9cfbd72df0
msgid "A VM's networks are defined at VM creation time. A VM cannot add or remove networks after it has been created, although the user can go into the guest and remove the IP address from the NIC on a particular network."
msgstr ""

#: ../../networking2.rst:328
# df560b1f84f74fa096be5526e9f253c2
msgid "Each VM has just one default network. The virtual router's DHCP reply will set the guest's default gateway as that for the default network. Multiple non-default networks may be added to a guest in addition to the single, required default network. The administrator can control which networks are available as the default network."
msgstr ""

#: ../../networking2.rst:334
# 1b89ed0c211f490d9ab7e3873f785995
msgid "Additional networks can either be available to all accounts or be assigned to a specific account. Networks that are available to all accounts are zone-wide. Any user with access to the zone can create a VM with access to that network. These zone-wide networks provide little or no isolation between guests.Networks that are assigned to a specific account provide strong isolation."
msgstr ""

#: ../../networking2.rst:342
# 03479d92c4f3472fbf1c837f78ae38b9
msgid "Adding an Additional Guest Network"
msgstr ""

#: ../../networking2.rst:346
#: ../../networking2.rst:413
#: ../../networking2.rst:478
#: ../../networking2.rst:509
#: ../../networking2.rst:543
#: ../../networking2.rst:688
#: ../../networking2.rst:1205
#: ../../networking2.rst:1258
#: ../../networking2.rst:1359
#: ../../networking2.rst:1735
#: ../../networking2.rst:1815
#: ../../networking2.rst:2210
#: ../../networking2.rst:3284
#: ../../networking2.rst:3327
#: ../../networking2.rst:3370
#: ../../networking2.rst:3444
#: ../../networking2.rst:3548
#: ../../networking2.rst:3695
#: ../../networking2.rst:3829
#: ../../networking2.rst:4184
#: ../../networking2.rst:4329
#: ../../networking2.rst:4362
#: ../../networking2.rst:4459
#: ../../networking2.rst:4650
#: ../../networking2.rst:5066
#: ../../networking2.rst:5131
#: ../../networking2.rst:5262
#: ../../networking2.rst:5344
#: ../../networking2.rst:5513
#: ../../networking2.rst:5752
#: ../../networking2.rst:5843
#: ../../networking2.rst:5931
#: ../../networking2.rst:6022
#: ../../networking2.rst:6265
#: ../../networking2.rst:6575
#: ../../networking2.rst:6659
#: ../../networking2.rst:6784
#: ../../networking2.rst:6823
# dcc9b20e05d94a90a82df638e638d914
# bf1857069dbe437da757dd8117d7a8f6
# b00f09bd670c4e6bb6a9d90b98d3ee27
# 06d1f9568c404045a154fa7800b17b42
# 3a1cc0396efd4b8ebd8a6128932f37f3
# ded02e7a4c5d4431a40e7c763efe892e
# 2bf9437aec83464ca8aa33fb4d5bc7d2
# 474cb61b7d6d414bb525496395e11ac0
# cf958678b40649e395bf748ed3a82341
# c6386d8cdb7f4830ac34eb0e3d53d353
# e419b4e20de34ab59ca3fd7119a6a509
# cb96251ca7834bcfb93698899e36997c
# c24de51d817f4b8b86aa10d3c56327e6
# 1970352df0b24327ab0040b0248447d1
# b69b28bceebf484d9240513871a69e53
# efd7ff6f49f24baebd8a7054ca0fcb6a
# 855b8ad33e0942859a9fb87da979bff6
# b853131f26c84398bd3ab3b28e7c8c10
# 0415ee973c9e4f138f81c716a5897661
# a2d18d98840548f1994851b84a11d06b
# dafb981c4cd44ff284f9609a6d78076f
# 8b5b3770bbea4a4b91bce618eaa95579
# 0f348eefc7a140f0bfa10c40ab0de750
# 20e4bf643dc649a5adf2b96c98aad755
# 229dd2bf881340558fca0975604b2643
# 470f52bcfa37419386c12e3c2112f795
# bbf8e4596d4c4216a94cb7fd144372c1
# bbeffb28c2c749518103fe11d941e8f3
# 910d29d282334e13b2f84bdba7e4ae2f
# d94ff6f14e7643a9832ac593d1c69ffb
# 534c0a26f9b24f54a399020a1716f7ed
# e92cc9d2cd1d448e9f9d848b7a0f8851
# a96d8dddd84c4103b8b7afff0db24cfe
# e307dc8da8084a23951ba5a0f61c85d4
# 538a9fc2f7b941d8831cf7952f1eac3f
# a6c65c894c464e4f928395582357dc97
# 786b76e0eb6b4cadba166292663da2ea
# 6530063879054b16a643c0b8d345a236
msgid "Log in to the CloudStack UI as an administrator or end user."
msgstr ""

#: ../../networking2.rst:350
#: ../../networking2.rst:553
#: ../../networking2.rst:692
#: ../../networking2.rst:1262
#: ../../networking2.rst:2214
#: ../../networking2.rst:3288
#: ../../networking2.rst:3331
#: ../../networking2.rst:3374
#: ../../networking2.rst:3448
#: ../../networking2.rst:3552
#: ../../networking2.rst:4188
#: ../../networking2.rst:4333
#: ../../networking2.rst:4366
#: ../../networking2.rst:4463
#: ../../networking2.rst:4654
#: ../../networking2.rst:5070
#: ../../networking2.rst:5135
#: ../../networking2.rst:5266
#: ../../networking2.rst:5348
#: ../../networking2.rst:5517
#: ../../networking2.rst:5756
#: ../../networking2.rst:5847
#: ../../networking2.rst:5935
#: ../../networking2.rst:6026
#: ../../networking2.rst:6269
#: ../../networking2.rst:6579
#: ../../networking2.rst:6663
#: ../../networking2.rst:6788
#: ../../networking2.rst:6827
# c650c895a3ac4ff2851197288859be98
# 65e8807d38054bd1b0027a7155f8085f
# 6cbdfa0e6a0e46cdab35e3223f504119
# 2f9490cb25514f8283f8dec06a79102d
# 5563fe265c1a429d967cda0edab813f4
# 54d9e12cb3164286a92aceeba0a664e5
# 612ff33bd3f84bdd84ef63b9c3cb6cf3
# 6fc81420daf44701856963aa3d9f4a87
# 07cefb7f05bc4714bf198cbd879aea33
# ab72dbc455b843cfb4c72e923297fc4d
# 2e8cbb1231ef43fb9b387b21b0f97305
# 9cb098264bbf4fc79077a14d44ff4e4d
# ceb0f3b90cd2499b89cc614d577384d9
# f15f55387b954e10a6e5a4417bfa6071
# c298749dee624dae9ac00c5329f45af3
# e222d654cbbb4a0a9bfcec6a887925e2
# aa6ece8cd97543d091148cc4a9db4c04
# 412366a772fc462991958a94917d88ee
# e838e4d54a33420fad3f9b5aac4181ea
# ef4b5d8b2c1f4efcb1dcb0909dd0610b
# fb954e22b2e247cfbf72c9525d556f10
# e9064194f98e4db6bb1374bc04afd258
# da3f29bc5aa344e99d840c524c97ff52
# 931799f15e4f4ef78f34f77acc6a84a5
# 0035008431074c10b6f9cdcd88cf746a
# 7a1970bdf40a45d3acd7f9db64c34c2f
# f9b9878b284a440380845f18adc4dc02
# 1108ad1b0aa449c198fc5fbf7b2f6f72
# cea2011545724bc2b72940d23a00d3d7
msgid "In the left navigation, choose Network."
msgstr ""

#: ../../networking2.rst:354
# f6aa7a61ff37420d9f141635bdbce188
msgid "Click Add guest network. Provide the following information:"
msgstr ""

#: ../../networking2.rst:358
# 94e3451e541243a590fc75a1c6838168
msgid "**Name**: The name of the network. This will be user-visible."
msgstr ""

#: ../../networking2.rst:362
# 24a87a4d530b4a8c9af892bd51a53c2b
msgid "**Display Text**: The description of the network. This will be user-visible."
msgstr ""

#: ../../networking2.rst:367
# 4491ce6396264b9f805777eca895a720
msgid "**Zone**. The name of the zone this network applies to. Each zone is a broadcast domain, and therefore each zone has a different IP range for the guest network. The administrator must configure the IP range for each zone."
msgstr ""

#: ../../networking2.rst:374
# 738c6e4f1dac40f6ae58cfa12e3fafb6
msgid "**Network offering**: If the administrator has configured multiple network offerings, select the one you want to use for this network."
msgstr ""

#: ../../networking2.rst:380
# 4d5b30b8ae754940bd24bf9ce873f62c
msgid "**Guest Gateway**: The gateway that the guests should use."
msgstr ""

#: ../../networking2.rst:384
# d2cc46c6e57d4a74b0f41b06645d7905
msgid "**Guest Netmask**: The netmask in use on the subnet the guests will use."
msgstr ""

#: ../../networking2.rst:389
#: ../../networking2.rst:4032
# 0eef322a01b1441c968f5d08a7d1205d
# 0fd1c8972f504925a86019b475f8cf7a
msgid "Click Create."
msgstr ""

#: ../../networking2.rst:392
# de4eb821eff84801b56973e967b9870e
msgid "Reconfiguring Networks in VMs"
msgstr ""

#: ../../networking2.rst:394
# 0f2fe4ab745e4f7fb65fe812f7d64f1a
msgid "CloudStack provides you the ability to move VMs between networks and reconfigure a VM's network. You can remove a VM from a network and add to a new network. You can also change the default network of a virtual machine. With this functionality, hybrid or traditional server loads can be accommodated with ease."
msgstr ""

#: ../../networking2.rst:400
# 74ad1316798b4f60a8f0033d2c970d86
msgid "This feature is supported on XenServer, VMware, and KVM hypervisors."
msgstr ""

#: ../../networking2.rst:403
#: ../../networking2.rst:1526
#: ../../networking2.rst:2416
# 65c68a2b86274b91a6ec6ed32d0eb511
# b0f423eb9e1444fa8072955fb8cbe955
# c9a7dedb4fe74538a84d59bba4b0ea21
msgid "Prerequisites"
msgstr ""

#: ../../networking2.rst:405
# bc2166808aa14a3d84e34f7a073eda9b
msgid "Ensure that vm-tools are running on guest VMs for adding or removing networks to work on VMware hypervisor."
msgstr ""

#: ../../networking2.rst:409
# 5edc5eb13c714fdcb4bc76dfefee938a
msgid "Adding a Network"
msgstr ""

#: ../../networking2.rst:417
#: ../../networking2.rst:482
#: ../../networking2.rst:513
# e9c46729b8e44e9b86983fc1d062228c
# 69e1fa7916874968ad5f68de2af2cbc4
# 53892275c4d84a16b7aa19e912822afe
msgid "In the left navigation, click Instances."
msgstr ""

#: ../../networking2.rst:421
#: ../../networking2.rst:486
#: ../../networking2.rst:517
# 237aa96a8b6047e2abb22526bd4bac7c
# 2b3f21ea21b24697b7196dc8f6846009
# 274e34eca30542b289b9dccb8063fa1f
msgid "Choose the VM that you want to work with."
msgstr ""

#: ../../networking2.rst:425
#: ../../networking2.rst:490
#: ../../networking2.rst:521
# a616e6054be2484499468033d21dea1c
# 7df447c421184ebd8362e78e05a81058
# 57cb30b5f480462abef7c6f73b23f46e
msgid "Click the NICs tab."
msgstr ""

#: ../../networking2.rst:429
# dccdbd5be35b43fda6baf17f2c628af7
msgid "Click Add network to VM."
msgstr ""

#: ../../networking2.rst:431
# 05af00bbbfae48b0869d614090792531
msgid "The Add network to VM dialog is displayed."
msgstr ""

#: ../../networking2.rst:435
# 9d15b4dcf3c8457785334338c368aa26
msgid "In the drop-down list, select the network that you would like to add this VM to."
msgstr ""

#: ../../networking2.rst:438
# 9747107d35eb413e81aa96529adf5506
msgid "A new NIC is added for this network. You can view the following details in the NICs page:"
msgstr ""

#: ../../networking2.rst:443
# 96ffcc74f3da41ee9f7fade2c284e2cc
msgid "ID"
msgstr ""

#: ../../networking2.rst:447
# 0930c07f915e4e8f8321b47ce1b2546c
msgid "Network Name"
msgstr ""

#: ../../networking2.rst:451
# 2166ea3836e64777968d20d97a551782
msgid "Type"
msgstr ""

#: ../../networking2.rst:455
#: ../../networking2.rst:4442
#: ../../networking2.rst:4567
# ebba5967ce5b40c6a4b9557338f01ce6
# 3d4b724e0c8241c1ba31b6395bc04008
# 5af256fd3dbb4fdd841ef05a4ec9b838
msgid "IP Address"
msgstr ""

#: ../../networking2.rst:459
#: ../../networking2.rst:4571
# a5e87e2a4b4d4ddd80f323f49ceee587
# ad200504779f4909905c825a837ecb20
msgid "Gateway"
msgstr ""

#: ../../networking2.rst:463
# b15a081ce5664e48891a6f018aa8f161
msgid "Netmask"
msgstr ""

#: ../../networking2.rst:467
# 297b7172628240e1a2c5b8cabc302f62
msgid "Is default"
msgstr ""

#: ../../networking2.rst:471
# 8a2efed9a7e74c7f9fe0f1d5eb5d090c
msgid "CIDR (for IPv6)"
msgstr ""

#: ../../networking2.rst:474
# 9398952782e64b64b3867a3fe12fd7bc
msgid "Removing a Network"
msgstr ""

#: ../../networking2.rst:494
# a093eadb6ac145cbae36f5faaaa2c9a1
msgid "Locate the NIC you want to remove."
msgstr ""

#: ../../networking2.rst:498
# 5785d874c0944a0caf08db20f4f9e446
msgid "Click Remove NIC button. |remove-nic.png|"
msgstr ""

#: ../../networking2.rst:502
#: ../../networking2.rst:533
# c2771766c44443d1bb463bd5a0f9ecef
# ed60114d9fff4ae6871302c0c6b0aed2
msgid "Click Yes to confirm."
msgstr ""

#: ../../networking2.rst:505
# 6b25b8b44f294113afdfb3b97d2eac02
msgid "Selecting the Default Network"
msgstr ""

#: ../../networking2.rst:525
# 86d95a73e3274acc9285a47537212537
msgid "Locate the NIC you want to work with."
msgstr ""

#: ../../networking2.rst:529
# 998ed551fd1a45f4ac897f9f38552afe
msgid "Click the Set default NIC button. |set-default-nic.png|."
msgstr ""

#: ../../networking2.rst:536
# df5fbaabb7364cf599673d6b129dc3a4
msgid "Changing the Network Offering on a Guest Network"
msgstr ""

#: ../../networking2.rst:538
# 7fc2bd82deb7433b8d2b5f310500de46
msgid "A user or administrator can change the network offering that is associated with an existing guest network."
msgstr ""

#: ../../networking2.rst:547
# 9961a724d3c9484ca0b4c1d5978d448c
msgid "If you are changing from a network offering that uses the CloudStack virtual router to one that uses external devices as network service providers, you must first stop all the VMs on the network."
msgstr ""

#: ../../networking2.rst:557
#: ../../networking2.rst:696
# 449cac531ff847d796c389fb42f64c5c
# 44aa044295ce4f078b84c89406c09bb3
msgid "Click the name of the network you want to modify."
msgstr ""

#: ../../networking2.rst:561
#: ../../networking2.rst:700
# 013515a624984a4181813aa619128c01
# fb4f4c6fee5a4d54a8210453ae8fea0b
msgid "In the Details tab, click Edit. |edit-icon.png|"
msgstr ""

#: ../../networking2.rst:565
# 2af58d6970ae4fa49f1d797131ae88e5
msgid "In Network Offering, choose the new network offering, then click Apply."
msgstr ""

#: ../../networking2.rst:568
# bc3a2c3c3d324782ae47b4da0e17c214
msgid "A prompt is displayed asking whether you want to keep the existing CIDR. This is to let you know that if you change the network offering, the CIDR will be affected."
msgstr ""

#: ../../networking2.rst:572
# 1b6db56bbeec4098851005614591b4f2
msgid "If you upgrade between virtual router as a provider and an external network device as provider, acknowledge the change of CIDR to continue, so choose Yes."
msgstr ""

#: ../../networking2.rst:578
# 146e4502698d4bedb783dec26532e410
msgid "Wait for the update to complete. Don't try to restart VMs until the network change is complete."
msgstr ""

#: ../../networking2.rst:583
# 4ae7ada6f8e841c4bab421568ca6c79c
msgid "If you stopped any VMs, restart them."
msgstr ""

#: ../../networking2.rst:586
# 9725e5abe5b24d5b9b938be30e1e60f9
msgid "IP Reservation in Isolated Guest Networks"
msgstr ""

#: ../../networking2.rst:588
# 2160ad6d081d44638ebbdfb06dbfae1f
msgid "In isolated guest networks, a part of the guest IP address space can be reserved for non-CloudStack VMs or physical servers. To do so, you configure a range of Reserved IP addresses by specifying the CIDR when a guest network is in Implemented state. If your customers wish to have non-CloudStack controlled VMs or physical servers on the same network, they can share a part of the IP address space that is primarily provided to the guest network."
msgstr ""

#: ../../networking2.rst:596
# fbba0aa499f74b36b378c6c99ef2ea87
msgid "In an Advanced zone, an IP address range or a CIDR is assigned to a network when the network is defined. The CloudStack virtual router acts as the DHCP server and uses CIDR for assigning IP addresses to the guest VMs. If you decide to reserve CIDR for non-CloudStack purposes, you can specify a part of the IP address range or the CIDR that should only be allocated by the DHCP service of the virtual router to the guest VMs created in CloudStack. The remaining IPs in that network are called Reserved IP Range. When IP reservation is configured, the administrator can add additional VMs or physical servers that are not part of CloudStack to the same network and assign them the Reserved IP addresses. CloudStack guest VMs cannot acquire IPs from the Reserved IP Range."
msgstr ""

#: ../../networking2.rst:610
# 90bf1a7d2c754ac4902085a1fd1ba748
msgid "IP Reservation Considerations"
msgstr ""

#: ../../networking2.rst:612
# bc5248dcc785447289018e7cdfcbae8a
msgid "Consider the following before you reserve an IP range for non-CloudStack machines:"
msgstr ""

#: ../../networking2.rst:617
# 7c3b4a1806bc46caaec696068e353f33
msgid "IP Reservation is supported only in Isolated networks."
msgstr ""

#: ../../networking2.rst:621
# a58ea815910f4eeebf5310fba2f2b4e6
msgid "IP Reservation can be applied only when the network is in Implemented state."
msgstr ""

#: ../../networking2.rst:626
# b1e7853953d34392be43f635d609444e
msgid "No IP Reservation is done by default."
msgstr ""

#: ../../networking2.rst:630
# c5d1c53bfa0a4acb8b354fa73f021b37
msgid "Guest VM CIDR you specify must be a subset of the network CIDR."
msgstr ""

#: ../../networking2.rst:634
# 71e39d8747064bfa95ff48adddf42e34
msgid "Specify a valid Guest VM CIDR. IP Reservation is applied only if no active IPs exist outside the Guest VM CIDR."
msgstr ""

#: ../../networking2.rst:637
# 7cd262eb2864435f953ba2f8d9b2e0a0
msgid "You cannot apply IP Reservation if any VM is alloted with an IP address that is outside the Guest VM CIDR."
msgstr ""

#: ../../networking2.rst:642
# e135731ad79443bcb5dd396201d24cf1
msgid "To reset an existing IP Reservation, apply IP reservation by specifying the value of network CIDR in the CIDR field."
msgstr ""

#: ../../networking2.rst:645
# 3019eee8f787404483287650255b0fe0
msgid "For example, the following table describes three scenarios of guest network creation:"
msgstr ""

#: ../../networking2.rst:649
# 80174dfa477741e8a428588c2de692c5
msgid "Case"
msgstr ""

#: ../../networking2.rst:649
#: ../../networking2.rst:3931
#: ../../networking2.rst:4403
#: ../../networking2.rst:4503
#: ../../networking2.rst:4695
#: ../../networking2.rst:5251
#: ../../networking2.rst:5299
#: ../../networking2.rst:5558
#: ../../networking2.rst:5884
#: ../../networking2.rst:5971
#: ../../networking2.rst:6063
#: ../../networking2.rst:6306
#: ../../networking2.rst:6700
# eef86be3eee44a648412010005fb2333
# 5f16a478e68c498db89c7157f7a1baf2
# 60559aa9aec74533a0723a299680c8a8
# fe93ec4b20274d52a8708a5cf4922fbd
# a51541e1ff974e5b9cec68fc9bcf7ea7
# d31c3f23647842caa0554fd1db873ce4
# 94126de200d245e5a36add083af0c115
# d3690595a81542b3a1a8daec4b800f9c
# 7cb858db9ac346838a97c8e7ed8dcd87
# e2cbdab6f6d04ca3a9579faffa22f221
# d1254ad4a86545a8ac507083e4787780
# 7abcfe51770247ca88d17c97fb261b52
# ab3f6c13fcea4cdf8df4054fc6c55960
msgid "CIDR"
msgstr ""

#: ../../networking2.rst:649
# 7190e9a05c824c698c369f059903140f
msgid "Network CIDR"
msgstr ""

#: ../../networking2.rst:649
# 7b3e79ea891f42948ec144865f44db13
msgid "Reserved IP Range for Non-CloudStack VMs"
msgstr ""

#: ../../networking2.rst:649
# 4c1abc1728ab4017a78ab13faa073d32
msgid "Description"
msgstr ""

#: ../../networking2.rst:651
#: ../../networking2.rst:5253
# 95c1f9dcea57490f9baba27f6052d7df
# c7dc34629f4a4f3380ad7fa0415823fe
msgid "1"
msgstr ""

#: ../../networking2.rst:651
#: ../../networking2.rst:652
#: ../../networking2.rst:655
# ca251edef20a4a09a96d4439f40e9fcc
# 47ec19dde3c14d2daf3a5f567a8ab892
# 96ce4f76ef034c6c8ad91aa5358390ea
msgid "10.1.1.0/24"
msgstr ""

#: ../../networking2.rst:651
#: ../../networking2.rst:651
#: ../../networking2.rst:655
#: ../../networking2.rst:655
# 9553954ea80b4c108951c22f66b1f907
# 9d8d02ccc8624c42ab63f95c1e6e61d2
# 1711e6d7b17c49c1bbacdfe2f237bc1c
# 3fe4ae27728949db852e351bdc3590a0
msgid "None"
msgstr ""

#: ../../networking2.rst:651
# 4cefe96c4cd048d6ab5bba6b2b2b2c1f
msgid "No IP Reservation."
msgstr ""

#: ../../networking2.rst:652
#: ../../networking2.rst:5254
# 9743a326091e467d9b6bca3cd0e35000
# 326ceea3093e4ad2bc955dd15a12fcaa
msgid "2"
msgstr ""

#: ../../networking2.rst:652
# 28839e89c7b84228a801613e0c9ed896
msgid "10.1.1.0/26"
msgstr ""

#: ../../networking2.rst:652
# fb5379ee12174589ad3d2da83e61667c
msgid "10.1.1.64 to 10.1.1.254"
msgstr ""

#: ../../networking2.rst:652
# a9558f6e733545849f81f3ae6fc11f08
msgid "IP Reservation configured by the UpdateNetwork API with guestvmcidr=10.1.1.0/26 or enter 10.1.1.0/26 in the CIDR field in the UI."
msgstr ""

#: ../../networking2.rst:655
# b3beece5bd0f4a3d8a0234aa9980a330
msgid "3"
msgstr ""

#: ../../networking2.rst:655
# 79c55aa2874f4650b96805d27acfee4e
msgid "Removing IP Reservation by the UpdateNetwork API with guestvmcidr=10.1.1.0/24 or enter 10.1.1.0/24 in the CIDR field in the UI."
msgstr ""

#: ../../networking2.rst:661
#: ../../networking2.rst:1774
# 69a8f32537914ac6a722239a9dc07582
# d8ca4fc7bf014daa9437cc4d5c7eb4f6
msgid "Limitations"
msgstr ""

#: ../../networking2.rst:665
# 6d66399f47684bc1940beb29a805e60c
msgid "The IP Reservation is not supported if active IPs that are found outside the Guest VM CIDR."
msgstr ""

#: ../../networking2.rst:670
# db05ec3e0280485b9f6f8c5d902cbcc7
msgid "Upgrading network offering which causes a change in CIDR (such as upgrading an offering with no external devices to one with external devices) IP Reservation becomes void if any. Reconfigure IP Reservation in the new re-implemeted network."
msgstr ""

#: ../../networking2.rst:676
# 6edc84466bc24a3d85247cab80c0cd80
msgid "Best Practices"
msgstr ""

#: ../../networking2.rst:678
# 4bd0b852d6474b84accb421f128331f4
msgid "Apply IP Reservation to the guest network as soon as the network state changes to Implemented. If you apply reservation soon after the first guest VM is deployed, lesser conflicts occurs while applying reservation."
msgstr ""

#: ../../networking2.rst:684
# e601241fba8a43feb30b4dcde1dc89a6
msgid "Reserving an IP Range"
msgstr ""

#: ../../networking2.rst:702
# dd9d0df809aa420899439632c2e7019f
msgid "The CIDR field changes to editable one."
msgstr ""

#: ../../networking2.rst:706
# 0ffc29b024624ccdb36d0ea407209d7f
msgid "In CIDR, specify the Guest VM CIDR."
msgstr ""

#: ../../networking2.rst:710
# b2b4f195c2e847418d352a7e1ef06061
msgid "Click Apply."
msgstr ""

#: ../../networking2.rst:712
# d33d489b7f234940bc59878574087127
msgid "Wait for the update to complete. The Network CIDR and the Reserved IP Range are displayed on the Details page."
msgstr ""

#: ../../networking2.rst:716
# 06aed4f105fd47d283331f291310c288
msgid "Reserving Public IP Addresses and VLANs for Accounts"
msgstr ""

#: ../../networking2.rst:718
# d29491316baf475184dbf3bd53bb19c3
msgid "CloudStack provides you the ability to reserve a set of public IP addresses and VLANs exclusively for an account. During zone creation, you can continue defining a set of VLANs and multiple public IP ranges. This feature extends the functionality to enable you to dedicate a fixed set of VLANs and guest IP addresses for a tenant."
msgstr ""

#: ../../networking2.rst:724
# 68a3748797434d67bcbfc405a263a065
msgid "Note that if an account has consumed all the VLANs and IPs dedicated to it, the account can acquire two more resources from the system. CloudStack provides the root admin with two configuration parameter to modify this default behavior: use.system.public.ips and use.system.guest.vlans. These global parameters enable the root admin to disallow an account from acquiring public IPs and guest VLANs from the system, if the account has dedicated resources and these dedicated resources have all been consumed. Both these configurations are configurable at the account level."
msgstr ""

#: ../../networking2.rst:734
# 40f4120539264e8fb5dbf5a7064d1fe9
msgid "This feature provides you the following capabilities:"
msgstr ""

#: ../../networking2.rst:738
# 9bf2889fc36847ebabce3e8f9b625163
msgid "Reserve a VLAN range and public IP address range from an Advanced zone and assign it to an account"
msgstr ""

#: ../../networking2.rst:743
# e1e3b63901214e39b4cd5ded0ff47ab6
msgid "Disassociate a VLAN and public IP address range from an account"
msgstr ""

#: ../../networking2.rst:747
# a849c48967014ee4ab4c29e6250ac9bc
msgid "View the number of public IP addresses allocated to an account"
msgstr ""

#: ../../networking2.rst:751
# 4c148c9f929f4394861c0230a52f46ea
msgid "Check whether the required range is available and is conforms to account limits."
msgstr ""

#: ../../networking2.rst:754
# b03cc0c4939e4538b33463b1acfa081f
msgid "The maximum IPs per account limit cannot be superseded."
msgstr ""

#: ../../networking2.rst:757
# 331f9e80ff07451f833ea2f1e6592f48
msgid "Dedicating IP Address Ranges to an Account"
msgstr ""

#: ../../networking2.rst:765
#: ../../networking2.rst:886
#: ../../networking2.rst:3054
# cc9f01ca9cd04090b9ef074c6c68eb34
# af5838600fdc41f68b104a44ea03d81a
# 6230bfd5086842d69df7366e01ad5977
msgid "In the left navigation bar, click Infrastructure."
msgstr ""

#: ../../networking2.rst:769
#: ../../networking2.rst:890
# 732571fdd87e45b2ba3d0c99d319dada
# 0a044cf03cd04706a971cfd6747f3972
msgid "In Zones, click View All."
msgstr ""

#: ../../networking2.rst:773
#: ../../networking2.rst:894
#: ../../networking2.rst:3062
# 718b87bdd1b24472a05561bc487af593
# f0113ce9f8584511a94348c59e5098e9
# 11d188714878411189998fcd7fb05a07
msgid "Choose the zone you want to work with."
msgstr ""

#: ../../networking2.rst:781
# e2c9d117a33a4ca698597ea697c642a8
msgid "In the Public node of the diagram, click Configure."
msgstr ""

#: ../../networking2.rst:785
# b587547f92d54da6a66fb328a1f90aa1
msgid "Click the IP Ranges tab."
msgstr ""

#: ../../networking2.rst:787
# 71762e4009804e12af198d32409f6abe
msgid "You can either assign an existing IP range to an account, or create a new IP range and assign to an account."
msgstr ""

#: ../../networking2.rst:792
# 89865009ad614a7caefc9d7e195d1f2c
msgid "To assign an existing IP range to an account, perform the following:"
msgstr ""

#: ../../networking2.rst:796
# 023883e725b743e790c6c7d378fae5d1
msgid "Locate the IP range you want to work with."
msgstr ""

#: ../../networking2.rst:800
# 727f9c60c5a149af95962b79fb673136
msgid "Click Add Account |addAccount-icon.png| button."
msgstr ""

#: ../../networking2.rst:802
# 98609249ea444461a727d851b23bdb4a
msgid "The Add Account dialog is displayed."
msgstr ""

#: ../../networking2.rst:810
# 91a874f4d53548b5a54dd26c7a8070c4
msgid "**Account**: The account to which you want to assign the IP address range."
msgstr ""

#: ../../networking2.rst:815
# d765ebdf04b540e9bb49f050bc9d5d1c
msgid "**Domain**: The domain associated with the account."
msgstr ""

#: ../../networking2.rst:817
# 68e22a0328b543599b5c092cb1be55c8
msgid "To create a new IP range and assign an account, perform the following:"
msgstr ""

#: ../../networking2.rst:826
# a7351c3fc8aa4e6ab6f6de9982df895a
msgid "**Gateway**"
msgstr ""

#: ../../networking2.rst:830
# a8212080596548efb06b7f360af77801
msgid "**Netmask**"
msgstr ""

#: ../../networking2.rst:834
# 2bac81ea68b044c99364b2e06d943f9e
msgid "**VLAN**"
msgstr ""

#: ../../networking2.rst:838
# a4fe8a556467404db7fc7ce462d9d690
msgid "**Start IP**"
msgstr ""

#: ../../networking2.rst:842
# b86850aa7e104d75b25613535bda6ad1
msgid "**End IP**"
msgstr ""

#: ../../networking2.rst:846
# 0cb6e7bb5c24462ca8eba42cba3c2ba0
msgid "**Account**: Perform the following:"
msgstr ""

#: ../../networking2.rst:850
# ba26e0ab36b64d9a9e00350c439eb9ec
msgid "Click Account."
msgstr ""

#: ../../networking2.rst:852
# 7ef94c9e8e0b407d82dc09a915d88b3e
msgid "The Add Account page is displayed."
msgstr ""

#: ../../networking2.rst:860
# 2e18417b732143f89ffa9ab5c5767d1d
msgid "****Account****: The account to which you want to assign an IP address range."
msgstr ""

#: ../../networking2.rst:865
#: ../../networking2.rst:930
# 24326080425a4f7ba299c24defa8ee63
# 3360555202854da8a230941d49441cb7
msgid "****Domain****: The domain associated with the account."
msgstr ""

#: ../../networking2.rst:874
#: ../../networking2.rst:1935
#: ../../networking2.rst:3493
#: ../../networking2.rst:3595
#: ../../networking2.rst:3751
#: ../../networking2.rst:3984
#: ../../networking2.rst:5732
# 57dd5ad50af947868ed60fb4f4871b8e
# fd71c947508a4b19a74d5e8e68ab028a
# df1c4b86b0574044b3b1e2f59f86e433
# 911725135046474fbb858f58a060c70c
# 7f4d32193a8e441ba5d3ba76afdc660d
# 0d1a59ac450f4913861519bb5690af46
# 68ec8457b8f6477a877539749238ecd7
msgid "Click Add."
msgstr ""

#: ../../networking2.rst:877
# 6ef67854e5d346c7913e58e20a2b72f4
msgid "Dedicating VLAN Ranges to an Account"
msgstr ""

#: ../../networking2.rst:881
# 37745b0f98834f4b805af70b9546e2d7
msgid "After the CloudStack Management Server is installed, log in to the CloudStack UI as administrator."
msgstr ""

#: ../../networking2.rst:902
#: ../../networking2.rst:1376
# f8bb5c0c781349a6ad62cac445eb11cc
# eab05b15433e427aa1bb42cc204ab3e9
msgid "In the Guest node of the diagram, click Configure."
msgstr ""

#: ../../networking2.rst:906
# 61505cd3d4344e769a534aed469c073d
msgid "Select the Dedicated VLAN Ranges tab."
msgstr ""

#: ../../networking2.rst:910
# 1df8c107f4854732a4f8a3a50c9cec49
msgid "Click Dedicate VLAN Range."
msgstr ""

#: ../../networking2.rst:912
# c02ef1fcb0e642a28e69bd463286ec33
msgid "The Dedicate VLAN Range dialog is displayed."
msgstr ""

#: ../../networking2.rst:920
# acd323fd8ca8468880666db446b5d222
msgid "****VLAN Range****: The VLAN range that you want to assign to an account."
msgstr ""

#: ../../networking2.rst:925
# 1a79b0742f1a4aefa692f541aa4b5892
msgid "****Account****: The account to which you want to assign the selected VLAN range."
msgstr ""

#: ../../networking2.rst:933
# fe1be017fe7644368cd98ae4c68575eb
msgid "Configuring Multiple IP Addresses on a Single NIC"
msgstr ""

#: ../../networking2.rst:935
# c38d77c3c3a04ece8ca7568348264c1c
msgid "CloudStack provides you the ability to associate multiple private IP addresses per guest VM NIC. In addition to the primary IP, you can assign additional IPs to the guest VM NIC. This feature is supported on all the network configurations: Basic, Advanced, and VPC. Security Groups, Static NAT and Port forwarding services are supported on these additional IPs."
msgstr ""

#: ../../networking2.rst:942
# f6ae31a4bdbf477bb30c85f877c5c6b6
msgid "As always, you can specify an IP from the guest subnet; if not specified, an IP is automatically picked up from the guest VM subnet. You can view the IPs associated with for each guest VM NICs on the UI. You can apply NAT on these additional guest IPs by using network configuration option in the CloudStack UI. You must specify the NIC to which the IP should be associated."
msgstr ""

#: ../../networking2.rst:949
# e122667851cc41cbb7ee1643ac94d437
msgid "This feature is supported on XenServer, KVM, and VMware hypervisors. Note that Basic zone security groups are not supported on VMware."
msgstr ""

#: ../../networking2.rst:953
# d244bec96a6742dcba6445489ebe5218
msgid "Use Cases"
msgstr ""

#: ../../networking2.rst:955
# 6bb7477d1acc4f3fbd79cd0dbfc2ca5e
msgid "Some of the use cases are described below:"
msgstr ""

#: ../../networking2.rst:959
# deaccf09c30b469a945f6c92f5b3e9e8
msgid "Network devices, such as firewalls and load balancers, generally work best when they have access to multiple IP addresses on the network interface."
msgstr ""

#: ../../networking2.rst:965
# b3bb1a633fb0431687fc030d4f1135d3
msgid "Moving private IP addresses between interfaces or instances. Applications that are bound to specific IP addresses can be moved between instances."
msgstr ""

#: ../../networking2.rst:971
# 5d372ef180164330a3adddfbf3c1cc0f
msgid "Hosting multiple SSL Websites on a single instance. You can install multiple SSL certificates on a single instance, each associated with a distinct IP address."
msgstr ""

#: ../../networking2.rst:976
#: ../../networking2.rst:1194
#: ../../networking2.rst:6425
# 37f9e5af46a34673a930879c2e5cba6f
# c7db437925a34c6a87c825ef10de2e9a
# 3f3eba9611d84d6aae271d271019803b
msgid "Guidelines"
msgstr ""

#: ../../networking2.rst:978
# 3e292b09263b4b97bfd6c423204dbc2f
msgid "To prevent IP conflict, configure different subnets when multiple networks are connected to the same VM."
msgstr ""

#: ../../networking2.rst:982
# 95785c3d19f449f78cc05d757ee25d24
msgid "Assigning Additional IPs to a VM"
msgstr ""

#: ../../networking2.rst:986
# 59a152d36896406a8e27bc6d934ee420
msgid "Log in to the CloudStack UI."
msgstr ""

#: ../../networking2.rst:990
# 62ef4fc700f2458282be770129fbe8f3
msgid "In the left navigation bar, click Instances."
msgstr ""

#: ../../networking2.rst:994
# e481a0bf01464ec993e94b0b35787eed
msgid "Click the name of the instance you want to work with."
msgstr ""

#: ../../networking2.rst:998
# 040e0aa0901c4a738201d7f2b345c0f1
msgid "In the Details tab, click NICs."
msgstr ""

#: ../../networking2.rst:1002
# 783db8f186394495ad0ab1546a97951e
msgid "Click View Secondary IPs."
msgstr ""

#: ../../networking2.rst:1006
# 81df8a9f3f814aaa861dd841284985ef
msgid "Click Acquire New Secondary IP, and click Yes in the confirmation dialog."
msgstr ""

#: ../../networking2.rst:1009
# 5bee3ae73622433aaf3ff3502d16bfcb
msgid "You need to configure the IP on the guest VM NIC manually. CloudStack will not automatically configure the acquired IP address on the VM. Ensure that the IP address configuration persist on VM reboot."
msgstr ""

#: ../../networking2.rst:1013
# f5aed3f52f76443b9810ed9d0bd1d47c
msgid "Within a few moments, the new IP address should appear with the state Allocated. You can now use the IP address in Port Forwarding or StaticNAT rules."
msgstr ""

#: ../../networking2.rst:1018
# 91390ddfe5794441a909d512aaf69b16
msgid "Port Forwarding and StaticNAT Services Changes"
msgstr ""

#: ../../networking2.rst:1020
# 178e8a8fb2244a73af81938965720ec0
msgid "Because multiple IPs can be associated per NIC, you are allowed to select a desired IP for the Port Forwarding and StaticNAT services. The default is the primary IP. To enable this functionality, an extra optional parameter 'vmguestip' is added to the Port forwarding and StaticNAT APIs (enableStaticNat, createIpForwardingRule) to indicate on what IP address NAT need to be configured. If vmguestip is passed, NAT is configured on the specified private IP of the VM. if not passed, NAT is configured on the primary IP of the VM."
msgstr ""

#: ../../networking2.rst:1030
# 9a799b4a628a476f9d231bc81b470264
msgid "About Multiple IP Ranges"
msgstr ""

#: ../../networking2.rst:1032
# 028ff8cab15f440e877ecf3ac468a1a2
msgid "The feature can only be implemented on IPv4 addresses."
msgstr ""

#: ../../networking2.rst:1034
# e4d2239d0d0c410c8f96922f8da73fd8
msgid "CloudStack provides you with the flexibility to add guest IP ranges from different subnets in Basic zones and security groups-enabled Advanced zones. For security groups-enabled Advanced zones, it implies multiple subnets can be added to the same VLAN. With the addition of this feature, you will be able to add IP address ranges from the same subnet or from a different one when IP address are exhausted. This would in turn allows you to employ higher number of subnets and thus reduce the address management overhead. To support this feature, the capability of ``createVlanIpRange`` API is extended to add IP ranges also from a different subnet."
msgstr ""

#: ../../networking2.rst:1045
# 2881a530808e42f5be3d6298eeb47271
msgid "Ensure that you manually configure the gateway of the new subnet before adding the IP range. Note that CloudStack supports only one gateway for a subnet; overlapping subnets are not currently supported."
msgstr ""

#: ../../networking2.rst:1049
# 003e5d07c0794227bc714b0f29892867
msgid "Use the ``deleteVlanRange`` API to delete IP ranges. This operation fails if an IP from the remove range is in use. If the remove range contains the IP address on which the DHCP server is running, CloudStack acquires a new IP from the same subnet. If no IP is available in the subnet, the remove operation fails."
msgstr ""

#: ../../networking2.rst:1055
# b8a91ec2e02844bd85db4f28846aad2b
msgid "This feature is supported on KVM, xenServer, and VMware hypervisors."
msgstr ""

#: ../../networking2.rst:1058
# ed378b716b614e5ea18ea508d7ecccb8
msgid "About Elastic IP"
msgstr ""

#: ../../networking2.rst:1060
# cb979912025d4652b170b423b3323451
msgid "Elastic IP (EIP) addresses are the IP addresses that are associated with an account, and act as static IP addresses. The account owner has the complete control over the Elastic IP addresses that belong to the account. As an account owner, you can allocate an Elastic IP to a VM of your choice from the EIP pool of your account. Later if required you can reassign the IP address to a different VM. This feature is extremely helpful during VM failure. Instead of replacing the VM which is down, the IP address can be reassigned to a new VM in your account."
msgstr ""

#: ../../networking2.rst:1069
# a05811529f014d1aa52b2974f0bba51e
msgid "Similar to the public IP address, Elastic IP addresses are mapped to their associated private IP addresses by using StaticNAT. The EIP service is equipped with StaticNAT (1:1) service in an EIP-enabled basic zone. The default network offering, DefaultSharedNetscalerEIPandELBNetworkOffering, provides your network with EIP and ELB network services if a NetScaler device is deployed in your zone. Consider the following illustration for more details."
msgstr ""

#: ../../networking2.rst:1077
# d254f6b5f23f4583bf38593e35204bd5
msgid "|eip-ns-basiczone.png|"
msgstr ""

#: ../../networking2.rst:1079
# ec87f8235ad14731b88fa165faf2855f
msgid "In the illustration, a NetScaler appliance is the default entry or exit point for the CloudStack instances, and firewall is the default entry or exit point for the rest of the data center. Netscaler provides LB services and staticNAT service to the guest networks. The guest traffic in the pods and the Management Server are on different subnets / VLANs. The policy-based routing in the data center core switch sends the public traffic through the NetScaler, whereas the rest of the data center goes through the firewall."
msgstr ""

#: ../../networking2.rst:1088
# cccbede2f664419a97a65174be17cfba
msgid "The EIP work flow is as follows:"
msgstr ""

#: ../../networking2.rst:1092
# 748bdba8746d4237862652eeefe51b0c
msgid "When a user VM is deployed, a public IP is automatically acquired from the pool of public IPs configured in the zone. This IP is owned by the VM's account."
msgstr ""

#: ../../networking2.rst:1098
# b453f18754a649e5913c58ce4a28993b
msgid "Each VM will have its own private IP. When the user VM starts, Static NAT is provisioned on the NetScaler device by using the Inbound Network Address Translation (INAT) and Reverse NAT (RNAT) rules between the public IP and the private IP."
msgstr ""

#: ../../networking2.rst:1104
# 6e1a151b2c704623941c8c05d3a90134
msgid "Inbound NAT (INAT) is a type of NAT supported by NetScaler, in which the destination IP address is replaced in the packets from the public network, such as the Internet, with the private IP address of a VM in the private network. Reverse NAT (RNAT) is a type of NAT supported by NetScaler, in which the source IP address is replaced in the packets generated by a VM in the private network with the public IP address."
msgstr ""

#: ../../networking2.rst:1113
# e64823a0214b46d8a6326da740b47131
msgid "This default public IP will be released in two cases:"
msgstr ""

#: ../../networking2.rst:1117
# ec3de61219d640b2baa722270d509f9b
msgid "When the VM is stopped. When the VM starts, it again receives a new public IP, not necessarily the same one allocated initially, from the pool of Public IPs."
msgstr ""

#: ../../networking2.rst:1123
# 9429fa004e17414e88ed8a023486ac59
msgid "The user acquires a public IP (Elastic IP). This public IP is associated with the account, but will not be mapped to any private IP. However, the user can enable Static NAT to associate this IP to the private IP of a VM in the account. The Static NAT rule for the public IP can be disabled at any time. When Static NAT is disabled, a new public IP is allocated from the pool, which is not necessarily be the same one allocated initially."
msgstr ""

#: ../../networking2.rst:1131
# 469830a9248b4593a5aac71adbba4340
msgid "For the deployments where public IPs are limited resources, you have the flexibility to choose not to allocate a public IP by default. You can use the Associate Public IP option to turn on or off the automatic public IP assignment in the EIP-enabled Basic zones. If you turn off the automatic public IP assignment while creating a network offering, only a private IP is assigned to a VM when the VM is deployed with that network offering. Later, the user can acquire an IP for the VM and enable static NAT."
msgstr ""

#: ../../networking2.rst:1140
# 0ecd0ac61194408a98281da0aadd9e1a
msgid "For more information on the Associate Public IP option, see `\"Creating a New Network Offering\" <networking.html#creating-a-new-network-offering>`_."
msgstr ""

#: ../../networking2.rst:1144
# 3cd8dd1307094741b10ebb57dc03d260
msgid "The Associate Public IP feature is designed only for use with user VMs. The System VMs continue to get both public IP and private by default, irrespective of the network offering configuration."
msgstr ""

#: ../../networking2.rst:1148
# 3ff9c04d9cd44e088c20dfd89e9b3b8b
msgid "New deployments which use the default shared network offering with EIP and ELB services to create a shared network in the Basic zone will continue allocating public IPs to each user VM."
msgstr ""

#: ../../networking2.rst:1153
# 16c8dc460b214f4894425176314b9cb3
msgid "Portable IPs"
msgstr ""

#: ../../networking2.rst:1156
# 3a5bf095b28f463397be53d043c810c8
msgid "About Portable IP"
msgstr ""

#: ../../networking2.rst:1158
# 5458a5ed86214e4c93481bcc51808719
msgid "Portable IPs in CloudStack are region-level pool of IPs, which are elastic in nature, that can be transferred across geographically separated zones. As an administrator, you can provision a pool of portable public IPs at region level and are available for user consumption. The users can acquire portable IPs if admin has provisioned portable IPs at the region level they are part of. These IPs can be use for any service within an advanced zone. You can also use portable IPs for EIP services in basic zones."
msgstr ""

#: ../../networking2.rst:1167
# 7315df7ef52e4cf1b934b6af1441d884
msgid "The salient features of Portable IP are as follows:"
msgstr ""

#: ../../networking2.rst:1171
# 891115e5cf6a48ada1f4095573352338
msgid "IP is statically allocated"
msgstr ""

#: ../../networking2.rst:1175
# 4d10cf62b6c743b8b592cc802be6cc92
msgid "IP need not be associated with a network"
msgstr ""

#: ../../networking2.rst:1179
# 24d3e403f0aa4c39ad463d1fa0ae207d
msgid "IP association is transferable across networks"
msgstr ""

#: ../../networking2.rst:1183
# 74cb916a3d374a76b971841f8b2379a5
msgid "IP is transferable across both Basic and Advanced zones"
msgstr ""

#: ../../networking2.rst:1187
# 7d33ab9a52444bbe9b3f7b3128209e6b
msgid "IP is transferable across VPC, non-VPC isolated and shared networks"
msgstr ""

#: ../../networking2.rst:1191
# df1a612ddd7d4098a0ddf9b83ad8a93e
msgid "Portable IP transfer is available only for static NAT."
msgstr ""

#: ../../networking2.rst:1196
# bb4f9954dc894d61abfa568fb2e16957
msgid "Before transferring to another network, ensure that no network rules (Firewall, Static NAT, Port Forwarding, and so on) exist on that portable IP."
msgstr ""

#: ../../networking2.rst:1201
# 6219f205752d4e34a5f1fbf3a5de51cc
msgid "Configuring Portable IPs"
msgstr ""

#: ../../networking2.rst:1209
# d64282ef04d447a599ddece7139055f7
msgid "In the left navigation, click Regions."
msgstr ""

#: ../../networking2.rst:1213
# 8b31c7af9d8541d79d6b98d0ed76d82d
msgid "Choose the Regions that you want to work with."
msgstr ""

#: ../../networking2.rst:1217
# 1938f07ea2c94222a20b08898972dc0c
msgid "Click View Portable IP."
msgstr ""

#: ../../networking2.rst:1221
# 3fd59fc0c5804ab58ed115888d070d9d
msgid "Click Portable IP Range."
msgstr ""

#: ../../networking2.rst:1223
# 289d79706e0d4aac949867e57202c169
msgid "The Add Portable IP Range window is displayed."
msgstr ""

#: ../../networking2.rst:1231
# 6ba39db9be5d430986ffe15997a7b655
msgid "**Start IP/ End IP**: A range of IP addresses that are accessible from the Internet and will be allocated to guest VMs. Enter the first and last IP addresses that define a range that CloudStack can assign to guest VMs."
msgstr ""

#: ../../networking2.rst:1238
# a79eef6844454a7e8d9fe27202723b53
msgid "**Gateway**: The gateway in use for the Portable IP addresses you are configuring."
msgstr ""

#: ../../networking2.rst:1243
# ade2b585b1ff4b51b25c1f72d1f5a03e
msgid "**Netmask**: The netmask associated with the Portable IP range."
msgstr ""

#: ../../networking2.rst:1247
# 2cce53fcfa9e4ebdb7cec25d4dd3f797
msgid "**VLAN**: The VLAN that will be used for public traffic."
msgstr ""

#: ../../networking2.rst:1254
# 5c4576cb4d01410ea44f66b3560eec1c
msgid "Acquiring a Portable IP"
msgstr ""

#: ../../networking2.rst:1266
#: ../../networking2.rst:3292
#: ../../networking2.rst:3335
#: ../../networking2.rst:3378
#: ../../networking2.rst:3452
# fd1b3a3c5e574a7ebb4e782d04f0746b
# 3ec5393b7aa8486ca2b52df1597e7a98
# b4889435dd5a4b8986acad62a13ddd6a
# bfc4acd9c38f49138744c5671d7deb8b
# 9eae88f558024bafa1c71d5b5f8f6d94
msgid "Click the name of the network where you want to work with."
msgstr ""

#: ../../networking2.rst:1270
#: ../../networking2.rst:2223
#: ../../networking2.rst:3296
#: ../../networking2.rst:3339
#: ../../networking2.rst:3382
#: ../../networking2.rst:3456
#: ../../networking2.rst:3870
# e986c959252444b99b7c5594762994fb
# 2809642deff2421db1593ab57615dc68
# d64bfe77233d4d59b07129a931a574b3
# 15c8b96721f3464380599d2d5d2f02bc
# 9751f6d58300447198381c3549bd481e
# f8c3a0b896d14361b59692083c989410
# 4bccc75dc7d0449097629003483b3545
msgid "Click View IP Addresses."
msgstr ""

#: ../../networking2.rst:1274
#: ../../networking2.rst:3300
# 667a207d51d24ec19784a9167e8565b8
# 5605f1edaf4a463a84ae99cdd32825a4
msgid "Click Acquire New IP."
msgstr ""

#: ../../networking2.rst:1276
#: ../../networking2.rst:3302
# 6f484ad19a9e4e70b96bf198ddbcf3f4
# ac45a6f42e5e42a29e4eb09f827d12a3
msgid "The Acquire New IP window is displayed."
msgstr ""

#: ../../networking2.rst:1280
#: ../../networking2.rst:3306
# a62089adc7304fe1a0c39b6e337ddca2
# 9baf10608a674ae292c3dea0a0859da7
msgid "Specify whether you want cross-zone IP or not."
msgstr ""

#: ../../networking2.rst:1284
# 3bb7d4dc99f341248a9c5c892bc12485
msgid "Click Yes in the confirmation dialog."
msgstr ""

#: ../../networking2.rst:1286
#: ../../networking2.rst:3314
# 38c1b6967ebb4ec9852ba01c1f005f98
# 197a1c50649d486ca45fb94f4900aa2d
msgid "Within a few moments, the new IP address should appear with the state Allocated. You can now use the IP address in port forwarding or static NAT rules."
msgstr ""

#: ../../networking2.rst:1291
# 524a4bfc4e03495584030002db87273b
msgid "Transferring Portable IP"
msgstr ""

#: ../../networking2.rst:1293
# 68465770f0cb4381ac7ce0eb0b65ecbc
msgid "An IP can be transferred from one network to another only if Static NAT is enabled. However, when a portable IP is associated with a network, you can use it for any service in the network."
msgstr ""

#: ../../networking2.rst:1297
# b51d59c49aad4d2c82dc7ff551a1e515
msgid "To transfer a portable IP across the networks, execute the following API:"
msgstr ""

#: ../../networking2.rst:1304
# baaa47d9664443df8004dbd797ca37f0
msgid "Replace the UUID with appropriate UUID. For example, if you want to transfer a portable IP to network X and VM Y in a network, execute the following:"
msgstr ""

#: ../../networking2.rst:1313
# 2ab16bedc435498fa54a92c12d41873b
msgid "Multiple Subnets in Shared Network"
msgstr ""

#: ../../networking2.rst:1315
# 052e7dd83a5d49f6830d255583296f7d
msgid "CloudStack provides you with the flexibility to add guest IP ranges from different subnets in Basic zones and security groups-enabled Advanced zones. For security groups-enabled Advanced zones, it implies multiple subnets can be added to the same VLAN. With the addition of this feature, you will be able to add IP address ranges from the same subnet or from a different one when IP address are exhausted. This would in turn allows you to employ higher number of subnets and thus reduce the address management overhead. You can delete the IP ranges you have added."
msgstr ""

#: ../../networking2.rst:1326
#: ../../networking2.rst:2963
#: ../../networking2.rst:3510
# 39d6185c2a9142778ebfcfaa45d53ea4
# a87fd7c6cc4d4983be85e89d3f15de49
# dff9442af85b489c8e6c974a633e5646
msgid "Prerequisites and Guidelines"
msgstr ""

#: ../../networking2.rst:1330
# b12da91685134a71866c8fa74aeaa4de
msgid "This feature can only be implemented:"
msgstr ""

#: ../../networking2.rst:1334
# 1393ad33a993459f81ea3de1149b6a09
msgid "on IPv4 addresses"
msgstr ""

#: ../../networking2.rst:1338
# 4764589edb39403a9fd8558614490a61
msgid "if virtual router is the DHCP provider"
msgstr ""

#: ../../networking2.rst:1342
# b1541de5c3f0486faa35809ad77b0359
msgid "on KVM, xenServer, and VMware hypervisors"
msgstr ""

#: ../../networking2.rst:1346
# 2422d92308cd49628de0caa0efcad9c7
msgid "Manually configure the gateway of the new subnet before adding the IP range."
msgstr ""

#: ../../networking2.rst:1351
# bf5e159cb4c54583a861e417824b26a3
msgid "CloudStack supports only one gateway for a subnet; overlapping subnets are not currently supported"
msgstr ""

#: ../../networking2.rst:1355
# 7e64cd24270240e9bef22bc1491bf837
msgid "Adding Multiple Subnets to a Shared Network"
msgstr ""

#: ../../networking2.rst:1367
# 1f05243395c24667a0f7e9c75bbc190f
msgid "On Zones, click View More, then click the zone to which you want to work with.."
msgstr ""

#: ../../networking2.rst:1372
# 2b58f0a641ae4d80a61839330e31435b
msgid "Click Physical Network."
msgstr ""

#: ../../networking2.rst:1380
# 01147d3437e04c6c93201551e05eec93
msgid "Click Networks."
msgstr ""

#: ../../networking2.rst:1384
# f5611c1c2d6f4bc2935f6fcb462429ac
msgid "Select the networks you want to work with."
msgstr ""

#: ../../networking2.rst:1388
# 8c8af6183f054d4b87cd5369985f279b
msgid "Click View IP Ranges."
msgstr ""

#: ../../networking2.rst:1392
# 27bfee4a94154becadc04d190e2248f0
msgid "Click Add IP Range."
msgstr ""

#: ../../networking2.rst:1394
# 0b8e9d89d4724266b4f358cddb5b5dae
msgid "The Add IP Range dialog is displayed, as follows:"
msgstr ""

#: ../../networking2.rst:1396
# b80689bd7547487da595f615e2462e55
msgid "|add-ip-range.png|"
msgstr ""

#: ../../networking2.rst:1402
#: ../../networking2.rst:5168
# ecfac85bd0504455b3d64af38c930d89
# b0284174465747738037a24f289b32cd
msgid "All the fields are mandatory."
msgstr ""

#: ../../networking2.rst:1406
#: ../../networking2.rst:5186
# 2a42d646d37c4df6add5bdf38ceca64d
# d96a1cf974414215858b14602328707b
msgid "**Gateway**: The gateway for the tier you create. Ensure that the gateway is within the Super CIDR range that you specified while creating the VPC, and is not overlapped with the CIDR of any existing tier within the VPC."
msgstr ""

#: ../../networking2.rst:1413
#: ../../networking2.rst:5203
# 135026f2c8ab4d77a877e4d100640178
# 035c6987b29147ebb036cad74b0ca7e2
msgid "**Netmask**: The netmask for the tier you create."
msgstr ""

#: ../../networking2.rst:1415
#: ../../networking2.rst:5205
# ff580244e12e4780b2df473d710b2271
# 8323a108551a443f8e02e4e8bf7cb1cc
msgid "For example, if the VPC CIDR is 10.0.0.0/16 and the network tier CIDR is 10.0.1.0/24, the gateway of the tier is 10.0.1.1, and the netmask of the tier is 255.255.255.0."
msgstr ""

#: ../../networking2.rst:1421
# e68e024d0d01404c95c2dfc37f213a3e
msgid "**Start IP/ End IP**: A range of IP addresses that are accessible from the Internet and will be allocated to guest VMs. Enter the first and last IP addresses that define a range that CloudStack can assign to guest VMs ."
msgstr ""

#: ../../networking2.rst:1431
# 878c548f176b4ef18a4c21be8ace7a7b
msgid "Isolation in Advanced Zone Using Private VLAN"
msgstr ""

#: ../../networking2.rst:1433
# a24c2265540a4aef9c82390bf465ff16
msgid "Isolation of guest traffic in shared networks can be achieved by using Private VLANs (PVLAN). PVLANs provide Layer 2 isolation between ports within the same VLAN. In a PVLAN-enabled shared network, a user VM cannot reach other user VM though they can reach the DHCP server and gateway, this would in turn allow users to control traffic within a network and help them deploy multiple applications without communication between application as well as prevent communication with other users' VMs."
msgstr ""

#: ../../networking2.rst:1444
# 4a22b32ca020436b81dd8f07f34306f4
msgid "Isolate VMs in a shared networks by using Private VLANs."
msgstr ""

#: ../../networking2.rst:1448
# abb78195383c40838e8616f04b87f7f2
msgid "Supported on KVM, XenServer, and VMware hypervisors"
msgstr ""

#: ../../networking2.rst:1452
# 2b02488a70fc420996644982994ac6eb
msgid "PVLAN-enabled shared network can be a part of multiple networks of a guest VM."
msgstr ""

#: ../../networking2.rst:1456
# d86c07b7947d412799db280d59e3f9e5
msgid "About Private VLAN"
msgstr ""

#: ../../networking2.rst:1458
# 892b94b696954a8e9527248d969742c6
msgid "In an Ethernet switch, a VLAN is a broadcast domain where hosts can establish direct communication with each another at Layer 2. Private VLAN is designed as an extension of VLAN standard to add further segmentation of the logical broadcast domain. A regular VLAN is a single broadcast domain, whereas a private VLAN partitions a larger VLAN broadcast domain into smaller sub-domains. A sub-domain is represented by a pair of VLANs: a Primary VLAN and a Secondary VLAN. The original VLAN that is being divided into smaller groups is called Primary, which implies that all VLAN pairs in a private VLAN share the same Primary VLAN. All the secondary VLANs exist only inside the Primary. Each Secondary VLAN has a specific VLAN ID associated to it, which differentiates one sub-domain from another."
msgstr ""

#: ../../networking2.rst:1471
# 65264ae745f94985b736d5abe4446401
msgid "Three types of ports exist in a private VLAN domain, which essentially determine the behaviour of the participating hosts. Each ports will have its own unique set of rules, which regulate a connected host's ability to communicate with other connected host within the same private VLAN domain. Configure each host that is part of a PVLAN pair can be by using one of these three port designation:"
msgstr ""

#: ../../networking2.rst:1480
# 65ce874571f0428cbe807261ef5c91ff
msgid "**Promiscuous**: A promiscuous port can communicate with all the interfaces, including the community and isolated host ports that belong to the secondary VLANs. In Promiscuous mode, hosts are connected to promiscuous ports and are able to communicate directly with resources on both primary and secondary VLAN. Routers, DHCP servers, and other trusted devices are typically attached to promiscuous ports."
msgstr ""

#: ../../networking2.rst:1490
# 11d7e1e2a07f44da85da53d61de9130b
msgid "**Isolated VLANs**: The ports within an isolated VLAN cannot communicate with each other at the layer-2 level. The hosts that are connected to Isolated ports can directly communicate only with the Promiscuous resources. If your customer device needs to have access only to a gateway router, attach it to an isolated port."
msgstr ""

#: ../../networking2.rst:1498
# c008cae9b2a74d48a4170c54a17a63d6
msgid "**Community VLANs**: The ports within a community VLAN can communicate with each other and with the promiscuous ports, but they cannot communicate with the ports in other communities at the layer-2 level. In a Community mode, direct communication is permitted only with the hosts in the same community and those that are connected to the Primary PVLAN in promiscuous mode. If your customer has two devices that need to be isolated from other customers' devices, but to be able to communicate among themselves, deploy them in community ports."
msgstr ""

#: ../../networking2.rst:1508
# eca73570aa5c496ba46877b3392feba4
msgid "For further reading:"
msgstr ""

#: ../../networking2.rst:1512
# 3fb1a7985e5143939ea6ed3db5517634
msgid "`Understanding Private VLANs <http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_see/configuration/guide/swpvlan.html#wp1038379>`_"
msgstr ""

#: ../../networking2.rst:1517
# 413321509f2d47a8b184ec2e8adbfcb5
msgid "`Cisco Systems' Private VLANs: Scalable Security in a Multi-Client Environment <http://tools.ietf.org/html/rfc5517>`_"
msgstr ""

#: ../../networking2.rst:1522
# d92ce4bc2e25409b903ed61ed410286d
msgid "`Private VLAN (PVLAN) on vNetwork Distributed Switch - Concept Overview (1010691) <http://kb.vmware.com>`_"
msgstr ""

#: ../../networking2.rst:1530
# 7b72e0b764624a06bcaed4e13da2da3d
msgid "Use a PVLAN supported switch."
msgstr ""

#: ../../networking2.rst:1532
# 4c3023eb7cbe49fdbc0af7708061b61c
msgid "See `Private VLAN Catalyst Switch Support Matrix <http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml>`_ for more information."
msgstr ""

#: ../../networking2.rst:1538
# 3d53c6dd5e0c47c98d6a7945385c1baa
msgid "All the layer 2 switches, which are PVLAN-aware, are connected to each other, and one of them is connected to a router. All the ports connected to the host would be configured in trunk mode. Open Management VLAN, Primary VLAN (public) and Secondary Isolated VLAN ports. Configure the switch port connected to the router in PVLAN promiscuous trunk mode, which would translate an isolated VLAN to primary VLAN for the PVLAN-unaware router."
msgstr ""

#: ../../networking2.rst:1546
# c0a596996cd541c399ba489470a762f3
msgid "Note that only Cisco Catalyst 4500 has the PVLAN promiscuous trunk mode to connect both normal VLAN and PVLAN to a PVLAN-unaware switch. For the other Catalyst PVLAN support switch, connect the switch to upper switch by using cables, one each for a PVLAN pair."
msgstr ""

#: ../../networking2.rst:1553
# cc4e6fc0e1f245528985b2117be84d9f
msgid "Configure private VLAN on your physical switches out-of-band."
msgstr ""

#: ../../networking2.rst:1557
# 62074ec8d4834007976930e3c6191196
msgid "Before you use PVLAN on XenServer and KVM, enable Open vSwitch (OVS)."
msgstr ""

#: ../../networking2.rst:1560
# 801f968d2c41437ab6df2a4e4ba571f9
msgid "OVS on XenServer and KVM does not support PVLAN natively. Therefore, CloudStack managed to simulate PVLAN on OVS for XenServer and KVM by modifying the flow table."
msgstr ""

#: ../../networking2.rst:1565
# 11c21ce678fe4324bddd45de27ee2be7
msgid "Creating a PVLAN-Enabled Guest Network"
msgstr ""

#: ../../networking2.rst:1625
# 3a96dbbceb574c5fa075e67bf6efd8eb
msgid "**Secondary Isolated VLAN ID**: The unique ID of the Secondary Isolated VLAN."
msgstr ""

#: ../../networking2.rst:1628
# 7030034cd1d8428a993a53ec2cf81a4b
msgid "For the description on Secondary Isolated VLAN, see `About Private VLAN\" <#about-private-vlan>`_."
msgstr ""

#: ../../networking2.rst:1691
# 3334596753684a6cae9e21d47cf11119
msgid "Security Groups"
msgstr ""

#: ../../networking2.rst:1694
# e6afa18d968443a988f9cda5396370a6
msgid "About Security Groups"
msgstr ""

#: ../../networking2.rst:1696
# 12db6b6e0abb441ca307862c39b2f3a7
msgid "Security groups provide a way to isolate traffic to VMs. A security group is a group of VMs that filter their incoming and outgoing traffic according to a set of rules, called ingress and egress rules. These rules filter network traffic according to the IP address that is attempting to communicate with the VM. Security groups are particularly useful in zones that use basic networking, because there is a single guest network for all guest VMs. In advanced zones, security groups are supported only on the KVM hypervisor."
msgstr ""

#: ../../networking2.rst:1706
# 5e0a423faa66428cb475ef10f065148b
msgid "In a zone that uses advanced networking, you can instead define multiple guest networks to isolate traffic to VMs."
msgstr ""

#: ../../networking2.rst:1708
# d58dc8ccb7ac4d10926fb53edabf176a
msgid "Each CloudStack account comes with a default security group that denies all inbound traffic and allows all outbound traffic. The default security group can be modified so that all new VMs inherit some other desired set of rules."
msgstr ""

#: ../../networking2.rst:1713
# 39f399e25b2f415d8584bd6f5dd19360
msgid "Any CloudStack user can set up any number of additional security groups. When a new VM is launched, it is assigned to the default security group unless another user-defined security group is specified. A VM can be a member of any number of security groups. Once a VM is assigned to a security group, it remains in that group for its entire lifetime; you can not move a running VM from one security group to another."
msgstr ""

#: ../../networking2.rst:1720
# bd1a3a7c766a49568e5d389c615a00fd
msgid "You can modify a security group by deleting or adding any number of ingress and egress rules. When you do, the new rules apply to all VMs in the group, whether running or stopped."
msgstr ""

#: ../../networking2.rst:1724
# a52edc5536e9495bbf1410f462d5932b
msgid "If no ingress rules are specified, then no traffic will be allowed in, except for responses to any traffic that has been allowed out through an egress rule."
msgstr ""

#: ../../networking2.rst:1729
# 7d25ba3d47574104ae0d8c4085970ddc
msgid "Adding a Security Group"
msgstr ""

#: ../../networking2.rst:1731
# 4a52e8eaf7f5498e9cac0ef8d3e753bb
msgid "A user or administrator can define a new security group."
msgstr ""

#: ../../networking2.rst:1739
#: ../../networking2.rst:1819
# a705e539e74940a78a8983f0585d2556
# c227631e574645b2b6062f0bf192b879
msgid "In the left navigation, choose Network"
msgstr ""

#: ../../networking2.rst:1743
# 7c3b2c1204ad4116b2771e974c0cf4c2
msgid "In Select view, choose Security Groups."
msgstr ""

#: ../../networking2.rst:1747
# 721d38433467434482cb1c4486f14572
msgid "Click Add Security Group."
msgstr ""

#: ../../networking2.rst:1751
# 02ecffe07c904fc2a4c3fa6a392afd04
msgid "Provide a name and description."
msgstr ""

#: ../../networking2.rst:1757
# 3e0ee4bc42fc4ea2a3189f69cde928db
msgid "The new security group appears in the Security Groups Details tab."
msgstr ""

#: ../../networking2.rst:1761
# 1b1ca02aa0b348c1b8d8e92f7dbe459d
msgid "To make the security group useful, continue to Adding Ingress and Egress Rules to a Security Group."
msgstr ""

#: ../../networking2.rst:1765
# 6d68ff5e482a496ea71d636366da8518
msgid "Security Groups in Advanced Zones (KVM Only)"
msgstr ""

#: ../../networking2.rst:1767
# bf3e0daa32bd4d928334c6593b3da60d
msgid "CloudStack provides the ability to use security groups to provide isolation between guests on a single shared, zone-wide network in an advanced zone where KVM is the hypervisor. Using security groups in advanced zones rather than multiple VLANs allows a greater range of options for setting up guest isolation in a cloud."
msgstr ""

#: ../../networking2.rst:1776
# a13d1f37385b4e7b86996acde4babec4
msgid "The following are not supported for this feature:"
msgstr ""

#: ../../networking2.rst:1780
# 8fc8b70b5cde4f87a62e5b1ca4a75e2a
msgid "Two IP ranges with the same VLAN and different gateway or netmask in security group-enabled shared network."
msgstr ""

#: ../../networking2.rst:1785
# 9afc1351e88841e18eb5fe14fc168913
msgid "Two IP ranges with the same VLAN and different gateway or netmask in account-specific shared networks."
msgstr ""

#: ../../networking2.rst:1790
# 964239c4525b49c48d33e98fa19650e7
msgid "Multiple VLAN ranges in security group-enabled shared network."
msgstr ""

#: ../../networking2.rst:1794
# 0e18491db0744181b7e4947503a5bf06
msgid "Multiple VLAN ranges in account-specific shared networks."
msgstr ""

#: ../../networking2.rst:1796
# 05bc77a1a85b4d40ac91eb83feacc795
msgid "Security groups must be enabled in the zone in order for this feature to be used."
msgstr ""

#: ../../networking2.rst:1800
# e64a176e0d1a4f50992f36b58586ff9e
msgid "Enabling Security Groups"
msgstr ""

#: ../../networking2.rst:1802
# 6ad796b8b65541758fa9ac87509ecbc2
msgid "In order for security groups to function in a zone, the security groups feature must first be enabled for the zone. The administrator can do this when creating a new zone, by selecting a network offering that includes security groups. The procedure is described in Basic Zone Configuration in the Advanced Installation Guide. The administrator can not enable security groups for an existing zone, only when creating a new zone."
msgstr ""

#: ../../networking2.rst:1811
# e2ba36a71c01454c872db51e3f32589d
msgid "Adding Ingress and Egress Rules to a Security Group"
msgstr ""

#: ../../networking2.rst:1823
# a1a516287e0441a7bfff434dc4c25818
msgid "In Select view, choose Security Groups, then click the security group you want ."
msgstr ""

#: ../../networking2.rst:1828
# d6e55c16dfbc4f85a9169f71f66a2804
msgid "To add an ingress rule, click the Ingress Rules tab and fill out the following fields to specify what network traffic is allowed into VM instances in this security group. If no ingress rules are specified, then no traffic will be allowed in, except for responses to any traffic that has been allowed out through an egress rule."
msgstr ""

#: ../../networking2.rst:1836
# 42943b264de7449685e9e46efc6a170c
msgid "**Add by CIDR/Account**. Indicate whether the source of the traffic will be defined by IP address (CIDR) or an existing security group in a CloudStack account (Account). Choose Account if you want to allow incoming traffic from all VMs in another security group"
msgstr ""

#: ../../networking2.rst:1844
# e2cc45d1de64494db50fe0a1c454f1de
msgid "**Protocol**. The networking protocol that sources will use to send traffic to the security group. TCP and UDP are typically used for data exchange and end-user communications. ICMP is typically used to send error messages or network monitoring data."
msgstr ""

#: ../../networking2.rst:1851
# 3830ab6e902f4099a0d5bcd5f94c98f9
msgid "**Start Port, End Port**. (TCP, UDP only) A range of listening ports that are the destination for the incoming traffic. If you are opening a single port, use the same number in both fields."
msgstr ""

#: ../../networking2.rst:1857
# 8964c7df1073444194c59e9ddf9726c6
msgid "**ICMP Type, ICMP Code**. (ICMP only) The type of message and error code that will be accepted."
msgstr ""

#: ../../networking2.rst:1862
# b0cf8f7cc93e4879aab846412508fb1a
msgid "**CIDR**. (Add by CIDR only) To accept only traffic from IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. The CIDR is the base IP address of the incoming traffic. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0."
msgstr ""

#: ../../networking2.rst:1870
# 76c5ca0cfe334149a512d3956349b0df
msgid "**Account, Security Group**. (Add by Account only) To accept only traffic from another security group, enter the CloudStack account and name of a security group that has already been defined in that account. To allow traffic between VMs within the security group you are editing now, enter the same name you used in step 7."
msgstr ""

#: ../../networking2.rst:1876
# 3903c6ce7d964ff99823291ab66fd97e
msgid "The following example allows inbound HTTP access from anywhere:"
msgstr ""

#: ../../networking2.rst:1878
# 0ca36e66c67f4b0fbc6e9642f98244e2
msgid "|httpaccess.png|"
msgstr ""

#: ../../networking2.rst:1882
# 0e328d3fe5ff4d199d094778ca339694
msgid "To add an egress rule, click the Egress Rules tab and fill out the following fields to specify what type of traffic is allowed to be sent out of VM instances in this security group. If no egress rules are specified, then all traffic will be allowed out. Once egress rules are specified, the following types of traffic are allowed out: traffic specified in egress rules; queries to DNS and DHCP servers; and responses to any traffic that has been allowed in through an ingress rule"
msgstr ""

#: ../../networking2.rst:1893
# 6345c89e81524779ab6e143c18064dbf
msgid "**Add by CIDR/Account**. Indicate whether the destination of the traffic will be defined by IP address (CIDR) or an existing security group in a CloudStack account (Account). Choose Account if you want to allow outgoing traffic to all VMs in another security group."
msgstr ""

#: ../../networking2.rst:1901
# 3aacbdb631954d769b273926968b7e76
msgid "**Protocol**. The networking protocol that VMs will use to send outgoing traffic. TCP and UDP are typically used for data exchange and end-user communications. ICMP is typically used to send error messages or network monitoring data."
msgstr ""

#: ../../networking2.rst:1908
# bf325442015447ccacf5f769195e3e42
msgid "**Start Port, End Port**. (TCP, UDP only) A range of listening ports that are the destination for the outgoing traffic. If you are opening a single port, use the same number in both fields."
msgstr ""

#: ../../networking2.rst:1914
# 6018cd1041b946a9a0e09343687a2ef2
msgid "**ICMP Type, ICMP Code**. (ICMP only) The type of message and error code that will be sent"
msgstr ""

#: ../../networking2.rst:1919
# dcedb9aa8a5f45fc8708767a08ba30e5
msgid "**CIDR**. (Add by CIDR only) To send traffic only to IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. The CIDR is the base IP address of the destination. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0."
msgstr ""

#: ../../networking2.rst:1927
# 7fe28834c4e944fa960b6bc798395bb8
msgid "**Account, Security Group**. (Add by Account only) To allow traffic to be sent to another security group, enter the CloudStack account and name of a security group that has already been defined in that account. To allow traffic between VMs within the security group you are editing now, enter its name."
msgstr ""

#: ../../networking2.rst:1938
# b98f0fffba9942f6b1c8338e399cd238
msgid "External Firewalls and Load Balancers"
msgstr ""

#: ../../networking2.rst:1940
# 538d6ddab6754d2f95ed16d1c8c19a47
msgid "CloudStack is capable of replacing its Virtual Router with an external Juniper SRX device and an optional external NetScaler or F5 load balancer for gateway and load balancing services. In this case, the VMs use the SRX as their gateway."
msgstr ""

#: ../../networking2.rst:1946
# 5b34eb6058a24e94801076fbb7ad2149
msgid "About Using a NetScaler Load Balancer"
msgstr ""

#: ../../networking2.rst:1948
# a78cf7cfee394628aaab85679c2ff14d
msgid "Citrix NetScaler is supported as an external network element for load balancing in zones that use isolated networking in advanced zones. Set up an external load balancer when you want to provide load balancing through means other than CloudStack's provided virtual router."
msgstr ""

#: ../../networking2.rst:1954
# b05631eea76f43049dad194f18a6a9b6
msgid "In a Basic zone, load balancing service is supported only if Elastic IP or Elastic LB services are enabled."
msgstr ""

#: ../../networking2.rst:1956
# 705041b2434b4ca483b18e0e974897dc
msgid "When NetScaler load balancer is used to provide EIP or ELB services in a Basic zone, ensure that all guest VM traffic must enter and exit through the NetScaler device. When inbound traffic goes through the NetScaler device, traffic is routed by using the NAT protocol depending on the EIP/ELB configured on the public IP to the private IP. The traffic that is originated from the guest VMs usually goes through the layer 3 router. To ensure that outbound traffic goes through NetScaler device providing EIP/ELB, layer 3 router must have a policy-based routing. A policy-based route must be set up so that all traffic originated from the guest VM's are directed to NetScaler device. This is required to ensure that the outbound traffic from the guest VM's is routed to a public IP by using NAT.For more information on Elastic IP, see `\"About Elastic IP\" <#about-elastic-ip>`_."
msgstr ""

#: ../../networking2.rst:1970
# 6bfdd4158ad14aa38deebe45fb9cbb9a
msgid "The NetScaler can be set up in direct (outside the firewall) mode. It must be added before any load balancing rules are deployed on guest VMs in the zone."
msgstr ""

#: ../../networking2.rst:1974
# d0b9fb7fee614995a8c6fa5905fff158
msgid "The functional behavior of the NetScaler with CloudStack is the same as described in the CloudStack documentation for using an F5 external load balancer. The only exception is that the F5 supports routing domains, and NetScaler does not. NetScaler can not yet be used as a firewall."
msgstr ""

#: ../../networking2.rst:1979
# 11e9cfee2a764a7fb0b70afb98d31c3b
msgid "To install and enable an external load balancer for CloudStack management, see External Guest Load Balancer Integration in the Installation Guide."
msgstr ""

#: ../../networking2.rst:1983
# 1fb1edcb2b6d4ffaa95d0fbe2737024a
msgid "The Citrix NetScaler comes in three varieties. The following table summarizes how these variants are treated in CloudStack."
msgstr ""

#: ../../networking2.rst:1986
# 12edf1030b1a46dea557408534fb87af
msgid "NetScaler ADC Type"
msgstr ""

#: ../../networking2.rst:1988
# 76d92f88c012490b8f745539f5beff17
msgid "Description of Capabilities"
msgstr ""

#: ../../networking2.rst:1990
# 85070d10ba6a46b6b7e646e0e6e68101
msgid "CloudStack Supported Features"
msgstr ""

#: ../../networking2.rst:1992
# 04cb1b68ff3b48edabc301bf64ccf560
msgid "MPX"
msgstr ""

#: ../../networking2.rst:1994
# 2d07236e0fb24abc935fc25da378dc09
msgid "Physical appliance. Capable of deep packet inspection. Can act as application firewall and load balancer"
msgstr ""

#: ../../networking2.rst:1997
# ec6682993a804b9e9f80b1d00004182e
msgid "In advanced zones, load balancer functionality fully supported without limitation. In basic zones, static NAT, elastic IP (EIP), and elastic load balancing (ELB) are also provided."
msgstr ""

#: ../../networking2.rst:2001
# b9ff4330d7774617b6ae9a5e7a8a6f1d
msgid "VPX"
msgstr ""

#: ../../networking2.rst:2003
# 9005b76458ad41a483ee097a591c21db
msgid "Virtual appliance. Can run as VM on XenServer, ESXi, and Hyper-V hypervisors. Same functionality as MPX"
msgstr ""

#: ../../networking2.rst:2006
# 3685fe921180440098631978824bd41e
msgid "Supported on ESXi and XenServer. Same functional support as for MPX. CloudStack will treat VPX and MPX as the same device type."
msgstr ""

#: ../../networking2.rst:2009
# b4d1336da974407c9db6af169f5b24ff
msgid "SDX"
msgstr ""

#: ../../networking2.rst:2011
# 62d3529ceb9a40a5a2112aff3c4ee083
msgid "Physical appliance. Can create multiple fully isolated VPX instances on a single appliance to support multi-tenant usage"
msgstr ""

#: ../../networking2.rst:2014
# 926617dc198f41458aa9112b482a4259
msgid "CloudStack will dynamically provision, configure, and manage the life cycle of VPX instances on the SDX. Provisioned instances are added into CloudStack automatically - no manual configuration by the administrator is required. Once a VPX instance is added into CloudStack, it is treated the same as a VPX on an ESXi host."
msgstr ""

#: ../../networking2.rst:2021
# 05a9bff4e49b4e6faaeeecdcf5ef0c7e
msgid "Configuring SNMP Community String on a RHEL Server"
msgstr ""

#: ../../networking2.rst:2023
# 75f35b06310648d3a4b6bfddf33bc68e
msgid "The SNMP Community string is similar to a user id or password that provides access to a network device, such as router. This string is sent along with all SNMP requests. If the community string is correct, the device responds with the requested information. If the community string is incorrect, the device discards the request and does not respond."
msgstr ""

#: ../../networking2.rst:2029
# 9c719f6ec799444b9ad1bf98205eabc8
msgid "The NetScaler device uses SNMP to communicate with the VMs. You must install SNMP and configure SNMP Community string for a secure communication between the NetScaler device and the RHEL machine."
msgstr ""

#: ../../networking2.rst:2035
# bdc592b5c12d4fc9bbfb1cb4bf44b046
msgid "Ensure that you installed SNMP on RedHat. If not, run the following command:"
msgstr ""

#: ../../networking2.rst:2044
# 02cf855a387949f3b83f4bb528cbf1c4
msgid "Edit the /etc/snmp/snmpd.conf file to allow the SNMP polling from the NetScaler device."
msgstr ""

#: ../../networking2.rst:2049
# 1decbe06fdbd45039c5b61ab7d3088d9
msgid "Map the community name into a security name (local and mynetwork, depending on where the request is coming from):"
msgstr ""

#: ../../networking2.rst:2053
# 8a17ab86a6dd4d5787e52b8e4414895f
msgid "Use a strong password instead of public when you edit the following table."
msgstr ""

#: ../../networking2.rst:2062
# 0179988cd69648e98566be83bd2dff14
msgid "Setting to 0.0.0.0 allows all IPs to poll the NetScaler server."
msgstr ""

#: ../../networking2.rst:2066
# 6577e90762254a09835bb6467df5a6ba
msgid "Map the security names into group names:"
msgstr ""

#: ../../networking2.rst:2078
# e25e9e1efba84febaa488370009ea353
msgid "Create a view to allow the groups to have the permission to:"
msgstr ""

#: ../../networking2.rst:2086
# 45d988cd96b04573b080085fbd6ee6cb
msgid "Grant access with different write permissions to the two groups to the view you created."
msgstr ""

#: ../../networking2.rst:2097
# 9fc121277fb04877af683ce49e88b40b
msgid "Unblock SNMP in iptables."
msgstr ""

#: ../../networking2.rst:2105
# ce86c5292fa840f194d550efe25863bf
msgid "Start the SNMP service:"
msgstr ""

#: ../../networking2.rst:2113
# c68c4cc6430e45fb8625e65486ad2c89
msgid "Ensure that the SNMP service is started automatically during the system startup:"
msgstr ""

#: ../../networking2.rst:2121
# 9a86418eaea24d238f86754265515817
msgid "Initial Setup of External Firewalls and Load Balancers"
msgstr ""

#: ../../networking2.rst:2123
# 06a101bd0fb84bd0b26f130d1a867429
msgid "When the first VM is created for a new account, CloudStack programs the external firewall and load balancer to work with the VM. The following objects are created on the firewall:"
msgstr ""

#: ../../networking2.rst:2129
# ab3bbc626f914afe9ac2a1b689262029
msgid "A new logical interface to connect to the account's private VLAN. The interface IP is always the first IP of the account's private subnet (e.g. 10.1.1.1)."
msgstr ""

#: ../../networking2.rst:2135
# f006b40c148b48a08def3072e5ad067c
msgid "A source NAT rule that forwards all outgoing traffic from the account's private VLAN to the public Internet, using the account's public IP address as the source address"
msgstr ""

#: ../../networking2.rst:2141
# cd7a4e14c7984cd284aa60828cf93747
msgid "A firewall filter counter that measures the number of bytes of outgoing traffic for the account"
msgstr ""

#: ../../networking2.rst:2144
# 6863d2e715784256ae2aa22351962b89
msgid "The following objects are created on the load balancer:"
msgstr ""

#: ../../networking2.rst:2148
# 9f6423f23a65442d8e2bda3bb6db462b
msgid "A new VLAN that matches the account's provisioned Zone VLAN"
msgstr ""

#: ../../networking2.rst:2152
# 72187f0b05e848e6967cdb9a555381db
msgid "A self IP for the VLAN. This is always the second IP of the account's private subnet (e.g. 10.1.1.2)."
msgstr ""

#: ../../networking2.rst:2156
# ab8a654963914f2baa6cec082bc98b83
msgid "Ongoing Configuration of External Firewalls and Load Balancers"
msgstr ""

#: ../../networking2.rst:2158
# 6cc8786791794c06befa8a17509abd10
msgid "Additional user actions (e.g. setting a port forward) will cause further programming of the firewall and load balancer. A user may request additional public IP addresses and forward traffic received at these IPs to specific VMs. This is accomplished by enabling static NAT for a public IP address, assigning the IP to a VM, and specifying a set of protocols and port ranges to open. When a static NAT rule is created, CloudStack programs the zone's external firewall with the following objects:"
msgstr ""

#: ../../networking2.rst:2169
# 1264629934524065bc84801e9205e4a5
msgid "A static NAT rule that maps the public IP address to the private IP address of a VM."
msgstr ""

#: ../../networking2.rst:2174
# c5fc12f27ace4872a52cb589ca35d678
msgid "A security policy that allows traffic within the set of protocols and port ranges that are specified."
msgstr ""

#: ../../networking2.rst:2179
# 3987c5c775d14d12b88cb87ad208f691
msgid "A firewall filter counter that measures the number of bytes of incoming traffic to the public IP."
msgstr ""

#: ../../networking2.rst:2182
# c5db6b14c530477fbdab470760ab4530
msgid "The number of incoming and outgoing bytes through source NAT, static NAT, and load balancing rules is measured and saved on each external element. This data is collected on a regular basis and stored in the CloudStack database."
msgstr ""

#: ../../networking2.rst:2188
# ffe7e0e1d6a54f58847e94107290cdea
msgid "Load Balancer Rules"
msgstr ""

#: ../../networking2.rst:2190
# c4c2a4ed95bf4c308ca4f5e48b75081b
msgid "A CloudStack user or administrator may create load balancing rules that balance traffic received at a public IP to one or more VMs. A user creates a rule, specifies an algorithm, and assigns the rule to a set of VMs."
msgstr ""

#: ../../networking2.rst:2196
# 5edeb5d8028f43088fd22e105d890c45
msgid "If you create load balancing rules while using a network service offering that includes an external load balancer device such as NetScaler, and later change the network service offering to one that uses the CloudStack virtual router, you must create a firewall rule on the virtual router for each of your existing load balancing rules so that they continue to function."
msgstr ""

#: ../../networking2.rst:2206
# aee5ead118ba49d2af6fd663749cb21a
msgid "Adding a Load Balancer Rule"
msgstr ""

#: ../../networking2.rst:2218
# ef9ec7e8608f4622a42b9006e67332f1
msgid "Click the name of the network where you want to load balance the traffic."
msgstr ""

#: ../../networking2.rst:2227
#: ../../networking2.rst:6334
#: ../../networking2.rst:6728
# d56ea994f5094995b0b1a4f7aa68eca8
# 7764a67f3ade40b1b3dc2075fac839f4
# ff64344bfa4d4a28a323dffd869d78cc
msgid "Click the IP address for which you want to create the rule, then click the Configuration tab."
msgstr ""

#: ../../networking2.rst:2232
#: ../../networking2.rst:6339
# bd1517a9c2da449f8664512b691ebb65
# 563ad659bddb4945a34373de5161db96
msgid "In the Load Balancing node of the diagram, click View All."
msgstr ""

#: ../../networking2.rst:2234
# 5c4e645be6564d2981406da6582c05fa
msgid "In a Basic zone, you can also create a load balancing rule without acquiring or selecting an IP address. CloudStack internally assign an IP when you create the load balancing rule, which is listed in the IP Addresses page when the rule is created."
msgstr ""

#: ../../networking2.rst:2239
# 19e72807452b47e3a1cc379d4795b3d9
msgid "To do that, select the name of the network, then click Add Load Balancer tab. Continue with #7."
msgstr ""

#: ../../networking2.rst:2244
#: ../../networking2.rst:3732
# 92a8a5aa771d4722b5156213b1af4fd5
# 130044af73ab495bab3655cce16db603
msgid "Fill in the following:"
msgstr ""

#: ../../networking2.rst:2248
#: ../../networking2.rst:6351
#: ../../networking2.rst:6609
# 96cfbfac34a546b2aabfdd57984816d9
# 2f3e7f66b6854ce1bf779bd548cb6f12
# 0e0ff88d07eb4baf9edfced6bfbc8d7b
msgid "**Name**: A name for the load balancer rule."
msgstr ""

#: ../../networking2.rst:2252
# d159c92df5a7480c9ea3390d74166c14
msgid "**Public Port**: The port receiving incoming traffic to be balanced."
msgstr ""

#: ../../networking2.rst:2257
#: ../../networking2.rst:6360
# b581656e45d34c8d81bf85c2f5e1687d
# 4bc8d2ff0de548bfac5f09a67456130e
msgid "**Private Port**: The port that the VMs will use to receive the traffic."
msgstr ""

#: ../../networking2.rst:2262
# 2543a97cf11048648e1d03e65b26ff8e
msgid "**Algorithm**: Choose the load balancing algorithm you want CloudStack to use. CloudStack supports a variety of well-known algorithms. If you are not familiar with these choices, you will find plenty of information about them on the Internet."
msgstr ""

#: ../../networking2.rst:2269
# 0e85be5a5f044e87a64418a1378234c5
msgid "**Stickiness**: (Optional) Click Configure and choose the algorithm for the stickiness policy. See Sticky Session Policies for Load Balancer Rules."
msgstr ""

#: ../../networking2.rst:2275
# d254fa1eae76499aa9dd3674a7ccb16e
msgid "**AutoScale**: Click Configure and complete the AutoScale configuration as explained in :ref:`conf-autoscale`."
msgstr ""

#: ../../networking2.rst:2280
# 80c293bf8b72415daff417f7d1e485c2
msgid "**Health Check**: (Optional; NetScaler load balancers only) Click Configure and fill in the characteristics of the health check policy. See :ref:`health-check`."
msgstr ""

#: ../../networking2.rst:2286
# 7646c6b438bc4f6a95b867bca86d2778
msgid "**Ping path (Optional)**: Sequence of destinations to which to send health check queries. Default: / (all)."
msgstr ""

#: ../../networking2.rst:2291
# f2e4bc38af6b4daf89f145d9739466f4
msgid "**Response time (Optional)**: How long to wait for a response from the health check (2 - 60 seconds). Default: 5 seconds."
msgstr ""

#: ../../networking2.rst:2296
# b56f106902c64b1c8aa0a36c64aec4ac
msgid "**Interval time (Optional)**: Amount of time between health checks (1 second - 5 minutes). Default value is set in the global configuration parameter lbrule\\_health check\\_time\\_interval."
msgstr ""

#: ../../networking2.rst:2303
# 4295d940156f4b3ba091563f2533eb12
msgid "**Healthy threshold (Optional)**: Number of consecutive health check successes that are required before declaring an instance healthy. Default: 2."
msgstr ""

#: ../../networking2.rst:2309
# 7ac5054f47b24947b246698f28438d57
msgid "**Unhealthy threshold (Optional)**: Number of consecutive health check failures that are required before declaring an instance unhealthy. Default: 10."
msgstr ""

#: ../../networking2.rst:2315
# 7836878559f34b60b1399d767ae28a29
msgid "Click Add VMs, then select two or more VMs that will divide the load of incoming traffic, and click Apply."
msgstr ""

#: ../../networking2.rst:2318
# 6a2803e8da5f48318b4b61fd67bcd43f
msgid "The new load balancer rule appears in the list. You can repeat these steps to add more load balancer rules for this IP address."
msgstr ""

#: ../../networking2.rst:2322
# d24dcf4899a54968b3b3db61c818c67d
msgid "Sticky Session Policies for Load Balancer Rules"
msgstr ""

#: ../../networking2.rst:2324
# 8ab79ec71a4e4b98ad38ad17ec22af5f
msgid "Sticky sessions are used in Web-based applications to ensure continued availability of information across the multiple requests in a user's session. For example, if a shopper is filling a cart, you need to remember what has been purchased so far. The concept of \"stickiness\" is also referred to as persistence or maintaining state."
msgstr ""

#: ../../networking2.rst:2330
# c3519ee8b4b344cabb8750b51ce2309d
msgid "Any load balancer rule defined in CloudStack can have a stickiness policy. The policy consists of a name, stickiness method, and parameters. The parameters are name-value pairs or flags, which are defined by the load balancer vendor. The stickiness method could be load balancer-generated cookie, application-generated cookie, or source-based. In the source-based method, the source IP address is used to identify the user and locate the user's stored data. In the other methods, cookies are used. The cookie generated by the load balancer or application is included in request and response URLs to create persistence. The cookie name can be specified by the administrator or automatically generated. A variety of options are provided to control the exact behavior of cookies, such as how they are generated and whether they are cached."
msgstr ""

#: ../../networking2.rst:2344
# 79f3c606c002408f917d8fa2d8fdd9eb
msgid "For the most up to date list of available stickiness methods, see the CloudStack UI or call listNetworks and check the SupportedStickinessMethods capability."
msgstr ""

#: ../../networking2.rst:2351
# 3f62bdba5f31457aadd915d45be545a7
msgid "Health Checks for Load Balancer Rules"
msgstr ""

#: ../../networking2.rst:2353
# b083bc41aca34d9b98d86dc1d0206017
msgid "(NetScaler load balancer only; requires NetScaler version 10.0)"
msgstr ""

#: ../../networking2.rst:2355
# 1bf841d08f9947a9a22824b89f8e09d4
msgid "Health checks are used in load-balanced applications to ensure that requests are forwarded only to running, available services. When creating a load balancer rule, you can specify a health check policy. This is in addition to specifying the stickiness policy, algorithm, and other load balancer rule options. You can configure one health check policy per load balancer rule."
msgstr ""

#: ../../networking2.rst:2362
# 85c9feea4e8743198f31cc482695a279
msgid "Any load balancer rule defined on a NetScaler load balancer in CloudStack can have a health check policy. The policy consists of a ping path, thresholds to define \"healthy\" and \"unhealthy\" states, health check frequency, and timeout wait interval."
msgstr ""

#: ../../networking2.rst:2367
# 352dde5daf9c433c88293769a6bb0553
msgid "When a health check policy is in effect, the load balancer will stop forwarding requests to any resources that are found to be unhealthy. If the resource later becomes available again, the periodic health check will discover it, and the resource will once again be added to the pool of resources that can receive requests from the load balancer. At any given time, the most recent result of the health check is displayed in the UI. For any VM that is attached to a load balancer rule with a health check configured, the state will be shown as UP or DOWN in the UI depending on the result of the most recent health check."
msgstr ""

#: ../../networking2.rst:2377
# 7487d03bd3954a619c9deab8432eccb5
msgid "You can delete or modify existing health check policies."
msgstr ""

#: ../../networking2.rst:2379
# 9bb908ef254545669272a47771402d19
msgid "To configure how often the health check is performed by default, use the global configuration setting healthcheck.update.interval (default value is 600 seconds). You can override this value for an individual health check policy."
msgstr ""

#: ../../networking2.rst:2384
# a4a4e4ced2f64992a7090ec99eec5b74
msgid "For details on how to set a health check policy using the UI, see :ref:`adding-lb-rule`."
msgstr ""

#: ../../networking2.rst:2390
# 7583c6f2d7c04c729c049fe5fb20f1d0
msgid "Configuring AutoScale"
msgstr ""

#: ../../networking2.rst:2392
# 110dc69ca3524adf841208bc3b2afa45
msgid "AutoScaling allows you to scale your back-end services or application VMs up or down seamlessly and automatically according to the conditions you define. With AutoScaling enabled, you can ensure that the number of VMs you are using seamlessly scale up when demand increases, and automatically decreases when demand subsides. Thus it helps you save compute costs by terminating underused VMs automatically and launching new VMs when you need them, without the need for manual intervention."
msgstr ""

#: ../../networking2.rst:2400
# 6067162c83174a73b67766fe147a1105
msgid "NetScaler AutoScaling is designed to seamlessly launch or terminate VMs based on user-defined conditions. Conditions for triggering a scaleup or scaledown action can vary from a simple use case like monitoring the CPU usage of a server to a complex use case of monitoring a combination of server's responsiveness and its CPU usage. For example, you can configure AutoScaling to launch an additional VM whenever CPU usage exceeds 80 percent for 15 minutes, or to remove a VM whenever CPU usage is less than 20 percent for 30 minutes."
msgstr ""

#: ../../networking2.rst:2409
# 4178b892ea11419ca207b4f23416d240
msgid "CloudStack uses the NetScaler load balancer to monitor all aspects of a system's health and work in unison with CloudStack to initiate scale-up or scale-down actions."
msgstr ""

#: ../../networking2.rst:2413
# 720fc42dfba2445580316d8a7c7b6446
msgid "AutoScale is supported on NetScaler Release 10 Build 74.4006.e and beyond."
msgstr ""

#: ../../networking2.rst:2418
# 25d5a916dcd24f8c93a8a2270ea1dec8
msgid "Before you configure an AutoScale rule, consider the following:"
msgstr ""

#: ../../networking2.rst:2422
# e5e20ba2d3ec4d3492856bcfe74d40f1
msgid "Ensure that the necessary template is prepared before configuring AutoScale. When a VM is deployed by using a template and when it comes up, the application should be up and running."
msgstr ""

#: ../../networking2.rst:2427
# a3786b1dded84da299934e36c6d9e71a
msgid "If the application is not running, the NetScaler device considers the VM as ineffective and continues provisioning the VMs unconditionally until the resource limit is exhausted."
msgstr ""

#: ../../networking2.rst:2433
# 848edeadae8842dd9b6660533e51cb84
msgid "Deploy the templates you prepared. Ensure that the applications come up on the first boot and is ready to take the traffic. Observe the time requires to deploy the template. Consider this time when you specify the quiet time while configuring AutoScale."
msgstr ""

#: ../../networking2.rst:2440
# 47a8c8b854724128bca574cad390341b
msgid "The AutoScale feature supports the SNMP counters that can be used to define conditions for taking scale up or scale down actions. To monitor the SNMP-based counter, ensure that the SNMP agent is installed in the template used for creating the AutoScale VMs, and the SNMP operations work with the configured SNMP community and port by using standard SNMP managers. For example, see `\"Configuring SNMP Community String on a RHEL Server\" <#configuring-snmp-community-string-on-a-rhel-server>`_ to configure SNMP on a RHEL machine."
msgstr ""

#: ../../networking2.rst:2451
# c4bb8c60d3214089b1726fe9bea68db1
msgid "Ensure that the endpointe.url parameter present in the Global Settings is set to the Management Server API URL. For example, ``http://10.102.102.22:8080/client/api``. In a multi-node Management Server deployment, use the virtual IP address configured in the load balancer for the management server's cluster. Additionally, ensure that the NetScaler device has access to this IP address to provide AutoScale support."
msgstr ""

#: ../../networking2.rst:2459
# f6027494d923450aa21e243d185af107
msgid "If you update the endpointe.url, disable the AutoScale functionality of the load balancer rules in the system, then enable them back to reflect the changes. For more information see :ref:`update-autoscale`."
msgstr ""

#: ../../networking2.rst:2465
# 30b6a0dcaf8e406d930c2671bee73f49
msgid "If the API Key and Secret Key are regenerated for an AutoScale user, ensure that the AutoScale functionality of the load balancers that the user participates in are disabled and then enabled to reflect the configuration changes in the NetScaler."
msgstr ""

#: ../../networking2.rst:2472
# 8e11275ad7bc4f9bbae8488f9270ddb9
msgid "In an advanced Zone, ensure that at least one VM should be present before configuring a load balancer rule with AutoScale. Having one VM in the network ensures that the network is in implemented state for configuring AutoScale."
msgstr ""

#: ../../networking2.rst:2478
# 2f62ff61696a4b28b1fe7a6e9ed379af
msgid "Configuration"
msgstr ""

#: ../../networking2.rst:2482
# 6ecf74a9baef420b8f4cf0f4a633ee47
msgid "|autoscaleateconfig.png|"
msgstr ""

#: ../../networking2.rst:2486
# f28a8f2eaa864c579595a69d9339a432
msgid "**Template**: A template consists of a base OS image and application. A template is used to provision the new instance of an application on a scaleup action. When a VM is deployed from a template, the VM can start taking the traffic from the load balancer without any admin intervention. For example, if the VM is deployed for a Web service, it should have the Web server running, the database connected, and so on."
msgstr ""

#: ../../networking2.rst:2496
# ab74533b03a84bf99ebf74e5eb9a1f2d
msgid "**Compute offering**: A predefined set of virtual hardware attributes, including CPU speed, number of CPUs, and RAM size, that the user can select when creating a new virtual machine instance. Choose one of the compute offerings to be used while provisioning a VM instance as part of scaleup action."
msgstr ""

#: ../../networking2.rst:2504
# e0ca6e4baff64455862f60837590f305
msgid "**Min Instance**: The minimum number of active VM instances that is assigned to a load balancing rule. The active VM instances are the application instances that are up and serving the traffic, and are being load balanced. This parameter ensures that a load balancing rule has at least the configured number of active VM instances are available to serve the traffic."
msgstr ""

#: ../../networking2.rst:2512
# 985d35506cb34451b0d15a405feae1a7
msgid "If an application, such as SAP, running on a VM instance is down for some reason, the VM is then not counted as part of Min Instance parameter, and the AutoScale feature initiates a scaleup action if the number of active VM instances is below the configured value. Similarly, when an application instance comes up from its earlier down state, this application instance is counted as part of the active instance count and the AutoScale process initiates a scaledown action when the active instance count breaches the Max instance value."
msgstr ""

#: ../../networking2.rst:2524
# fb0ddc4d1f94403ebeed8e5714b4f617
msgid "**Max Instance**: Maximum number of active VM instances that **should be assigned to**\\ a load balancing rule. This parameter defines the upper limit of active VM instances that can be assigned to a load balancing rule."
msgstr ""

#: ../../networking2.rst:2529
# 783c86a84d0f4c1b833db963b51c82af
msgid "Specifying a large value for the maximum instance parameter might result in provisioning large number of VM instances, which in turn leads to a single load balancing rule exhausting the VM instances limit specified at the account or domain level."
msgstr ""

#: ../../networking2.rst:2535
# 1a3b1e1b09e04f57993e13c4afcb55e0
msgid "If an application, such as SAP, running on a VM instance is down for some reason, the VM is not counted as part of Max Instance parameter. So there may be scenarios where the number of VMs provisioned for a scaleup action might be more than the configured Max Instance value. Once the application instances in the VMs are up from an earlier down state, the AutoScale feature starts aligning to the configured Max Instance value."
msgstr ""

#: ../../networking2.rst:2543
# 6a70933964e74afe83fe5d290058b273
msgid "Specify the following scale-up and scale-down policies:"
msgstr ""

#: ../../networking2.rst:2547
# cf10d74a5d0c41e589755735a7cedc27
msgid "**Duration**: The duration, in seconds, for which the conditions you specify must be true to trigger a scaleup action. The conditions defined should hold true for the entire duration you specify for an AutoScale action to be invoked."
msgstr ""

#: ../../networking2.rst:2554
# a57ca091c3bd43c096bfa98631b1cdde
msgid "**Counter**: The performance counters expose the state of the monitored instances. By default, CloudStack offers four performance counters: Three SNMP counters and one NetScaler counter. The SNMP counters are Linux User CPU, Linux System CPU, and Linux CPU Idle. The NetScaler counter is ResponseTime. The root administrator can add additional counters into CloudStack by using the CloudStack API."
msgstr ""

#: ../../networking2.rst:2563
# a0b4564310ab4971b3f47a61f665d061
msgid "**Operator**: The following five relational operators are supported in AutoScale feature: Greater than, Less than, Less than or equal to, Greater than or equal to, and Equal to."
msgstr ""

#: ../../networking2.rst:2569
# e0ce29c287f846fab5b519e88ea090ee
msgid "**Threshold**: Threshold value to be used for the counter. Once the counter defined above breaches the threshold value, the AutoScale feature initiates a scaleup or scaledown action."
msgstr ""

#: ../../networking2.rst:2575
# 6561f9d06cfe4f6d9874575da794592a
msgid "**Add**: Click Add to add the condition."
msgstr ""

#: ../../networking2.rst:2577
# 1497e6bea4e1463b844a038331cb983f
msgid "Additionally, if you want to configure the advanced settings, click Show advanced settings, and specify the following:"
msgstr ""

#: ../../networking2.rst:2582
# eb929ac5f36d4e0685a50c5cc16f0df5
msgid "**Polling interval**: Frequency in which the conditions, combination of counter, operator and threshold, are to be evaluated before taking a scale up or down action. The default polling interval is 30 seconds."
msgstr ""

#: ../../networking2.rst:2589
# 8d0aedaf4e0f45a6beda1b9421388942
msgid "**Quiet Time**: This is the cool down period after an AutoScale action is initiated. The time includes the time taken to complete provisioning a VM instance from its template and the time taken by an application to be ready to serve traffic. This quiet time allows the fleet to come up to a stable state before any action can take place. The default is 300 seconds."
msgstr ""

#: ../../networking2.rst:2598
# fdefaeca99e24f218e68b41bfe85e3ce
msgid "**Destroy VM Grace Period**: The duration in seconds, after a scaledown action is initiated, to wait before the VM is destroyed as part of scaledown action. This is to ensure graceful close of any pending sessions or transactions being served by the VM marked for destroy. The default is 120 seconds."
msgstr ""

#: ../../networking2.rst:2606
# cf6ffe6f0c4c4e1a868a853debfcdbbf
msgid "**Security Groups**: Security groups provide a way to isolate traffic to the VM instances. A security group is a group of VMs that filter their incoming and outgoing traffic according to a set of rules, called ingress and egress rules. These rules filter network traffic according to the IP address that is attempting to communicate with the VM."
msgstr ""

#: ../../networking2.rst:2615
# c4bd403a66d64d868f4d5b0442abb5f7
msgid "**Disk Offerings**: A predefined set of disk size for primary data storage."
msgstr ""

#: ../../networking2.rst:2620
# 8976b1a845f84354ab47314b3cc692d7
msgid "**SNMP Community**: The SNMP community string to be used by the NetScaler device to query the configured counter value from the provisioned VM instances. Default is public."
msgstr ""

#: ../../networking2.rst:2626
# cca89ffa679d47ad992fe021145932eb
msgid "**SNMP Port**: The port number on which the SNMP agent that run on the provisioned VMs is listening. Default port is 161."
msgstr ""

#: ../../networking2.rst:2631
# e00f8d3ec41440b5b002e2041a08220f
msgid "**User**: This is the user that the NetScaler device use to invoke scaleup and scaledown API calls to the cloud. If no option is specified, the user who configures AutoScaling is applied. Specify another user name to override."
msgstr ""

#: ../../networking2.rst:2638
# 9b84f1bc76c44c38a35321973e56210c
msgid "**Apply**: Click Apply to create the AutoScale configuration."
msgstr ""

#: ../../networking2.rst:2641
# b547fd51c7ac43f6896f5326d0bc8ba8
msgid "Disabling and Enabling an AutoScale Configuration"
msgstr ""

#: ../../networking2.rst:2643
# 38e5928d47d14bc19e1fab9539b611a0
msgid "If you want to perform any maintenance operation on the AutoScale VM instances, disable the AutoScale configuration. When the AutoScale configuration is disabled, no scaleup or scaledown action is performed. You can use this downtime for the maintenance activities. To disable the AutoScale configuration, click the Disable AutoScale |EnableDisable.png| button."
msgstr ""

#: ../../networking2.rst:2649
# 9e667521e0ed422c97c64cd3cd3a8b27
msgid "The button toggles between enable and disable, depending on whether AutoScale is currently enabled or not. After the maintenance operations are done, you can enable the AutoScale configuration back. To enable, open the AutoScale configuration page again, then click the Enable AutoScale |EnableDisable.png| button."
msgstr ""

#: ../../networking2.rst:2658
# 8c265f29a2494792991abbb3daed1b9e
msgid "Updating an AutoScale Configuration"
msgstr ""

#: ../../networking2.rst:2660
# 280deb0a83064852b5f2ddd3b80809a6
msgid "You can update the various parameters and add or delete the conditions in a scaleup or scaledown rule. Before you update an AutoScale configuration, ensure that you disable the AutoScale load balancer rule by clicking the Disable AutoScale button."
msgstr ""

#: ../../networking2.rst:2665
# e7070f9e778042a7aa68aeb88bde2257
msgid "After you modify the required AutoScale parameters, click Apply. To apply the new AutoScale policies, open the AutoScale configuration page again, then click the Enable AutoScale button."
msgstr ""

#: ../../networking2.rst:2670
# e92451dccecb4a40a0c35bcc6e42105a
msgid "Runtime Considerations"
msgstr ""

#: ../../networking2.rst:2674
# 5a7ed98221fc42848a83b71bcc5439f8
msgid "An administrator should not assign a VM to a load balancing rule which is configured for AutoScale."
msgstr ""

#: ../../networking2.rst:2679
# 3afe9927a67b460a9e6faea30ba427fb
msgid "Before a VM provisioning is completed if NetScaler is shutdown or restarted, the provisioned VM cannot be a part of the load balancing rule though the intent was to assign it to a load balancing rule. To workaround, rename the AutoScale provisioned VMs based on the rule name or ID so at any point of time the VMs can be reconciled to its load balancing rule."
msgstr ""

#: ../../networking2.rst:2688
# eee56e4a2e474a04988980cace231253
msgid "Making API calls outside the context of AutoScale, such as destroyVM, on an autoscaled VM leaves the load balancing configuration in an inconsistent state. Though VM is destroyed from the load balancer rule, NetScaler continues to show the VM as a service assigned to a rule."
msgstr ""

#: ../../networking2.rst:2695
# 6da746ba5a56414f91ec2e2db3f82484
msgid "Global Server Load Balancing Support"
msgstr ""

#: ../../networking2.rst:2697
# 81e233e5a8774fe7912bb9d777b02098
msgid "CloudStack supports Global Server Load Balancing (GSLB) functionalities to provide business continuity, and enable seamless resource movement within a CloudStack environment. CloudStack achieve this by extending its functionality of integrating with NetScaler Application Delivery Controller (ADC), which also provides various GSLB capabilities, such as disaster recovery and load balancing. The DNS redirection technique is used to achieve GSLB in CloudStack."
msgstr ""

#: ../../networking2.rst:2705
# 182ac54151764429a54597e47be09455
msgid "In order to support this functionality, region level services and service provider are introduced. A new service 'GSLB' is introduced as a region level service. The GSLB service provider is introduced that will provider the GSLB service. Currently, NetScaler is the supported GSLB provider in CloudStack. GSLB functionality works in an Active-Active data center environment."
msgstr ""

#: ../../networking2.rst:2713
# 8250959d1c994c618634ca275a2acf89
msgid "About Global Server Load Balancing"
msgstr ""

#: ../../networking2.rst:2715
# 23d6ad0ee7e345bd8b6e5a4ff72f0bde
msgid "Global Server Load Balancing (GSLB) is an extension of load balancing functionality, which is highly efficient in avoiding downtime. Based on the nature of deployment, GSLB represents a set of technologies that is used for various purposes, such as load sharing, disaster recovery, performance, and legal obligations. With GSLB, workloads can be distributed across multiple data centers situated at geographically separated locations. GSLB can also provide an alternate location for accessing a resource in the event of a failure, or to provide a means of shifting traffic easily to simplify maintenance, or both."
msgstr ""

#: ../../networking2.rst:2726
# 9df73711bf05422aa3ff011e97b010d0
msgid "Components of GSLB"
msgstr ""

#: ../../networking2.rst:2728
# 0dbce0ca6baa46aeaad670109fbc187b
msgid "A typical GSLB environment is comprised of the following components:"
msgstr ""

#: ../../networking2.rst:2732
# be687e83d654431899ed881ba56746a0
msgid "**GSLB Site**: In CloudStack terminology, GSLB sites are represented by zones that are mapped to data centers, each of which has various network appliances. Each GSLB site is managed by a NetScaler appliance that is local to that site. Each of these appliances treats its own site as the local site and all other sites, managed by other appliances, as remote sites. It is the central entity in a GSLB deployment, and is represented by a name and an IP address."
msgstr ""

#: ../../networking2.rst:2742
# 1a724093f2854945a12f90a9aac0cdf7
msgid "**GSLB Services**: A GSLB service is typically represented by a load balancing or content switching virtual server. In a GSLB environment, you can have a local as well as remote GSLB services. A local GSLB service represents a local load balancing or content switching virtual server. A remote GSLB service is the one configured at one of the other sites in the GSLB setup. At each site in the GSLB setup, you can create one local GSLB service and any number of remote GSLB services."
msgstr ""

#: ../../networking2.rst:2753
# 5fa2919887bc460f94bbe24c89b9d442
msgid "**GSLB Virtual Servers**: A GSLB virtual server refers to one or more GSLB services and balances traffic between traffic across the VMs in multiple zones by using the CloudStack functionality. It evaluates the configured GSLB methods or algorithms to select a GSLB service to which to send the client requests. One or more virtual servers from different zones are bound to the GSLB virtual server. GSLB virtual server does not have a public IP associated with it, instead it will have a FQDN DNS name."
msgstr ""

#: ../../networking2.rst:2764
# 20cb61cdbd444e9a9f11f683a1ee4b35
msgid "**Load Balancing or Content Switching Virtual Servers**: According to Citrix NetScaler terminology, a load balancing or content switching virtual server represents one or many servers on the local network. Clients send their requests to the load balancing or content switching virtual server's virtual IP (VIP) address, and the virtual server balances the load across the local servers. After a GSLB virtual server selects a GSLB service representing either a local or a remote load balancing or content switching virtual server, the client sends the request to that virtual server's VIP address."
msgstr ""

#: ../../networking2.rst:2776
# a5ecee28e9bb433a8951bf3350e6aa91
msgid "**DNS VIPs**: DNS virtual IP represents a load balancing DNS virtual server on the GSLB service provider. The DNS requests for domains for which the GSLB service provider is authoritative can be sent to a DNS VIP."
msgstr ""

#: ../../networking2.rst:2783
# 4eb2a120e2de43caad10fb89f83d8158
msgid "**Authoritative DNS**: ADNS (Authoritative Domain Name Server) is a service that provides actual answer to DNS queries, such as web site IP address. In a GSLB environment, an ADNS service responds only to DNS requests for domains for which the GSLB service provider is authoritative. When an ADNS service is configured, the service provider owns that IP address and advertises it. When you create an ADNS service, the NetScaler responds to DNS queries on the configured ADNS service IP and port."
msgstr ""

#: ../../networking2.rst:2793
# cd935874099944bd8bd07f110b11f0c3
msgid "How Does GSLB Works in CloudStack?"
msgstr ""

#: ../../networking2.rst:2795
# a07db76162554695b05812b43a222375
msgid "Global server load balancing is used to manage the traffic flow to a web site hosted on two separate zones that ideally are in different geographic locations. The following is an illustration of how GLSB functionality is provided in CloudStack: An organization, xyztelco, has set up a public cloud that spans two zones, Zone-1 and Zone-2, across geographically separated data centers that are managed by CloudStack. Tenant-A of the cloud launches a highly available solution by using xyztelco cloud. For that purpose, they launch two instances each in both the zones: VM1 and VM2 in Zone-1 and VM5 and VM6 in Zone-2. Tenant-A acquires a public IP, IP-1 in Zone-1, and configures a load balancer rule to load balance the traffic between VM1 and VM2 instances. CloudStack orchestrates setting up a virtual server on the LB service provider in Zone-1. Virtual server 1 that is set up on the LB service provider in Zone-1 represents a publicly accessible virtual server that client reaches at IP-1. The client traffic to virtual server 1 at IP-1 will be load balanced across VM1 and VM2 instances."
msgstr ""

#: ../../networking2.rst:2812
# 7522dda4534f412e9114fbef583cdbc4
msgid "Tenant-A acquires another public IP, IP-2 in Zone-2 and sets up a load balancer rule to load balance the traffic between VM5 and VM6 instances. Similarly in Zone-2, CloudStack orchestrates setting up a virtual server on the LB service provider. Virtual server 2 that is setup on the LB service provider in Zone-2 represents a publicly accessible virtual server that client reaches at IP-2. The client traffic that reaches virtual server 2 at IP-2 is load balanced across VM5 and VM6 instances. At this point Tenant-A has the service enabled in both the zones, but has no means to set up a disaster recovery plan if one of the zone fails. Additionally, there is no way for Tenant-A to load balance the traffic intelligently to one of the zones based on load, proximity and so on. The cloud administrator of xyztelco provisions a GSLB service provider to both the zones. A GSLB provider is typically an ADC that has the ability to act as an ADNS (Authoritative Domain Name Server) and has the mechanism to monitor health of virtual servers both at local and remote sites. The cloud admin enables GSLB as a service to the tenants that use zones 1 and 2."
msgstr ""

#: ../../networking2.rst:2830
# 89319188219b404eb12377733494db5a
msgid "|gslb.png|"
msgstr ""

#: ../../networking2.rst:2832
# b984591edede4102820e3e91af964094
msgid "Tenant-A wishes to leverage the GSLB service provided by the xyztelco cloud. Tenant-A configures a GSLB rule to load balance traffic across virtual server 1 at Zone-1 and virtual server 2 at Zone-2. The domain name is provided as A.xyztelco.com. CloudStack orchestrates setting up GSLB virtual server 1 on the GSLB service provider at Zone-1. CloudStack binds virtual server 1 of Zone-1 and virtual server 2 of Zone-2 to GLSB virtual server 1. GSLB virtual server 1 is configured to start monitoring the health of virtual server 1 and 2 in Zone-1. CloudStack will also orchestrate setting up GSLB virtual server 2 on GSLB service provider at Zone-2. CloudStack will bind virtual server 1 of Zone-1 and virtual server 2 of Zone-2 to GLSB virtual server 2. GSLB virtual server 2 is configured to start monitoring the health of virtual server 1 and 2. CloudStack will bind the domain A.xyztelco.com to both the GSLB virtual server 1 and 2. At this point, Tenant-A service will be globally reachable at A.xyztelco.com. The private DNS server for the domain xyztelcom.com is configured by the admin out-of-band to resolve the domain A.xyztelco.com to the GSLB providers at both the zones, which are configured as ADNS for the domain A.xyztelco.com. A client when sends a DNS request to resolve A.xyztelcom.com, will eventually get DNS delegation to the address of GSLB providers at zone 1 and 2. A client DNS request will be received by the GSLB provider. The GSLB provider, depending on the domain for which it needs to resolve, will pick up the GSLB virtual server associated with the domain. Depending on the health of the virtual servers being load balanced, DNS request for the domain will be resolved to the public IP associated with the selected virtual server."
msgstr ""

#: ../../networking2.rst:2860
# 8456ab01fb394c3383eeb5029e812dc5
msgid "Configuring GSLB"
msgstr ""

#: ../../networking2.rst:2862
# a2ddfa5eb5c04d4b8969f09f92f69456
msgid "To configure a GSLB deployment, you must first configure a standard load balancing setup for each zone. This enables you to balance load across the different servers in each zone in the region. Then on the NetScaler side, configure both NetScaler appliances that you plan to add to each zone as authoritative DNS (ADNS) servers. Next, create a GSLB site for each zone, configure GSLB virtual servers for each site, create GLSB services, and bind the GSLB services to the GSLB virtual servers. Finally, bind the domain to the GSLB virtual servers. The GSLB configurations on the two appliances at the two different zones are identical, although each sites load-balancing configuration is specific to that site."
msgstr ""

#: ../../networking2.rst:2874
# 6d13a7e3c72d4d0fbbf094a3a0048b5e
msgid "Perform the following as a cloud administrator. As per the example given above, the administrator of xyztelco is the one who sets up GSLB:"
msgstr ""

#: ../../networking2.rst:2879
# 1b13dfc3a4704d5a8fa68973611763ec
msgid "In the cloud.dns.name global parameter, specify the DNS name of your tenant's cloud that make use of the GSLB service."
msgstr ""

#: ../../networking2.rst:2884
# 24fa8e0bc85a4858bb09168558689b88
msgid "On the NetScaler side, configure GSLB as given in `Configuring Global Server Load Balancing (GSLB) <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-con.html>`_:"
msgstr ""

#: ../../networking2.rst:2890
# 4527dca57f1440febc672d19e072283e
msgid "Configuring a standard load balancing setup."
msgstr ""

#: ../../networking2.rst:2894
# 0c91751454f842ed867ba1142e0082af
msgid "Configure Authoritative DNS, as explained in `Configuring an Authoritative DNS Service <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-adns-svc-tsk.html>`_."
msgstr ""

#: ../../networking2.rst:2900
# 81d14d2da5084c1491a9261135038ca2
msgid "Configure a GSLB site with site name formed from the domain name details."
msgstr ""

#: ../../networking2.rst:2903
# b8bd9fe16daa4ddab41339b4016d8128
msgid "Configure a GSLB site with the site name formed from the domain name."
msgstr ""

#: ../../networking2.rst:2906
# ec8346bdb6fb4e9b85623f3b7fedc33b
msgid "As per the example given above, the site names are A.xyztelco.com and B.xyztelco.com."
msgstr ""

#: ../../networking2.rst:2909
# 7e764b73be594f529ea85676104ba0d9
msgid "For more information, see `Configuring a Basic GSLB Site <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-basic-site-tsk.html>`_."
msgstr ""

#: ../../networking2.rst:2914
# e8b2b78d2bcc4ead899d033a82688d6a
msgid "Configure a GSLB virtual server."
msgstr ""

#: ../../networking2.rst:2916
# a658718fb49e4176814d60e01d81a6c3
msgid "For more information, see `Configuring a GSLB Virtual Server <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-vsvr-tsk.html>`_."
msgstr ""

#: ../../networking2.rst:2921
# 5bc91629e58046eabfa170a8ff9228cd
msgid "Configure a GSLB service for each virtual server."
msgstr ""

#: ../../networking2.rst:2923
# ad990e26ce2c411081c88e66a273cb2c
msgid "For more information, see `Configuring a GSLB Service <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-svc-tsk.html>`_."
msgstr ""

#: ../../networking2.rst:2928
# c239f4ef8dcf4da58541d9bb39333eb2
msgid "Bind the GSLB services to the GSLB virtual server."
msgstr ""

#: ../../networking2.rst:2930
# 1e702a12b98043e2bacf01a137ee482e
msgid "For more information, see `Binding GSLB Services to a GSLB Virtual Server <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-bind-svc-vsvr-tsk.html>`_."
msgstr ""

#: ../../networking2.rst:2935
# 10e534b7d92e4b40ad06805f6092f802
msgid "Bind domain name to GSLB virtual server. Domain name is obtained from the domain details."
msgstr ""

#: ../../networking2.rst:2938
# 604d20e5aff64a2e9c6634fcbc5268e5
msgid "For more information, see `Binding a Domain to a GSLB Virtual Server <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-bind-dom-vsvr-tsk.html>`_."
msgstr ""

#: ../../networking2.rst:2943
# 0ac7add23ac4439ca08fc7caba76441e
msgid "In each zone that are participating in GSLB, add GSLB-enabled NetScaler device."
msgstr ""

#: ../../networking2.rst:2946
# 5d9a5dd2235f42579a6118838bb636fa
msgid "For more information, see :ref:`enabling-gslb-in-ns`."
msgstr ""

#: ../../networking2.rst:2948
# ff5093bc021b4c379b8656f628935267
msgid "As a domain administrator/ user perform the following:"
msgstr ""

#: ../../networking2.rst:2952
# 1ef3c0fd004d43e69534e4a5de7f38d8
msgid "Add a GSLB rule on both the sites."
msgstr ""

#: ../../networking2.rst:2954
# 5779d01501a3442eadc72060d6a298e3
msgid "See \":ref:`adding-gslb-rule`\"."
msgstr ""

#: ../../networking2.rst:2958
# cbd719c880074f4d8e40125c6a766be2
msgid "Assign load balancer rules."
msgstr ""

#: ../../networking2.rst:2960
# c9a1fb87306b486dad29aa18bd3d8819
msgid "See \":ref:`assigning-lb-rule-gslb`\"."
msgstr ""

#: ../../networking2.rst:2967
# a1b0865343b54113bc0065aa808ec8cb
msgid "The GSLB functionality is supported both Basic and Advanced zones."
msgstr ""

#: ../../networking2.rst:2971
# da30d8fa37d94effb410d14171ff906b
msgid "GSLB is added as a new network service."
msgstr ""

#: ../../networking2.rst:2975
# 13eb68d1468e4d7c99753052f9b72a15
msgid "GSLB service provider can be added to a physical network in a zone."
msgstr ""

#: ../../networking2.rst:2979
# 6384b810c9a4410c9ae8f67816e13cd9
msgid "The admin is allowed to enable or disable GSLB functionality at region level."
msgstr ""

#: ../../networking2.rst:2984
# dbd35e047b8d4eb89dde586187f3d0eb
msgid "The admin is allowed to configure a zone as GSLB capable or enabled."
msgstr ""

#: ../../networking2.rst:2986
# 58bd5b2c58a9407692791abdff3e6e54
msgid "A zone shall be considered as GSLB capable only if a GSLB service provider is provisioned in the zone."
msgstr ""

#: ../../networking2.rst:2991
# efc18977b5ac4e84a963305554993e11
msgid "When users have VMs deployed in multiple availability zones which are GSLB enabled, they can use the GSLB functionality to load balance traffic across the VMs in multiple zones."
msgstr ""

#: ../../networking2.rst:2997
# e793a1e1efc84729991ede4558891921
msgid "The users can use GSLB to load balance across the VMs across zones in a region only if the admin has enabled GSLB in that region."
msgstr ""

#: ../../networking2.rst:3002
# 4c4a8f9e84ea44b19390f5fd020277fb
msgid "The users can load balance traffic across the availability zones in the same region or different regions."
msgstr ""

#: ../../networking2.rst:3007
# 4a914f83d04549c29de6013290e3e7f4
msgid "The admin can configure DNS name for the entire cloud."
msgstr ""

#: ../../networking2.rst:3011
# 596f9eade21844dfa16d3d964f7ce03d
msgid "The users can specify an unique name across the cloud for a globally load balanced service. The provided name is used as the domain name under the DNS name associated with the cloud."
msgstr ""

#: ../../networking2.rst:3015
# 6547e809a9f240ed88dd1d5c4a9d325d
msgid "The user-provided name along with the admin-provided DNS name is used to produce a globally resolvable FQDN for the globally load balanced service of the user. For example, if the admin has configured xyztelco.com as the DNS name for the cloud, and user specifies 'foo' for the GSLB virtual service, then the FQDN name of the GSLB virtual service is foo.xyztelco.com."
msgstr ""

#: ../../networking2.rst:3024
# 954c733062ed4faaae39782c315285fc
msgid "While setting up GSLB, users can select a load balancing method, such as round robin, for using across the zones that are part of GSLB."
msgstr ""

#: ../../networking2.rst:3029
# b7249d54a14f4c3e9ab5f0ef17a864dd
msgid "The user shall be able to set weight to zone-level virtual server. Weight shall be considered by the load balancing method for distributing the traffic."
msgstr ""

#: ../../networking2.rst:3035
# d0d2828b22794506bce6cc04c652759f
msgid "The GSLB functionality shall support session persistence, where series of client requests for particular domain name is sent to a virtual server on the same zone."
msgstr ""

#: ../../networking2.rst:3039
# fe2366a38bbf4359aa47d04dbbe9ef53
msgid "Statistics is collected from each GSLB virtual server."
msgstr ""

#: ../../networking2.rst:3044
# 310bede319094d1a81dd13ae031d171e
msgid "Enabling GSLB in NetScaler"
msgstr ""

#: ../../networking2.rst:3046
# 6cf5dc558b0541b38ee30e8b09f0a119
msgid "In each zone, add GSLB-enabled NetScaler device for load balancing."
msgstr ""

#: ../../networking2.rst:3050
# db33d472d3bd4ea6aefc696bbb848e61
msgid "Log in as administrator to the CloudStack UI."
msgstr ""

#: ../../networking2.rst:3058
# 71afbe01841a4e11a0fcc15b17786d36
msgid "In Zones, click View More."
msgstr ""

#: ../../networking2.rst:3066
# e790f063f0054d8fa2f47e81ff50ca59
msgid "Click the Physical Network tab, then click the name of the physical network."
msgstr ""

#: ../../networking2.rst:3071
# 9e1c9696e24a415ca0080414be0196e6
msgid "In the Network Service Providers node of the diagram, click Configure."
msgstr ""

#: ../../networking2.rst:3074
# 536e22d770c44b319d5ee4d2ae4b2153
msgid "You might have to scroll down to see this."
msgstr ""

#: ../../networking2.rst:3078
# 21cd237381d44ee58898516d998a4372
msgid "Click NetScaler."
msgstr ""

#: ../../networking2.rst:3082
# 5bca2c9d180b435bb43c10f72d8b4f50
msgid "Click Add NetScaler device and provide the following:"
msgstr ""

#: ../../networking2.rst:3084
# c101c1fb776f45a3b10751c976f19dff
msgid "For NetScaler:"
msgstr ""

#: ../../networking2.rst:3088
# 2ba731212f4e4d97bf33b98b02462f31
msgid "**IP Address**: The IP address of the SDX."
msgstr ""

#: ../../networking2.rst:3092
# f6756edb0b2749a28f89727cedd914de
msgid "**Username/Password**: The authentication credentials to access the device. CloudStack uses these credentials to access the device."
msgstr ""

#: ../../networking2.rst:3098
# c289535d0983447bb28313242c1afcfd
msgid "**Type**: The type of device that is being added. It could be F5 Big Ip Load Balancer, NetScaler VPX, NetScaler MPX, or NetScaler SDX. For a comparison of the NetScaler types, see the CloudStack Administration Guide."
msgstr ""

#: ../../networking2.rst:3105
# fcf8d7c54d854ef6ac2504c8b710bdea
msgid "**Public interface**: Interface of device that is configured to be part of the public network."
msgstr ""

#: ../../networking2.rst:3110
# 770c0db7ca88466d9f7a6723075a9f24
msgid "**Private interface**: Interface of device that is configured to be part of the private network."
msgstr ""

#: ../../networking2.rst:3115
# ea63258ee8704f1d9b63279f814a6194
msgid "**GSLB service**: Select this option."
msgstr ""

#: ../../networking2.rst:3119
# 8b775a110efc48adafc54539a743a373
msgid "**GSLB service Public IP**: The public IP address of the NAT translator for a GSLB service that is on a private network."
msgstr ""

#: ../../networking2.rst:3124
# 721d09d62d574127acbc4eedf582a400
msgid "**GSLB service Private IP**: The private IP of the GSLB service."
msgstr ""

#: ../../networking2.rst:3128
# 58903b1562ff43d3ac2842018f153a1f
msgid "**Number of Retries**. Number of times to attempt a command on the device before considering the operation failed. Default is 2."
msgstr ""

#: ../../networking2.rst:3133
# 8453399635794a5dafd95e6644881b34
msgid "**Capacity**: The number of networks the device can handle."
msgstr ""

#: ../../networking2.rst:3137
# 032a009f433441a7a9ea141a1a37190f
msgid "**Dedicated**: When marked as dedicated, this device will be dedicated to a single account. When Dedicated is checked, the value in the Capacity field has no significance implicitly, its value is 1."
msgstr ""

#: ../../networking2.rst:3149
# 9c1c5bdbb7b04a5081ee5ee1be823231
msgid "Adding a GSLB Rule"
msgstr ""

#: ../../networking2.rst:3153
#: ../../networking2.rst:3224
# 9886f1b9081c4b2b9f94068c36234301
# c0bb3b92c34f4bc79ff38db4f1867976
msgid "Log in to the CloudStack UI as a domain administrator or user."
msgstr ""

#: ../../networking2.rst:3157
#: ../../networking2.rst:3228
# cf94d6818dfd454bb24a0197b45b1c89
# 1631e25bb98e44a68e0491ede5dc221d
msgid "In the left navigation pane, click Region."
msgstr ""

#: ../../networking2.rst:3161
#: ../../networking2.rst:3232
# 99089f1571d2400ba327b8e2e914141f
# d38f849a92654b41b37919edf2efdf78
msgid "Select the region for which you want to create a GSLB rule."
msgstr ""

#: ../../networking2.rst:3165
#: ../../networking2.rst:3236
# 17cf4f5a1948405ab27b253588ef1352
# 98821ced62fd453b90d3870422da2536
msgid "In the Details tab, click View GSLB."
msgstr ""

#: ../../networking2.rst:3169
# 6a85608ee29b4baca127e393abe5ad11
msgid "Click Add GSLB."
msgstr ""

#: ../../networking2.rst:3171
# 0ae5d0eae58a463db228c0ee3c3f2d0e
msgid "The Add GSLB page is displayed as follows:"
msgstr ""

#: ../../networking2.rst:3173
# b9b04ceabaa9463d85a4faf511f47d57
msgid "|gslb-add.png|"
msgstr ""

#: ../../networking2.rst:3181
# 3cc1ebf185774545998478f479bffa85
msgid "**Name**: Name for the GSLB rule."
msgstr ""

#: ../../networking2.rst:3185
# c0e402372e814565bdeff0182a1d1779
msgid "**Description**: (Optional) A short description of the GSLB rule that can be displayed to users."
msgstr ""

#: ../../networking2.rst:3190
# 727d582900354d2bb9e4a0301b19cc35
msgid "**GSLB Domain Name**: A preferred domain name for the service."
msgstr ""

#: ../../networking2.rst:3194
# ef12427c38c94561abed938f4a2bbd8c
msgid "**Algorithm**: (Optional) The algorithm to use to load balance the traffic across the zones. The options are Round Robin, Least Connection, and Proximity."
msgstr ""

#: ../../networking2.rst:3200
# 241c813551f64e92b78dfd290df99cfe
msgid "**Service Type**: The transport protocol to use for GSLB. The options are TCP and UDP."
msgstr ""

#: ../../networking2.rst:3205
# aa4bcbd25cf647e1ab4384586b654409
msgid "**Domain**: (Optional) The domain for which you want to create the GSLB rule."
msgstr ""

#: ../../networking2.rst:3210
# 839afecaeeed4cbbb6ef0bb21bf498f3
msgid "**Account**: (Optional) The account on which you want to apply the GSLB rule."
msgstr ""

#: ../../networking2.rst:3220
# 2ab62b2492a3407ca085e8666b106fa4
msgid "Assigning Load Balancing Rules to GSLB"
msgstr ""

#: ../../networking2.rst:3240
# 7c5601cd6ce640e8b5dc8a45589bad59
msgid "Select the desired GSLB."
msgstr ""

#: ../../networking2.rst:3244
# cf5bad08cdb4408c83d7b139e0c64547
msgid "Click view assigned load balancing."
msgstr ""

#: ../../networking2.rst:3248
# e8ee6a81561b4140a5fc1b69a76cc736
msgid "Click assign more load balancing."
msgstr ""

#: ../../networking2.rst:3252
# 645c7738ea8643bb8dc363416867e170
msgid "Select the load balancing rule you have created for the zone."
msgstr ""

#: ../../networking2.rst:3259
# 607875c969314174b33d5ffe591d6d01
msgid "Known Limitation"
msgstr ""

#: ../../networking2.rst:3261
# 7b4f744d0ba14d0793259da18acaa8e4
msgid "Currently, CloudStack does not support orchestration of services across the zones. The notion of services and service providers in region are to be introduced."
msgstr ""

#: ../../networking2.rst:3266
# 07d2c270666b4ce5b27e2329f4a46336
msgid "Guest IP Ranges"
msgstr ""

#: ../../networking2.rst:3268
# 5ba35a4bec1d4cd086d34463a8fd3b26
msgid "The IP ranges for guest network traffic are set on a per-account basis by the user. This allows the users to configure their network in a fashion that will enable VPN linking between their guest network and their clients."
msgstr ""

#: ../../networking2.rst:3273
# 24793eb079054dad8ef15f9ce2ce53ad
msgid "In shared networks in Basic zone and Security Group-enabled Advanced networks, you will have the flexibility to add multiple guest IP ranges from different subnets. You can add or remove one IP range at a time. For more information, see `\"About Multiple IP Ranges\" <#about-multiple-ip-ranges>`_."
msgstr ""

#: ../../networking2.rst:3280
# 1a16911ddff840da827812b45ff09025
msgid "Acquiring a New IP Address"
msgstr ""

#: ../../networking2.rst:3308
# 2959313cb3534153848362cb02ce12c0
msgid "If you want Portable IP click Yes in the confirmation dialog. If you want a normal Public IP click No."
msgstr ""

#: ../../networking2.rst:3311
# 83e09cc7cc8940f6aa9b890d0011f628
msgid "For more information on Portable IP, see `\"Portable IPs\" <#portable-ips>`_."
msgstr ""

#: ../../networking2.rst:3319
# e238190f4d8f4177ac72494fa5eb1d72
msgid "Releasing an IP Address"
msgstr ""

#: ../../networking2.rst:3321
# 84c5bd1b7c19450b9c9a23243730fa62
msgid "When the last rule for an IP address is removed, you can release that IP address. The IP address still belongs to the VPC; however, it can be picked up for any guest network again."
msgstr ""

#: ../../networking2.rst:3343
# cf51c9fcec0b45fa99f4d7aeeb1b1c06
msgid "Click the IP address you want to release."
msgstr ""

#: ../../networking2.rst:3347
# e09fbcc9c5114e19a679764fe1714c1a
msgid "Click the Release IP button. |ReleaseIPButton.png|"
msgstr ""

#: ../../networking2.rst:3351
#: ../../networking2.rst:3923
#: ../../networking2.rst:4395
#: ../../networking2.rst:4495
#: ../../networking2.rst:4687
#: ../../networking2.rst:5291
#: ../../networking2.rst:5550
#: ../../networking2.rst:5876
#: ../../networking2.rst:5963
#: ../../networking2.rst:6055
#: ../../networking2.rst:6298
#: ../../networking2.rst:6692
# a1e27ff808d74a1ca5f49c2d72593b00
# c329d8910228495faeb8d66b4e61c0b6
# f699725aeceb41beb4bd661924beb0fe
# b55b701c8a634f42a9019c46b5f7a204
# 7c788a2a5d3640c99e8cc0ae99940251
# 160c7d49caad47f7ae0c0b2f98aff672
# 37a5880aa697458fb42243e1e26fc671
# 8980bc62961847a7bb55dc12efac6df7
# 1918561df94f4fa4bfa406d4ed4cd1a1
# b5960db5e5104fafa693db42db76ba47
# 9cd72aa996794ce4bd207159d1fa8742
# abe42da7383441778d0131125e8ff6c8
msgid "Static NAT"
msgstr ""

#: ../../networking2.rst:3353
# b1f96220fd994b41b5fa5fdebccab0b4
msgid "A static NAT rule maps a public IP address to the private IP address of a VM in order to allow Internet traffic into the VM. The public IP address always remains the same, which is why it is called “static” NAT. This section tells how to enable or disable static NAT for a particular IP address."
msgstr ""

#: ../../networking2.rst:3360
# d98473b1ef2041a7877e6841336bbe2f
msgid "Enabling or Disabling Static NAT"
msgstr ""

#: ../../networking2.rst:3362
#: ../../networking2.rst:6014
# 66e31a75defd4e2e88802eaa37a23902
# 507d4788f25d423c84d95132346afd2b
msgid "If port forwarding rules are already in effect for an IP address, you cannot enable static NAT to that IP."
msgstr ""

#: ../../networking2.rst:3365
#: ../../networking2.rst:6017
# 28d0504840374a70bd1ec4eab3c57295
# dd68e0b051b34d709557d0f739c568ac
msgid "If a guest VM is part of more than one network, static NAT rules will function only if they are defined on the default network."
msgstr ""

#: ../../networking2.rst:3386
#: ../../networking2.rst:3460
# 4f6ac41af4434f21b7bbb61428e5bd46
# 6f85b85b1cd24dbeb7fffdbd01f0afa2
msgid "Click the IP address you want to work with."
msgstr ""

#: ../../networking2.rst:3390
# 326984a3cc3446ed806cf614b48f5841
msgid "Click the Static NAT |enabledisablenat.png| button."
msgstr ""

#: ../../networking2.rst:3393
# a372a7da12b54432889a1a60bab4be8a
msgid "The button toggles between Enable and Disable, depending on whether static NAT is currently enabled for the IP address."
msgstr ""

#: ../../networking2.rst:3398
# 78c5d4edd8db44cf9d448e10f2a89813
msgid "If you are enabling static NAT, a dialog appears where you can choose the destination VM and click Apply."
msgstr ""

#: ../../networking2.rst:3402
# 88e457a0ae3145f49ab4f361af8d4a4a
msgid "IP Forwarding and Firewalling"
msgstr ""

#: ../../networking2.rst:3404
# 9abca0c542c1441f8b116871bcce046d
msgid "By default, all incoming traffic to the public IP address is rejected. All outgoing traffic from the guests is also blocked by default."
msgstr ""

#: ../../networking2.rst:3407
# 1dd28301d9264826b4c64d6f13edf77f
msgid "To allow outgoing traffic, follow the procedure in :ref:`egress-fw-rules`."
msgstr ""

#: ../../networking2.rst:3409
# 35f67e1320f941ac85f0fbb87f8fb385
msgid "To allow incoming traffic, users may set up firewall rules and/or port forwarding rules. For example, you can use a firewall rule to open a range of ports on the public IP address, such as 33 through 44. Then use port forwarding rules to direct traffic from individual ports within that range to specific ports on user VMs. For example, one port forwarding rule could route incoming traffic on the public IP's port 33 to port 100 on one user VM's private IP."
msgstr ""

#: ../../networking2.rst:3418
# 9229b4cb0661463cab6efc5582184abc
msgid "Firewall Rules"
msgstr ""

#: ../../networking2.rst:3420
# d51a292426874329a0951777c1772476
msgid "By default, all incoming traffic to the public IP address is rejected by the firewall. To allow external traffic, you can open firewall ports by specifying firewall rules. You can optionally specify one or more CIDRs to filter the source IPs. This is useful when you want to allow only incoming requests from certain IP addresses."
msgstr ""

#: ../../networking2.rst:3426
# 59963a8e5da34833bc437796df5d300c
msgid "You cannot use firewall rules to open ports for an elastic IP address. When elastic IP is used, outside access is instead controlled through the use of security groups. See `\"Adding a Security Group\" <#adding-a-security-group>`_."
msgstr ""

#: ../../networking2.rst:3431
# f9d2eb76396f4589896d0f4797e8c77b
msgid "In an advanced zone, you can also create egress firewall rules by using the virtual router. For more information, see \":ref:`egress-fw-rules`\"."
msgstr ""

#: ../../networking2.rst:3434
# ee967d9902434ce68b69c49226492070
msgid "Firewall rules can be created using the Firewall tab in the Management Server UI. This tab is not displayed by default when CloudStack is installed. To display the Firewall tab, the CloudStack administrator must set the global configuration parameter firewall.rule.ui.enabled to \"true.\""
msgstr ""

#: ../../networking2.rst:3440
# 9ceb40041acc44ed8cb1dbd759ffa528
msgid "To create a firewall rule:"
msgstr ""

#: ../../networking2.rst:3464
# c2c48ea9ba7d4778bc6bc6820adf83f0
msgid "Click the Configuration tab and fill in the following values."
msgstr ""

#: ../../networking2.rst:3468
# f889ae51ce804cde9da76459ef8ca9f6
msgid "**Source CIDR**. (Optional) To accept only traffic from IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. Example: 192.168.0.0/22. Leave empty to allow all CIDRs."
msgstr ""

#: ../../networking2.rst:3475
# 036b027b27144215b7da6ad75fa7c68e
msgid "**Protocol**. The communication protocol in use on the opened port(s)."
msgstr ""

#: ../../networking2.rst:3480
# d8ab296b3ccd4f159dba1554303104e4
msgid "**Start Port and End Port**. The port(s) you want to open on the firewall. If you are opening a single port, use the same number in both fields"
msgstr ""

#: ../../networking2.rst:3486
# 45ba206ce4584c259c3d086badc5d9dc
msgid "**ICMP Type and ICMP Code**. Used only if Protocol is set to ICMP. Provide the type and code required by the ICMP protocol to fill out the ICMP header. Refer to ICMP documentation for more details if you are not sure what to enter"
msgstr ""

#: ../../networking2.rst:3498
# 83c407ae9e1d47c5a3a71b8e00327dee
msgid "Egress Firewall Rules in an Advanced Zone"
msgstr ""

#: ../../networking2.rst:3500
# 5c422781131a4989a954e4495b8e8630
msgid "The egress traffic originates from a private network to a public network, such as the Internet. By default, the egress traffic is blocked in default network offerings, so no outgoing traffic is allowed from a guest network to the Internet. However, you can control the egress traffic in an Advanced zone by creating egress firewall rules. When an egress firewall rule is applied, the traffic specific to the rule is allowed and the remaining traffic is blocked. When all the firewall rules are removed the default policy, Block, is applied."
msgstr ""

#: ../../networking2.rst:3512
# 9feacce2e10b4e7890c88a3bcc0a75fa
msgid "Consider the following scenarios to apply egress firewall rules:"
msgstr ""

#: ../../networking2.rst:3516
# 2fbbeae49f87458890dd0c859e95d758
msgid "Egress firewall rules are supported on Juniper SRX and virtual router."
msgstr ""

#: ../../networking2.rst:3521
# 4559d85d3913439095bf17b9b34c926e
msgid "The egress firewall rules are not supported on shared networks."
msgstr ""

#: ../../networking2.rst:3525
# 83d00a1385a048c1a78d6ff81e6d2c18
msgid "Allow the egress traffic from specified source CIDR. The Source CIDR is part of guest network CIDR."
msgstr ""

#: ../../networking2.rst:3530
# 958ef1560ca04b98b84aad9240aa503e
msgid "Allow the egress traffic with protocol TCP,UDP,ICMP, or ALL."
msgstr ""

#: ../../networking2.rst:3534
# 07016fef8ef94149b04668cd6107f2a4
msgid "Allow the egress traffic with protocol and destination port range. The port range is specified for TCP, UDP or for ICMP type and code."
msgstr ""

#: ../../networking2.rst:3539
# d4588055cabf49ef8eb1caa7313a181a
msgid "The default policy is Allow for the new network offerings, whereas on upgrade existing network offerings with firewall service providers will have the default egress policy Deny."
msgstr ""

#: ../../networking2.rst:3544
# 73084bef40134e449ffe9d78b00d3ba2
msgid "Configuring an Egress Firewall Rule"
msgstr ""

#: ../../networking2.rst:3556
# eed98622c7604cfa83eec241a54202d7
msgid "In Select view, choose Guest networks, then click the Guest network you want."
msgstr ""

#: ../../networking2.rst:3561
# 8d5d5eaa44ef455786d9d7d6a412826e
msgid "To add an egress rule, click the Egress rules tab and fill out the following fields to specify what type of traffic is allowed to be sent out of VM instances in this guest network:"
msgstr ""

#: ../../networking2.rst:3565
# 615b7e1b5d4a4afba201cbd868ebcae4
msgid "|egress-firewall-rule.png|"
msgstr ""

#: ../../networking2.rst:3569
# 3b0e293e06344c648450ac61d33c6e86
msgid "**CIDR**: (Add by CIDR only) To send traffic only to the IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. The CIDR is the base IP address of the destination. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0."
msgstr ""

#: ../../networking2.rst:3577
# a81a39ae46914bcbb4b99900eb016883
msgid "**Protocol**: The networking protocol that VMs uses to send outgoing traffic. The TCP and UDP protocols are typically used for data exchange and end-user communications. The ICMP protocol is typically used to send error messages or network monitoring data."
msgstr ""

#: ../../networking2.rst:3584
# cf939bab32ca4167afcce4eddff3015e
msgid "**Start Port, End Port**: (TCP, UDP only) A range of listening ports that are the destination for the outgoing traffic. If you are opening a single port, use the same number in both fields."
msgstr ""

#: ../../networking2.rst:3590
# 12c38b633f1f4796af7e5704d6128627
msgid "**ICMP Type, ICMP Code**: (ICMP only) The type of message and error code that are sent."
msgstr ""

#: ../../networking2.rst:3598
# 2cd26bb0b191473db9267cd6ec1492e7
msgid "Configuring the Default Egress Policy"
msgstr ""

#: ../../networking2.rst:3600
# 68762a16d8b94ae298a95f68573272e3
msgid "The default egress policy for Isolated guest network is configured by using Network offering. Use the create network offering option to determine whether the default policy should be block or allow all the traffic to the public network from a guest network. Use this network offering to create the network. If no policy is specified, by default all the traffic is allowed from the guest network that you create by using this network offering."
msgstr ""

#: ../../networking2.rst:3608
# 1113d91089884de2966c0431459b50af
msgid "You have two options: Allow and Deny."
msgstr ""

#: ../../networking2.rst:3611
# 675178fcb7144053a9b257ebdc760670
msgid "Allow"
msgstr ""

#: ../../networking2.rst:3613
# db1c618c19734644b9f8f3714393f25c
msgid "If you select Allow for a network offering, by default egress traffic is allowed. However, when an egress rule is configured for a guest network, rules are applied to block the specified traffic and rest are allowed. If no egress rules are configured for the network, egress traffic is accepted."
msgstr ""

#: ../../networking2.rst:3620
#: ../../networking2.rst:5253
#: ../../networking2.rst:5254
# cd74f40051e845018f993bc3377272b7
# ada70d776fb44fff9ae52224ac02290a
# 6870c74dca5142b0a048f825f2f357dc
msgid "Deny"
msgstr ""

#: ../../networking2.rst:3622
# 8766188244b541e08448f923693d31d9
msgid "If you select Deny for a network offering, by default egress traffic for the guest network is blocked. However, when an egress rules is configured for a guest network, rules are applied to allow the specified traffic. While implementing a guest network, CloudStack adds the firewall egress rule specific to the default egress policy for the guest network."
msgstr ""

#: ../../networking2.rst:3629
# 57f1dde63b4949e5a229d6af14593571
msgid "This feature is supported only on virtual router and Juniper SRX."
msgstr ""

#: ../../networking2.rst:3633
# a711b3baa28c4e3fa0ee4a98adacfcc8
msgid "Create a network offering with your desirable default egress policy:"
msgstr ""

#: ../../networking2.rst:3637
# c311057000004a4bb96e882cffcc28ce
msgid "Log in with admin privileges to the CloudStack UI."
msgstr ""

#: ../../networking2.rst:3641
# 25106537239545dc82409a24f0e06bd6
msgid "In the left navigation bar, click Service Offerings."
msgstr ""

#: ../../networking2.rst:3645
# 9289d78fd54546e3ac890ba5e790db43
msgid "In Select Offering, choose Network Offering."
msgstr ""

#: ../../networking2.rst:3649
#: ../../networking2.rst:6181
#: ../../networking2.rst:6486
# 09e3077c1dd044d899bb41898736a9b2
# f6c2630b089b4f4ab8805c97a1cae4af
# e7fccdf8282c4f6c8d7a6e5836840c19
msgid "Click Add Network Offering."
msgstr ""

#: ../../networking2.rst:3653
# 9c68f5258ad84445be883d57d0570c1e
msgid "In the dialog, make necessary choices, including firewall provider."
msgstr ""

#: ../../networking2.rst:3658
# cc2848c801fa426abd8304928f336162
msgid "In the Default egress policy field, specify the behaviour."
msgstr ""

#: ../../networking2.rst:3666
# a536099bc33f41dca54d66a4d01bd083
msgid "Create an isolated network by using this network offering."
msgstr ""

#: ../../networking2.rst:3668
# 4d9a8aef2dad4881b4fc8e1396be6aa2
msgid "Based on your selection, the network will have the egress public traffic blocked or allowed."
msgstr ""

#: ../../networking2.rst:3672
# fbdeecae49e641c1b71f8f62cb19d1e8
msgid "Port Forwarding"
msgstr ""

#: ../../networking2.rst:3674
# 242ca59ae1ec44818bf282c05c1a6171
msgid "A port forward service is a set of port forwarding rules that define a policy. A port forward service is then applied to one or more guest VMs. The guest VM then has its inbound network access managed according to the policy defined by the port forwarding service. You can optionally specify one or more CIDRs to filter the source IPs. This is useful when you want to allow only incoming requests from certain IP addresses to be forwarded."
msgstr ""

#: ../../networking2.rst:3682
# 6d1f9b4d8e6d4fe090b4bbf4f93459bd
msgid "A guest VM can be in any number of port forward services. Port forward services can be defined but have no members. If a guest VM is part of more than one network, port forwarding rules will function only if they are defined on the default network"
msgstr ""

#: ../../networking2.rst:3687
# 0986f075d3ae43e980cfa47acdab6ffe
msgid "You cannot use port forwarding to open ports for an elastic IP address. When elastic IP is used, outside access is instead controlled through the use of security groups. See Security Groups."
msgstr ""

#: ../../networking2.rst:3691
# 31bccf868e794f2cbdddcca69224bad3
msgid "To set up port forwarding:"
msgstr ""

#: ../../networking2.rst:3699
# 16dcd6a5ef644770900cdcce80794c67
msgid "If you have not already done so, add a public IP address range to a zone in CloudStack. See Adding a Zone and Pod in the Installation Guide."
msgstr ""

#: ../../networking2.rst:3705
# 3bd594ec854b43b583f5c33092e99657
msgid "Add one or more VM instances to CloudStack."
msgstr ""

#: ../../networking2.rst:3709
# 67e6520d95a749bca1dfd8ee7d653c61
msgid "In the left navigation bar, click Network."
msgstr ""

#: ../../networking2.rst:3713
# 8ec41137f3064dbf9b135e9131c01078
msgid "Click the name of the guest network where the VMs are running."
msgstr ""

#: ../../networking2.rst:3717
# edc2c92eb5c940938babba424e0ab0a7
msgid "Choose an existing IP address or acquire a new IP address. See `\"Acquiring a New IP Address\" <#acquiring-a-new-ip-address>`_. Click the name of the IP address in the list."
msgstr ""

#: ../../networking2.rst:3724
# 94e2eab0e63b4fc3857c9bd41223a42c
msgid "Click the Configuration tab."
msgstr ""

#: ../../networking2.rst:3728
#: ../../networking2.rst:6733
# 44faf09e38934875bdb4123f711051b7
# 5bd7a3feb2a74eedb79b444a48452c5d
msgid "In the Port Forwarding node of the diagram, click View All."
msgstr ""

#: ../../networking2.rst:3736
# f513170f116e42d98255397872cd84b2
msgid "**Public Port**. The port to which public traffic will be addressed on the IP address you acquired in the previous step."
msgstr ""

#: ../../networking2.rst:3741
# 1e1f06ab8e7d4b228f0671927b1d37b7
msgid "**Private Port**. The port on which the instance is listening for forwarded public traffic."
msgstr ""

#: ../../networking2.rst:3746
# b96619b413e4435494d46e6c18e985b6
msgid "**Protocol**. The communication protocol in use between the two ports"
msgstr ""

#: ../../networking2.rst:3754
# 189bbad94193454d80e285996b14f052
msgid "IP Load Balancing"
msgstr ""

#: ../../networking2.rst:3756
# 8bb4fc89584047a4979eb7ade38555ac
msgid "The user may choose to associate the same public IP for multiple guests. CloudStack implements a TCP-level load balancer with the following policies."
msgstr ""

#: ../../networking2.rst:3762
#: ../../networking2.rst:6371
#: ../../networking2.rst:6644
# 2d62543390a44d9b86be0973a26237e3
# 71d3f562cf68451d95abf2e2855c938f
# a91ad3d092144bad9c7c61b4fae3c2e9
msgid "Round-robin"
msgstr ""

#: ../../networking2.rst:3766
# 8fd8ce7230194556b444745abd07c778
msgid "Least connection"
msgstr ""

#: ../../networking2.rst:3770
# 5f1fa380f5a1493cbb22ae41bd77eab0
msgid "Source IP"
msgstr ""

#: ../../networking2.rst:3772
# e337b776e21743439b7207bfb4c76b76
msgid "This is similar to port forwarding but the destination may be multiple IP addresses."
msgstr ""

#: ../../networking2.rst:3776
# 348ae44471844fa39d0776a54c21522c
msgid "DNS and DHCP"
msgstr ""

#: ../../networking2.rst:3778
# e9f3ca6c9e6f429bb4fe851ef31d2037
msgid "The Virtual Router provides DNS and DHCP services to the guests. It proxies DNS requests to the DNS server configured on the Availability Zone."
msgstr ""

#: ../../networking2.rst:3783
# dd8cfae4c4df4db5abe405b9fc23f91c
msgid "Remote Access VPN"
msgstr ""

#: ../../networking2.rst:3785
# 421361e0532246a2b00b1aabc0663fa7
msgid "CloudStack account owners can create virtual private networks (VPN) to access their virtual machines. If the guest network is instantiated from a network offering that offers the Remote Access VPN service, the virtual router (based on the System VM) is used to provide the service. CloudStack provides a L2TP-over-IPsec-based remote access VPN service to guest virtual networks. Since each network gets its own virtual router, VPNs are not shared across the networks. VPN clients native to Windows, Mac OS X and iOS can be used to connect to the guest networks. The account owner can create and manage users for their VPN. CloudStack does not use its account database for this purpose but uses a separate table. The VPN user database is shared across all the VPNs created by the account owner. All VPN users get access to all VPNs created by the account owner."
msgstr ""

#: ../../networking2.rst:3800
# a732cf37468141f3b91c785a8153d60d
msgid "Make sure that not all traffic goes through the VPN. That is, the route installed by the VPN should be only for the guest network and not for all traffic."
msgstr ""

#: ../../networking2.rst:3806
# 4dbb5c3287b64cd5abc3987f02c48b48
msgid "**Road Warrior / Remote Access**. Users want to be able to connect securely from a home or office to a private network in the cloud. Typically, the IP address of the connecting client is dynamic and cannot be preconfigured on the VPN server."
msgstr ""

#: ../../networking2.rst:3813
# eb6134e7170946da9f096bcd062d7aad
msgid "**Site to Site**. In this scenario, two private subnets are connected over the public Internet with a secure VPN tunnel. The cloud user's subnet (for example, an office network) is connected through a gateway to the network in the cloud. The address of the user's gateway must be preconfigured on the VPN server in the cloud. Note that although L2TP-over-IPsec can be used to set up Site-to-Site VPNs, this is not the primary intent of this feature. For more information, see \":ref:`setting-s2s-vpn-conn`\"."
msgstr ""

#: ../../networking2.rst:3823
# 7dd56949a6f74a439a60c07ad67f722a
msgid "Configuring Remote Access VPN"
msgstr ""

#: ../../networking2.rst:3825
# 0061faa9e6cd4ad59954ed3c0856b411
msgid "To set up VPN for the cloud:"
msgstr ""

#: ../../networking2.rst:3833
# 0e3ff971fa3d4442848a972f64282837
msgid "In the left navigation, click Global Settings."
msgstr ""

#: ../../networking2.rst:3837
# c2fc515f4e564cf48108c56364709b7b
msgid "Set the following global configuration parameters."
msgstr ""

#: ../../networking2.rst:3841
# 6e225aa038964885a007931b82b18986
msgid "remote.access.vpn.client.ip.range - The range of IP addresses to be allocated to remote access VPN clients. The first IP in the range is used by the VPN server."
msgstr ""

#: ../../networking2.rst:3847
# 1639d05b22d9481b8b92fc8a707d027a
msgid "remote.access.vpn.psk.length - Length of the IPSec key."
msgstr ""

#: ../../networking2.rst:3851
# d8c75e5dc742435ca19c4a06e2a61ecd
msgid "remote.access.vpn.user.limit - Maximum number of VPN users per account."
msgstr ""

#: ../../networking2.rst:3854
# 3f55599605614d13a5e11b6eb4a74bfa
msgid "To enable VPN for a particular network:"
msgstr ""

#: ../../networking2.rst:3858
#: ../../networking2.rst:3894
# 37b4e592dd084399a75751ec656055ca
# f5662606b3e94deaa8d00053c5b1f843
msgid "Log in as a user or administrator to the CloudStack UI."
msgstr ""

#: ../../networking2.rst:3862
#: ../../networking2.rst:3898
# c949dee3a72b40e1aa492da5a563a3bf
# b4fa7486bbc9431d8834b563df517c52
msgid "In the left navigation, click Network."
msgstr ""

#: ../../networking2.rst:3866
# 89d5b593db5e47e4b8d8ba9343bb9a81
msgid "Click the name of the network you want to work with."
msgstr ""

#: ../../networking2.rst:3874
# 7f1c96aff09c4aca89166670c00e135b
msgid "Click one of the displayed IP address names."
msgstr ""

#: ../../networking2.rst:3878
#: ../../networking2.rst:3963
# c037fe41e67e44569c8ef9d9ed2c87de
# 0b7e6681912942398e9b55f50db5fabb
msgid "Click the Enable VPN button. |vpn-icon.png|"
msgstr ""

#: ../../networking2.rst:3880
# d8ac0fa0cc1f430ab2dabd3976e35a13
msgid "The IPsec key is displayed in a popup window."
msgstr ""

#: ../../networking2.rst:3883
# 3b6c749a19ac411e85a91bebde5620ac
msgid "Configuring Remote Access VPN in VPC"
msgstr ""

#: ../../networking2.rst:3885
# 24849989ce59453cb53461958b872d24
msgid "On enabling Remote Access VPN on a VPC, any VPN client present outside the VPC can access VMs present in the VPC by using the Remote VPN connection. The VPN client can be present anywhere except inside the VPC on which the user enabled the Remote Access VPN service."
msgstr ""

#: ../../networking2.rst:3890
# 9fe0ef310ce946a4b81eb99779e7d6e2
msgid "To enable VPN for a VPC:"
msgstr ""

#: ../../networking2.rst:3902
#: ../../networking2.rst:4370
#: ../../networking2.rst:4467
#: ../../networking2.rst:4658
#: ../../networking2.rst:5074
#: ../../networking2.rst:5139
#: ../../networking2.rst:5270
#: ../../networking2.rst:5352
#: ../../networking2.rst:5521
#: ../../networking2.rst:5760
#: ../../networking2.rst:5851
#: ../../networking2.rst:5939
#: ../../networking2.rst:6030
#: ../../networking2.rst:6273
#: ../../networking2.rst:6583
#: ../../networking2.rst:6667
#: ../../networking2.rst:6792
#: ../../networking2.rst:6831
# a35416d0aa534a0786c5008000fd8e43
# e9f7b5e6165a407b8c8f26dbd4564cea
# 70b305de6a494311b862c80f66aec1ce
# 77e179e8fd184282bca07276311f4193
# c258a12f71d44428b74e9dace4023355
# e34ba66fcef1410680e2597a9d2a8954
# 2becfb5ca8464b0486c1fe7c82b5a4e3
# 0712e1bd6b914f2885daf1e5febb7442
# 97c2acefafb34f709fcc84b7a4dc40b9
# b527a3e4798548ab91c07365a835ea9c
# 3e347e3728d44b79a3475adb8b0600f2
# b12fa2f420ac47059eb47eb95abebe58
# 27fcf04f38494625a2efecfad5de2f9c
# 9f39d7e9da4d40e5be4cbf6b4666758a
# f624d82ab7e649288e146d0cebab16e0
# 1895dd237c1341b295430829d5c5950c
# f40ec8edcf6f46ff93c1db49b2d59307
# 0eb2cf52b2f144dfb78982d1caa03b35
msgid "In the Select view, select VPC."
msgstr ""

#: ../../networking2.rst:3904
#: ../../networking2.rst:4372
#: ../../networking2.rst:4660
#: ../../networking2.rst:5272
#: ../../networking2.rst:5354
#: ../../networking2.rst:5523
#: ../../networking2.rst:5762
#: ../../networking2.rst:5853
#: ../../networking2.rst:5941
#: ../../networking2.rst:6032
#: ../../networking2.rst:6275
#: ../../networking2.rst:6585
#: ../../networking2.rst:6669
#: ../../networking2.rst:6833
# ec4a1f9371cd43e39a21d45da9e513e9
# 903528c98fb6402081d0c518396e4d5a
# 02c81362a5294fe885a28cc0abe9f5a9
# 8449bcf110af4969aeb6172fafda2205
# a213eb463b5c421bbd5a602580f1b51a
# 32bed119537345e7aa5c1f4d2ec728a5
# f826c1e8499f44a7b886ac07bbeb0b5f
# e3d9e5ecc1964bd880bc814a1c8a935b
# 0d0c7e45230d4a7bb6d548c856fa8f7a
# f4df1631caf646afad3bba723757c066
# e30097b3b31c4398bab851342cc05e17
# f26cae26e34e447e86996448bd94ee59
# 5e20c449bba64885af814ea48d956e2c
# ac7881d3dc5743a1baad101ab5045e35
msgid "All the VPCs that you have created for the account is listed in the page."
msgstr ""

#: ../../networking2.rst:3909
#: ../../networking2.rst:5277
#: ../../networking2.rst:5359
# 7b4b5acd29144a01a92211053af28180
# 8993b44d5f7c418aafe0163c0dc2f320
# 1c850ec226f5448797b19cee4f4bbdda
msgid "Click the Configure button of the VPC."
msgstr ""

#: ../../networking2.rst:3911
#: ../../networking2.rst:4383
#: ../../networking2.rst:4483
#: ../../networking2.rst:4675
#: ../../networking2.rst:5279
#: ../../networking2.rst:6286
#: ../../networking2.rst:6680
# 41f127a431e44ea1af73a4efd93d50dd
# 4663a4f2b9d749bdaa308b9c71f6625a
# 6517ef547f114583b55ea471ddfa3e96
# f95ad4b883994ccab44a025f2b50f7e7
# 8e35937d2ca84fa6905cf264caabfb6b
# b7d205c295044f38ad749b9b58a45281
# c33a19c6331843fca695c025eef65638
msgid "For each tier, the following options are displayed:"
msgstr ""

#: ../../networking2.rst:3915
#: ../../networking2.rst:4387
#: ../../networking2.rst:4487
#: ../../networking2.rst:4679
#: ../../networking2.rst:5283
#: ../../networking2.rst:5542
#: ../../networking2.rst:5868
#: ../../networking2.rst:5955
#: ../../networking2.rst:6047
#: ../../networking2.rst:6290
#: ../../networking2.rst:6684
# d36b5f8182cf4512aadad3221d7dd83d
# dc877a54fec94d7cae1f81bdb0023b94
# 8a8bdc30b2174cacbb572f5ad4c98a7b
# 1b988edb0d8e4314a7eb8c37c3cfbf77
# c30de8bbacbe4334a9b05a16ff351461
# df7817d8060843d69314130c722fe9b6
# c68c4a643bc0413a811ad7a01bfdc606
# 0166943624e64d68860eafa9e58ab9bd
# d21582e266e543afb57737fda85467b5
# 6fa5c9555c7e46ac9ef191dd4173f8da
# e6cdbca9e85d47b9b042e1f0310461fe
msgid "Internal LB"
msgstr ""

#: ../../networking2.rst:3919
#: ../../networking2.rst:4391
#: ../../networking2.rst:4491
#: ../../networking2.rst:4683
#: ../../networking2.rst:5287
#: ../../networking2.rst:5546
#: ../../networking2.rst:5872
#: ../../networking2.rst:5959
#: ../../networking2.rst:6051
#: ../../networking2.rst:6294
#: ../../networking2.rst:6688
# 6fa74bd617c04d698de6f38bf2416158
# b4ec2750e056403ab30e230857867f11
# 051be71f2d03468f854f32b5dfdb6439
# e6dce01524cb4e9392a365a592674ec5
# 3ac84bc009234f6a8e8a1f1caebe83a1
# fc8ff98a80744b8a811a5f1c8f805de5
# 7d23ee0ec36f41ed93929f00828f848d
# 37dc837b902246d3855ec01eda4c0be2
# 64590fae08ae4c8bbba1feb231077932
# e77c1fc68625472b9ecf752fb5790551
# 00a7eccc5d684130b79b1d1451b6390f
msgid "Public LB IP"
msgstr ""

#: ../../networking2.rst:3927
#: ../../networking2.rst:4399
#: ../../networking2.rst:4499
#: ../../networking2.rst:4691
#: ../../networking2.rst:5295
#: ../../networking2.rst:5554
#: ../../networking2.rst:5880
#: ../../networking2.rst:5967
#: ../../networking2.rst:6059
#: ../../networking2.rst:6302
#: ../../networking2.rst:6696
# fab3827cfc494ecd8b648f564a195172
# 19cff60834f84a7b91d3dd25f4eff4f5
# d38259f3d32d473980ccdef9d1689608
# 0846fc98b6fc40eabb78391a7641f248
# 14c417b19bdf4c3f8a22c9302c8edc7f
# 11a737406efb4d0d987480bda52770e0
# 65eadb3d777e4e10b89edf86e21a965e
# d0731ebc92ab457d919264f55f94e1d8
# ecfaad1840444dc5b5fc9fecfd3a5db8
# f87032d442244dd9ace6770bd77cc552
# 53d5237aaea24a448651d13727dcba17
msgid "Virtual Machines"
msgstr ""

#: ../../networking2.rst:3933
#: ../../networking2.rst:4405
#: ../../networking2.rst:4505
#: ../../networking2.rst:4697
#: ../../networking2.rst:5301
#: ../../networking2.rst:5560
#: ../../networking2.rst:5886
#: ../../networking2.rst:5973
#: ../../networking2.rst:6065
#: ../../networking2.rst:6308
#: ../../networking2.rst:6702
# 55332d391cdd468495ad76f952811577
# 46bedbc30be240609724ff6eee13c73e
# 78e5566733024d098b27e7a0ac093950
# 4ffb5ac895d04c9bb052f07e28e82fa9
# ba68a5eb30484d1ca76c23fc9bc74a09
# 3dec4fac4a1446248f59d4ba0fe33666
# afabe87fc2fc4de1bf89a7643d99ed17
# 9d72e437059c43b39a0369449b50ce08
# 58c6f2db6cff4dc49e7412bb20e7a01a
# 23eee839c1c34752ac8eab15d0029064
# 498838fb8fe040329abb978aea99f2be
msgid "The following router information is displayed:"
msgstr ""

#: ../../networking2.rst:3937
#: ../../networking2.rst:4409
#: ../../networking2.rst:4509
#: ../../networking2.rst:4701
#: ../../networking2.rst:5305
#: ../../networking2.rst:5564
#: ../../networking2.rst:5890
#: ../../networking2.rst:5977
#: ../../networking2.rst:6069
#: ../../networking2.rst:6312
#: ../../networking2.rst:6706
# c26c1853bc4f4277b2210032d9fb8c71
# 0139a8b25d624810bd6bd843f489005e
# 1a93bacd56834a9a8b5b28a8a7860331
# 37f0f96d9ff840e2bc3edfce09290220
# 361aba2c5dde45f78980a4afef525afe
# c0a4cfa4e5fe4cc5a0ad6e9b742ba56c
# 77a0686377bb4665b5d5069fb6b3ce35
# 0a570734113f4de18e33b19bcf20dc8c
# f55e6f457a684df2b425513b5ebb8f84
# e04ebd7737dc4c5d905b4a2e898dd1dd
# dac82df8dc6e4aeb9f668a0fce3839f7
msgid "Private Gateways"
msgstr ""

#: ../../networking2.rst:3941
#: ../../networking2.rst:4413
#: ../../networking2.rst:4513
#: ../../networking2.rst:4705
#: ../../networking2.rst:5309
#: ../../networking2.rst:5568
#: ../../networking2.rst:5894
#: ../../networking2.rst:5981
#: ../../networking2.rst:6073
#: ../../networking2.rst:6316
#: ../../networking2.rst:6710
# a9e24dfd29a3416d90e3051d7adbfd22
# f868061634e14c84ad71294278a83859
# 48ca230e37f745998e82d810cac0601f
# 7e3d042b215f496eadd246802bc8d222
# 5ff70875c6a34da991576fa2cb6c9383
# e3012be55eb74fcf88d4ef4e6b761efd
# e3050c23e81b4d149d94857d393c88e2
# ddae1748531d48bbbdd4d197c05796fb
# efeffe0be53f4e16a0484bfa29446228
# 0b41ea343fdd486c8076aafd64b39af0
# f3c278d0a4e1481da2d1684a5128a925
msgid "Public IP Addresses"
msgstr ""

#: ../../networking2.rst:3945
#: ../../networking2.rst:4417
#: ../../networking2.rst:4517
#: ../../networking2.rst:4709
#: ../../networking2.rst:5313
#: ../../networking2.rst:5572
#: ../../networking2.rst:5898
#: ../../networking2.rst:5985
#: ../../networking2.rst:6077
#: ../../networking2.rst:6320
#: ../../networking2.rst:6714
# 2e72f864a49742349a9ac3443b812ace
# 34ef012f20b144bd90ebf24e0b12b44a
# 5913d2bdbb4a4e53a3ac3b0298e92e49
# 40012c7aa1ee4262bd10d91b96e8a9c9
# 6f57a5bdf67e4cb58990f4d008083823
# 853f28cafe0a4fc2891f7fabaae17a63
# 3e495712a7e54c939d916fc98129d091
# e3f120e5aaaf463c8ecc396d8abbd9d5
# 97c98429541c4be592183749d007886c
# 7a721c1ac43b4854b117cbce3eb74212
# f91d27b21a40457eafd937a34be8e496
msgid "Site-to-Site VPNs"
msgstr ""

#: ../../networking2.rst:3949
#: ../../networking2.rst:4421
#: ../../networking2.rst:4521
#: ../../networking2.rst:4713
#: ../../networking2.rst:5317
#: ../../networking2.rst:5576
#: ../../networking2.rst:5902
#: ../../networking2.rst:5989
#: ../../networking2.rst:6081
#: ../../networking2.rst:6324
#: ../../networking2.rst:6718
# 349f95fa06f64797aff0edd3c925735e
# 38e399fbd60f4bf5bf7ed82ae8ca8e0a
# 5a4c91418b0a4ff99bb9831c5d46345b
# 4f3ed50fa2084beab6f50bf893480074
# 1e5d1d73bc104f34bcd1a3323e0735ef
# 1191bcc81f424ae0b9582151a69b7c74
# f62a78e753f344e1a9aa50099eea6317
# b7b2d9ae13c340259dc2ccd54fd143d4
# c450b0235bc74c36970ffde3fc943e02
# 6e50d4714233432ca68b491f4d81721f
# 86a0e3bd6be54e0a883c965b6aa369c8
msgid "Network ACL Lists"
msgstr ""

#: ../../networking2.rst:3953
#: ../../networking2.rst:6085
#: ../../networking2.rst:6328
#: ../../networking2.rst:6722
# 4ea069860ba74bfdbaa2253dec4c494b
# 13c12d90b1e84f96ad76cba5a47982c5
# c218f564b23b41ea9e5193fb707b10fc
# 82b5209e8daf48ef940f3188b13d1773
msgid "In the Router node, select Public IP Addresses."
msgstr ""

#: ../../networking2.rst:3955
#: ../../networking2.rst:5995
#: ../../networking2.rst:6087
#: ../../networking2.rst:6330
#: ../../networking2.rst:6724
# ba7c1886ce2f4ee2b912e553ebc3d61b
# 0bfc7d4f8b8342789c24f18c3050712e
# 580ba0ab2bca4c888e0a88e20bdbea27
# d809889924b44274b70abfc5c5e45700
# 25e20e9a574348cdaa22b580e2eda1e7
msgid "The IP Addresses page is displayed."
msgstr ""

#: ../../networking2.rst:3959
# b79d01255d3242b2bca0f5b82a3f42a7
msgid "Click Source NAT IP address."
msgstr ""

#: ../../networking2.rst:3965
# 124e19bc247541509add9967859dbd05
msgid "Click OK to confirm. The IPsec key is displayed in a pop-up window."
msgstr ""

#: ../../networking2.rst:3967
# d67e0d11d2a84def84932c99310a36fc
msgid "Now, you need to add the VPN users."
msgstr ""

#: ../../networking2.rst:3971
# b4de336c841f4553b07b5e167ffa4d21
msgid "Click the Source NAT IP."
msgstr ""

#: ../../networking2.rst:3975
# 4d3e59a6636142a4b87a1bc3e1114a0b
msgid "Select the VPN tab."
msgstr ""

#: ../../networking2.rst:3979
# 27ab772233bc45b3926b22bfac64318c
msgid "Add the username and the corresponding password of the user you wanted to add."
msgstr ""

#: ../../networking2.rst:3988
# 389210e40ce143f7a96d6c93a81f9f34
msgid "Repeat the same steps to add the VPN users."
msgstr ""

#: ../../networking2.rst:3991
# b3ada11c846b4cd9a7ea6de9608b48ed
msgid "Using Remote Access VPN with Windows"
msgstr ""

#: ../../networking2.rst:3993
# 4dacd242f3fc46b58f15b96d910b2a54
msgid "The procedure to use VPN varies by Windows version. Generally, the user must edit the VPN properties and make sure that the default route is not the VPN. The following steps are for Windows L2TP clients on Windows Vista. The commands should be similar for other Windows versions."
msgstr ""

#: ../../networking2.rst:4000
# e7a57a9061b640579542551d1c1a0a6a
msgid "Log in to the CloudStack UI and click on the source NAT IP for the account. The VPN tab should display the IPsec preshared key. Make a note of this and the source NAT IP. The UI also lists one or more users and their passwords. Choose one of these users, or, if none exists, add a user and password."
msgstr ""

#: ../../networking2.rst:4008
# d1fc77ea9ff74b79be7e81efd85d177a
msgid "On the Windows box, go to Control Panel, then select Network and Sharing center. Click Setup a connection or network."
msgstr ""

#: ../../networking2.rst:4013
# 7e4498aa4e0a4ebdafe3f2dab310a0f6
msgid "In the next dialog, select No, create a new connection."
msgstr ""

#: ../../networking2.rst:4017
# 90e3f9cc2fc740aca1edb2b0edc930f9
msgid "In the next dialog, select Use my Internet Connection (VPN)."
msgstr ""

#: ../../networking2.rst:4021
# 8e80995c739c4114ac013a88f71347e9
msgid "In the next dialog, enter the source NAT IP from step #1 and give the connection a name. Check Don't connect now."
msgstr ""

#: ../../networking2.rst:4027
# 2b3c410c5ec74b4eb6b7d269c04bdfb6
msgid "In the next dialog, enter the user name and password selected in step #1."
msgstr ""

#: ../../networking2.rst:4036
# 56b71e910d734f4b93b857548bcc867d
msgid "Go back to the Control Panel and click Network Connections to see the new connection. The connection is not active yet."
msgstr ""

#: ../../networking2.rst:4041
# 5032581f1fe042c1844ebad881b3d41a
msgid "Right-click the new connection and select Properties. In the Properties dialog, select the Networking tab."
msgstr ""

#: ../../networking2.rst:4046
# 23ee9538e54a49c39f87d22e2a8aae65
msgid "In Type of VPN, choose L2TP IPsec VPN, then click IPsec settings. Select Use preshared key. Enter the preshared key from step #1."
msgstr ""

#: ../../networking2.rst:4051
# e432bdf75f62482ab7522b9a120ab5b1
msgid "The connection is ready for activation. Go back to Control Panel -> Network Connections and double-click the created connection."
msgstr ""

#: ../../networking2.rst:4056
# fd7a739563464507bd2c37c2ad54953c
msgid "Enter the user name and password from step #1."
msgstr ""

#: ../../networking2.rst:4059
# aebae91f3d7c45eb9f3dd5fa89388da5
msgid "Using Remote Access VPN with Mac OS X"
msgstr ""

#: ../../networking2.rst:4061
# 580e45aef47e4d37846427f1b651a7e2
msgid "First, be sure you've configured the VPN settings in your CloudStack install. This section is only concerned with connecting via Mac OS X to your VPN."
msgstr ""

#: ../../networking2.rst:4065
# 093bbd04cdab4e429fd3a568f011382f
msgid "Note, these instructions were written on Mac OS X 10.7.5. They may differ slightly in older or newer releases of Mac OS X."
msgstr ""

#: ../../networking2.rst:4070
# 50d800b2cf72450f8bd890270e0e0ee6
msgid "On your Mac, open System Preferences and click Network."
msgstr ""

#: ../../networking2.rst:4074
# 3a1af061748d4e418eaaf8b5f8877f09
msgid "Make sure Send all traffic over VPN connection is not checked."
msgstr ""

#: ../../networking2.rst:4078
# ef3e10026dbb4d1798d2133b3e9c22dd
msgid "If your preferences are locked, you'll need to click the lock in the bottom left-hand corner to make any changes and provide your administrator credentials."
msgstr ""

#: ../../networking2.rst:4084
# 292ec3cfa46e48a9a541875456694b77
msgid "You will need to create a new network entry. Click the plus icon on the bottom left-hand side and you'll see a dialog that says \"Select the interface and enter a name for the new service.\" Select VPN from the Interface drop-down menu, and \"L2TP over IPSec\" for the VPN Type. Enter whatever you like within the \"Service Name\" field."
msgstr ""

#: ../../networking2.rst:4092
# 164c5574c52f41baabcf85d8a575f7fa
msgid "You'll now have a new network interface with the name of whatever you put in the \"Service Name\" field. For the purposes of this example, we'll assume you've named it \"CloudStack.\" Click on that interface and provide the IP address of the interface for your VPN under the Server Address field, and the user name for your VPN under Account Name."
msgstr ""

#: ../../networking2.rst:4101
# 581debc7245446b48e5e1c54984c711d
msgid "Click Authentication Settings, and add the user's password under User Authentication and enter the pre-shared IPSec key in the Shared Secret field under Machine Authentication. Click OK."
msgstr ""

#: ../../networking2.rst:4107
# 37bca241509a4e3198b5a084939f14e5
msgid "You may also want to click the \"Show VPN status in menu bar\" but that's entirely optional."
msgstr ""

#: ../../networking2.rst:4112
# 0cb9849a0685438b81bdcd0818eb6202
msgid "Now click \"Connect\" and you will be connected to the CloudStack VPN."
msgstr ""

#: ../../networking2.rst:4117
# 3bac353e80464ab9856af6e4cd87363e
msgid "Setting Up a Site-to-Site VPN Connection"
msgstr ""

#: ../../networking2.rst:4119
# 38ff1a3ce4164fa994abfc693aeaffec
msgid "A Site-to-Site VPN connection helps you establish a secure connection from an enterprise datacenter to the cloud infrastructure. This allows users to access the guest VMs by establishing a VPN connection to the virtual router of the account from a device in the datacenter of the enterprise. You can also establish a secure connection between two VPC setups or high availability zones in your environment. Having this facility eliminates the need to establish VPN connections to individual VMs."
msgstr ""

#: ../../networking2.rst:4128
# bcd63d9bd1044fcd99b0164249abc73b
msgid "The difference from Remote VPN is that Site-to-site VPNs connects entire networks to each other, for example, connecting a branch office network to a company headquarters network. In a site-to-site VPN, hosts do not have VPN client software; they send and receive normal TCP/IP traffic through a VPN gateway."
msgstr ""

#: ../../networking2.rst:4134
# 00b0a4bc2c4642a1844c93fbefe3d0d4
msgid "The supported endpoints on the remote datacenters are:"
msgstr ""

#: ../../networking2.rst:4138
# 39b1debdf4a34a63a316d90993e9826d
msgid "Cisco ISR with IOS 12.4 or later"
msgstr ""

#: ../../networking2.rst:4142
# e913039ba6aa428892f596416afe8630
msgid "Juniper J-Series routers with JunOS 9.5 or later"
msgstr ""

#: ../../networking2.rst:4146
# 2e26cd40d2ed445d8929a3a0c02a5751
msgid "CloudStack virtual routers"
msgstr ""

#: ../../networking2.rst:4149
# 049e25279dbc416c937b6fecf03e8e08
msgid "In addition to the specific Cisco and Juniper devices listed above, the expectation is that any Cisco or Juniper device running on the supported operating systems are able to establish VPN connections."
msgstr ""

#: ../../networking2.rst:4153
# e3328079c0ec42049907920ee99daf6e
msgid "To set up a Site-to-Site VPN connection, perform the following:"
msgstr ""

#: ../../networking2.rst:4157
# 29a806dda94c425ab905caa5f7709805
msgid "Create a Virtual Private Cloud (VPC)."
msgstr ""

#: ../../networking2.rst:4159
# 7adc784ea1124f6f8fca7553c17ca916
msgid "See \":ref:`configuring-vpc`\"."
msgstr ""

#: ../../networking2.rst:4163
# 9649c39af37946ccbc1cba0e6b044fda
msgid "Create a VPN Customer Gateway."
msgstr ""

#: ../../networking2.rst:4167
# 27873ddb52d14bef9f93d4c83fc88464
msgid "Create a VPN gateway for the VPC that you created."
msgstr ""

#: ../../networking2.rst:4171
# 43ca7677d7b844209b1c70d588741934
msgid "Create VPN connection from the VPC VPN gateway to the customer VPN gateway."
msgstr ""

#: ../../networking2.rst:4175
# 232821d4f81947f1885a8e8355905d9d
msgid "Creating and Updating a VPN Customer Gateway"
msgstr ""

#: ../../networking2.rst:4178
# e0e6f58531f24a02852eb092cba35ff8
msgid "A VPN customer gateway can be connected to only one VPN gateway at a time."
msgstr ""

#: ../../networking2.rst:4180
# 95d554ca702946bca83b30c6adf6a445
msgid "To add a VPN Customer Gateway:"
msgstr ""

#: ../../networking2.rst:4192
#: ../../networking2.rst:4337
# 46009b4629e8480591e1052e0a368962
# d92d044f9c1f417cb5166046b62ef99a
msgid "In the Select view, select VPN Customer Gateway."
msgstr ""

#: ../../networking2.rst:4196
# 5b578ba46d8f4757aaf5620e6f77b1dc
msgid "Click Add VPN Customer Gateway."
msgstr ""

#: ../../networking2.rst:4198
# c3fa00baefd74a0eab971c38b2e19251
msgid "|addvpncustomergateway.png|"
msgstr ""

#: ../../networking2.rst:4204
# fd022a19e85d42918e285828af4c3698
msgid "**Name**: A unique name for the VPN customer gateway you create."
msgstr ""

#: ../../networking2.rst:4208
# 33ddd28d37da46f38c17f701efbd46d1
msgid "**Gateway**: The IP address for the remote gateway."
msgstr ""

#: ../../networking2.rst:4212
# a29af3f7a7934e4d88f2cd38dd8f70a1
msgid "**CIDR list**: The guest CIDR list of the remote subnets. Enter a CIDR or a comma-separated list of CIDRs. Ensure that a guest CIDR list is not overlapped with the VPC's CIDR, or another guest CIDR. The CIDR must be RFC1918-compliant."
msgstr ""

#: ../../networking2.rst:4219
# 4fdaac9ee4004de68ddbea33d37d1e43
msgid "**IPsec Preshared Key**: Preshared keying is a method where the endpoints of the VPN share a secret key. This key value is used to authenticate the customer gateway and the VPC VPN gateway to each other."
msgstr ""

#: ../../networking2.rst:4225
# 05946c6fb7bd4305bb2e20af004a01e3
msgid "The IKE peers (VPN end points) authenticate each other by computing and sending a keyed hash of data that includes the Preshared key. If the receiving peer is able to create the same hash independently by using its Preshared key, it knows that both peers must share the same secret, thus authenticating the customer gateway."
msgstr ""

#: ../../networking2.rst:4234
# b56b82f20e33400d8c4b39ce0b55bab2
msgid "**IKE Encryption**: The Internet Key Exchange (IKE) policy for phase-1. The supported encryption algorithms are AES128, AES192, AES256, and 3DES. Authentication is accomplished through the Preshared Keys."
msgstr ""

#: ../../networking2.rst:4240
# bd7c468509ca4ad5840e115efaa7e1ca
msgid "The phase-1 is the first phase in the IKE process. In this initial negotiation phase, the two VPN endpoints agree on the methods to be used to provide security for the underlying IP traffic. The phase-1 authenticates the two VPN gateways to each other, by confirming that the remote gateway has a matching Preshared Key."
msgstr ""

#: ../../networking2.rst:4248
# 13e9c659a1764d4fba7fc6de838ff8b1
msgid "**IKE Hash**: The IKE hash for phase-1. The supported hash algorithms are SHA1 and MD5."
msgstr ""

#: ../../networking2.rst:4253
# 23efa859bff14bc69f132fda62399cbe
msgid "**IKE DH**: A public-key cryptography protocol which allows two parties to establish a shared secret over an insecure communications channel. The 1536-bit Diffie-Hellman group is used within IKE to establish session keys. The supported options are None, Group-5 (1536-bit) and Group-2 (1024-bit)."
msgstr ""

#: ../../networking2.rst:4261
# 208ddb7be762449e9a6bb569f815f0ed
msgid "**ESP Encryption**: Encapsulating Security Payload (ESP) algorithm within phase-2. The supported encryption algorithms are AES128, AES192, AES256, and 3DES."
msgstr ""

#: ../../networking2.rst:4266
# b5dd17cc99c744d39b800b3df090e674
msgid "The phase-2 is the second phase in the IKE process. The purpose of IKE phase-2 is to negotiate IPSec security associations (SA) to set up the IPSec tunnel. In phase-2, new keying material is extracted from the Diffie-Hellman key exchange in phase-1, to provide session keys to use in protecting the VPN data flow."
msgstr ""

#: ../../networking2.rst:4274
# 0b0d1207149646f7b20a26a97a43f2d2
msgid "**ESP Hash**: Encapsulating Security Payload (ESP) hash for phase-2. Supported hash algorithms are SHA1 and MD5."
msgstr ""

#: ../../networking2.rst:4279
# 24ada2be8386490aafda31663e439f6f
msgid "**Perfect Forward Secrecy**: Perfect Forward Secrecy (or PFS) is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised. This property enforces a new Diffie-Hellman key exchange. It provides the keying material that has greater key material life and thereby greater resistance to cryptographic attacks. The available options are None, Group-5 (1536-bit) and Group-2 (1024-bit). The security of the key exchanges increase as the DH groups grow larger, as does the time of the exchanges."
msgstr ""

#: ../../networking2.rst:4290
# 7070c64276df4df0bf10b79718192550
msgid "When PFS is turned on, for every negotiation of a new phase-2 SA the two gateways must generate a new set of phase-1 keys. This adds an extra layer of protection that PFS adds, which ensures if the phase-2 SA's have expired, the keys used for new phase-2 SA's have not been generated from the current phase-1 keying material."
msgstr ""

#: ../../networking2.rst:4298
# 2ca89467ccc94df5a7bef6468f566b46
msgid "**IKE Lifetime (seconds)**: The phase-1 lifetime of the security association in seconds. Default is 86400 seconds (1 day). Whenever the time expires, a new phase-1 exchange is performed."
msgstr ""

#: ../../networking2.rst:4304
# 8ca35ecaf59e42cfbef7fe98bfd8f264
msgid "**ESP Lifetime (seconds)**: The phase-2 lifetime of the security association in seconds. Default is 3600 seconds (1 hour). Whenever the value is exceeded, a re-key is initiated to provide a new IPsec encryption and authentication session keys."
msgstr ""

#: ../../networking2.rst:4311
# f5df9d75cd524b5b92d8c85cce626655
msgid "**Dead Peer Detection**: A method to detect an unavailable Internet Key Exchange (IKE) peer. Select this option if you want the virtual router to query the liveliness of its IKE peer at regular intervals. It's recommended to have the same configuration of DPD on both side of VPN connection."
msgstr ""

#: ../../networking2.rst:4322
# d5d1124c4e124407a611667296f6ffac
msgid "Updating and Removing a VPN Customer Gateway"
msgstr ""

#: ../../networking2.rst:4324
# 04bbad214e7c4a6884dbfa7b6367b57d
msgid "You can update a customer gateway either with no VPN connection, or related VPN connection is in error state."
msgstr ""

#: ../../networking2.rst:4341
# 1ab9886431a14731ae0c50e12a2203d6
msgid "Select the VPN customer gateway you want to work with."
msgstr ""

#: ../../networking2.rst:4345
# ba453f5b81544287922dde81efcc590b
msgid "To modify the required parameters, click the Edit VPN Customer Gateway button |edit-icon.png|"
msgstr ""

#: ../../networking2.rst:4350
# 46a97e97cc034e4e91727e4f784cc8b7
msgid "To remove the VPN customer gateway, click the Delete VPN Customer Gateway button |delete.png|"
msgstr ""

#: ../../networking2.rst:4358
# 60adfabe1723470599d91c8c7e4d173a
msgid "Creating a VPN gateway for the VPC"
msgstr ""

#: ../../networking2.rst:4377
#: ../../networking2.rst:4473
#: ../../networking2.rst:4665
#: ../../networking2.rst:5767
#: ../../networking2.rst:5858
#: ../../networking2.rst:6037
#: ../../networking2.rst:6674
# 3500ca75a83147c19f1ed28777444c7d
# a64efaea89b24d67a8e4d1e4d36d34eb
# ce5b35fdd4964dd398d49233e31b5fcd
# 67bc60dd8b6046558a097762240decf1
# 6c5213a6e5524a83bd5c41c59f290442
# f25b37649f5d4cd5b04a737641c79d73
# 5b21b4e1cb1045269d9814e3cc029bd0
msgid "Click the Configure button of the VPC to which you want to deploy the VMs."
msgstr ""

#: ../../networking2.rst:4380
#: ../../networking2.rst:4476
#: ../../networking2.rst:4668
#: ../../networking2.rst:5531
#: ../../networking2.rst:5861
#: ../../networking2.rst:5948
#: ../../networking2.rst:6040
#: ../../networking2.rst:6677
# e1358ecd8ab54314873c0775c0880f75
# 19d3fa0227e84261bf1cd4663828636e
# 4de39a3991db4dfc901c6279c5294ac2
# 1a2f3ce6a491468ab7a3459fcdfe215a
# 469af671796348f5b92558710d159c36
# c11ffe7f7c0949189706c0df2f2ff581
# 94a0dea0d2b04ba797bfe1f2164cac7b
# 30b175b156724a81b03bd2d42e85a0a1
msgid "The VPC page is displayed where all the tiers you created are listed in a diagram."
msgstr ""

#: ../../networking2.rst:4425
#: ../../networking2.rst:4525
#: ../../networking2.rst:4717
# 795d87a7e4884bc9954978635c4a0ce3
# bfc77b95ba024e828af5e01a0235044f
# c412e8677d9f43bd91d874297d2a51b1
msgid "Select Site-to-Site VPN."
msgstr ""

#: ../../networking2.rst:4427
# 8284273706754d38a31bf76d8261f3ed
msgid "If you are creating the VPN gateway for the first time, selecting Site-to-Site VPN prompts you to create a VPN gateway."
msgstr ""

#: ../../networking2.rst:4432
# 9403ca5a182a46bea09047c00af73183
msgid "In the confirmation dialog, click Yes to confirm."
msgstr ""

#: ../../networking2.rst:4434
# e4ae30f09bbb4771b8c6f422926370fd
msgid "Within a few moments, the VPN gateway is created. You will be prompted to view the details of the VPN gateway you have created. Click Yes to confirm."
msgstr ""

#: ../../networking2.rst:4438
# 92509e2b8fd34d06a5026dc84df93572
msgid "The following details are displayed in the VPN Gateway page:"
msgstr ""

#: ../../networking2.rst:4446
# 0d9b83c3c7c14ceb89902aa2acd77eef
msgid "Account"
msgstr ""

#: ../../networking2.rst:4450
# de092a05c0cb4352a757a99ec8ec10cc
msgid "Domain"
msgstr ""

#: ../../networking2.rst:4453
# f9de76d1de924804aada31d4d335a636
msgid "Creating a VPN Connection"
msgstr ""

#: ../../networking2.rst:4455
# 041a061561c240feb48418d06b345f9d
msgid "CloudStack supports creating up to 8 VPN connections."
msgstr ""

#: ../../networking2.rst:4469
# c343d040bbf94652805f9913087df284
msgid "All the VPCs that you create for the account are listed in the page."
msgstr ""

#: ../../networking2.rst:4481
#: ../../networking2.rst:4673
#: ../../networking2.rst:5536
# 6ab7b79bc9384d7e80adc871af997847
# 49acb49a732346378816e6bb92cf285d
# 02fa5743f59b45619d573323e28ba038
msgid "Click the Settings icon."
msgstr ""

#: ../../networking2.rst:4527
#: ../../networking2.rst:4719
# fc6f5140f3c942dca23fcfd1ab68c6a7
# 51c44ccda83c4464a1e80005c54790fc
msgid "The Site-to-Site VPN page is displayed."
msgstr ""

#: ../../networking2.rst:4531
#: ../../networking2.rst:4723
# 786eac580afe4c91a9f86515ed758789
# 17b40c7b7853452ea96b30e63059db2c
msgid "From the Select View drop-down, ensure that VPN Connection is selected."
msgstr ""

#: ../../networking2.rst:4536
# 163923e5fc7e45a9b9022496845d5da4
msgid "Click Create VPN Connection."
msgstr ""

#: ../../networking2.rst:4538
# 3755699dc4ef4c60846d045f671bfcee
msgid "The Create VPN Connection dialog is displayed:"
msgstr ""

#: ../../networking2.rst:4540
# 63e805ab6ce6420d97103dc7a20b5506
msgid "|createvpnconnection.png|"
msgstr ""

#: ../../networking2.rst:4544
# e897f05865fe4bf3b6daee5504dcf357
msgid "Select the desired customer gateway."
msgstr ""

#: ../../networking2.rst:4548
# cc72f3e20e344c9f8e3202d92866c9ce
msgid "Select Passive if you want to establish a connection between two VPC virtual routers."
msgstr ""

#: ../../networking2.rst:4551
# b1e77d6e88094abc8f1efc7fc737c62a
msgid "If you want to establish a connection between two VPC virtual routers, select Passive only on one of the VPC virtual routers, which waits for the other VPC virtual router to initiate the connection. Do not select Passive on the VPC virtual router that initiates the connection."
msgstr ""

#: ../../networking2.rst:4561
# e81cf6ee9dbe4cf8a512334ae708d8e0
msgid "Within a few moments, the VPN Connection is displayed."
msgstr ""

#: ../../networking2.rst:4563
# ceccd67800e84c5f86872fc8697f97d5
msgid "The following information on the VPN connection is displayed:"
msgstr ""

#: ../../networking2.rst:4575
# d7d71c18469c485d9cf0c62d4e18ee44
msgid "State"
msgstr ""

#: ../../networking2.rst:4579
# 7e17d8eed6e64a6bb98dfcc6688f7011
msgid "IPSec Preshared Key"
msgstr ""

#: ../../networking2.rst:4583
# 7698868ecfe742709ac2201b3c176a62
msgid "IKE Policy"
msgstr ""

#: ../../networking2.rst:4587
# f8b615756067468c82c8cc29bd97d4f6
msgid "ESP Policy"
msgstr ""

#: ../../networking2.rst:4590
# 2885f5a0b00e4f45bac61fa489576241
msgid "Site-to-Site VPN Connection Between VPC Networks"
msgstr ""

#: ../../networking2.rst:4592
# cffe70c20ec8443a93e09b3c742a055b
msgid "CloudStack provides you with the ability to establish a site-to-site VPN connection between CloudStack virtual routers. To achieve that, add a passive mode Site-to-Site VPN. With this functionality, users can deploy applications in multiple Availability Zones or VPCs, which can communicate with each other by using a secure Site-to-Site VPN Tunnel."
msgstr ""

#: ../../networking2.rst:4598
# 1a50c272367a482fb9fb4939f3e4baa1
msgid "This feature is supported on all the hypervisors."
msgstr ""

#: ../../networking2.rst:4602
# 2f0c1484f8594418b1f21b468680914a
msgid "Create two VPCs. For example, VPC A and VPC B."
msgstr ""

#: ../../networking2.rst:4604
# 2db40aa80b84423f9d304bb0b3745676
msgid "For more information, see \":ref:`configuring-vpc`\"."
msgstr ""

#: ../../networking2.rst:4608
# 8cbc2e0b316a42489765523577ab7e6a
msgid "Create VPN gateways on both the VPCs you created."
msgstr ""

#: ../../networking2.rst:4610
# c68bd6435db949d791a0372688848f1a
msgid "For more information, see `\"Creating a VPN gateway for the VPC\" <#creating-a-vpn-gateway-for-the-vpc>`_."
msgstr ""

#: ../../networking2.rst:4615
# f8b154e601404d4abdd3a9a4e6374500
msgid "Create VPN customer gateway for both the VPCs."
msgstr ""

#: ../../networking2.rst:4617
# 7e4fb977595840019e437c0884f0a8f1
msgid "For more information, see `\"Creating and Updating a VPN Customer Gateway\" <#creating-and-updating-a-vpn-customer-gateway>`_."
msgstr ""

#: ../../networking2.rst:4622
# ade608d3a3ea45829af36e650cd98e47
msgid "Enable a VPN connection on VPC A in passive mode."
msgstr ""

#: ../../networking2.rst:4624
# 7a5159ba5d354f659fa0b9c6291f9413
msgid "For more information, see `\"Creating a VPN Connection\" <#creating-a-vpn-connection>`_."
msgstr ""

#: ../../networking2.rst:4627
# 17674753d913496ea042cb7c2039383f
msgid "Ensure that the customer gateway is pointed to VPC B. The VPN connection is shown in the Disconnected state."
msgstr ""

#: ../../networking2.rst:4632
# d8feab6deab8404a9912bb7ea7882511
msgid "Enable a VPN connection on VPC B."
msgstr ""

#: ../../networking2.rst:4634
# 9234f47ff9fb4a4a86a85bcc6d518287
msgid "Ensure that the customer gateway is pointed to VPC A. Because virtual router of VPC A, in this case, is in passive mode and is waiting for the virtual router of VPC B to initiate the connection, VPC B virtual router should not be in passive mode."
msgstr ""

#: ../../networking2.rst:4639
# 85d2c38cd2d0427a833207d6c3b42087
msgid "The VPN connection is shown in the Disconnected state."
msgstr ""

#: ../../networking2.rst:4641
# 6a7541ea6fa1406eacf4db796e79ef64
msgid "Creating VPN connection on both the VPCs initiates a VPN connection. Wait for few seconds. The default is 30 seconds for both the VPN connections to show the Connected state."
msgstr ""

#: ../../networking2.rst:4646
# 894d44a883c248778d9598ba46e3f27f
msgid "Restarting and Removing a VPN Connection"
msgstr ""

#: ../../networking2.rst:4726
# 83fe3a90f3094225aecb250153297a3d
msgid "All the VPN connections you created are displayed."
msgstr ""

#: ../../networking2.rst:4730
# b94b1fdaf1c844a28ccf4863998d8635
msgid "Select the VPN connection you want to work with."
msgstr ""

#: ../../networking2.rst:4732
# a9f2559596ff44e281d29137f23566ef
msgid "The Details tab is displayed."
msgstr ""

#: ../../networking2.rst:4736
# a233c3b9788d41f38eb802e1f9d989c9
msgid "To remove a VPN connection, click the Delete VPN connection button |remove-vpn.png|"
msgstr ""

#: ../../networking2.rst:4739
# 41b780de0b934756a92a9ca0269e75e5
msgid "To restart a VPN connection, click the Reset VPN connection button present in the Details tab. |reset-vpn.png|"
msgstr ""

#: ../../networking2.rst:4743
# 183bb10ab504444faae13d81f2319f23
msgid "About Inter-VLAN Routing (nTier Apps)"
msgstr ""

#: ../../networking2.rst:4745
# 13ccb675390f4150acd57078694a88dd
msgid "Inter-VLAN Routing (nTier Apps) is the capability to route network traffic between VLANs. This feature enables you to build Virtual Private Clouds (VPC), an isolated segment of your cloud, that can hold multi-tier applications. These tiers are deployed on different VLANs that can communicate with each other. You provision VLANs to the tiers your create, and VMs can be deployed on different tiers. The VLANs are connected to a virtual router, which facilitates communication between the VMs. In effect, you can segment VMs by means of VLANs into different networks that can host multi-tier applications, such as Web, Application, or Database. Such segmentation by means of VLANs logically separate application VMs for higher security and lower broadcasts, while remaining physically connected to the same device."
msgstr ""

#: ../../networking2.rst:4758
# 8e00b9f53dfe4448b8fe2664f0725c1e
msgid "This feature is supported on XenServer, KVM, and VMware hypervisors."
msgstr ""

#: ../../networking2.rst:4760
# cf6ee1a9b0f24cf2b239f5c5ee3e1ccb
msgid "The major advantages are:"
msgstr ""

#: ../../networking2.rst:4764
# 9914db80271c45879b3763424ebbbe4e
msgid "The administrator can deploy a set of VLANs and allow users to deploy VMs on these VLANs. A guest VLAN is randomly alloted to an account from a pre-specified set of guest VLANs. All the VMs of a certain tier of an account reside on the guest VLAN allotted to that account."
msgstr ""

#: ../../networking2.rst:4770
# 7c49b6960b3e4fe98267c66963d07a32
msgid "A VLAN allocated for an account cannot be shared between multiple accounts."
msgstr ""

#: ../../networking2.rst:4774
# 079fa9b5868843beb9ef64f20fd14208
msgid "The administrator can allow users create their own VPC and deploy the application. In this scenario, the VMs that belong to the account are deployed on the VLANs allotted to that account."
msgstr ""

#: ../../networking2.rst:4780
# cdc5e1a97e7347ed92c034645cf61bb8
msgid "Both administrators and users can create multiple VPCs. The guest network NIC is plugged to the VPC virtual router when the first VM is deployed in a tier."
msgstr ""

#: ../../networking2.rst:4786
# b939e06705db41289dc97594160ccd4b
msgid "The administrator can create the following gateways to send to or receive traffic from the VMs:"
msgstr ""

#: ../../networking2.rst:4791
# 3f3d39b2a9544b7dbe578450c863c442
msgid "**VPN Gateway**: For more information, see `\"Creating a VPN gateway for the VPC\" <#creating-a-vpn-gateway-for-the-vpc>`_."
msgstr ""

#: ../../networking2.rst:4796
# 563958c0c69e44a79fb209179e6f5ef8
msgid "**Public Gateway**: The public gateway for a VPC is added to the virtual router when the virtual router is created for VPC. The public gateway is not exposed to the end users. You are not allowed to list it, nor allowed to create any static routes."
msgstr ""

#: ../../networking2.rst:4803
# 1178d5307b4a4df3b4982bb2985004e1
msgid "**Private Gateway**: For more information, see \":ref:`adding-priv-gw-vpc`\"."
msgstr ""

#: ../../networking2.rst:4807
# c652b274f1d44ceebe3ea04ee8beb31c
msgid "Both administrators and users can create various possible destinations-gateway combinations. However, only one gateway of each type can be used in a deployment."
msgstr ""

#: ../../networking2.rst:4811
# 5d134a3e16ec432a972f90fb955629c9
msgid "For example:"
msgstr ""

#: ../../networking2.rst:4815
# 47a88da418a64634b2908fb3999fec58
msgid "**VLANs and Public Gateway**: For example, an application is deployed in the cloud, and the Web application VMs communicate with the Internet."
msgstr ""

#: ../../networking2.rst:4821
# e5054d8177ff4ecd817c1e9b50370893
msgid "**VLANs, VPN Gateway, and Public Gateway**: For example, an application is deployed in the cloud; the Web application VMs communicate with the Internet; and the database VMs communicate with the on-premise devices."
msgstr ""

#: ../../networking2.rst:4828
# 9cf8b80f8da6486e8a190779839a52af
msgid "The administrator can define Network Access Control List (ACL) on the virtual router to filter the traffic among the VLANs or between the Internet and a VLAN. You can define ACL based on CIDR, port range, protocol, type code (if ICMP protocol is selected) and Ingress/Egress type."
msgstr ""

#: ../../networking2.rst:4834
# f03fcc7d11a24d6d9058d56e0690ee72
msgid "The following figure shows the possible deployment scenarios of a Inter-VLAN setup:"
msgstr ""

#: ../../networking2.rst:4837
# 8da1d43a48f54d3cadd9a2ab40446452
msgid "|mutltier.png|"
msgstr ""

#: ../../networking2.rst:4839
# b5b5c31e4e374e9c80fbb2bb5d5178cd
msgid "To set up a multi-tier Inter-VLAN deployment, see \":ref:`configuring-vpc`\"."
msgstr ""

#: ../../networking2.rst:4844
# 019f7c2e7a1c40289e074fc89915b010
msgid "Configuring a Virtual Private Cloud"
msgstr ""

#: ../../networking2.rst:4847
# cf430774172c4664b8c8126dc2f8f2a9
msgid "About Virtual Private Clouds"
msgstr ""

#: ../../networking2.rst:4849
# 06c06ce2f5fe4b2e8a3464b3c4becf6a
msgid "CloudStack Virtual Private Cloud is a private, isolated part of CloudStack. A VPC can have its own virtual network topology that resembles a traditional physical network. You can launch VMs in the virtual network that can have private addresses in the range of your choice, for example: 10.0.0.0/16. You can define network tiers within your VPC network range, which in turn enables you to group similar kinds of instances based on IP address range."
msgstr ""

#: ../../networking2.rst:4857
# 46308016994049eb85cdc73e86db616e
msgid "For example, if a VPC has the private range 10.0.0.0/16, its guest networks can have the network ranges 10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24, and so on."
msgstr ""

#: ../../networking2.rst:4862
# ef383bc8b7d54a0785f2b4828b5290ee
msgid "Major Components of a VPC:"
msgstr ""

#: ../../networking2.rst:4864
# b90235f5e79947b7a57dee0d5c08e244
msgid "A VPC is comprised of the following network components:"
msgstr ""

#: ../../networking2.rst:4868
# 9a373d73d3ae48309685ddecb2399f89
msgid "**VPC**: A VPC acts as a container for multiple isolated networks that can communicate with each other via its virtual router."
msgstr ""

#: ../../networking2.rst:4873
# 4d1cc64429d44838942ce9d9290d09f6
msgid "**Network Tiers**: Each tier acts as an isolated network with its own VLANs and CIDR list, where you can place groups of resources, such as VMs. The tiers are segmented by means of VLANs. The NIC of each tier acts as its gateway."
msgstr ""

#: ../../networking2.rst:4880
# 4e202e5460e24d838d858dc82fd70fee
msgid "**Virtual Router**: A virtual router is automatically created and started when you create a VPC. The virtual router connect the tiers and direct traffic among the public gateway, the VPN gateways, and the NAT instances. For each tier, a corresponding NIC and IP exist in the virtual router. The virtual router provides DNS and DHCP services through its IP."
msgstr ""

#: ../../networking2.rst:4889
# 5620f9a835ae40ac9f844be5648dafad
msgid "**Public Gateway**: The traffic to and from the Internet routed to the VPC through the public gateway. In a VPC, the public gateway is not exposed to the end user; therefore, static routes are not support for the public gateway."
msgstr ""

#: ../../networking2.rst:4896
# c72e1f296d024bf6a636137059d31752
msgid "**Private Gateway**: All the traffic to and from a private network routed to the VPC through the private gateway. For more information, see \":ref:`adding-priv-gw-vpc`\"."
msgstr ""

#: ../../networking2.rst:4902
# 741b3998454f43bbad3608dd86a74114
msgid "**VPN Gateway**: The VPC side of a VPN connection."
msgstr ""

#: ../../networking2.rst:4906
# 6487d4f72da84801ae40e38bcb8f7458
msgid "**Site-to-Site VPN Connection**: A hardware-based VPN connection between your VPC and your datacenter, home network, or co-location facility. For more information, see \":ref:`setting-s2s-vpn-conn`\"."
msgstr ""

#: ../../networking2.rst:4912
# d4b8df91ae5d4307835174a0c96640f1
msgid "**Customer Gateway**: The customer side of a VPN Connection. For more information, see `\"Creating and Updating a VPN Customer Gateway\" <#creating-and-updating-a-vpn-customer-gateway>`_."
msgstr ""

#: ../../networking2.rst:4918
# f97a3ebbcde34d3a82a37aa401487760
msgid "**NAT Instance**: An instance that provides Port Address Translation for instances to access the Internet via the public gateway. For more information, see \":ref:`enabling-disabling-static-nat-on-vpc`\"."
msgstr ""

#: ../../networking2.rst:4924
# 0e9442c446e34500a845a7dff022554d
msgid "**Network ACL**: Network ACL is a group of Network ACL items. Network ACL items are nothing but numbered rules that are evaluated in order, starting with the lowest numbered rule. These rules determine whether traffic is allowed in or out of any tier associated with the network ACL. For more information, see \":ref:`conf-net-acl`\"."
msgstr ""

#: ../../networking2.rst:4931
# daf38611958e42f7b832673319b348fb
msgid "Network Architecture in a VPC"
msgstr ""

#: ../../networking2.rst:4933
# cc60b077b9ff4de19f842b6afab2e62b
msgid "In a VPC, the following four basic options of network architectures are present:"
msgstr ""

#: ../../networking2.rst:4938
# f1eb7bb1a38f4dc68def9d12e7a3e178
msgid "VPC with a public gateway only"
msgstr ""

#: ../../networking2.rst:4942
# b0e2f221d7b14320bbc1222a776de41f
msgid "VPC with public and private gateways"
msgstr ""

#: ../../networking2.rst:4946
# 0994c597eccb4d299d4dc9b107fb9fa7
msgid "VPC with public and private gateways and site-to-site VPN access"
msgstr ""

#: ../../networking2.rst:4950
# 870f363e446c47b4b668cb236c51be3b
msgid "VPC with a private gateway only and site-to-site VPN access"
msgstr ""

#: ../../networking2.rst:4953
# 0875278053ce4aa7a964657f5ef7ca92
msgid "Connectivity Options for a VPC"
msgstr ""

#: ../../networking2.rst:4955
# 5d9bd85e540b4cd89292060896221da5
msgid "You can connect your VPC to:"
msgstr ""

#: ../../networking2.rst:4959
# d4a48f7eedb24cd0ada3d40f216fd98e
msgid "The Internet through the public gateway."
msgstr ""

#: ../../networking2.rst:4963
# 24471a284e4241e0bd0c5c456168c7a8
msgid "The corporate datacenter by using a site-to-site VPN connection through the VPN gateway."
msgstr ""

#: ../../networking2.rst:4968
# 25fc02e4454849d4a573bd5dd0d7449a
msgid "Both the Internet and your corporate datacenter by using both the public gateway and a VPN gateway."
msgstr ""

#: ../../networking2.rst:4972
# de5ded73de514bd5a57ecb362fc2faff
msgid "VPC Network Considerations"
msgstr ""

#: ../../networking2.rst:4974
# 78994af1e78348c9ba1f4b1565241a38
msgid "Consider the following before you create a VPC:"
msgstr ""

#: ../../networking2.rst:4978
# cb564008696f42c493ba11e1ed4f80dc
msgid "A VPC, by default, is created in the enabled state."
msgstr ""

#: ../../networking2.rst:4982
# 000ae42b46f34e98836dd0ae06ce491f
msgid "A VPC can be created in Advance zone only, and can't belong to more than one zone at a time."
msgstr ""

#: ../../networking2.rst:4987
# 057235f5ffdf462bb0c747d2d3069fe8
msgid "The default number of VPCs an account can create is 20. However, you can change it by using the max.account.vpcs global parameter, which controls the maximum number of VPCs an account is allowed to create."
msgstr ""

#: ../../networking2.rst:4993
# 6356075be5b54a679178f3b08844bb13
msgid "The default number of tiers an account can create within a VPC is 3. You can configure this number by using the vpc.max.networks parameter."
msgstr ""

#: ../../networking2.rst:4999
# 14ee39b30ff7411188721f6d19152415
msgid "Each tier should have an unique CIDR in the VPC. Ensure that the tier's CIDR should be within the VPC CIDR range."
msgstr ""

#: ../../networking2.rst:5004
# 227b4656e25549c3ae49cbd3eadee4da
msgid "A tier belongs to only one VPC."
msgstr ""

#: ../../networking2.rst:5008
# 8c1c0a2daf2f454daf51a743c52d1875
msgid "All network tiers inside the VPC should belong to the same account."
msgstr ""

#: ../../networking2.rst:5012
# 151ef843569c413592482f23408cc0b1
msgid "When a VPC is created, by default, a SourceNAT IP is allocated to it. The Source NAT IP is released only when the VPC is removed."
msgstr ""

#: ../../networking2.rst:5017
# a4dbf6325246473c80fa288a2c05f46f
msgid "A public IP can be used for only one purpose at a time. If the IP is a sourceNAT, it cannot be used for StaticNAT or port forwarding."
msgstr ""

#: ../../networking2.rst:5022
# 66e9af0df38d44acbdfd5b4f7c7f2209
msgid "The instances can only have a private IP address that you provision. To communicate with the Internet, enable NAT to an instance that you launch in your VPC."
msgstr ""

#: ../../networking2.rst:5028
# a7fc2cd6204b4ccdb272b79d22b93120
msgid "Only new networks can be added to a VPC. The maximum number of networks per VPC is limited by the value you specify in the vpc.max.networks parameter. The default value is three."
msgstr ""

#: ../../networking2.rst:5034
# 636571d03b1244af968495ed107bce4f
msgid "The load balancing service can be supported by only one tier inside the VPC."
msgstr ""

#: ../../networking2.rst:5039
# 690bdd20a5e449298f4d89ca8d62c663
msgid "If an IP address is assigned to a tier:"
msgstr ""

#: ../../networking2.rst:5043
# 58b11a4dc63949a7a3052e4aa24933d5
msgid "That IP can't be used by more than one tier at a time in the VPC. For example, if you have tiers A and B, and a public IP1, you can create a port forwarding rule by using the IP either for A or B, but not for both."
msgstr ""

#: ../../networking2.rst:5050
# 856f012d37d643d8804e106bcbfc20f7
msgid "That IP can't be used for StaticNAT, load balancing, or port forwarding rules for another guest network inside the VPC."
msgstr ""

#: ../../networking2.rst:5055
# 4683db25b3ea4e4188deea16746ee8e9
msgid "Remote access VPN is not supported in VPC networks."
msgstr ""

#: ../../networking2.rst:5058
# d6e7cab15dfe4412bd18e44c210098b5
msgid "Adding a Virtual Private Cloud"
msgstr ""

#: ../../networking2.rst:5060
# aebf60ad9d2040f5a4693f4948d8ee9f
msgid "When creating the VPC, you simply provide the zone and a set of IP addresses for the VPC network address space. You specify this set of addresses in the form of a Classless Inter-Domain Routing (CIDR) block."
msgstr ""

#: ../../networking2.rst:5078
# e96c8770c7a94c51a0e5abf05e27349d
msgid "Click Add VPC. The Add VPC page is displayed as follows:"
msgstr ""

#: ../../networking2.rst:5080
# 5c49f3b134ab451fb0baebec74eb6d02
msgid "|add-vpc.png|"
msgstr ""

#: ../../networking2.rst:5086
# fa0553b67cec41e993031eaa2cfdaf13
msgid "**Name**: A short name for the VPC that you are creating."
msgstr ""

#: ../../networking2.rst:5090
# 97f59ddee9cd4c10bc7c6f87d980837a
msgid "**Description**: A brief description of the VPC."
msgstr ""

#: ../../networking2.rst:5094
# fb51bf0a8fcf42bf90044a947eeb19d5
msgid "**Zone**: Choose the zone where you want the VPC to be available."
msgstr ""

#: ../../networking2.rst:5098
# d7698df9efa0453db3df61a65907f84e
msgid "**Super CIDR for Guest Networks**: Defines the CIDR range for all the tiers (guest networks) within a VPC. When you create a tier, ensure that its CIDR is within the Super CIDR value you enter. The CIDR must be RFC1918 compliant."
msgstr ""

#: ../../networking2.rst:5105
# 927e8a069df94b7ab7c15ce7c08682f2
msgid "**DNS domain for Guest Networks**: If you want to assign a special domain name, specify the DNS suffix. This parameter is applied to all the tiers within the VPC. That implies, all the tiers you create in the VPC belong to the same DNS domain. If the parameter is not specified, a DNS domain name is generated automatically."
msgstr ""

#: ../../networking2.rst:5113
# db3617bea0a7437a98e0ceb8acf7525b
msgid "**Public Load Balancer Provider**: You have two options: VPC Virtual Router and Netscaler."
msgstr ""

#: ../../networking2.rst:5121
# 4cfebf8fa1714d45b8ad960ae9f7ab29
msgid "Adding Tiers"
msgstr ""

#: ../../networking2.rst:5123
# c329d2c258cc49dba5536840ef027842
msgid "Tiers are distinct locations within a VPC that act as isolated networks, which do not have access to other tiers by default. Tiers are set up on different VLANs that can communicate with each other by using a virtual router. Tiers provide inexpensive, low latency network connectivity to other tiers within the VPC."
msgstr ""

#: ../../networking2.rst:5141
#: ../../networking2.rst:6794
# 28ee0841ce014e79a7a281d4bb216ebc
# c6dc02263cdf449d9a13e9076217f576
msgid "All the VPC that you have created for the account is listed in the page."
msgstr ""

#: ../../networking2.rst:5145
# c99084307ecd4209897fc97c610b02b1
msgid "The end users can see their own VPCs, while root and domain admin can see any VPC they are authorized to see."
msgstr ""

#: ../../networking2.rst:5150
#: ../../networking2.rst:6799
# 1470c73ac281442a9cd21cee278957a9
# 7c8420344fe944869eb9ffe03433dc65
msgid "Click the Configure button of the VPC for which you want to set up tiers."
msgstr ""

#: ../../networking2.rst:5155
# c0383203b6324f44bca1f8d64372fd12
msgid "Click Create network."
msgstr ""

#: ../../networking2.rst:5157
# 71dfd71fa8254a17b162b5ecbea81465
msgid "The Add new tier dialog is displayed, as follows:"
msgstr ""

#: ../../networking2.rst:5159
# 74a521a42b084463aec6f5c6b7a135d8
msgid "|add-tier.png|"
msgstr ""

#: ../../networking2.rst:5161
# cd56a1cb2ee5401699918cb0e48192d6
msgid "If you have already created tiers, the VPC diagram is displayed. Click Create Tier to add a new tier."
msgstr ""

#: ../../networking2.rst:5172
# 08999394431847eb807438afe40264eb
msgid "**Name**: A unique name for the tier you create."
msgstr ""

#: ../../networking2.rst:5176
# b1d5cef8af774c368f4db6f7adb35ae4
msgid "**Network Offering**: The following default network offerings are listed: Internal LB, DefaultIsolatedNetworkOfferingForVpcNetworksNoLB, DefaultIsolatedNetworkOfferingForVpcNetworks"
msgstr ""

#: ../../networking2.rst:5181
# a109edde2faf4ec4b1f5de31c2c91472
msgid "In a VPC, only one tier can be created by using LB-enabled network offering."
msgstr ""

#: ../../networking2.rst:5193
# cb1a1e05c80349aba5c29f7eb19fb029
msgid "**VLAN**: The VLAN ID for the tier that the root admin creates."
msgstr ""

#: ../../networking2.rst:5195
# 3a87f69636d34930b6e2382a6c0df8ed
msgid "This option is only visible if the network offering you selected is VLAN-enabled."
msgstr ""

#: ../../networking2.rst:5198
# 94a1b1fbefab4cd88665da31ab04dff5
msgid "For more information, see `\"Assigning VLANs to Isolated Networks\" <hosts.html#assigning-vlans-to-isolated-networks>`_."
msgstr ""

#: ../../networking2.rst:5215
# 2c2c9c5c56b24b02b949731d057ccece
msgid "Continue with configuring access control list for the tier."
msgstr ""

#: ../../networking2.rst:5220
# fe50554812f144079082cb76d478f030
msgid "Configuring Network Access Control List"
msgstr ""

#: ../../networking2.rst:5222
# e6ac09ebbb494a58abe8f4e2b48ab189
msgid "Define Network Access Control List (ACL) on the VPC virtual router to control incoming (ingress) and outgoing (egress) traffic between the VPC tiers, and the tiers and Internet. By default, all incoming traffic to the guest networks is blocked and all outgoing traffic from guest networks is allowed, once you add an ACL rule for outgoing traffic, then only outgoing traffic specified in this ACL rule is allowed, the rest is blocked. To open the ports, you must create a new network ACL. The network ACLs can be created for the tiers only if the NetworkACL service is supported."
msgstr ""

#: ../../networking2.rst:5233
# 98625caa21a9468fa1732748d2a17096
msgid "About Network ACL Lists"
msgstr ""

#: ../../networking2.rst:5235
# 09938c6b069c491ea32225bf40b4c1cb
msgid "In CloudStack terminology, Network ACL is a group of Network ACL items. Network ACL items are nothing but numbered rules that are evaluated in order, starting with the lowest numbered rule. These rules determine whether traffic is allowed in or out of any tier associated with the network ACL. You need to add the Network ACL items to the Network ACL, then associate the Network ACL with a tier. Network ACL is associated with a VPC and can be assigned to multiple VPC tiers within a VPC. A Tier is associated with a Network ACL at all the times. Each tier can be associated with only one ACL."
msgstr ""

#: ../../networking2.rst:5245
# c66744937e154fa482ad3a3e61f312b8
msgid "The default Network ACL is used when no ACL is associated. Default behavior is all the incoming traffic is blocked and outgoing traffic is allowed from the tiers. Default network ACL cannot be removed or modified. Contents of the default Network ACL is:"
msgstr ""

#: ../../networking2.rst:5251
# e83245e0845e43b2974a692e326ac4d0
msgid "Rule"
msgstr ""

#: ../../networking2.rst:5251
# 80ab5b23b00f4d199c8b9abbf436bb6c
msgid "Protocol"
msgstr ""

#: ../../networking2.rst:5251
# fd729c57b4ea4e5eba4b9567d5fb91c0
msgid "Traffic type"
msgstr ""

#: ../../networking2.rst:5251
# c829bf78c58d40288a0ea4fc4372babf
msgid "Action"
msgstr ""

#: ../../networking2.rst:5253
#: ../../networking2.rst:5254
# 428dd3d46f624c17b6333ea245a479d1
# 0044bb0439f34285b617e17b26a24c31
msgid "All"
msgstr ""

#: ../../networking2.rst:5253
# fab35c06087d44a7874a0f5bcd4b49a3
msgid "Ingress"
msgstr ""

#: ../../networking2.rst:5253
#: ../../networking2.rst:5254
# 28a1e4dff1af4530b1bc7247d7231156
# f074d55a63a84bdd93f4679ef5703083
msgid "0.0.0.0/0"
msgstr ""

#: ../../networking2.rst:5254
# b4f811fade53417f914ba70fdda841eb
msgid "Egress"
msgstr ""

#: ../../networking2.rst:5258
# 8cc5201e9ef74389bf852a8c965d8c58
msgid "Creating ACL Lists"
msgstr ""

#: ../../networking2.rst:5321
#: ../../networking2.rst:5363
# 1d2d971c7e064b558d73374bc47d82d0
# 3404c28191eb451a91f3cfa59aefaba4
msgid "Select Network ACL Lists."
msgstr ""

#: ../../networking2.rst:5323
# faf3ffe663364217b1a4616fa0286cf2
msgid "The following default rules are displayed in the Network ACLs page: default\\_allow, default\\_deny."
msgstr ""

#: ../../networking2.rst:5328
# f9e4f48e72cc497a8f9dcdbb42107837
msgid "Click Add ACL Lists, and specify the following:"
msgstr ""

#: ../../networking2.rst:5332
# 90439c9713414c43aa9c2e05eb942726
msgid "**ACL List Name**: A name for the ACL list."
msgstr ""

#: ../../networking2.rst:5336
# d7606f1b49fa42f190dcf0037e7a7f82
msgid "**Description**: A short description of the ACL list that can be displayed to users."
msgstr ""

#: ../../networking2.rst:5340
# 48a4f463117347eb8b319809642e7da8
msgid "Creating an ACL Rule"
msgstr ""

#: ../../networking2.rst:5365
# 2651d622eb634957a6d286e42b35b431
msgid "In addition to the custom ACL lists you have created, the following default rules are displayed in the Network ACLs page: default\\_allow, default\\_deny."
msgstr ""

#: ../../networking2.rst:5371
#: ../../networking2.rst:5495
# 8589eb86d31d49b0b8b3a066e403dea3
# 9fe9f83f4eea466b8c268bff18971db7
msgid "Select the desired ACL list."
msgstr ""

#: ../../networking2.rst:5375
# 526f674e5a544241bfcb69fec29f6b30
msgid "Select the ACL List Rules tab."
msgstr ""

#: ../../networking2.rst:5377
# 6b315c7b1ebe42268824f83af55fae75
msgid "To add an ACL rule, fill in the following fields to specify what kind of network traffic is allowed in the VPC."
msgstr ""

#: ../../networking2.rst:5382
# e9fd41991f514decba25f1e0b8bacf9a
msgid "**Rule Number**: The order in which the rules are evaluated."
msgstr ""

#: ../../networking2.rst:5386
# 74e33543194246e9bf723eb7f8579770
msgid "**CIDR**: The CIDR acts as the Source CIDR for the Ingress rules, and Destination CIDR for the Egress rules. To accept traffic only from or to the IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. The CIDR is the base IP address of the incoming traffic. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0."
msgstr ""

#: ../../networking2.rst:5395
# 56275e37fc8b4caea8702ef3e16f0361
msgid "**Action**: What action to be taken. Allow traffic or block."
msgstr ""

#: ../../networking2.rst:5399
# 3a81766b5639471dad96fc442722931a
msgid "**Protocol**: The networking protocol that sources use to send traffic to the tier. The TCP and UDP protocols are typically used for data exchange and end-user communications. The ICMP protocol is typically used to send error messages or network monitoring data. All supports all the traffic. Other option is Protocol Number."
msgstr ""

#: ../../networking2.rst:5408
# f182719948c24202b52f34f53d6237ca
msgid "**Start Port**, **End Port** (TCP, UDP only): A range of listening ports that are the destination for the incoming traffic. If you are opening a single port, use the same number in both fields."
msgstr ""

#: ../../networking2.rst:5414
# 95cc0c49ceea4d609a66a6f010f464a8
msgid "**Protocol Number**: The protocol number associated with IPv4 or IPv6. For more information, see `Protocol Numbers <http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml>`_."
msgstr ""

#: ../../networking2.rst:5420
# 9557a03428624acd806829547ae0ca87
msgid "**ICMP Type**, **ICMP Code** (ICMP only): The type of message and error code that will be sent."
msgstr ""

#: ../../networking2.rst:5425
# daa0c660c1ee4f7c86a1abd1282d5aa5
msgid "**Traffic Type**: The type of traffic: Incoming or outgoing."
msgstr ""

#: ../../networking2.rst:5429
# 2a986f306a534501ac5ce1869c4879b2
msgid "Click Add. The ACL rule is added."
msgstr ""

#: ../../networking2.rst:5431
# 1ff7a90c1c8b4226b22c2f267b0cd329
msgid "You can edit the tags assigned to the ACL rules and delete the ACL rules you have created. Click the appropriate button in the Details tab."
msgstr ""

#: ../../networking2.rst:5436
# 497f804bbce846e084e10331e6e0079b
msgid "Creating a Tier with Custom ACL List"
msgstr ""

#: ../../networking2.rst:5440
#: ../../networking2.rst:5465
# d0c0bf84620447fc8dfa178137f97b16
# d930dbc632b042b188ba54a843e568f1
msgid "Create a VPC."
msgstr ""

#: ../../networking2.rst:5444
#: ../../networking2.rst:5477
# 25eee7556d974e60bbeb1f18e85c55df
# 6ed43363cfac4b8987d1e2d72304c877
msgid "Create a custom ACL list."
msgstr ""

#: ../../networking2.rst:5448
#: ../../networking2.rst:5481
# 6dcc5bedc2554ba1a3e36b2e2b3645be
# 5463933959af4e5288a81e194a5e6a58
msgid "Add ACL rules to the ACL list."
msgstr ""

#: ../../networking2.rst:5452
#: ../../networking2.rst:5469
# 029e9aecbf464779994d37ec61ad7314
# 0413f59339f64f0b873ba87c7d559a84
msgid "Create a tier in the VPC."
msgstr ""

#: ../../networking2.rst:5454
# d789fdcbc43847f981d99a6c6a203caf
msgid "Select the desired ACL list while creating a tier."
msgstr ""

#: ../../networking2.rst:5461
# d2aee63fb26240c8ab5829112ee254c1
msgid "Assigning a Custom ACL List to a Tier"
msgstr ""

#: ../../networking2.rst:5473
# b0606dffaee64d4994e5e57c20a1c455
msgid "Associate the tier with the default ACL rule."
msgstr ""

#: ../../networking2.rst:5485
# 6113c98ff3804f59808cc2f432c7312e
msgid "Select the tier for which you want to assign the custom ACL."
msgstr ""

#: ../../networking2.rst:5489
# 14772476c28c4746811457f94c763124
msgid "Click the Replace ACL List icon. |replace-acl-icon.png|"
msgstr ""

#: ../../networking2.rst:5491
# c4482d85ed6040e0978d138c1416283a
msgid "The Replace ACL List dialog is displayed."
msgstr ""

#: ../../networking2.rst:5504
# 8abffdce40894b3fafb845f68b82bc74
msgid "Adding a Private Gateway to a VPC"
msgstr ""

#: ../../networking2.rst:5506
# 743a879733de4969814a821843950e18
msgid "A private gateway can be added by the root admin only. The VPC private network has 1:1 relationship with the NIC of the physical network. You can configure multiple private gateways to a single VPC. No gateways with duplicated VLAN and IP are allowed in the same data center."
msgstr ""

#: ../../networking2.rst:5528
# dd777f72c6814da7a4e087c6c8c60cbe
msgid "Click the Configure button of the VPC to which you want to configure load balancing rules."
msgstr ""

#: ../../networking2.rst:5538
#: ../../networking2.rst:5864
#: ../../networking2.rst:5951
# 27478e3646e84848b0ead2c5ad0d50f9
# d08325208f454c9b8c778e4776c4daa3
# bc97c76d6cd648dc9717c2058744a84e
msgid "The following options are displayed."
msgstr ""

#: ../../networking2.rst:5580
# 394a3dcb6e3741b489d58eb9830c71e9
msgid "Select Private Gateways."
msgstr ""

#: ../../networking2.rst:5582
# e4a0570c1e7a471cb5d358378b06e7fe
msgid "The Gateways page is displayed."
msgstr ""

#: ../../networking2.rst:5586
# 6ca2b7325b9e4244a7785ff0e1ddbfd9
msgid "Click Add new gateway:"
msgstr ""

#: ../../networking2.rst:5588
# 1d19d16a595c4323b72e7afcfa725bee
msgid "|add-new-gateway-vpc.png|"
msgstr ""

#: ../../networking2.rst:5596
# 8413e5ef903842ec837e56605289465f
msgid "**Physical Network**: The physical network you have created in the zone."
msgstr ""

#: ../../networking2.rst:5601
# 0a11f680d5cf4a41a7a387b092f56f28
msgid "**IP Address**: The IP address associated with the VPC gateway."
msgstr ""

#: ../../networking2.rst:5605
# fd907890f582482d8e4cf0dd81960ff5
msgid "**Gateway**: The gateway through which the traffic is routed to and from the VPC."
msgstr ""

#: ../../networking2.rst:5610
# 7487738adef9453d85604bfba671fa3f
msgid "**Netmask**: The netmask associated with the VPC gateway."
msgstr ""

#: ../../networking2.rst:5614
# 16e78548659f4f26a1bda70303cc2316
msgid "**VLAN**: The VLAN associated with the VPC gateway."
msgstr ""

#: ../../networking2.rst:5618
# 4cdaeb9a18454c5a91c6210ae427c1a9
msgid "**Source NAT**: Select this option to enable the source NAT service on the VPC private gateway."
msgstr ""

#: ../../networking2.rst:5621
# c6b56cf49a42479893378e9da36129da
msgid "See \":ref:`source-nat-priv-gw`\"."
msgstr ""

#: ../../networking2.rst:5625
# c362a5b1af954f8c9a1fd9e40fb438db
msgid "**ACL**: Controls both ingress and egress traffic on a VPC private gateway. By default, all the traffic is blocked."
msgstr ""

#: ../../networking2.rst:5628
# a6398dc9bed3442296a3f9cac8a90a34
msgid "See \":ref:`acl-priv-gw`\"."
msgstr ""

#: ../../networking2.rst:5630
# b9e1f64ee58f4a9fa3bdd10dd0cfaa4f
msgid "The new gateway appears in the list. You can repeat these steps to add more gateway for this VPC."
msgstr ""

#: ../../networking2.rst:5636
# f6c87880d85a40cfa41db29b98eb2194
msgid "Source NAT on Private Gateway"
msgstr ""

#: ../../networking2.rst:5638
# 5a7c4b197f044c9bbb56e419cc6153a8
msgid "You might want to deploy multiple VPCs with the same super CIDR and guest tier CIDR. Therefore, multiple guest VMs from different VPCs can have the same IPs to reach a enterprise data center through the private gateway. In such cases, a NAT service need to be configured on the private gateway to avoid IP conflicts. If Source NAT is enabled, the guest VMs in VPC reaches the enterprise network via private gateway IP address by using the NAT service."
msgstr ""

#: ../../networking2.rst:5646
# 5a246caddff54fc8aeda076ee6ad6da2
msgid "The Source NAT service on a private gateway can be enabled while adding the private gateway. On deletion of a private gateway, source NAT rules specific to the private gateway are deleted."
msgstr ""

#: ../../networking2.rst:5650
# 7b68b00b8cae40daa6b6e018b007407f
msgid "To enable source NAT on existing private gateways, delete them and create afresh with source NAT."
msgstr ""

#: ../../networking2.rst:5656
# 5eb31def4dea44a8b45223d8bfba9bc1
msgid "ACL on Private Gateway"
msgstr ""

#: ../../networking2.rst:5658
# 43dd38fb6bcb4da99519465cd2fee79e
msgid "The traffic on the VPC private gateway is controlled by creating both ingress and egress network ACL rules. The ACLs contains both allow and deny rules. As per the rule, all the ingress traffic to the private gateway interface and all the egress traffic out from the private gateway interface are blocked."
msgstr ""

#: ../../networking2.rst:5664
# 968f844cb23249299b07710fbdea8328
msgid "You can change this default behaviour while creating a private gateway. Alternatively, you can do the following:"
msgstr ""

#: ../../networking2.rst:5669
#: ../../networking2.rst:5715
# c42acc331624417e9e3770047d128c45
# f426686ca214461286b5b27085ef9e07
msgid "In a VPC, identify the Private Gateway you want to work with."
msgstr ""

#: ../../networking2.rst:5673
# bebf8abea37d4d5da748d4dc7da121e9
msgid "In the Private Gateway page, do either of the following:"
msgstr ""

#: ../../networking2.rst:5677
# 83b961b102be4930990a6f24d2f61788
msgid "Use the Quickview. See 3."
msgstr ""

#: ../../networking2.rst:5681
# af59e46963cc4dfcae44b860b6d546a1
msgid "Use the Details tab. See 4 through ."
msgstr ""

#: ../../networking2.rst:5685
# d774795a1b854c8e9b7b135859f6dc59
msgid "In the Quickview of the selected Private Gateway, click Replace ACL, select the ACL rule, then click OK"
msgstr ""

#: ../../networking2.rst:5690
# 24203d2c129848b3a54d2a2a6f231ce4
msgid "Click the IP address of the Private Gateway you want to work with."
msgstr ""

#: ../../networking2.rst:5694
# 1374de69edfb44449764f2be1dcb29e2
msgid "In the Detail tab, click the Replace ACL button. |replace-acl-icon.png|"
msgstr ""

#: ../../networking2.rst:5697
# 0a1a67c900a645b587377ce0696fcc69
msgid "The Replace ACL dialog is displayed."
msgstr ""

#: ../../networking2.rst:5701
# b054350634fe4a6a93e997e7888de509
msgid "select the ACL rule, then click OK."
msgstr ""

#: ../../networking2.rst:5703
# 89bdf37574754f799764bcd9ea9b8154
msgid "Wait for few seconds. You can see that the new ACL rule is displayed in the Details page."
msgstr ""

#: ../../networking2.rst:5707
# 5156bdb1b2c6423aa03d31c6d234cdbb
msgid "Creating a Static Route"
msgstr ""

#: ../../networking2.rst:5709
# 188c119a7dde4624a113c36b70910b9e
msgid "CloudStack enables you to specify routing for the VPN connection you create. You can enter one or CIDR addresses to indicate which traffic is to be routed back to the gateway."
msgstr ""

#: ../../networking2.rst:5719
# c483d63531ae420796887a1e3a3f5ab3
msgid "In the Private Gateway page, click the IP address of the Private Gateway you want to work with."
msgstr ""

#: ../../networking2.rst:5724
# df50f83dcb434a239f5ce4054573908a
msgid "Select the Static Routes tab."
msgstr ""

#: ../../networking2.rst:5728
# ddbc917d09ae47a1a33bb2e422a41ac8
msgid "Specify the CIDR of destination network."
msgstr ""

#: ../../networking2.rst:5734
# 14be55f3d8354339befda018b8959689
msgid "Wait for few seconds until the new route is created."
msgstr ""

#: ../../networking2.rst:5737
# 4bb61ba3dd1444269d2f517a3d774dac
msgid "Blacklisting Routes"
msgstr ""

#: ../../networking2.rst:5739
# bf15aaf7395c48438bdfb1c5a1b303cd
msgid "CloudStack enables you to block a list of routes so that they are not assigned to any of the VPC private gateways. Specify the list of routes that you want to blacklist in the ``blacklisted.routes`` global parameter. Note that the parameter update affects only new static route creations. If you block an existing static route, it remains intact and continue functioning. You cannot add a static route if the route is blacklisted for the zone."
msgstr ""

#: ../../networking2.rst:5748
# 0331141edca34d0d88619127d2766371
msgid "Deploying VMs to the Tier"
msgstr ""

#: ../../networking2.rst:5770
# 704ce74d41e94806a21f067331377028
msgid "The VPC page is displayed where all the tiers you have created are listed."
msgstr ""

#: ../../networking2.rst:5775
# bb949e6b291d4db5b13cf4fe9834f452
msgid "Click Virtual Machines tab of the tier to which you want to add a VM."
msgstr ""

#: ../../networking2.rst:5777
# 71ad9ca13d4c4362972cdf2637e41c93
msgid "|add-vm-vpc.png|"
msgstr ""

#: ../../networking2.rst:5779
# 2f2516ad2c5942d999843c0a9a68933e
msgid "The Add Instance page is displayed."
msgstr ""

#: ../../networking2.rst:5781
# 1d62201e441d48f788fa541062d4c596
msgid "Follow the on-screen instruction to add an instance. For information on adding an instance, see the Installation Guide."
msgstr ""

#: ../../networking2.rst:5785
# 635c6aa90270428badb026296ec37787
msgid "Deploying VMs to VPC Tier and Shared Networks"
msgstr ""

#: ../../networking2.rst:5787
# dd3534643d7a477c824d8e185d5475e4
msgid "CloudStack allows you deploy VMs on a VPC tier and one or more shared networks. With this feature, VMs deployed in a multi-tier application can receive monitoring services via a shared network provided by a service provider."
msgstr ""

#: ../../networking2.rst:5794
# b14c4ec942684d4d8a32be3cc684ba90
msgid "Log in to the CloudStack UI as an administrator."
msgstr ""

#: ../../networking2.rst:5798
# 47af434606084162a5d43bfca5f9a35c
msgid "In the left navigation, choose Instances."
msgstr ""

#: ../../networking2.rst:5802
# 75908924f9fe449db880b8f340e3e1b9
msgid "Click Add Instance."
msgstr ""

#: ../../networking2.rst:5806
# 1129214998c14deca387e232b2b61a2c
msgid "Select a zone."
msgstr ""

#: ../../networking2.rst:5810
# 447c3075519c4efcb0cce18f747c5fdc
msgid "Select a template or ISO, then follow the steps in the wizard."
msgstr ""

#: ../../networking2.rst:5814
# ac1ff1f49a954b0dbd5cd4e18543ec70
msgid "Ensure that the hardware you have allows starting the selected service offering."
msgstr ""

#: ../../networking2.rst:5819
# 5e9d7d945a51416db45c9d4c136cf660
msgid "Under Networks, select the desired networks for the VM you are launching."
msgstr ""

#: ../../networking2.rst:5822
# 6a193b8ef2e14baab4287c9227dbd94f
msgid "You can deploy a VM to a VPC tier and multiple shared networks."
msgstr ""

#: ../../networking2.rst:5824
# 69378b350f8540138b3659036450b93e
msgid "|addvm-tier-sharednw.png|"
msgstr ""

#: ../../networking2.rst:5828
# c32a2db50b2b44dfa529d303ae7737ca
msgid "Click Next, review the configuration and click Launch."
msgstr ""

#: ../../networking2.rst:5830
# 424cd68b49af4936b7a29172ce8b21c6
msgid "Your VM will be deployed to the selected VPC tier and shared network."
msgstr ""

#: ../../networking2.rst:5833
# a466e870147241b7a6266b24ffb983be
msgid "Acquiring a New IP Address for a VPC"
msgstr ""

#: ../../networking2.rst:5835
# 2469c8b87a5b404695be7cd3d52d8540
msgid "When you acquire an IP address, all IP addresses are allocated to VPC, not to the guest networks within the VPC. The IPs are associated to the guest network only when the first port-forwarding, load balancing, or Static NAT rule is created for the IP or the network. IP can't be associated to more than one network at a time."
msgstr ""

#: ../../networking2.rst:5906
# 20c45cce73544593af8aea069f4556ce
msgid "Select IP Addresses."
msgstr ""

#: ../../networking2.rst:5908
# e00bf099dd75477787b7732cadc10c50
msgid "The Public IP Addresses page is displayed."
msgstr ""

#: ../../networking2.rst:5912
# decf033da44c4b64b64175bbace5e37d
msgid "Click Acquire New IP, and click Yes in the confirmation dialog."
msgstr ""

#: ../../networking2.rst:5914
# f9206ddfd2ad4b9ba496b7bcaa139527
msgid "You are prompted for confirmation because, typically, IP addresses are a limited resource. Within a few moments, the new IP address should appear with the state Allocated. You can now use the IP address in port forwarding, load balancing, and static NAT rules."
msgstr ""

#: ../../networking2.rst:5920
# 1b26f54458754874a03b4d4bf65d1776
msgid "Releasing an IP Address Alloted to a VPC"
msgstr ""

#: ../../networking2.rst:5922
# be262f6b7e5d45269e0940307ba4a209
msgid "The IP address is a limited resource. If you no longer need a particular IP, you can disassociate it from its VPC and return it to the pool of available addresses. An IP address can be released from its tier, only when all the networking ( port forwarding, load balancing, or StaticNAT ) rules are removed for this IP address. The released IP address will still belongs to the same VPC."
msgstr ""

#: ../../networking2.rst:5946
# b689860f9d8243e488f59f407397d0f2
msgid "Click the Configure button of the VPC whose IP you want to release."
msgstr ""

#: ../../networking2.rst:5993
# 275b1067e783409fa57673f2c9079c5f
msgid "Select Public IP Addresses."
msgstr ""

#: ../../networking2.rst:5999
# 03719974990f4be2ab4ef5acfece3c8e
msgid "Click the IP you want to release."
msgstr ""

#: ../../networking2.rst:6003
# 0cfc510897374fe28fa93542914d6cf3
msgid "In the Details tab, click the Release IP button |release-ip-icon.png|"
msgstr ""

#: ../../networking2.rst:6008
# be0f2d3e3f7a4e4485e68f2f4eb4339d
msgid "Enabling or Disabling Static NAT on a VPC"
msgstr ""

#: ../../networking2.rst:6010
# b3b3c30b45744238bdaaee1fe21a6ae1
msgid "A static NAT rule maps a public IP address to the private IP address of a VM in a VPC to allow Internet traffic to it. This section tells how to enable or disable static NAT for a particular IP address in a VPC."
msgstr ""

#: ../../networking2.rst:6043
# 8d4539553a8249e59a6c06a65466159f
msgid "For each tier, the following options are displayed."
msgstr ""

#: ../../networking2.rst:6091
# d38f21f4fa594fc99e3fe3eb6bcaac34
msgid "Click the IP you want to work with."
msgstr ""

#: ../../networking2.rst:6095
# 17644423675640bdafb3f481e66d08cd
msgid "In the Details tab,click the Static NAT button. |enable-disable.png| The button toggles between Enable and Disable, depending on whether static NAT is currently enabled for the IP address."
msgstr ""

#: ../../networking2.rst:6102
# d5a0063d431a449b822e840cf68321c0
msgid "If you are enabling static NAT, a dialog appears as follows:"
msgstr ""

#: ../../networking2.rst:6104
# addd4d2aaf5345c486dcddaf20d41069
msgid "|select-vmstatic-nat.png|"
msgstr ""

#: ../../networking2.rst:6108
# e794f8894d7c4c4fb1d144b53ba3eef5
msgid "Select the tier and the destination VM, then click Apply."
msgstr ""

#: ../../networking2.rst:6111
# d7cc633eb7064d0e98b22cf3441dea8f
msgid "Adding Load Balancing Rules on a VPC"
msgstr ""

#: ../../networking2.rst:6113
# 1690cddd7d4544da8afebf41a357f0f6
msgid "In a VPC, you can configure two types of load balancing: external LB and internal LB. External LB is nothing but a LB rule created to redirect the traffic received at a public IP of the VPC virtual router. The traffic is load balanced within a tier based on your configuration. Citrix NetScaler and VPC virtual router are supported for external LB. When you use internal LB service, traffic received at a tier is load balanced across different VMs within that tier. For example, traffic reached at Web tier is redirected to another VM in that tier. External load balancing devices are not supported for internal LB. The service is provided by a internal LB VM configured on the target tier."
msgstr ""

#: ../../networking2.rst:6125
# 5ab48adf63474d97b4570c40a24420bb
msgid "Load Balancing Within a Tier (External LB)"
msgstr ""

#: ../../networking2.rst:6127
# c70e83e371234131bf11479286cdbb1c
msgid "A CloudStack user or administrator may create load balancing rules that balance traffic received at a public IP to one or more VMs that belong to a network tier that provides load balancing service in a VPC. A user creates a rule, specifies an algorithm, and assigns the rule to a set of VMs within a tier."
msgstr ""

#: ../../networking2.rst:6134
# 793b75511a124eb49bc054c366095f7f
msgid "Enabling NetScaler as the LB Provider on a VPC Tier"
msgstr ""

#: ../../networking2.rst:6138
# 2cba8bc745e44ac4a8d2aaeca47e11f7
msgid "Add and enable Netscaler VPX in dedicated mode."
msgstr ""

#: ../../networking2.rst:6140
# 2994a10476d64a719afb3c651265ac88
msgid "Netscaler can be used in a VPC environment only if it is in dedicated mode."
msgstr ""

#: ../../networking2.rst:6145
# d112b0ba00654e278f9b1475857355b0
msgid "Create a network offering, as given in \":ref:`create-net-offering-ext-lb`\"."
msgstr ""

#: ../../networking2.rst:6149
# 909680d1f1b34b728fbb4a720169c60b
msgid "Create a VPC with Netscaler as the Public LB provider."
msgstr ""

#: ../../networking2.rst:6151
# 7ff9cc3865b44322afc77e6c4c063878
msgid "For more information, see `\"Adding a Virtual Private Cloud\" <#adding-a-virtual-private-cloud>`_."
msgstr ""

#: ../../networking2.rst:6156
# 9f9ae62b0b214cba91857447245a18d6
msgid "For the VPC, acquire an IP."
msgstr ""

#: ../../networking2.rst:6160
# c75b7cc4b3234929a881c47cc9eac788
msgid "Create an external load balancing rule and apply, as given in :ref:`create-ext-lb-rule`."
msgstr ""

#: ../../networking2.rst:6166
# d874e75e8da946b99ed923dcdaed1708
msgid "Creating a Network Offering for External LB"
msgstr ""

#: ../../networking2.rst:6168
# 7f3a18897d37416bb87a733cb3943071
msgid "To have external LB support on VPC, create a network offering as follows:"
msgstr ""

#: ../../networking2.rst:6173
#: ../../networking2.rst:6478
# f8f209ed13a948109fa2bb53a02c1658
# 2681733d801147e687ba507663618ba4
msgid "Log in to the CloudStack UI as a user or admin."
msgstr ""

#: ../../networking2.rst:6177
#: ../../networking2.rst:6482
# bfaeb8a949fb4d25a618540dcc365471
# 6c6e4ac1110442ba9ec325328e96bfb8
msgid "From the Select Offering drop-down, choose Network Offering."
msgstr ""

#: ../../networking2.rst:6185
#: ../../networking2.rst:6490
# 7d4dc49f6e224caa9bee24da2b622a4c
# 8e12000ca5ad480ab9dab674135a18a8
msgid "In the dialog, make the following choices:"
msgstr ""

#: ../../networking2.rst:6189
#: ../../networking2.rst:6494
# 3d9e45006e6b427b94e238e0f793a577
# 066c1cd8d7414486bd0a821ccffc100b
msgid "**Name**: Any desired name for the network offering."
msgstr ""

#: ../../networking2.rst:6193
#: ../../networking2.rst:6498
# acbfe1094f0643fea1072cd746f35188
# f27a5e7e95c64d4b984ce309aaaee266
msgid "**Description**: A short description of the offering that can be displayed to users."
msgstr ""

#: ../../networking2.rst:6198
#: ../../networking2.rst:6503
# 15f09db814bb43e2832e26ce351b9ae6
# d6ebc01d2aea41328bd788a943cea913
msgid "**Network Rate**: Allowed data transfer rate in MB per second."
msgstr ""

#: ../../networking2.rst:6202
#: ../../networking2.rst:6507
# a4945e04912944f89c7073bdac1af7af
# a9b549ff67de4071aad4f568bc2d7d2b
msgid "**Traffic Type**: The type of network traffic that will be carried on the network."
msgstr ""

#: ../../networking2.rst:6207
#: ../../networking2.rst:6512
# aefb9c140bc34d2b9b3c2d433d14c685
# 169e4a6365194916a452f640cf688fb0
msgid "**Guest Type**: Choose whether the guest network is isolated or shared."
msgstr ""

#: ../../networking2.rst:6212
#: ../../networking2.rst:6517
# bdfc22e5126944f5bca7168232a3f3f5
# d937940688b44a349057cd0905cd57b2
msgid "**Persistent**: Indicate whether the guest network is persistent or not. The network that you can provision without having to deploy a VM on it is termed persistent network."
msgstr ""

#: ../../networking2.rst:6218
#: ../../networking2.rst:6523
# 24cbc093f168445995bd443ca153e32c
# b1ee73a6428247b38f74321037409214
msgid "**VPC**: This option indicate whether the guest network is Virtual Private Cloud-enabled. A Virtual Private Cloud (VPC) is a private, isolated part of CloudStack. A VPC can have its own virtual network topology that resembles a traditional physical network. For more information on VPCs, see `\"About Virtual Private Clouds\" <#about-virtual-private-clouds>`_."
msgstr ""

#: ../../networking2.rst:6226
#: ../../networking2.rst:6532
# 4bf8da8a72a240cd858cf9a55cb035ad
# 6db873f4ea9f410fb0a58b146ce86962
msgid "**Specify VLAN**: (Isolated guest networks only) Indicate whether a VLAN should be specified when this offering is used."
msgstr ""

#: ../../networking2.rst:6231
# 1d81bbc322a54e489b5b1da1c925266c
msgid "**Supported Services**: Select Load Balancer. Use Netscaler or VpcVirtualRouter."
msgstr ""

#: ../../networking2.rst:6236
# b7b1ce246f71472ebf576db84b53c0e2
msgid "**Load Balancer Type**: Select Public LB from the drop-down."
msgstr ""

#: ../../networking2.rst:6240
# 7b38714001f849eaac70496b3c171131
msgid "**LB Isolation**: Select Dedicated if Netscaler is used as the external LB provider."
msgstr ""

#: ../../networking2.rst:6245
#: ../../networking2.rst:6546
# f8eb59d83f644c33b8ee256b3cb69be1
# f03b089f4f1442e99afc923137ed1f0f
msgid "**System Offering**: Choose the system service offering that you want virtual routers to use in this network."
msgstr ""

#: ../../networking2.rst:6250
#: ../../networking2.rst:6551
# e2ce12394dea4b1abc2c67c40b3f20ce
# 537aea511f3244d880cd207f11c31028
msgid "**Conserve mode**: Indicate whether to use conserve mode. In this mode, network resources are allocated only when the first virtual machine starts in the network."
msgstr ""

#: ../../networking2.rst:6256
#: ../../networking2.rst:6557
# f89be0d5cb8f47a581ef67c728561fc4
# 05c7f9a8f2fa439ba289bc25ce6430ab
msgid "Click OK and the network offering is created."
msgstr ""

#: ../../networking2.rst:6261
# 492f96c74e934c4385e58a39f4c1633b
msgid "Creating an External LB Rule"
msgstr ""

#: ../../networking2.rst:6280
# b8dd2aecb6fa4106bfed11ed839c7aca
msgid "Click the Configure button of the VPC, for which you want to configure load balancing rules."
msgstr ""

#: ../../networking2.rst:6283
#: ../../networking2.rst:6593
# 522435c1f1414cc18a01df702d9f6281
# bcacf41ce9934ed095e8f719398c45b3
msgid "The VPC page is displayed where all the tiers you created listed in a diagram."
msgstr ""

#: ../../networking2.rst:6343
#: ../../networking2.rst:6737
# 0ccde3dd807a4f04ac772a7cf191a828
# c8b1e6fcd7554efd9584f9488b591a1f
msgid "Select the tier to which you want to apply the rule."
msgstr ""

#: ../../networking2.rst:6355
# 1744ccff1ce1472ea311af081db3ec2f
msgid "**Public Port**: The port that receives the incoming traffic to be balanced."
msgstr ""

#: ../../networking2.rst:6365
#: ../../networking2.rst:6638
# 841c7cfded624598a7091a1eb3f3f894
# 1342d03c9f7e4b4a879cc635b80b627e
msgid "**Algorithm**. Choose the load balancing algorithm you want CloudStack to use. CloudStack supports the following well-known algorithms:"
msgstr ""

#: ../../networking2.rst:6375
#: ../../networking2.rst:6648
# ca0b21cbc71045ef9d692689bdf8753b
# c5c7bc131cb24e8a89af17bc2ee39a95
msgid "Least connections"
msgstr ""

#: ../../networking2.rst:6379
#: ../../networking2.rst:6652
# 6c473e5828a34e0287d62955ca824812
# a9615fbf431b46e4b58d02737e405bca
msgid "Source"
msgstr ""

#: ../../networking2.rst:6383
# 1dc54356abfe4ffa8b1fba11d7728393
msgid "**Stickiness**. (Optional) Click Configure and choose the algorithm for the stickiness policy. See Sticky Session Policies for Load Balancer Rules."
msgstr ""

#: ../../networking2.rst:6389
# 237d74628ed349cf856380cefedd651f
msgid "**Add VMs**: Click Add VMs, then select two or more VMs that will divide the load of incoming traffic, and click Apply."
msgstr ""

#: ../../networking2.rst:6392
# 71e872c5170d4050b696e3ce82700548
msgid "The new load balancing rule appears in the list. You can repeat these steps to add more load balancing rules for this IP address."
msgstr ""

#: ../../networking2.rst:6396
# 4574a620c8424f90a6c9a8c28f5460a1
msgid "Load Balancing Across Tiers"
msgstr ""

#: ../../networking2.rst:6398
# 843b230d3f9d4a50946db6b4012be2cc
msgid "CloudStack supports sharing workload across different tiers within your VPC. Assume that multiple tiers are set up in your environment, such as Web tier and Application tier. Traffic to each tier is balanced on the VPC virtual router on the public side, as explained in `\"Adding Load Balancing Rules on a VPC\" <#adding-load-balancing-rules-on-a-vpc>`_. If you want the traffic coming from the Web tier to the Application tier to be balanced, use the internal load balancing feature offered by CloudStack."
msgstr ""

#: ../../networking2.rst:6408
# 525cb00286734509a00f17f18c86ced6
msgid "How Does Internal LB Work in VPC?"
msgstr ""

#: ../../networking2.rst:6410
# 4cd2c13cae1c4f91876bc2767c81d9a1
msgid "In this figure, a public LB rule is created for the public IP 72.52.125.10 with public port 80 and private port 81. The LB rule, created on the VPC virtual router, is applied on the traffic coming from the Internet to the VMs on the Web tier. On the Application tier two internal load balancing rules are created. An internal LB rule for the guest IP 10.10.10.4 with load balancer port 23 and instance port 25 is configured on the VM, InternalLBVM1. Another internal LB rule for the guest IP 10.10.10.4 with load balancer port 45 and instance port 46 is configured on the VM, InternalLBVM1. Another internal LB rule for the guest IP 10.10.10.6, with load balancer port 23 and instance port 25 is configured on the VM, InternalLBVM2."
msgstr ""

#: ../../networking2.rst:6422
# b3129b5c753047129a01b1ba3c4fede8
msgid "|vpc-lb.png|"
msgstr ""

#: ../../networking2.rst:6429
# 8b1b1a74897143cb88a7542e79cf51f3
msgid "Internal LB and Public LB are mutually exclusive on a tier. If the tier has LB on the public side, then it can't have the Internal LB."
msgstr ""

#: ../../networking2.rst:6434
# 4388c29d8e264047afa9fe7ff8b116fd
msgid "Internal LB is supported just on VPC networks in CloudStack 4.2 release."
msgstr ""

#: ../../networking2.rst:6439
# f446d0a1aad04939840f2e711a509b3e
msgid "Only Internal LB VM can act as the Internal LB provider in CloudStack 4.2 release."
msgstr ""

#: ../../networking2.rst:6444
# f4b320548bdb4614952985433f8b1177
msgid "Network upgrade is not supported from the network offering with Internal LB to the network offering with Public LB."
msgstr ""

#: ../../networking2.rst:6449
# 264141b663754516b518d1f6d1a96ebf
msgid "Multiple tiers can have internal LB support in a VPC."
msgstr ""

#: ../../networking2.rst:6453
# f09c422386a34597a8def34515b103c9
msgid "Only one tier can have Public LB support in a VPC."
msgstr ""

#: ../../networking2.rst:6456
# 028d12b705c040d4a796b5085738d685
msgid "Enabling Internal LB on a VPC Tier"
msgstr ""

#: ../../networking2.rst:6460
# 7c0d2274b60242a58ed2cf1355a72079
msgid "Create a network offering, as given in :ref:`creating-net-offering-internal-lb`."
msgstr ""

#: ../../networking2.rst:6464
# 6c4da6439e3f4b018afd1c51169ab257
msgid "Create an internal load balancing rule and apply, as given in :ref:`create-int-lb-rule`."
msgstr ""

#: ../../networking2.rst:6470
# 7632bb75de7b4419ab26471d1f3e2cdd
msgid "Creating a Network Offering for Internal LB"
msgstr ""

#: ../../networking2.rst:6472
# bb39964280e14e828cb77bd8faad4389
msgid "To have internal LB support on VPC, either use the default offering, DefaultIsolatedNetworkOfferingForVpcNetworksWithInternalLB, or create a network offering as follows:"
msgstr ""

#: ../../networking2.rst:6537
# 8f9488a3121d483a90d04b721d6d1d67
msgid "**Supported Services**: Select Load Balancer. Select ``InternalLbVM`` from the provider list."
msgstr ""

#: ../../networking2.rst:6542
# 10f1614fb17846fc84ab119ba2e48c82
msgid "**Load Balancer Type**: Select Internal LB from the drop-down."
msgstr ""

#: ../../networking2.rst:6562
# 1554f48553a24d8eb75e184a1a3dcaae
msgid "Creating an Internal LB Rule"
msgstr ""

#: ../../networking2.rst:6564
# 7c93f86fe3d04b018ebc0f755fdd3bd9
msgid "When you create the Internal LB rule and applies to a VM, an Internal LB VM, which is responsible for load balancing, is created."
msgstr ""

#: ../../networking2.rst:6567
# c341cb78685b4d799b920d6abfc1379d
msgid "You can view the created Internal LB VM in the Instances page if you navigate to **Infrastructure** > **Zones** > <zone\\_ name> > <physical\\_network\\_name> > **Network Service Providers** > **Internal LB VM**. You can manage the Internal LB VMs as and when required from the location."
msgstr ""

#: ../../networking2.rst:6590
# bb074ba85b95485ab2000aa11bbf8f33
msgid "Locate the VPC for which you want to configure internal LB, then click Configure."
msgstr ""

#: ../../networking2.rst:6598
# 9f89311df2d04728b293005448c4dc44
msgid "Locate the Tier for which you want to configure an internal LB rule, click Internal LB."
msgstr ""

#: ../../networking2.rst:6601
# a048cf82b55a4a65a79b907eddb27da1
msgid "In the Internal LB page, click Add Internal LB."
msgstr ""

#: ../../networking2.rst:6605
# ec4dcfcce0a24d839230f062df3b4b64
msgid "In the dialog, specify the following:"
msgstr ""

#: ../../networking2.rst:6613
# 74434a3d36fb484a804a01e12ce24764
msgid "**Description**: A short description of the rule that can be displayed to users."
msgstr ""

#: ../../networking2.rst:6618
# daed72af843943e9baccd05bcb786a21
msgid "**Source IP Address**: (Optional) The source IP from which traffic originates. The IP is acquired from the CIDR of that particular tier on which you want to create the Internal LB rule. If not specified, the IP address is automatically allocated from the network CIDR."
msgstr ""

#: ../../networking2.rst:6624
# 15b760898c8e4743b7a45bdb78cc5d29
msgid "For every Source IP, a new Internal LB VM is created for load balancing."
msgstr ""

#: ../../networking2.rst:6629
# 7d4fda85029c411f98060e303e433ebe
msgid "**Source Port**: The port associated with the source IP. Traffic on this port is load balanced."
msgstr ""

#: ../../networking2.rst:6634
# b8760e9c1eb746b98a4deb723cad698b
msgid "**Instance Port**: The port of the internal LB VM."
msgstr ""

#: ../../networking2.rst:6655
# eb41a8a1275d4f319cf708bbc6cbd615
msgid "Adding a Port Forwarding Rule on a VPC"
msgstr ""

#: ../../networking2.rst:6745
# b7b954709aca4ed4b65909249a1445cf
msgid "**Public Port**: The port to which public traffic will be addressed on the IP address you acquired in the previous step."
msgstr ""

#: ../../networking2.rst:6750
# 3457f6b6eb9945b2adb0a5de7deafea8
msgid "**Private Port**: The port on which the instance is listening for forwarded public traffic."
msgstr ""

#: ../../networking2.rst:6755
# 109d7b5b794343e3b14449585d750125
msgid "**Protocol**: The communication protocol in use between the two ports."
msgstr ""

#: ../../networking2.rst:6760
# a52983a3295b440e854b8e8de723ab47
msgid "TCP"
msgstr ""

#: ../../networking2.rst:6764
# a80d548790614268b9a37014436e3b33
msgid "UDP"
msgstr ""

#: ../../networking2.rst:6768
# 3045d1ed30694200ab89150942fe8a6a
msgid "**Add VM**: Click Add VM. Select the name of the instance to which this rule applies, and click Apply."
msgstr ""

#: ../../networking2.rst:6771
# 4b9ed6535e914dd89e1a04c8c2f345d7
msgid "You can test the rule by opening an SSH session to the instance."
msgstr ""

#: ../../networking2.rst:6774
# 4a6c93a072f04111a01f85167fd2755d
msgid "Removing Tiers"
msgstr ""

#: ../../networking2.rst:6776
# 5142d19ad4794b65970714b4e4bbbec5
msgid "You can remove a tier from a VPC. A removed tier cannot be revoked. When a tier is removed, only the resources of the tier are expunged. All the network rules (port forwarding, load balancing and staticNAT) and the IP addresses associated to the tier are removed. The IP address still be belonging to the same VPC."
msgstr ""

#: ../../networking2.rst:6802
# 7c041faaebfa4ddab0237d7749ac57b0
msgid "The Configure VPC page is displayed. Locate the tier you want to work with."
msgstr ""

#: ../../networking2.rst:6807
# df27c86ec4a94161b3370aae61a474f0
msgid "Select the tier you want to remove."
msgstr ""

#: ../../networking2.rst:6811
# 36316512ad134fdd8cf52cee54ea5230
msgid "In the Network Details tab, click the Delete Network button. |del-tier.png|"
msgstr ""

#: ../../networking2.rst:6814
# 50fe8c3d59b048c5b83145acbe8be4e5
msgid "Click Yes to confirm. Wait for some time for the tier to be removed."
msgstr ""

#: ../../networking2.rst:6817
# 2946ed6a189c43f58b6c443a883de36f
msgid "Editing, Restarting, and Removing a Virtual Private Cloud"
msgstr ""

#: ../../networking2.rst:6819
# 41e51cc9e9d14164a66fb7e95f9f8a12
msgid "Ensure that all the tiers are removed before you remove a VPC."
msgstr ""

#: ../../networking2.rst:6838
# 98e5e7fe7bff4cb18c826b8a17fbca71
msgid "Select the VPC you want to work with."
msgstr ""

#: ../../networking2.rst:6842
# fdc4b5db10a245f68c46b4793a5b052e
msgid "In the Details tab, click the Remove VPC button |remove-vpc.png|"
msgstr ""

#: ../../networking2.rst:6844
# 3fabd3a8fb6b4546887df7e7f8c4212c
msgid "You can remove the VPC by also using the remove button in the Quick View."
msgstr ""

#: ../../networking2.rst:6847
# 8f6ce6f0fc7943e8965aeb7c157eef28
msgid "You can edit the name and description of a VPC. To do that, select the VPC, then click the Edit button. |edit-icon.png|"
msgstr ""

#: ../../networking2.rst:6850
# 44868ef425a9478c9a51b13b823cb75d
msgid "To restart a VPC, select the VPC, then click the Restart button. |restart-vpc.png|"
msgstr ""

#: ../../networking2.rst:6854
# f535c4d4c6e542569b645467558a84ba
msgid "Persistent Networks"
msgstr ""

#: ../../networking2.rst:6856
# ac16a1f817024aa4ba3804fcab51f851
msgid "The network that you can provision without having to deploy any VMs on it is called a persistent network. A persistent network can be part of a VPC or a non-VPC environment."
msgstr ""

#: ../../networking2.rst:6860
# 69a29ed2704f4f48b0796699ad7a36eb
msgid "When you create other types of network, a network is only a database entry until the first VM is created on that network. When the first VM is created, a VLAN ID is assigned and the network is provisioned. Also, when the last VM is destroyed, the VLAN ID is released and the network is no longer available. With the addition of persistent network, you will have the ability to create a network in CloudStack in which physical devices can be deployed without having to run any VMs. Additionally, you can deploy physical devices on that network."
msgstr ""

#: ../../networking2.rst:6869
# 58f4be07725f415581616cb03772a7a7
msgid "One of the advantages of having a persistent network is that you can create a VPC with a tier consisting of only physical devices. For example, you might create a VPC for a three-tier application, deploy VMs for Web and Application tier, and use physical machines for the Database tier. Another use case is that if you are providing services by using physical hardware, you can define the network as persistent and therefore even if all its VMs are destroyed the services will not be discontinued."
msgstr ""

#: ../../networking2.rst:6879
# 8ff007bee6954fe199b3c83d78392acf
msgid "Persistent Network Considerations"
msgstr ""

#: ../../networking2.rst:6883
# f6f834bfef49425085d2d0742d6ef874
msgid "Persistent network is designed for isolated networks."
msgstr ""

#: ../../networking2.rst:6887
# 0bb5d0eb31464beaa3c07b2ff9af3aa2
msgid "All default network offerings are non-persistent."
msgstr ""

#: ../../networking2.rst:6891
# 5051557b950f477e8d115a69bf8150d4
msgid "A network offering cannot be editable because changing it affects the behavior of the existing networks that were created using this network offering."
msgstr ""

#: ../../networking2.rst:6897
# 593697221e614fe980bca6c00979e531
msgid "When you create a guest network, the network offering that you select defines the network persistence. This in turn depends on whether persistent network is enabled in the selected network offering."
msgstr ""

#: ../../networking2.rst:6903
# 34302861eff548dd9e9007020f1c927b
msgid "An existing network can be made persistent by changing its network offering to an offering that has the Persistent option enabled. While setting this property, even if the network has no running VMs, the network is provisioned."
msgstr ""

#: ../../networking2.rst:6910
# e3974307d7cd464eb0a6028ee8f57e4b
msgid "An existing network can be made non-persistent by changing its network offering to an offering that has the Persistent option disabled. If the network has no running VMs, during the next network garbage collection run the network is shut down."
msgstr ""

#: ../../networking2.rst:6917
# 1c9032badc034107b57250169a03a890
msgid "When the last VM on a network is destroyed, the network garbage collector checks if the network offering associated with the network is persistent, and shuts down the network only if it is non-persistent."
msgstr ""

#: ../../networking2.rst:6923
# 56e305bc255e4c999e504e5acb010e4f
msgid "Creating a Persistent Guest Network"
msgstr ""

#: ../../networking2.rst:6925
# 8ce284f6e33a44e5860a579e00f4fc80
msgid "To create a persistent network, perform the following:"
msgstr ""

#: ../../networking2.rst:6929
# e3ce54a0de2342309210a549828f25b0
msgid "Create a network offering with the Persistent option enabled."
msgstr ""

#: ../../networking2.rst:6931
# 916c1c8c0ef34df2868a5a38c4dd609a
msgid "See `\"Creating a New Network Offering\" <networking.html#creating-a-new-network-offering>`_."
msgstr ""

#: ../../networking2.rst:6935
# 2fd5e35855fe4fa4bae6d7cc0d53b7d8
msgid "Select Network from the left navigation pane."
msgstr ""

#: ../../networking2.rst:6939
# 37e16c8d0d9044dbb0f2d02677062c8d
msgid "Select the guest network that you want to offer this network service to."
msgstr ""

#: ../../networking2.rst:6944
# 5fbd5c95b15941c29f95b337f8ebade8
msgid "Click the Edit button."
msgstr ""

#: ../../networking2.rst:6948
# 706e3f3239cb45f2a6f669847cf5c0ff
msgid "From the Network Offering drop-down, select the persistent network offering you have just created."
msgstr ""