| <?xml version='1.0' encoding='utf-8' ?> |
| <!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ |
| <!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> |
| %BOOK_ENTITIES; |
| ]> |
| |
| <!-- Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| <section id="creating-network-offerings"> |
| <title>Creating a New Network Offering</title> |
| <para>To create a network offering:</para> |
| <orderedlist> |
| <listitem> |
| <para>Log in with admin privileges to the &PRODUCT; UI.</para> |
| </listitem> |
| <listitem> |
| <para>In the left navigation bar, click Service Offerings.</para> |
| </listitem> |
| <listitem> |
| <para>In Select Offering, choose Network Offering.</para> |
| </listitem> |
| <listitem> |
| <para>Click Add Network Offering.</para> |
| </listitem> |
| <listitem> |
| <para>In the dialog, make the following choices:</para> |
| <itemizedlist> |
| <listitem> |
| <para><emphasis role="bold">Name</emphasis>. Any desired name for the network |
| offering.</para> |
| </listitem> |
| <listitem> |
| <para><emphasis role="bold">Description</emphasis>. A short description of the offering |
| that can be displayed to users.</para> |
| </listitem> |
| <listitem> |
| <para><emphasis role="bold">Network Rate</emphasis>. Allowed data transfer rate in MB per |
| second.</para> |
| </listitem> |
| <listitem> |
| <para><emphasis role="bold">Guest Type</emphasis>. Choose whether the guest network is |
| isolated or shared. </para> |
| <para condition="admin">For a description of this term, see <xref |
| linkend="about-virtual-networks"/>.</para> |
| <para condition="install">For a description of this term, see the Administration Guide. |
| </para> |
| </listitem> |
| <listitem> |
| <para><emphasis role="bold">Persistent</emphasis>. Indicate whether the guest network is |
| persistent or not. The network that you can provision without having to deploy a VM on |
| it is termed persistent network. For more information, see <xref |
| linkend="persistent-network"/>.</para> |
| </listitem> |
| <listitem> |
| <para><emphasis role="bold">Specify VLAN</emphasis>. (Isolated guest networks only) |
| Indicate whether a VLAN could be specified when this offering is used. If you select |
| this option and later use this network offering while creating a VPC tier or an isolated |
| network, you will be able to specify a VLAN ID for the network you create.</para> |
| </listitem> |
| <listitem> |
| <para><emphasis role="bold">VPC</emphasis>. This option indicate whether the guest network |
| is Virtual Private Cloud-enabled. A Virtual Private Cloud (VPC) is a private, isolated |
| part of &PRODUCT;. A VPC can have its own virtual network topology that resembles a |
| traditional physical network. For more information on VPCs, see <xref linkend="vpc"/>.</para> |
| </listitem> |
| <listitem> |
| <para><emphasis role="bold">Supported Services</emphasis>. Select one or more of the |
| possible network services. For some services, you must also choose the service provider; |
| for example, if you select Load Balancer, you can choose the &PRODUCT; virtual router or |
| any other load balancers that have been configured in the cloud. Depending on which |
| services you choose, additional fields may appear in the rest of the dialog box.</para> |
| <para>Based on the guest network type selected, you can see the following supported |
| services:</para> |
| <informaltable> |
| <tgroup cols="4" align="left" colsep="1" rowsep="1"> |
| <thead> |
| <row> |
| <entry><para>Supported Services</para></entry> |
| <entry><para>Description</para></entry> |
| <entry><para>Isolated</para></entry> |
| <entry><para>Shared</para></entry> |
| </row> |
| </thead> |
| <tbody> |
| <row> |
| <entry><para>DHCP</para></entry> |
| <entry><para>For more information, see <xref linkend="dns-dhcp"/>.</para></entry> |
| <entry><para>Supported</para></entry> |
| <entry><para>Supported</para></entry> |
| </row> |
| <row> |
| <entry><para>DNS</para></entry> |
| <entry><para>For more information, see <xref linkend="dns-dhcp"/>.</para></entry> |
| <entry><para>Supported</para></entry> |
| <entry><para>Supported</para></entry> |
| </row> |
| <row> |
| <entry><para>Load Balancer</para></entry> |
| <entry><para>If you select Load Balancer, you can choose the &PRODUCT; virtual |
| router or any other load balancers that have been configured in the |
| cloud.</para></entry> |
| <entry><para>Supported</para></entry> |
| <entry><para>Supported</para></entry> |
| </row> |
| <row> |
| <entry><para>Firewall</para></entry> |
| <entry><para condition="install">For more information, see <xref |
| linkend="firewall-rules"/>.</para> |
| <para condition="admin">For more information, see the Administration |
| Guide.</para></entry> |
| <entry><para>Supported</para></entry> |
| <entry><para>Supported</para></entry> |
| </row> |
| <row> |
| <entry><para>Source NAT</para></entry> |
| <entry><para>If you select Source NAT, you can choose the &PRODUCT; virtual router |
| or any other Source NAT providers that have been configured in the |
| cloud.</para></entry> |
| <entry><para>Supported</para></entry> |
| <entry><para>Supported</para></entry> |
| </row> |
| <row> |
| <entry><para>Static NAT</para></entry> |
| <entry><para>If you select Static NAT, you can choose the &PRODUCT; virtual router |
| or any other Static NAT providers that have been configured in the |
| cloud.</para></entry> |
| <entry><para>Supported</para></entry> |
| <entry><para>Supported</para></entry> |
| </row> |
| <row> |
| <entry><para>Port Forwarding</para></entry> |
| <entry><para>If you select Port Forwarding, you can choose the &PRODUCT; virtual |
| router or any other Port Forwarding providers that have been configured in the |
| cloud.</para></entry> |
| <entry><para>Supported</para></entry> |
| <entry><para>Not Supported</para></entry> |
| </row> |
| <row> |
| <entry><para>VPN</para></entry> |
| <entry><para>For more information, see <xref linkend="vpn"/>.</para></entry> |
| <entry><para>Supported</para></entry> |
| <entry><para>Not Supported</para></entry> |
| </row> |
| <row> |
| <entry><para>User Data</para></entry> |
| <entry><para condition="admin">For more information, see <xref |
| linkend="user-data-and-meta-data"/>.</para> |
| <para condition="install">For more information, see the Administration |
| Guide.</para></entry> |
| <entry><para>Not Supported</para></entry> |
| <entry><para>Supported</para></entry> |
| </row> |
| <row> |
| <entry><para>Network ACL</para></entry> |
| <entry><para>For more information, see <xref linkend="configure-acl" |
| />.</para></entry> |
| <entry><para>Supported</para></entry> |
| <entry><para>Not Supported</para></entry> |
| </row> |
| <row> |
| <entry><para>Security Groups</para></entry> |
| <entry><para>For more information, see <xref linkend="add-security-group" |
| />.</para></entry> |
| <entry><para>Not Supported</para></entry> |
| <entry><para>Supported</para></entry> |
| </row> |
| </tbody> |
| </tgroup> |
| </informaltable> |
| </listitem> |
| <listitem> |
| <para><emphasis role="bold">System Offering</emphasis>. If the service provider for any of |
| the services selected in Supported Services is a virtual router, the System Offering |
| field appears. Choose the system service offering that you want virtual routers to use |
| in this network. For example, if you selected Load Balancer in Supported Services and |
| selected a virtual router to provide load balancing, the System Offering field appears |
| so you can choose between the &PRODUCT; default system service offering and any custom |
| system service offerings that have been defined by the &PRODUCT; root |
| administrator.</para> |
| <para condition="admin">For more information, see <xref linkend="system-service-offerings"/>.</para> |
| <para condition="install">For more information, see the Administration Guide.</para> |
| </listitem> |
| <listitem> |
| <para><emphasis role="bold">LB Isolation</emphasis>: Specify what type of load balancer |
| isolation you want for the network: Shared or Dedicated.</para> |
| <para><emphasis role="bold">Dedicated</emphasis>: If you select dedicated LB isolation, a |
| dedicated load balancer device is assigned for the network from the pool of dedicated |
| load balancer devices provisioned in the zone. If no sufficient dedicated load balancer |
| devices are available in the zone, network creation fails. Dedicated device is a good |
| choice for the high-traffic networks that make full use of the device's |
| resources.</para> |
| <para><emphasis role="bold">Shared</emphasis>: If you select shared LB isolation, a shared |
| load balancer device is assigned for the network from the pool of shared load balancer |
| devices provisioned in the zone. While provisioning &PRODUCT; picks the shared load |
| balancer device that is used by the least number of accounts. Once the device reaches |
| its maximum capacity, the device will not be allocated to a new account.</para> |
| </listitem> |
| <listitem> |
| <para><emphasis role="bold">Mode</emphasis>: You can select either Inline mode or Side by |
| Side mode:</para> |
| <para><emphasis role="bold">Inline mode</emphasis>: Supported only for Juniper SRX |
| firewall and BigF5 load balancer devices. In inline mode, a firewall device is placed in |
| front of a load balancing device. The firewall acts as the gateway for all the incoming |
| traffic, then redirect the load balancing traffic to the load balancer behind it. The |
| load balancer in this case will not have the direct access to the public network. </para> |
| <para><emphasis role="bold">Side by Side</emphasis>: In side by side mode, a firewall |
| device is deployed in parallel with the load balancer device. So the traffic to the load |
| balancer public IP is not routed through the firewall, and therefore, is exposed to the |
| public network.</para> |
| </listitem> |
| <listitem> |
| <para><emphasis role="bold">Associate Public IP</emphasis>: Select this option if you want |
| to assign a public IP address to the VMs deployed in the guest network. This option is |
| available only if</para> |
| <itemizedlist> |
| <listitem> |
| <para>Guest network is shared.</para> |
| </listitem> |
| <listitem> |
| <para>StaticNAT is enabled.</para> |
| </listitem> |
| <listitem> |
| <para>Elastic IP is enabled.</para> |
| </listitem> |
| </itemizedlist> |
| <para>For information on Elastic IP, see <xref linkend="elastic-ip"/>.</para> |
| </listitem> |
| <listitem> |
| <para><emphasis role="bold">Redundant router capability</emphasis>: Available only when |
| Virtual Router is selected as the Source NAT provider. Select this option if you want to |
| use two virtual routers in the network for uninterrupted connection: one operating as |
| the master virtual router and the other as the backup. The master virtual router |
| receives requests from and sends responses to the user’s VM. The backup virtual router |
| is activated only when the master is down. After the failover, the backup becomes the |
| master virtual router. &PRODUCT; deploys the routers on different hosts to ensure |
| reliability if one host is down.</para> |
| </listitem> |
| <listitem> |
| <para><emphasis role="bold">Conserve mode</emphasis>: Indicate whether to use conserve |
| mode. In this mode, network resources are allocated only when the first virtual machine |
| starts in the network. When conservative mode is off, the public IP can only be used for |
| a single service. For example, a public IP used for a port forwarding rule cannot be |
| used for defining other services, such as StaticNAT or load balancing. When the conserve |
| mode is on, you can define more than one service on the same public IP.</para> |
| <note> |
| <para>If StaticNAT is enabled, irrespective of the status of the conserve mode, no port |
| forwarding or load balancing rule can be created for the IP. However, you can add the |
| firewall rules by using the createFirewallRule command.</para> |
| </note> |
| </listitem> |
| <listitem> |
| <para><emphasis role="bold">Tags</emphasis>: Network tag to specify which physical network |
| to use.</para> |
| </listitem> |
| <listitem> |
| <para><emphasis role="bold">Default egress policy</emphasis>: Configure the default policy |
| for firewall egress rules. Options are Allow and Deny. Default is Allow if no egress |
| policy is specified, which indicates that all the egress traffic is accepted when a |
| guest network is created from this offering. </para> |
| <para>To block the egress traffic for a guest network, select Deny. In this case, when you |
| configure an egress rules for an isolated guest network, rules are added to allow the |
| specified traffic.</para> |
| </listitem> |
| </itemizedlist> |
| </listitem> |
| <listitem> |
| <para>Click Add.</para> |
| </listitem> |
| </orderedlist> |
| </section> |