source/adminguide/locale/pot/networking_and_traffic.pot

# SOME DESCRIPTIVE TITLE.
# Copyright (C) 
# This file is distributed under the same license as the Apache CloudStack Administration Documentation package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: Apache CloudStack Administration Documentation 4\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2014-06-30 12:52+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#: ../../networking_and_traffic.rst:18
# 2e88968824744a699d5b9e641bba935c
msgid "Managing Networks and Traffic"
msgstr ""

#: ../../networking_and_traffic.rst:20
# 5f4766ac0c9e42fb808ce551ae256f24
msgid "In a CloudStack, guest VMs can communicate with each other using shared infrastructure with the security and user perception that the guests have a private LAN. The CloudStack virtual router is the main component providing networking features for guest traffic."
msgstr ""

#: ../../networking/guest_traffic.rst:18
# 547c4ea0a4df4369904d3e89102a2ff0
msgid "Guest Traffic"
msgstr ""

#: ../../networking/guest_traffic.rst:20
# 66d2b2ce8a6e4cd2a1129c71097c9ffd
msgid "A network can carry guest traffic only between VMs within one zone. Virtual machines in different zones cannot communicate with each other using their IP addresses; they must communicate with each other by routing through a public IP address."
msgstr ""

#: ../../networking/guest_traffic.rst:25
# d283edc27a994358b1d82be3efe292b3
msgid "See a typical guest traffic setup given below:"
msgstr ""

#: ../../networking/guest_traffic.rst:27
# 585953ea4f7741d289a4d3930fbea7f8
msgid "|guest-traffic-setup.png|"
msgstr ""

#: ../../networking/guest_traffic.rst:29
# 231054f3bb304ca8b569aae0ca379d62
msgid "Typically, the Management Server automatically creates a virtual router for each network. A virtual router is a special virtual machine that runs on the hosts. Each virtual router in an isolated network has three network interfaces. If multiple public VLAN is used, the router will have multiple public interfaces. Its eth0 interface serves as the gateway for the guest traffic and has the IP address of 10.1.1.1. Its eth1 interface is used by the system to configure the virtual router. Its eth2 interface is assigned a public IP address for public traffic. If multiple public VLAN is used, the router will have multiple public interfaces."
msgstr ""

#: ../../networking/guest_traffic.rst:40
# fac52c70fa3c497faa044acd49d26532
msgid "The virtual router provides DHCP and will automatically assign an IP address for each guest VM within the IP range assigned for the network. The user can manually reconfigure guest VMs to assume different IP addresses."
msgstr ""

#: ../../networking/guest_traffic.rst:45
# 60254b35a5ca48dcb79bab826da4a5ab
msgid "Source NAT is automatically configured in the virtual router to forward outbound traffic for all guest VMs"
msgstr ""

#: ../../networking/networking_in_pod.rst:18
# ffe1b004a96f43bc974d111d3a433cce
msgid "Networking in a Pod"
msgstr ""

#: ../../networking/networking_in_pod.rst:20
# b0f1a12d5e7543ab99e1e3a70c348c57
msgid "The figure below illustrates network setup within a single pod. The hosts are connected to a pod-level switch. At a minimum, the hosts should have one physical uplink to each switch. Bonded NICs are supported as well. The pod-level switch is a pair of redundant gigabit switches with 10 G uplinks."
msgstr ""

#: ../../networking/networking_in_pod.rst:26
# fa46cc84fe1b4d539c299613f2ea90f8
msgid "|networksinglepod.png|"
msgstr ""

#: ../../networking/networking_in_pod.rst:28
# 0b80653796454fe7b33fc3de812c6200
msgid "Servers are connected as follows:"
msgstr ""

#: ../../networking/networking_in_pod.rst:30
# 91c1e31402e44614ac425a77ffd95c12
msgid "Storage devices are connected to only the network that carries management traffic."
msgstr ""

#: ../../networking/networking_in_pod.rst:33
# 7c9c0e94df7a4c19b6cd106477d3162b
msgid "Hosts are connected to networks for both management traffic and public traffic."
msgstr ""

#: ../../networking/networking_in_pod.rst:36
# ab64d976f00e480885bb92e5d544d3ec
msgid "Hosts are also connected to one or more networks carrying guest traffic."
msgstr ""

#: ../../networking/networking_in_pod.rst:39
# 2d032fc9112345a8b2b9c78d5f64a723
msgid "We recommend the use of multiple physical Ethernet cards to implement each network interface as well as redundant switch fabric in order to maximize throughput and improve reliability."
msgstr ""

#: ../../networking/networking_in_zone.rst:18
# 34f26bc9bb954421b5a49ea5148512a1
msgid "Networking in a Zone"
msgstr ""

#: ../../networking/networking_in_zone.rst:20
# 42aa6b7f996f49748a02f70fa69cac5d
msgid "The following figure illustrates the network setup within a single zone."
msgstr ""

#: ../../networking/networking_in_zone.rst:22
# cec13401ef5743db802dc373651f4cee
msgid "|networksetupzone.png|"
msgstr ""

#: ../../networking/networking_in_zone.rst:24
# caf254a7b27b483ab945007e27ab2454
msgid "A firewall for management traffic operates in the NAT mode. The network typically is assigned IP addresses in the 192.168.0.0/16 Class B private address space. Each pod is assigned IP addresses in the 192.168.\\*.0/24 Class C private address space."
msgstr ""

#: ../../networking/networking_in_zone.rst:29
# 0de7f4a8ad2349cc87a373a814392846
msgid "Each zone has its own set of public IP addresses. Public IP addresses from different zones do not overlap."
msgstr ""

#: ../../networking/basic_zone_config.rst:19
# 8133c02743444c1691e584fe82e3dbdb
msgid "Basic Zone Physical Network Configuration"
msgstr ""

#: ../../networking/basic_zone_config.rst:21
# 501779cb0c9441e4a29799acb6518b3e
msgid "In a basic network, configuring the physical network is fairly straightforward. You only need to configure one guest network to carry traffic that is generated by guest VMs. When you first add a zone to CloudStack, you set up the guest network through the Add Zone screens."
msgstr ""

#: ../../networking/advanced_zone_config.rst:19
# 309e851c308a4e6eb88d0b9cb9eca1a4
msgid "Advanced Zone Physical Network Configuration"
msgstr ""

#: ../../networking/advanced_zone_config.rst:21
# 5ba22edac905490bac4351986297202e
msgid "Within a zone that uses advanced networking, you need to tell the Management Server how the physical network is set up to carry different kinds of traffic in isolation."
msgstr ""

#: ../../networking/advanced_zone_config.rst:27
# 7433a105cf0f4c4a8b5eb2d1b71b5278
msgid "Configure Guest Traffic in an Advanced Zone"
msgstr ""

#: ../../networking/advanced_zone_config.rst:29
# 0479d8eccf0646bda9f39cac51ca890c
msgid "These steps assume you have already logged in to the CloudStack UI. To configure the base guest network:"
msgstr ""

#: ../../networking/advanced_zone_config.rst:32
# 6a02a9096d534a41aa433f728dd55749
msgid "In the left navigation, choose Infrastructure. On Zones, click View More, then click the zone to which you want to add a network."
msgstr ""

#: ../../networking/advanced_zone_config.rst:35
#: ../../networking/advanced_zone_config.rst:87
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:145
# 9d184022aba349b2aa9aeb49c5222497
# e23a8b99ae3d4beb87a9db4e87291025
# 367ee4d166f843e6b790c71cbbf8f9e3
msgid "Click the Network tab."
msgstr ""

#: ../../networking/advanced_zone_config.rst:37
#: ../../networking/advanced_zone_config.rst:89
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:147
# 3245c61546fe4a81bc5e6e8a09167804
# aeb508d106f6462bbdae174ca0a17b83
# b07a9c22d66f4cd59a846a846778af53
msgid "Click Add guest network."
msgstr ""

#: ../../networking/advanced_zone_config.rst:39
# be8bee6943514afda63cb052034b5613
msgid "The Add guest network window is displayed:"
msgstr ""

#: ../../networking/advanced_zone_config.rst:41
# 1c4523333dc64212b845c2b6912c260c
msgid "|addguestnetwork.png|"
msgstr ""

#: ../../networking/advanced_zone_config.rst:43
#: ../../networking/remote_access_vpn.rst:311
#: ../../networking/virtual_private_cloud_config.rst:189
# acadf5b43bd44355836e260ef18944cb
# 914acc88287948198f6d2e928d524cff
# 00444541c712470cabb10e4c18d44754
msgid "Provide the following information:"
msgstr ""

#: ../../networking/advanced_zone_config.rst:45
# 3a472c2f7bd74e88894a25b50b2ecc0b
msgid "**Name**: The name of the network. This will be user-visible"
msgstr ""

#: ../../networking/advanced_zone_config.rst:47
# cd0d4d5ebb2843508a34eef3fa3cbf95
msgid "**Display Text**: The description of the network. This will be user-visible"
msgstr ""

#: ../../networking/advanced_zone_config.rst:50
# 458b580931c147f39c8754144178743c
msgid "**Zone**: The zone in which you are configuring the guest network."
msgstr ""

#: ../../networking/advanced_zone_config.rst:52
# 5a598415cdd64826baeb7bf89f1d991e
msgid "**Network offering**: If the administrator has configured multiple network offerings, select the one you want to use for this network"
msgstr ""

#: ../../networking/advanced_zone_config.rst:55
# 1bd47cc800e74d299fd0a2f14dc79b82
msgid "**Guest Gateway**: The gateway that the guests should use"
msgstr ""

#: ../../networking/advanced_zone_config.rst:57
# dbd235f763be4ac3bd961dfeab6a4119
msgid "**Guest Netmask**: The netmask in use on the subnet the guests will use"
msgstr ""

#: ../../networking/advanced_zone_config.rst:60
#: ../../networking/public_ips_and_vlans_for_accounts.rst:115
#: ../../networking/portable_ips.rst:84
#: ../../networking/multiple_subnets_in_shared_network.rst:95
#: ../../networking/security_groups.rst:72
#: ../../networking/global_server_load_balancing.rst:371
#: ../../networking/ip_forwarding_and_firewalling.rst:215
#: ../../networking/remote_access_vpn.rst:402
#: ../../networking/remote_access_vpn.rst:425
#: ../../networking/virtual_private_cloud_config.rst:211
#: ../../networking/virtual_private_cloud_config.rst:281
#: ../../networking/virtual_private_cloud_config.rst:455
#: ../../networking/virtual_private_cloud_config.rst:479
#: ../../networking/persistent_networks.rst:94
# 7a600295ac7141be85b91494277f8bae
# 1699ac2b1b66466896e3e308100bc131
# c2b6ddd6457b41cda3df2cbb62cbb901
# 3929bccca11f489993ac83ea79cc8f48
# c6b55626cac14e82aa807bfced97b64d
# 46ab1fed30c44cb386441db1762dd430
# 4562b7f8a5e64cf78cdd7c58d62866fc
# 692b7464148b43a49edb927fbd74fd4b
# 70bd2e1ea0524a7882ca8a0d1d607829
# a6fb58ce33b74a20894b08e4aeffb48f
# 3c8f6b6fdfc447fb8ee7f3a409e82bad
# 7673a522d97348a9bc4533f2c623e3b6
# e92a6822a63b483d92dfedd0eb104b22
# d8d73b45f64a4ba0a15a6bf8124841f0
msgid "Click OK."
msgstr ""

#: ../../networking/advanced_zone_config.rst:64
# c735b3c2a79d4a97ba3b2798068b9032
msgid "Configure Public Traffic in an Advanced Zone"
msgstr ""

#: ../../networking/advanced_zone_config.rst:66
# b6188c4a11a04e4da53e69931cea7e92
msgid "In a zone that uses advanced networking, you need to configure at least one range of IP addresses for Internet traffic."
msgstr ""

#: ../../networking/advanced_zone_config.rst:71
# 382eb9f366b44454835a00e621aa1743
msgid "Configuring a Shared Guest Network"
msgstr ""

#: ../../networking/advanced_zone_config.rst:73
#: ../../networking/public_ips_and_vlans_for_accounts.rst:54
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:131
# 017873e7ecfe4402a18cf99f80504c6b
# a45daa5eec1d4fa68d75831b169fafa5
# b177d05e7fb54f8ab7429856f854dd16
msgid "Log in to the CloudStack UI as administrator."
msgstr ""

#: ../../networking/advanced_zone_config.rst:75
#: ../../networking/multiple_subnets_in_shared_network.rst:54
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:133
# 84a0ef2ad9f943ad9f91eb6a8abb8ae7
# 76b78351191646ffa98f8ec8e59fea01
# ef875cadd3c647089970c4b011189042
msgid "In the left navigation, choose Infrastructure."
msgstr ""

#: ../../networking/advanced_zone_config.rst:77
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:135
# 06247e8726024f7098ba1a2c8ffb7cd9
# 4d47e34008e44518b3ce4ffc1d522b5e
msgid "On Zones, click View More."
msgstr ""

#: ../../networking/advanced_zone_config.rst:79
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:137
# 11a261c7ce9a4280b2283b3420540729
# a53663a4596d4418b2447b2f34253c13
msgid "Click the zone to which you want to add a guest network."
msgstr ""

#: ../../networking/advanced_zone_config.rst:81
#: ../../networking/public_ips_and_vlans_for_accounts.rst:62
#: ../../networking/public_ips_and_vlans_for_accounts.rst:132
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:139
# ad879d34c24644c6be82095823dd2634
# f4034b1a820b425bbbd9b51218978bac
# dda2aaaac56e490da82fb8570abcec7c
# 7ee99e2d45ac49679a2ffc018fb9bada
msgid "Click the Physical Network tab."
msgstr ""

#: ../../networking/advanced_zone_config.rst:83
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:141
# 8e7c54c3dff94e4c975465a247fdc749
# 6904ead432c948b1a353d1a14cf24ba3
msgid "Click the physical network you want to work with."
msgstr ""

#: ../../networking/advanced_zone_config.rst:85
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:143
# 5198c123311c4dedb764b0fad9b75511
# b6b304bb36064d9795035a047d554897
msgid "On the Guest node of the diagram, click Configure."
msgstr ""

#: ../../networking/advanced_zone_config.rst:91
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:149
# 9b0560860e8142b6acacce6dee68f77d
# f66ffb16e9e34d2fab95288ecddbc072
msgid "The Add guest network window is displayed."
msgstr ""

#: ../../networking/advanced_zone_config.rst:93
#: ../../networking/public_ips_and_vlans_for_accounts.rst:79
#: ../../networking/public_ips_and_vlans_for_accounts.rst:89
#: ../../networking/public_ips_and_vlans_for_accounts.rst:107
#: ../../networking/public_ips_and_vlans_for_accounts.rst:142
#: ../../networking/portable_ips.rst:70
#: ../../networking/multiple_subnets_in_shared_network.rst:75
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:151
#: ../../networking/external_firewalls_and_load_balancers.rst:482
#: ../../networking/global_server_load_balancing.rst:393
#: ../../networking/virtual_private_cloud_config.rst:248
#: ../../networking/virtual_private_cloud_config.rst:539
#: ../../networking/virtual_private_cloud_config.rst:1062
#: ../../networking/virtual_private_cloud_config.rst:1330
# 177f27f031a444b2a8fd7dd381980b4d
# bf9352536eb942a18db080fc500523d3
# a08d4b6ba13540ceab3e8058b95f89af
# bc8ca26c46054b58b949250071678da5
# 65686255f3e34e33b7c9014b22a1f32c
# 0d69bb44a42b4273942af07cece87f40
# 40882d4726394e6eabd4a92f88844717
# df42ee8c70dc4c80884bb2241dce3ff9
# 392bb66c4eed477b8f17b7327c094d70
# 67322aa6283c41329898fae4fcd9d14a
# f8a7557a036c4c2d9e8a1664f9788eb0
# 15e16203d42441acbfb55f6d515c2648
# 7dbdb60b7de340c08a41ac492f5f5f2b
# c11b631f982340159764b1fc93b73259
msgid "Specify the following:"
msgstr ""

#: ../../networking/advanced_zone_config.rst:95
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:153
# 6554135d72104186ad415b989326d68a
# f5bee2ab4a8a4cd1bb25c20ef7021f7c
msgid "**Name**: The name of the network. This will be visible to the user."
msgstr ""

#: ../../networking/advanced_zone_config.rst:97
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:156
# b63b119a113e499fb649c6b668452512
# 53f9619369324f10bbc8f0dfb003c5af
msgid "**Description**: The short description of the network that can be displayed to users."
msgstr ""

#: ../../networking/advanced_zone_config.rst:100
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:159
# 7623ee3426cd4a4b8719ca1027787ee0
# fa610595c19f43feb0a9916b4c61517e
msgid "**VLAN ID**: The unique ID of the VLAN."
msgstr ""

#: ../../networking/advanced_zone_config.rst:102
# a6a3c73efe124f6690c9949d7466b2cd
msgid "**Isolated VLAN ID**: The unique ID of the Secondary Isolated VLAN."
msgstr ""

#: ../../networking/advanced_zone_config.rst:105
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:167
# eb5d4e3b37bb4d94bd1e4ce02cf03368
# 8401ce13c8b14fc7ba27b4342afc3f7f
msgid "**Scope**: The available scopes are Domain, Account, Project, and All."
msgstr ""

#: ../../networking/advanced_zone_config.rst:108
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:170
# 484bd18b48f64d8190817eb10bf25d94
# 7991b529beef453ba5728f8ca2b2b220
msgid "**Domain**: Selecting Domain limits the scope of this guest network to the domain you specify. The network will not be available for other domains. If you select Subdomain Access, the guest network is available to all the sub domains within the selected domain."
msgstr ""

#: ../../networking/advanced_zone_config.rst:114
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:176
# 252ca851074346a6be3e6f4c74f7834d
# 621835256ebd4c57a89c9353ef9852f2
msgid "**Account**: The account for which the guest network is being created for. You must specify the domain the account belongs to."
msgstr ""

#: ../../networking/advanced_zone_config.rst:118
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:180
# 0ab56139ecb94d0e8c9655e557cb946c
# d4a5c2d9539246839f4dd99383968ef9
msgid "**Project**: The project for which the guest network is being created for. You must specify the domain the project belongs to."
msgstr ""

#: ../../networking/advanced_zone_config.rst:122
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:184
# 2b9a0513ff7e422db20b3251b2fbe195
# 0f2a1593be4f484781fdadc2f41437da
msgid "**All**: The guest network is available for all the domains, account, projects within the selected zone."
msgstr ""

#: ../../networking/advanced_zone_config.rst:125
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:187
# ca6ea5abd11c4e1788e84dfe1bff99a2
# d3110bc74ceb49d3be22fc9aae58619b
msgid "**Network Offering**: If the administrator has configured multiple network offerings, select the one you want to use for this network."
msgstr ""

#: ../../networking/advanced_zone_config.rst:129
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:191
# f51f569ac91a494caa7f8c799bfdbb9f
# a9df4480acb64d5bbd3f3ceef50ef146
msgid "**Gateway**: The gateway that the guests should use."
msgstr ""

#: ../../networking/advanced_zone_config.rst:131
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:193
# 1a04acb9a38148f68b32c27969c45f73
# 283222bd73704d83b1a3edb949df0350
msgid "**Netmask**: The netmask in use on the subnet the guests will use."
msgstr ""

#: ../../networking/advanced_zone_config.rst:133
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:195
# 615ae59795614770a2544f5a3b35cd87
# 3564dbe5dcda4549a0101e20522adce2
msgid "**IP Range**: A range of IP addresses that are accessible from the Internet and are assigned to the guest VMs."
msgstr ""

#: ../../networking/advanced_zone_config.rst:136
# 83b96bd50ac546028d9179711930d8b4
msgid "If one NIC is used, these IPs should be in the same CIDR in the case of IPv6."
msgstr ""

#: ../../networking/advanced_zone_config.rst:139
# e8f7fd43c9964fb39020455720c2ace1
msgid "**IPv6 CIDR**: The network prefix that defines the guest network subnet. This is the CIDR that describes the IPv6 addresses in use in the guest networks in this zone. To allot IP addresses from within a particular address block, enter a CIDR."
msgstr ""

#: ../../networking/advanced_zone_config.rst:144
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:198
# 447ec4231b6249d0a2be7e648cf05a4b
# 9f34c3ebe1d44cc59d6246b9e1ef1cc6
msgid "**Network Domain**: A custom DNS suffix at the level of a network. If you want to assign a special domain name to the guest VM network, specify a DNS suffix."
msgstr ""

#: ../../networking/advanced_zone_config.rst:148
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:202
#: ../../networking/global_server_load_balancing.rst:415
#: ../../networking/global_server_load_balancing.rst:439
#: ../../networking/remote_access_vpn.rst:555
# 47c08e953e5a4dc6a1fea963aef82e35
# eda271a950a6423f91f6019045850a96
# 6866ffd602874da0a27c9d867eef7121
# 0d2313e6a2b24e99a9800598ca9f6d0a
# 210ec4b443e34cedbeb2ac91183bbc9e
msgid "Click OK to confirm."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:18
# 62aeac41fec848808050e2e871a2b129
msgid "Using Multiple Guest Networks"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:20
# 173b4dafa8a24c8d8ef490a9e5d1a2a3
msgid "In zones that use advanced networking, additional networks for guest traffic may be added at any time after the initial installation. You can also customize the domain name associated with the network by specifying a DNS suffix for each network."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:25
# c8b83803c190449586b842e47655e008
msgid "A VM's networks are defined at VM creation time. A VM cannot add or remove networks after it has been created, although the user can go into the guest and remove the IP address from the NIC on a particular network."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:30
# 71b0ed98702b4b929a15ba55f3aa6352
msgid "Each VM has just one default network. The virtual router's DHCP reply will set the guest's default gateway as that for the default network. Multiple non-default networks may be added to a guest in addition to the single, required default network. The administrator can control which networks are available as the default network."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:36
# 849cc36464bd447d99a2d270e0b8c0b3
msgid "Additional networks can either be available to all accounts or be assigned to a specific account. Networks that are available to all accounts are zone-wide. Any user with access to the zone can create a VM with access to that network. These zone-wide networks provide little or no isolation between guests.Networks that are assigned to a specific account provide strong isolation."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:45
# a3fc8a922f68476db11bacc83c025d3d
msgid "Adding an Additional Guest Network"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:47
#: ../../networking/multiple_guest_networks.rst:97
#: ../../networking/multiple_guest_networks.rst:135
#: ../../networking/multiple_guest_networks.rst:153
#: ../../networking/multiple_guest_networks.rst:173
#: ../../networking/ip_reservation_in_guest_networks.rst:106
#: ../../networking/portable_ips.rst:58
#: ../../networking/portable_ips.rst:90
#: ../../networking/multiple_subnets_in_shared_network.rst:52
#: ../../networking/security_groups.rst:62
#: ../../networking/security_groups.rst:124
#: ../../networking/external_firewalls_and_load_balancers.rst:255
#: ../../networking/acquiring_an_ip_address.rst:20
#: ../../networking/releasing_an_ip_address.rst:24
#: ../../networking/static_nat.rst:36
#: ../../networking/ip_forwarding_and_firewalling.rst:59
#: ../../networking/ip_forwarding_and_firewalling.rst:132
#: ../../networking/ip_forwarding_and_firewalling.rst:245
#: ../../networking/remote_access_vpn.rst:59
#: ../../networking/remote_access_vpn.rst:301
#: ../../networking/remote_access_vpn.rst:411
#: ../../networking/remote_access_vpn.rst:431
#: ../../networking/remote_access_vpn.rst:493
#: ../../networking/remote_access_vpn.rst:624
#: ../../networking/virtual_private_cloud_config.rst:179
#: ../../networking/virtual_private_cloud_config.rst:223
#: ../../networking/virtual_private_cloud_config.rst:331
#: ../../networking/virtual_private_cloud_config.rst:380
#: ../../networking/virtual_private_cloud_config.rst:492
#: ../../networking/virtual_private_cloud_config.rst:662
#: ../../networking/virtual_private_cloud_config.rst:729
#: ../../networking/virtual_private_cloud_config.rst:788
#: ../../networking/virtual_private_cloud_config.rst:848
#: ../../networking/virtual_private_cloud_config.rst:1014
#: ../../networking/virtual_private_cloud_config.rst:1227
#: ../../networking/virtual_private_cloud_config.rst:1282
#: ../../networking/virtual_private_cloud_config.rst:1360
#: ../../networking/virtual_private_cloud_config.rst:1388
# dc6276841e84471ba268d113e94e1fde
# cbab5080c8724ae6b32d638711c47ad3
# 48fc29cc7efc4b409a45c98ead6968af
# ace2e79a21274181a0e6a1418b773520
# 6befffe2a21747639acd37de4675a94a
# f5963e2398134322866f292a2ba5637c
# 551332081c79467bb0b0ae8d270e12fc
# ecb9ef417cf8480db8b57ca2d9f61454
# ce46c3a278f44eb5b1e7654fa8161e03
# 9424276887a84ee99fd0b5822bdcd91a
# cf03db0555ba4247b9b9cf2b658dc39c
# 3e08d28b8e2f41d18f75caa20d66f640
# 16776cbc4ef94f86a8459cd47cf975b6
# 5d6031b242154874a2eea237547f4e27
# 4556ff5dc1a74038a41b53936c78f484
# 671400e41c7c4103bbcba44d13f5f1da
# 62daba2f10ce4203b9a4ace43acaf3e6
# 349c3fc0ae0045c091b01248f7139bd9
# 6488b7ea43c743ea94940e1c1f3f2898
# 3eb6a0e839144aac93bd3202f87081a4
# 16a312e861604ecca8b56044c71267a5
# 6a8b51d9d05c4ac48c274e364f981a83
# d5aee6dabdd249118c7128383890359b
# 5c15fdde88e743f4b18aea3fe127d933
# 7a23456b027045198970bd22c7e8c26d
# 2e31addff9374029b171be7e6159ce7e
# 4e46d0a70f45414098f422f177f3ac81
# 285f7a9fc04f4d6489fda4d6a5f605bb
# 6803fb7ef5e947a19da33579f371d0fa
# 989f403b307946939b500439893373fa
# f3ea7727060d4b25b4a675666aa53047
# 1c9c88a759cd4868990e4b477dc4a97f
# 8fac984de8c04571aed052d41660d304
# 155c85bc6c6c471c8933826c53d412db
# a87fa80f420b452a9c4e0fb44344cd64
# de7a6e86366d4763b6ed6974061246e9
# 8e1be4aa91664f038b1f00940c6fef85
# a9f7303f7b5c4984a44ef3c6a938123e
msgid "Log in to the CloudStack UI as an administrator or end user."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:49
#: ../../networking/multiple_guest_networks.rst:179
#: ../../networking/ip_reservation_in_guest_networks.rst:108
#: ../../networking/portable_ips.rst:92
#: ../../networking/security_groups.rst:64
#: ../../networking/external_firewalls_and_load_balancers.rst:257
#: ../../networking/acquiring_an_ip_address.rst:22
#: ../../networking/releasing_an_ip_address.rst:26
#: ../../networking/static_nat.rst:38
#: ../../networking/ip_forwarding_and_firewalling.rst:61
#: ../../networking/ip_forwarding_and_firewalling.rst:134
#: ../../networking/remote_access_vpn.rst:303
#: ../../networking/remote_access_vpn.rst:413
#: ../../networking/remote_access_vpn.rst:433
#: ../../networking/remote_access_vpn.rst:495
#: ../../networking/remote_access_vpn.rst:626
#: ../../networking/virtual_private_cloud_config.rst:181
#: ../../networking/virtual_private_cloud_config.rst:225
#: ../../networking/virtual_private_cloud_config.rst:333
#: ../../networking/virtual_private_cloud_config.rst:382
#: ../../networking/virtual_private_cloud_config.rst:494
#: ../../networking/virtual_private_cloud_config.rst:664
#: ../../networking/virtual_private_cloud_config.rst:731
#: ../../networking/virtual_private_cloud_config.rst:790
#: ../../networking/virtual_private_cloud_config.rst:850
#: ../../networking/virtual_private_cloud_config.rst:1016
#: ../../networking/virtual_private_cloud_config.rst:1229
#: ../../networking/virtual_private_cloud_config.rst:1284
#: ../../networking/virtual_private_cloud_config.rst:1362
#: ../../networking/virtual_private_cloud_config.rst:1390
# 237757a1c35441d4b6a1d0138d51de32
# 39b4377eadca44f88700dca104d2f2a4
# 14e144b6e7d84af79103518642863237
# e38926ea76d24deabf34f94cc6156141
# 1cafa5021f254ccdb3e66342906cbbe0
# 76644abeaf9b49d48e5c26fd3863d65d
# fd119509867a413eb5b071e9da496e8e
# 957b74b12b1a45c7b9b8114b38f97d77
# aa4565d6e2ed407b960640041eb584ff
# 4e76e138c9884ac8beba173f7412d536
# 44488e4d095a4f2d8266449c8307fc21
# af7438793b9e44748cabc8348e59fda1
# 4eb14251b140410c9af761d030914dc5
# 60c4993c8a9a4e568ee599adb94f496d
# ac22aded37484d4f98a0e5a40819d801
# 8cc4478d868544b9848e14dfbd88437c
# 7c473fc1dc29485bab80620cb5516658
# 5719d26cc6b34a00b95be2ce35247df4
# 10dbf0d03759490a8446988e520c079c
# 92cb7c01ff9f4be098792e0ef2848938
# fd1c21fdf57f4352984d33f74a0ffe94
# 10c9ca3bb4e64794961df411c87283c0
# 9ceabecc68364512ba46aba32daf9204
# d77f1f6f348745e08a97c31b73820e52
# f7bed0f61bd84981b3ec3692340f0005
# 9981e33a734c445c98a725f067fc9940
# e068bf6b3bc14e1b90f2154ebf50cc7f
# 37ca9de5ef034ad4a025068c67b7cda8
# 3f72ad0b7cf24c6cad9063dd0771a6b0
# 52a95f6853b440feb680fdfbf7854d1e
msgid "In the left navigation, choose Network."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:51
# cb6079f81a4a444c8445b03dfffb3384
msgid "Click Add guest network. Provide the following information:"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:53
# a733015f94ce486a85c1b03cddfbc38d
msgid "**Name**: The name of the network. This will be user-visible."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:55
# c09b04d766c44686adfb027006335ba6
msgid "**Display Text**: The description of the network. This will be user-visible."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:58
# 2c86bf84ff20496e9c0dbae8475b8796
msgid "**Zone**. The name of the zone this network applies to. Each zone is a broadcast domain, and therefore each zone has a different IP range for the guest network. The administrator must configure the IP range for each zone."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:63
# afa6888ba15346988e310755527a9c8c
msgid "**Network offering**: If the administrator has configured multiple network offerings, select the one you want to use for this network."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:67
# 7f1d89fa4b5b43eabe3a6dcd6a33dfeb
msgid "**Guest Gateway**: The gateway that the guests should use."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:69
# b882e804c5a845c2bb51f84c46f7e4b2
msgid "**Guest Netmask**: The netmask in use on the subnet the guests will use."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:72
#: ../../networking/remote_access_vpn.rst:186
# fae38490ef9a46b1849e4b2335cc0fed
# 78b272d2f17d4c2aa5e3c38757550038
msgid "Click Create."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:76
# 89ec799633d344d9a83b6db46a6c828c
msgid "Reconfiguring Networks in VMs"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:78
# a88f5c6d61374a3b928e78e6b1ea34aa
msgid "CloudStack provides you the ability to move VMs between networks and reconfigure a VM's network. You can remove a VM from a network and add to a new network. You can also change the default network of a virtual machine. With this functionality, hybrid or traditional server loads can be accommodated with ease."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:84
# 2316dff2f40f4d3f86f201bc60758648
msgid "This feature is supported on XenServer, VMware, and KVM hypervisors."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:88
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:97
#: ../../networking/external_firewalls_and_load_balancers.rst:428
# 616dba5e33b041d58b10b5d6e07ee798
# 537bba5fd9ca4e46a540acdaa254af70
# cedaba73cb0d47a88420f975227d5918
msgid "Prerequisites"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:90
# 96d0ba198631458b9ed9d4fa9ed7a7e8
msgid "Ensure that vm-tools are running on guest VMs for adding or removing networks to work on VMware hypervisor."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:95
# 0329f8bc61c245c990fbec99fc953f92
msgid "Adding a Network"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:99
#: ../../networking/multiple_guest_networks.rst:137
#: ../../networking/multiple_guest_networks.rst:155
# 97b216f50e31423b9810c721a305ff6a
# 9a2142ffcdd841c6add827da072540a3
# 472370d3518e4d43897027152ff4f4a4
msgid "In the left navigation, click Instances."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:101
#: ../../networking/multiple_guest_networks.rst:139
#: ../../networking/multiple_guest_networks.rst:157
# a42801e9f96a4b12aef748033faea01f
# 81f21ab3baef4f45b105fc9089d4e0d3
# 635dc740070544bc8307380af26d34fa
msgid "Choose the VM that you want to work with."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:103
#: ../../networking/multiple_guest_networks.rst:141
#: ../../networking/multiple_guest_networks.rst:159
# 6bac6d526e3d4904baf4586d1d888847
# fc1fad0459ba46678afe706a5a01d3e2
# 1975c5cefdba4f0e8aeb59dd9eace947
msgid "Click the NICs tab."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:105
# 4fab29c3388c444694883cc767e38d1a
msgid "Click Add network to VM."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:107
# 2607dcbcf15f4c8dafde44a5570a2766
msgid "The Add network to VM dialog is displayed."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:109
# 078937d5a79043d497e0b24671ff352d
msgid "In the drop-down list, select the network that you would like to add this VM to."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:112
# 45834b3a55d14caebf167b7bd28ebd2f
msgid "A new NIC is added for this network. You can view the following details in the NICs page:"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:115
# 2e97354cbec940b796eec8b025dc982e
msgid "ID"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:117
# 122b599d9d7d4f8c8fb462bd0c5b5f2e
msgid "Network Name"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:119
# 6766a85b557b460c8955aa3fb09bfb8d
msgid "Type"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:121
#: ../../networking/remote_access_vpn.rst:481
#: ../../networking/remote_access_vpn.rst:561
# 3bd581b01cb243438e2e27273acdbedf
# 5933f737b419411fa7207a44b3bdea6a
# 940af38d78dc494ab2ad01f61aafe5d1
msgid "IP Address"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:123
#: ../../networking/remote_access_vpn.rst:563
# daa389d546724738b57068be58e101d3
# 95d8f0e06cb94200ae5681c2d2a96628
msgid "Gateway"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:125
# c39faf6b191042feb2d8ef693d09e473
msgid "Netmask"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:127
# 84a7fde285214a59a6105b424d0e3616
msgid "Is default"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:129
# 7689a2a82f5c496e89049b4c6c30a8a0
msgid "CIDR (for IPv6)"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:133
# 8d0db3320eaf4c88be0ac3e518bfb002
msgid "Removing a Network"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:143
# 5aa8d15ef25e4b49b6eebcd1275b2a27
msgid "Locate the NIC you want to remove."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:145
# 839f1682ea074a07990190ec500a473f
msgid "Click Remove NIC button. |remove-nic.png|"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:147
#: ../../networking/multiple_guest_networks.rst:165
# 00cc631ddf71493784b992fb54efb226
# aba902f0e4d940768424cda703f41a00
msgid "Click Yes to confirm."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:151
# 4628fde155ff46dab3f60b7acb743a7a
msgid "Selecting the Default Network"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:161
# cd2ff5578eb8448fb8960115c581a240
msgid "Locate the NIC you want to work with."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:163
# b267fb4c8ea944a896d8494196363127
msgid "Click the Set default NIC button. |set-default-nic.png|."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:168
# b1e087e064cd4c8ebe77979cdeb59029
msgid "Changing the Network Offering on a Guest Network"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:170
# 98f57e4d0fe143c39ec77fdc7afbbc1a
msgid "A user or administrator can change the network offering that is associated with an existing guest network."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:175
# 8c3a2eaed1fa46a09bab8a2fb9394033
msgid "If you are changing from a network offering that uses the CloudStack virtual router to one that uses external devices as network service providers, you must first stop all the VMs on the network."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:181
#: ../../networking/ip_reservation_in_guest_networks.rst:110
# deb6cb39e0f942ef8537ff0805aee20c
# d19c0a1a49dd41129e10a67ab3d452dc
msgid "Click the name of the network you want to modify."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:183
# ecccedf20bf340e2ba7ead538934109d
msgid "In the Details tab, click Edit. |edit-icon.png|"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:185
# edc1fb28dc1b449cacf52a30f5e913b6
msgid "In Network Offering, choose the new network offering, then click Apply."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:188
# 19df93b01dc24fd594f644c960aac9d3
msgid "A prompt is displayed asking whether you want to keep the existing CIDR. This is to let you know that if you change the network offering, the CIDR will be affected."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:192
# 31721f214c5b41e0902e0192cb732fd2
msgid "If you upgrade between virtual router as a provider and an external network device as provider, acknowledge the change of CIDR to continue, so choose Yes."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:196
# 3bd6b923a2f64dfe984b12e9d7a9989a
msgid "Wait for the update to complete. Don't try to restart VMs until the network change is complete."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:199
# 33336e86a2f748f6a87662d9f20dc804
msgid "If you stopped any VMs, restart them."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:18
# 685effa0d8104882b0a30dc6b824029a
msgid "IP Reservation in Isolated Guest Networks"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:20
# 359e7f6b58f44d209b72518d79eaa4a1
msgid "In isolated guest networks, a part of the guest IP address space can be reserved for non-CloudStack VMs or physical servers. To do so, you configure a range of Reserved IP addresses by specifying the CIDR when a guest network is in Implemented state. If your customers wish to have non-CloudStack controlled VMs or physical servers on the same network, they can share a part of the IP address space that is primarily provided to the guest network."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:28
# e20dc9218ab14a249b1976460b6ff50e
msgid "In an Advanced zone, an IP address range or a CIDR is assigned to a network when the network is defined. The CloudStack virtual router acts as the DHCP server and uses CIDR for assigning IP addresses to the guest VMs. If you decide to reserve CIDR for non-CloudStack purposes, you can specify a part of the IP address range or the CIDR that should only be allocated by the DHCP service of the virtual router to the guest VMs created in CloudStack. The remaining IPs in that network are called Reserved IP Range. When IP reservation is configured, the administrator can add additional VMs or physical servers that are not part of CloudStack to the same network and assign them the Reserved IP addresses. CloudStack guest VMs cannot acquire IPs from the Reserved IP Range."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:43
# aa0353a0869b430a9e00cc950d697674
msgid "IP Reservation Considerations"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:45
# 22d783b25a1a4a81835a9f474578360d
msgid "Consider the following before you reserve an IP range for non-CloudStack machines:"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:48
# 0b76d0acbe274475b3d5501612754809
msgid "IP Reservation is supported only in Isolated networks."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:50
# 5bc6f26160614e04a5e091d9ce7f7b41
msgid "IP Reservation can be applied only when the network is in Implemented state."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:53
# ab5412a6ce1d4c0cb3eef49dfab3e255
msgid "No IP Reservation is done by default."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:55
# 428a3fe4ee25419a968877cb3d6e16e8
msgid "Guest VM CIDR you specify must be a subset of the network CIDR."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:57
# 172c915bb06f46d498d3fc10f4f49011
msgid "Specify a valid Guest VM CIDR. IP Reservation is applied only if no active IPs exist outside the Guest VM CIDR."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:60
# 0e5b7bff020d494b9f4e85c641380036
msgid "You cannot apply IP Reservation if any VM is alloted with an IP address that is outside the Guest VM CIDR."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:63
# dd5d34dcc85b438e9f317da8db24673b
msgid "To reset an existing IP Reservation, apply IP reservation by specifying the value of network CIDR in the CIDR field."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:66
# 56f3f34b92224637b58c7c86bb310fd1
msgid "For example, the following table describes three scenarios of guest network creation:"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:70
# 96cbc8ccee6044a3a4e224d82dda12dd
msgid "Case"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:70
#: ../../networking/remote_access_vpn.rst:122
#: ../../networking/remote_access_vpn.rst:456
#: ../../networking/remote_access_vpn.rst:519
#: ../../networking/remote_access_vpn.rst:651
#: ../../networking/virtual_private_cloud_config.rst:321
#: ../../networking/virtual_private_cloud_config.rst:352
#: ../../networking/virtual_private_cloud_config.rst:519
#: ../../networking/virtual_private_cloud_config.rst:754
#: ../../networking/virtual_private_cloud_config.rst:812
#: ../../networking/virtual_private_cloud_config.rst:873
#: ../../networking/virtual_private_cloud_config.rst:1039
#: ../../networking/virtual_private_cloud_config.rst:1307
# 2982ca1c12bf49f2866744193ff6f578
# f16720ba82ad472da40e8ad034254fe4
# 24dfa509e12d4af98062dd3ae0b48f52
# 8e4bbd56239d4c71954370d8ef6e8cbe
# 1f15602058a04c8ebef82e324bb336e6
# 9ba99b464c2a41bdbe57d55fafae2ccb
# ebb32770ece6425e9748b0b6a9e2f681
# ddc08af8ce4f4978a487c0467816270a
# 642e10bd685b467ead08d1a5a1df5a5f
# 4060fb167ecd47c882155784f918a887
# 4c47fa58c98943ec8448eb44ecf621c2
# 2bf6e84c5f66458f9ed8b4566d751075
# 606de62e4a0643e89e7cc0809decf0d1
msgid "CIDR"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:70
# d4529e4573f1422e89f8705d72b14fa6
msgid "Network CIDR"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:70
# 8717091b7d574910ae7f7db398dec4df
msgid "Reserved IP Range for Non-CloudStack VMs"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:70
# f596416e0a6849629c21a6b74715913c
msgid "Description"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:72
#: ../../networking/virtual_private_cloud_config.rst:323
# 3982ebcb186c4a28bf3ffa4552438c72
# 15b7293e51984eb1be8bb66b8d99d6e1
msgid "1"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:72
#: ../../networking/ip_reservation_in_guest_networks.rst:73
#: ../../networking/ip_reservation_in_guest_networks.rst:76
# f627b7351048414296987b276f691d64
# 696d3ab791fa4146be4d6793d9894204
# df688c92b303499f87d27d2a6fda5fc3
msgid "10.1.1.0/24"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:72
#: ../../networking/ip_reservation_in_guest_networks.rst:72
#: ../../networking/ip_reservation_in_guest_networks.rst:76
#: ../../networking/ip_reservation_in_guest_networks.rst:76
# a5a742b38ae847cb99bd9339c2d47e94
# 332c38a7b5df4f1ca82b88c659c623bd
# 8adf0d6c1d72460eb7310b93522b0346
# d4268a954eb94931af19f1c48598c309
msgid "None"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:72
# f2eddeac640e48e5b16991ce8b7bfa93
msgid "No IP Reservation."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:73
#: ../../networking/virtual_private_cloud_config.rst:324
# 5bb07f152b264e86ae6eda03cc31e1c1
# f5f2048cf9714b9ea68d2049570c4f6c
msgid "2"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:73
# 01110998a1c74b3c80ef1a4dc83268a1
msgid "10.1.1.0/26"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:73
# e5cce0b4eb08472589cd816030a3de7d
msgid "10.1.1.64 to 10.1.1.254"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:73
# 9e5926a76629431e9e75a9c27ec25211
msgid "IP Reservation configured by the UpdateNetwork API with guestvmcidr=10.1.1.0/26 or enter 10.1.1.0/26 in the CIDR field in the UI."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:76
# a1279f60da4448408c8b4ef94ae25031
msgid "3"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:76
# 24e829a2afac40eaa86a07045b551c40
msgid "Removing IP Reservation by the UpdateNetwork API with guestvmcidr=10.1.1.0/24 or enter 10.1.1.0/24 in the CIDR field in the UI."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:83
#: ../../networking/security_groups.rst:91
#: ../../networking/palo_alto_config.rst:467
# d2dda38687714f138add9a3210ce94ec
# 46aafdafc5b941cc973bf413019aea2d
# 72b66fa9b2694682919a62c46d2a7506
msgid "Limitations"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:85
# 6c3ae7eb716447539cf6ce3a087485f8
msgid "The IP Reservation is not supported if active IPs that are found outside the Guest VM CIDR."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:88
# 2b40b03295c04e3384d785ee53b756e2
msgid "Upgrading network offering which causes a change in CIDR (such as upgrading an offering with no external devices to one with external devices) IP Reservation becomes void if any. Reconfigure IP Reservation in the new re-implemeted network."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:95
# 583ca0216ee74e1581158dc7533c07d0
msgid "Best Practices"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:97
# 388bdfcc95f147538a75b7767724cbda
msgid "Apply IP Reservation to the guest network as soon as the network state changes to Implemented. If you apply reservation soon after the first guest VM is deployed, lesser conflicts occurs while applying reservation."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:104
# a3c4555e018a445ca599010a280d64a5
msgid "Reserving an IP Range"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:112
# 6242f71ba63246c7a5080997cf22f7c6
msgid "In the Details tab, click Edit. |ip-edit-icon.png|"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:114
# df98c1294588410ca38bdcafe1f1a634
msgid "The CIDR field changes to editable one."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:116
# e18e130a65f64f129965e464668821cc
msgid "In CIDR, specify the Guest VM CIDR."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:118
# e1926c61c2e24ac9bb3568b5425e6640
msgid "Click Apply."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:120
# 8e47676d285f403ab1c11aacbe5ad256
msgid "Wait for the update to complete. The Network CIDR and the Reserved IP Range are displayed on the Details page."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:18
# b15f7528cec041d084db2225a51abbd1
msgid "Reserving Public IP Addresses and VLANs for Accounts"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:20
# 1237af30bb46480aa12ce39cfe5e593c
msgid "CloudStack provides you the ability to reserve a set of public IP addresses and VLANs exclusively for an account. During zone creation, you can continue defining a set of VLANs and multiple public IP ranges. This feature extends the functionality to enable you to dedicate a fixed set of VLANs and guest IP addresses for a tenant."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:26
# 17369f839a29414b986f6bea29ed68ba
msgid "Note that if an account has consumed all the VLANs and IPs dedicated to it, the account can acquire two more resources from the system. CloudStack provides the root admin with two configuration parameter to modify this default behavior: use.system.public.ips and use.system.guest.vlans. These global parameters enable the root admin to disallow an account from acquiring public IPs and guest VLANs from the system, if the account has dedicated resources and these dedicated resources have all been consumed. Both these configurations are configurable at the account level."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:36
# eb7adb4a348943f4a8a202f85e7fb8d5
msgid "This feature provides you the following capabilities:"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:38
# 358e7d880b0749daa4dc8a226925c073
msgid "Reserve a VLAN range and public IP address range from an Advanced zone and assign it to an account"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:41
# 6e0eb4612e474dc984111d18bb95fc83
msgid "Disassociate a VLAN and public IP address range from an account"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:43
# bab06e5f1a2f454aa3b08743ba57c793
msgid "View the number of public IP addresses allocated to an account"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:45
# a6866fc5db5347209e221b84742c3365
msgid "Check whether the required range is available and is conforms to account limits."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:48
# 1620986a4ae94f2485a54cd91ccaac56
msgid "The maximum IPs per account limit cannot be superseded."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:52
# 22120243221443aebd306ac3563d496f
msgid "Dedicating IP Address Ranges to an Account"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:56
#: ../../networking/public_ips_and_vlans_for_accounts.rst:126
#: ../../networking/global_server_load_balancing.rst:317
# 41eada43c00c47d3af3049e17e3a5ed4
# 3a4fc14485e04b878d42c2f16d2c1874
# 3b0a5efffc524d5a89c218f531388b51
msgid "In the left navigation bar, click Infrastructure."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:58
#: ../../networking/public_ips_and_vlans_for_accounts.rst:128
# afa72273b7894980af0176c1cbb8d600
# 1b7787454ba64ef5bde4f8dc55076690
msgid "In Zones, click View All."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:60
#: ../../networking/public_ips_and_vlans_for_accounts.rst:130
#: ../../networking/global_server_load_balancing.rst:321
# 3538cd7eca744d5dbedb17d4d1df1490
# 737bb1531046470f96395e869b9b3d0d
# 1c6a07051f2f4a1eb71d9cb9a6cbb984
msgid "Choose the zone you want to work with."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:64
# 2afee3aa9d964227ad8abeec4cff164d
msgid "In the Public node of the diagram, click Configure."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:66
# 31af885ac08540b1a345a76ed1c81e3a
msgid "Click the IP Ranges tab."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:68
# d99c704f2b3e4e829337b91b0e1af56a
msgid "You can either assign an existing IP range to an account, or create a new IP range and assign to an account."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:71
# 781bb561940748e88798ab180120b3e8
msgid "To assign an existing IP range to an account, perform the following:"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:73
# 64caee3705894ae5b7eb188e82c8d260
msgid "Locate the IP range you want to work with."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:75
# 9e0730ca65ac4442a517f39c9056cee8
msgid "Click Add Account |addAccount-icon.png| button."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:77
# 6c4ee6b7080e4fd7a90d8edddfda5845
msgid "The Add Account dialog is displayed."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:81
# 2c50704135d54e319c54ab3e0aade306
msgid "**Account**: The account to which you want to assign the IP address range."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:84
#: ../../networking/public_ips_and_vlans_for_accounts.rst:112
#: ../../networking/public_ips_and_vlans_for_accounts.rst:150
# ee19ac37f89e4403997fdca99142dad5
# 2ba3bff62178453c93570a1e85aa2879
# 265ed744d98042a9bbcb2c139f70e7fb
msgid "**Domain**: The domain associated with the account."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:86
# 8fbac9b35cdb43ea90d07e27edb5a231
msgid "To create a new IP range and assign an account, perform the following:"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:91
# 16602be853314d1ca41010b8d9c70203
msgid "**Gateway**"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:93
# 2b07551df7d347b2877a717602b072a0
msgid "**Netmask**"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:95
# 8302fe6345ff497088145a583593bea1
msgid "**VLAN**"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:97
# 34b38799ec734aa89366e4c3f651a3e4
msgid "**Start IP**"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:99
# 70bab7c8bc9a44b8b72a460686975a2a
msgid "**End IP**"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:101
# 02aaa72ff90843289ad5aeb650f65a9d
msgid "**Account**: Perform the following:"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:103
# 9a58082c89c9466fba38134f240e1b52
msgid "Click Account."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:105
# dcb5729930024223b016b7cbdb424ba1
msgid "The Add Account page is displayed."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:109
# 5c2df9219e7346a6bfc5ecb3bf074542
msgid "**Account**: The account to which you want to assign an IP address range."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:117
#: ../../networking/security_groups.rst:210
#: ../../networking/ip_forwarding_and_firewalling.rst:88
#: ../../networking/ip_forwarding_and_firewalling.rst:163
#: ../../networking/ip_forwarding_and_firewalling.rst:276
#: ../../networking/remote_access_vpn.rst:153
#: ../../networking/virtual_private_cloud_config.rst:642
# f149473b61b340ca9e017c5f4aad3762
# 2ddbd5f2481d4b119ddad24b954900cc
# b48da4e586f54f578325e5a80b7d9f43
# 5b0f318024d544438e606644459f750b
# 065cefba75724c0a8d56d7931eea5c3d
# 589f4a9092e34b8f8382b017ebf0259f
# b103ac8cfde9495fb1cd24a491540360
msgid "Click Add."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:121
# 6f051411c8144bdc9db1c5f418ca9e6b
msgid "Dedicating VLAN Ranges to an Account"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:123
# 0624b2939c5d4e5f9f0769c68abba80a
msgid "After the CloudStack Management Server is installed, log in to the CloudStack UI as administrator."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:134
#: ../../networking/multiple_subnets_in_shared_network.rst:61
# 40248bd661704cdb80e80629fe09d500
# f99a23ecda8047cfa0314a138db2515e
msgid "In the Guest node of the diagram, click Configure."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:136
# 092aa112394946a6a4808b597cc9d85d
msgid "Select the Dedicated VLAN Ranges tab."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:138
# 1fdecb917bc84f50afd745175be5d7e7
msgid "Click Dedicate VLAN Range."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:140
# b67fd2523d364441a6c82f24bc357ab5
msgid "The Dedicate VLAN Range dialog is displayed."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:144
# 542f999a29c64479b5f5d452895813bd
msgid "**VLAN Range**: The VLAN range that you want to assign to an account."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:147
# 55217660cfb0479ebc430fe86772c808
msgid "**Account**: The account to which you want to assign the selected VLAN range."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:18
# 4b6378bc482446339fca13029388310a
msgid "Configuring Multiple IP Addresses on a Single NIC"
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:20
# 3cb13c102ebb495b944a5ea2571c0ea6
msgid "CloudStack provides you the ability to associate multiple private IP addresses per guest VM NIC. In addition to the primary IP, you can assign additional IPs to the guest VM NIC. This feature is supported on all the network configurations: Basic, Advanced, and VPC. Security Groups, Static NAT and Port forwarding services are supported on these additional IPs."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:27
# cda7fad448d845659243893d3485d00f
msgid "As always, you can specify an IP from the guest subnet; if not specified, an IP is automatically picked up from the guest VM subnet. You can view the IPs associated with for each guest VM NICs on the UI. You can apply NAT on these additional guest IPs by using network configuration option in the CloudStack UI. You must specify the NIC to which the IP should be associated."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:34
# de43d093c3fa4819badd7e95a605662c
msgid "This feature is supported on XenServer, KVM, and VMware hypervisors. Note that Basic zone security groups are not supported on VMware."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:39
# b0dc091ada714fc080fbb52f2ea8f427
msgid "Use Cases"
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:41
# f716fd8c0f43409d9b85a31bfd022770
msgid "Some of the use cases are described below:"
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:43
# 39e24f20af4e4a389da098c9fb80f1f5
msgid "Network devices, such as firewalls and load balancers, generally work best when they have access to multiple IP addresses on the network interface."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:47
# 75801965b1464997a865772f1ea040ef
msgid "Moving private IP addresses between interfaces or instances. Applications that are bound to specific IP addresses can be moved between instances."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:51
# 1f4805e6057f4a5f97735f57cc71033c
msgid "Hosting multiple SSL Websites on a single instance. You can install multiple SSL certificates on a single instance, each associated with a distinct IP address."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:57
#: ../../networking/portable_ips.rst:48
#: ../../networking/virtual_private_cloud_config.rst:1125
# c0033b8d9992490791fbd0dc7f89fa6f
# 4c7d965ae98540498820d6359998db6c
# 924fe16b17a346a1b175d02a5701f4db
msgid "Guidelines"
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:59
# ab36c55d792048e78529f118b75f7169
msgid "To prevent IP conflict, configure different subnets when multiple networks are connected to the same VM."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:64
# a16d7477fb8d418abbe4a25970ed93ac
msgid "Assigning Additional IPs to a VM"
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:66
# 8913586016c847b1b942015f371fff55
msgid "Log in to the CloudStack UI."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:68
# 93115e86c11446058862e5525c9fcc6d
msgid "In the left navigation bar, click Instances."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:70
# 197ab17d29454cdc8de866d1f2c0be83
msgid "Click the name of the instance you want to work with."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:72
# c7863b679faf4fb6ac1f9e48e70ba5d4
msgid "In the Details tab, click NICs."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:74
# 9dfa60a220ed42018f74c7bd78e6d7cd
msgid "Click View Secondary IPs."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:76
# e783f44753f8491689c78956994376bd
msgid "Click Acquire New Secondary IP, and click Yes in the confirmation dialog."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:79
# ae7779933a044ea395e2bfa5e67ca484
msgid "You need to configure the IP on the guest VM NIC manually. CloudStack will not automatically configure the acquired IP address on the VM. Ensure that the IP address configuration persist on VM reboot."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:83
# e08145cc27e24301982a9f2f45bd93d8
msgid "Within a few moments, the new IP address should appear with the state Allocated. You can now use the IP address in Port Forwarding or StaticNAT rules."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:89
# 1aa79a21e0f24d109fbf1a380be58b37
msgid "Port Forwarding and StaticNAT Services Changes"
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:91
# ffac07bcb64d47f7bcb39e02c46e43b5
msgid "Because multiple IPs can be associated per NIC, you are allowed to select a desired IP for the Port Forwarding and StaticNAT services. The default is the primary IP. To enable this functionality, an extra optional parameter 'vmguestip' is added to the Port forwarding and StaticNAT APIs (enableStaticNat, createIpForwardingRule) to indicate on what IP address NAT need to be configured. If vmguestip is passed, NAT is configured on the specified private IP of the VM. if not passed, NAT is configured on the primary IP of the VM."
msgstr ""

#: ../../networking/multiple_ip_ranges.rst:18
# 0e8ade71092049f9bae900723c45e41a
msgid "About Multiple IP Ranges"
msgstr ""

#: ../../networking/multiple_ip_ranges.rst:20
# e46b13dd887941a78dd4dde1a9c91f7b
msgid "The feature can only be implemented on IPv4 addresses."
msgstr ""

#: ../../networking/multiple_ip_ranges.rst:22
# 6bd2d25649fc4326b60a07cefee0f204
msgid "CloudStack provides you with the flexibility to add guest IP ranges from different subnets in Basic zones and security groups-enabled Advanced zones. For security groups-enabled Advanced zones, it implies multiple subnets can be added to the same VLAN. With the addition of this feature, you will be able to add IP address ranges from the same subnet or from a different one when IP address are exhausted. This would in turn allows you to employ higher number of subnets and thus reduce the address management overhead. To support this feature, the capability of ``createVlanIpRange`` API is extended to add IP ranges also from a different subnet."
msgstr ""

#: ../../networking/multiple_ip_ranges.rst:33
# 3ba0c789bb3449fe86585f4c8c841997
msgid "Ensure that you manually configure the gateway of the new subnet before adding the IP range. Note that CloudStack supports only one gateway for a subnet; overlapping subnets are not currently supported."
msgstr ""

#: ../../networking/multiple_ip_ranges.rst:37
# e5e487ee073f4d56be1f4666a45f4dfe
msgid "Use the ``deleteVlanRange`` API to delete IP ranges. This operation fails if an IP from the remove range is in use. If the remove range contains the IP address on which the DHCP server is running, CloudStack acquires a new IP from the same subnet. If no IP is available in the subnet, the remove operation fails."
msgstr ""

#: ../../networking/multiple_ip_ranges.rst:43
# bc188db60e2742989c16aedac841809e
msgid "This feature is supported on KVM, xenServer, and VMware hypervisors."
msgstr ""

#: ../../networking/elastic_ips.rst:18
# 866f7bd8690f4e378e4a55a7c80d196c
msgid "About Elastic IPs"
msgstr ""

#: ../../networking/elastic_ips.rst:20
# 53c01f3c606045ad9beed865c2233d50
msgid "Elastic IP (EIP) addresses are the IP addresses that are associated with an account, and act as static IP addresses. The account owner has the complete control over the Elastic IP addresses that belong to the account. As an account owner, you can allocate an Elastic IP to a VM of your choice from the EIP pool of your account. Later if required you can reassign the IP address to a different VM. This feature is extremely helpful during VM failure. Instead of replacing the VM which is down, the IP address can be reassigned to a new VM in your account."
msgstr ""

#: ../../networking/elastic_ips.rst:29
# eeb2c5db0229477692e9e379117ad90e
msgid "Similar to the public IP address, Elastic IP addresses are mapped to their associated private IP addresses by using StaticNAT. The EIP service is equipped with StaticNAT (1:1) service in an EIP-enabled basic zone. The default network offering, DefaultSharedNetscalerEIPandELBNetworkOffering, provides your network with EIP and ELB network services if a NetScaler device is deployed in your zone. Consider the following illustration for more details."
msgstr ""

#: ../../networking/elastic_ips.rst:37
# c188c126629840a7a54f6b8956cb2c76
msgid "|eip-ns-basiczone.png|"
msgstr ""

#: ../../networking/elastic_ips.rst:39
# 51020097041145ddb6805633c7eb819c
msgid "In the illustration, a NetScaler appliance is the default entry or exit point for the CloudStack instances, and firewall is the default entry or exit point for the rest of the data center. Netscaler provides LB services and staticNAT service to the guest networks. The guest traffic in the pods and the Management Server are on different subnets / VLANs. The policy-based routing in the data center core switch sends the public traffic through the NetScaler, whereas the rest of the data center goes through the firewall."
msgstr ""

#: ../../networking/elastic_ips.rst:48
# 3f2630ad1d0343c68eb8a2303ccb4c9c
msgid "The EIP work flow is as follows:"
msgstr ""

#: ../../networking/elastic_ips.rst:50
# d20e19311068491ba44b06500472b710
msgid "When a user VM is deployed, a public IP is automatically acquired from the pool of public IPs configured in the zone. This IP is owned by the VM's account."
msgstr ""

#: ../../networking/elastic_ips.rst:54
# d15702d110a942848fa6cef69cece507
msgid "Each VM will have its own private IP. When the user VM starts, Static NAT is provisioned on the NetScaler device by using the Inbound Network Address Translation (INAT) and Reverse NAT (RNAT) rules between the public IP and the private IP."
msgstr ""

#: ../../networking/elastic_ips.rst:60
# ff6cb27225094523ba3a17d305016521
msgid "Inbound NAT (INAT) is a type of NAT supported by NetScaler, in which the destination IP address is replaced in the packets from the public network, such as the Internet, with the private IP address of a VM in the private network. Reverse NAT (RNAT) is a type of NAT supported by NetScaler, in which the source IP address is replaced in the packets generated by a VM in the private network with the public IP address."
msgstr ""

#: ../../networking/elastic_ips.rst:67
# e9dde6b9e99a42a4b1141fa7cde9549e
msgid "This default public IP will be released in two cases:"
msgstr ""

#: ../../networking/elastic_ips.rst:69
# bb3ef5bc34c24d44980be5d6f69e0c5c
msgid "When the VM is stopped. When the VM starts, it again receives a new public IP, not necessarily the same one allocated initially, from the pool of Public IPs."
msgstr ""

#: ../../networking/elastic_ips.rst:73
# 571a9e4939ea4287a8aa0ddf426417b4
msgid "The user acquires a public IP (Elastic IP). This public IP is associated with the account, but will not be mapped to any private IP. However, the user can enable Static NAT to associate this IP to the private IP of a VM in the account. The Static NAT rule for the public IP can be disabled at any time. When Static NAT is disabled, a new public IP is allocated from the pool, which is not necessarily be the same one allocated initially."
msgstr ""

#: ../../networking/elastic_ips.rst:81
# aaf805319e4341d8a268392acb2bda8e
msgid "For the deployments where public IPs are limited resources, you have the flexibility to choose not to allocate a public IP by default. You can use the Associate Public IP option to turn on or off the automatic public IP assignment in the EIP-enabled Basic zones. If you turn off the automatic public IP assignment while creating a network offering, only a private IP is assigned to a VM when the VM is deployed with that network offering. Later, the user can acquire an IP for the VM and enable static NAT."
msgstr ""

#: ../../networking/elastic_ips.rst:90
# 31babd6d6dfd4d079192f8d6984817ee
msgid "For more information on the Associate Public IP option, see `\"Creating a New Network Offering\" <networking.html#creating-a-new-network-offering>`_."
msgstr ""

#: ../../networking/elastic_ips.rst:94
# dbb9cddd535f4a438059357783272fe3
msgid "The Associate Public IP feature is designed only for use with user VMs. The System VMs continue to get both public IP and private by default, irrespective of the network offering configuration."
msgstr ""

#: ../../networking/elastic_ips.rst:98
# d898deec360a48b1851e6a597385713b
msgid "New deployments which use the default shared network offering with EIP and ELB services to create a shared network in the Basic zone will continue allocating public IPs to each user VM."
msgstr ""

#: ../../networking/portable_ips.rst:18
# 0f08f4f232ba497eb9cd9c3e04f96afc
msgid "Portable IPs"
msgstr ""

#: ../../networking/portable_ips.rst:21
# 7ac92bb50f6449d988fcc630639a18fc
msgid "About Portable IP"
msgstr ""

#: ../../networking/portable_ips.rst:23
# 6ae5874856114307829101c5c704d620
msgid "Portable IPs in CloudStack are region-level pool of IPs, which are elastic in nature, that can be transferred across geographically separated zones. As an administrator, you can provision a pool of portable public IPs at region level and are available for user consumption. The users can acquire portable IPs if admin has provisioned portable IPs at the region level they are part of. These IPs can be use for any service within an advanced zone. You can also use portable IPs for EIP services in basic zones."
msgstr ""

#: ../../networking/portable_ips.rst:32
# 742f98931c1a44baa38129e2d9707866
msgid "The salient features of Portable IP are as follows:"
msgstr ""

#: ../../networking/portable_ips.rst:34
# a4472d2004c943f1ad88325b36b6a440
msgid "IP is statically allocated"
msgstr ""

#: ../../networking/portable_ips.rst:36
# fcd6dca4d30d4a1f92bb64c7635abeb1
msgid "IP need not be associated with a network"
msgstr ""

#: ../../networking/portable_ips.rst:38
# 7409719b9ce74f6c8d91b07f9079a6ef
msgid "IP association is transferable across networks"
msgstr ""

#: ../../networking/portable_ips.rst:40
# 5aeff85fa3704f3ab93dbbba900c80f2
msgid "IP is transferable across both Basic and Advanced zones"
msgstr ""

#: ../../networking/portable_ips.rst:42
# 96ffa5d02ec9464e8866c8d272aad9c1
msgid "IP is transferable across VPC, non-VPC isolated and shared networks"
msgstr ""

#: ../../networking/portable_ips.rst:44
# 6207a2e79e024acc8ef256c36daec0ff
msgid "Portable IP transfer is available only for static NAT."
msgstr ""

#: ../../networking/portable_ips.rst:50
# c3d0138ce57f44a9becb32df52ca0fb9
msgid "Before transferring to another network, ensure that no network rules (Firewall, Static NAT, Port Forwarding, and so on) exist on that portable IP."
msgstr ""

#: ../../networking/portable_ips.rst:56
# 18cc0645453a43eebf52beaa73a9a6a6
msgid "Configuring Portable IPs"
msgstr ""

#: ../../networking/portable_ips.rst:60
# 740ad8e23fac49f8950f5161989c18e9
msgid "In the left navigation, click Regions."
msgstr ""

#: ../../networking/portable_ips.rst:62
# 40704d729f114cbcb667118f671238ef
msgid "Choose the Regions that you want to work with."
msgstr ""

#: ../../networking/portable_ips.rst:64
# 03bf5d8664204ec084df0a9d5940644a
msgid "Click View Portable IP."
msgstr ""

#: ../../networking/portable_ips.rst:66
# ddc000619eb94419951b60265902d979
msgid "Click Portable IP Range."
msgstr ""

#: ../../networking/portable_ips.rst:68
# c8a67f00327e4e37bfae6b2882e40fa0
msgid "The Add Portable IP Range window is displayed."
msgstr ""

#: ../../networking/portable_ips.rst:72
# 873cae2265344ab384d2b0f8956b8cbe
msgid "**Start IP/ End IP**: A range of IP addresses that are accessible from the Internet and will be allocated to guest VMs. Enter the first and last IP addresses that define a range that CloudStack can assign to guest VMs."
msgstr ""

#: ../../networking/portable_ips.rst:77
# 47a17aedcd9a46d4aa9426bc133f7593
msgid "**Gateway**: The gateway in use for the Portable IP addresses you are configuring."
msgstr ""

#: ../../networking/portable_ips.rst:80
# 7979e6a1cf8a4b2d8e8673ed132db41e
msgid "**Netmask**: The netmask associated with the Portable IP range."
msgstr ""

#: ../../networking/portable_ips.rst:82
# 63cb5224252e403480ba1ddc53337de8
msgid "**VLAN**: The VLAN that will be used for public traffic."
msgstr ""

#: ../../networking/portable_ips.rst:88
# 124023448c074dcea01be7eddc177170
msgid "Acquiring a Portable IP"
msgstr ""

#: ../../networking/portable_ips.rst:94
#: ../../networking/acquiring_an_ip_address.rst:24
#: ../../networking/releasing_an_ip_address.rst:28
#: ../../networking/static_nat.rst:40
#: ../../networking/ip_forwarding_and_firewalling.rst:63
# ac222ffaf3d1404a885f643c228d2c83
# baf678baec6247bb94c9eab6b3b1e84e
# ffdddf1fe28240469a8090a522b32151
# 663ad172db854afdadd95fc1d3db1f64
# 2bf3f81e7dbb4b2cb34d627506ee9889
msgid "Click the name of the network where you want to work with."
msgstr ""

#: ../../networking/portable_ips.rst:96
#: ../../networking/external_firewalls_and_load_balancers.rst:262
#: ../../networking/acquiring_an_ip_address.rst:26
#: ../../networking/releasing_an_ip_address.rst:30
#: ../../networking/static_nat.rst:42
#: ../../networking/ip_forwarding_and_firewalling.rst:65
#: ../../networking/remote_access_vpn.rst:82
# 442ce3999e8d427da57daa610533fb7c
# 9cc585cd1a5740acba75c898195b0eab
# 4c9d3404671a4e4d99d3323175204d8e
# e8c449dffe3c49e8938437a96cef0ca6
# d605e8bf3fb74b278bf0d265f1db6084
# 5f4eacd3a2ba48349a41f04f8756ee37
# ba3dfb6ca3af4d51a17fa31861d95379
msgid "Click View IP Addresses."
msgstr ""

#: ../../networking/portable_ips.rst:98
#: ../../networking/acquiring_an_ip_address.rst:28
# fbc9c26eb4f041618e668c4addb7f051
# eab860b6d87641698d96cf5e11803339
msgid "Click Acquire New IP."
msgstr ""

#: ../../networking/portable_ips.rst:100
#: ../../networking/acquiring_an_ip_address.rst:30
# 294bab6d3d9f43aa8d85acabb8fdbdf5
# 5ebf3c5ce9154b57bf3cf2ef8e449b4b
msgid "The Acquire New IP window is displayed."
msgstr ""

#: ../../networking/portable_ips.rst:102
#: ../../networking/acquiring_an_ip_address.rst:32
# 54c07b2049174cceae5d75abcd11939f
# d82eff4f2d2d4e8cb8c9fe694607832a
msgid "Specify whether you want cross-zone IP or not."
msgstr ""

#: ../../networking/portable_ips.rst:104
# 3c0460b1928b474e8347baf870d93061
msgid "Click Yes in the confirmation dialog."
msgstr ""

#: ../../networking/portable_ips.rst:106
#: ../../networking/acquiring_an_ip_address.rst:40
# c6d079ae16bb440d9430701ba56f68a1
# 5c09ad0de69f460bbc10914cf114f514
msgid "Within a few moments, the new IP address should appear with the state Allocated. You can now use the IP address in port forwarding or static NAT rules."
msgstr ""

#: ../../networking/portable_ips.rst:112
# 8f37986b8a4e47ba93264a3bb9af1a18
msgid "Transferring Portable IP"
msgstr ""

#: ../../networking/portable_ips.rst:114
# 8a4e3d4a96ea471794ae2d68687fa797
msgid "An IP can be transferred from one network to another only if Static NAT is enabled. However, when a portable IP is associated with a network, you can use it for any service in the network."
msgstr ""

#: ../../networking/portable_ips.rst:118
# 680b04281ce240339902b0a08da4ecd8
msgid "To transfer a portable IP across the networks, execute the following API:"
msgstr ""

#: ../../networking/portable_ips.rst:125
# 8a701f169d1449e7b4cc16e3e4ae8b8f
msgid "Replace the UUID with appropriate UUID. For example, if you want to transfer a portable IP to network X and VM Y in a network, execute the following:"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:18
# 7089d5ba1bd84cd788dd5c22ca2b1bd2
msgid "Multiple Subnets in Shared Network"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:20
# 0477f56fce2e483d8971ed6598538bac
msgid "CloudStack provides you with the flexibility to add guest IP ranges from different subnets in Basic zones and security groups-enabled Advanced zones. For security groups-enabled Advanced zones, it implies multiple subnets can be added to the same VLAN. With the addition of this feature, you will be able to add IP address ranges from the same subnet or from a different one when IP address are exhausted. This would in turn allows you to employ higher number of subnets and thus reduce the address management overhead. You can delete the IP ranges you have added."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:32
#: ../../networking/global_server_load_balancing.rst:255
#: ../../networking/ip_forwarding_and_firewalling.rst:107
# 2ad5b5d4ac7c4c81bb8f93f0bc9ec255
# 788fe7caacfd434d9974e747cc5b6975
# 6a8d2ba526f244f0867dd3ba399837cc
msgid "Prerequisites and Guidelines"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:34
# 6ba395678a3b488d83285fef91d03eb8
msgid "This feature can only be implemented:"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:36
# d0797766d8c8418a944d9351c7a7d5f2
msgid "on IPv4 addresses"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:38
# dfbc41f238524d26b2412643554b3dda
msgid "if virtual router is the DHCP provider"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:40
# b16927d0778c489d8684d17d6d5080a5
msgid "on KVM, xenServer, and VMware hypervisors"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:42
# da5c39ee692344d9ad7e4baa53792f99
msgid "Manually configure the gateway of the new subnet before adding the IP range."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:45
# 12c49c34743945559bdac3337e94b72b
msgid "CloudStack supports only one gateway for a subnet; overlapping subnets are not currently supported"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:50
# 5e0122bb568b4cb89567b4d417ff860d
msgid "Adding Multiple Subnets to a Shared Network"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:56
# 5dead61f678f4f708dc471eb41eb51d7
msgid "On Zones, click View More, then click the zone to which you want to work with.."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:59
# 113bdf0910ef4fa181ae7e1dd6b4965a
msgid "Click Physical Network."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:63
# 93cb70825bb2406bb280993bb96c1423
msgid "Click Networks."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:65
# a8776092b5274a8f85bb80eea30fc74e
msgid "Select the networks you want to work with."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:67
# 1bee5ce455ca48a99e79744a7d62e425
msgid "Click View IP Ranges."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:69
# bda3572323594aa4b29c6a6b5757d2b3
msgid "Click Add IP Range."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:71
# 9f735ab5dccd454ba2337ef570347dd5
msgid "The Add IP Range dialog is displayed, as follows:"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:73
# 83f6544a7bc44bc09cf19bfaf591db11
msgid "|add-ip-range.png|"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:77
#: ../../networking/virtual_private_cloud_config.rst:250
# d555abc08eb3476c9e5aa15b14cb5ecb
# fbc89fdbac934907bce2121e6b919e02
msgid "All the fields are mandatory."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:79
#: ../../networking/virtual_private_cloud_config.rst:262
# a0f1b8e275a849a79eefa4a842795497
# da34b3884ae5434b9e9aa6bcf68fd955
msgid "**Gateway**: The gateway for the tier you create. Ensure that the gateway is within the Super CIDR range that you specified while creating the VPC, and is not overlapped with the CIDR of any existing tier within the VPC."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:84
#: ../../networking/virtual_private_cloud_config.rst:275
# 9a478560b45f4c7fa3a7749ae1781e2f
# 625aa7b3683d4ab686623285a759d03e
msgid "**Netmask**: The netmask for the tier you create."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:86
#: ../../networking/virtual_private_cloud_config.rst:277
# bc0ecfa80a4b43e4881c58b85f681266
# c8ffd6a926fe4eefbdc0e84ebc7dd348
msgid "For example, if the VPC CIDR is 10.0.0.0/16 and the network tier CIDR is 10.0.1.0/24, the gateway of the tier is 10.0.1.1, and the netmask of the tier is 255.255.255.0."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:90
# b48ff10b434e49e5abe6714cfb3452d9
msgid "**Start IP/ End IP**: A range of IP addresses that are accessible from the Internet and will be allocated to guest VMs. Enter the first and last IP addresses that define a range that CloudStack can assign to guest VMs ."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:18
# cc7a99018f204eb3b14ae4407e439d52
msgid "Isolation in Advanced Zone Using Private VLAN"
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:20
# d4c63a56d1c541179877426fec001db5
msgid "Isolation of guest traffic in shared networks can be achieved by using Private VLANs (PVLAN). PVLANs provide Layer 2 isolation between ports within the same VLAN. In a PVLAN-enabled shared network, a user VM cannot reach other user VM though they can reach the DHCP server and gateway, this would in turn allow users to control traffic within a network and help them deploy multiple applications without communication between application as well as prevent communication with other users' VMs."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:29
# 662c4fdd4bd34b7b9c55b5525c739c11
msgid "Isolate VMs in a shared networks by using Private VLANs."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:31
# 1a255e04a5154ff0be5f76264b93453e
msgid "Supported on KVM, XenServer, and VMware hypervisors"
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:33
# 8f8a37c238cc4670b3152c2a622787c7
msgid "PVLAN-enabled shared network can be a part of multiple networks of a guest VM."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:38
# 8be0c81861ea4d4f9f8a9e2403e11250
msgid "About Private VLAN"
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:40
# 19221ad3a5f64011b70c802da07bee31
msgid "In an Ethernet switch, a VLAN is a broadcast domain where hosts can establish direct communication with each another at Layer 2. Private VLAN is designed as an extension of VLAN standard to add further segmentation of the logical broadcast domain. A regular VLAN is a single broadcast domain, whereas a private VLAN partitions a larger VLAN broadcast domain into smaller sub-domains. A sub-domain is represented by a pair of VLANs: a Primary VLAN and a Secondary VLAN. The original VLAN that is being divided into smaller groups is called Primary, which implies that all VLAN pairs in a private VLAN share the same Primary VLAN. All the secondary VLANs exist only inside the Primary. Each Secondary VLAN has a specific VLAN ID associated to it, which differentiates one sub-domain from another."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:53
# c46e1be64b4e467aaa0a2109cb87bc24
msgid "Three types of ports exist in a private VLAN domain, which essentially determine the behaviour of the participating hosts. Each ports will have its own unique set of rules, which regulate a connected host's ability to communicate with other connected host within the same private VLAN domain. Configure each host that is part of a PVLAN pair can be by using one of these three port designation:"
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:60
# 8773791ad68744dbbef479a5a63348f1
msgid "**Promiscuous**: A promiscuous port can communicate with all the interfaces, including the community and isolated host ports that belong to the secondary VLANs. In Promiscuous mode, hosts are connected to promiscuous ports and are able to communicate directly with resources on both primary and secondary VLAN. Routers, DHCP servers, and other trusted devices are typically attached to promiscuous ports."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:68
# 91c780247f2c4db2a19e098d51fb2a1f
msgid "**Isolated VLANs**: The ports within an isolated VLAN cannot communicate with each other at the layer-2 level. The hosts that are connected to Isolated ports can directly communicate only with the Promiscuous resources. If your customer device needs to have access only to a gateway router, attach it to an isolated port."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:74
# 4e94602bf9fa44c6b94244cf55cb1aeb
msgid "**Community VLANs**: The ports within a community VLAN can communicate with each other and with the promiscuous ports, but they cannot communicate with the ports in other communities at the layer-2 level. In a Community mode, direct communication is permitted only with the hosts in the same community and those that are connected to the Primary PVLAN in promiscuous mode. If your customer has two devices that need to be isolated from other customers' devices, but to be able to communicate among themselves, deploy them in community ports."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:84
# 362d4b4e5dd242628fe508d3abbe3361
msgid "For further reading:"
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:86
# 9dc2e8a81d2e4418ae9f6222887a9bd3
msgid "`Understanding Private VLANs <http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_see/configuration/guide/swpvlan.html#wp1038379>`_"
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:89
# 7e9fd9cf1c9b469ebd5bd961175982df
msgid "`Cisco Systems' Private VLANs: Scalable Security in a Multi-Client Environment <http://tools.ietf.org/html/rfc5517>`_"
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:92
# 7cd6254dad1c4523b2c2be1867cca7cb
msgid "`Private VLAN (PVLAN) on vNetwork Distributed Switch - Concept Overview (1010691) <http://kb.vmware.com>`_"
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:99
# e7159581e2aa4e7f82fcc3e3e5b8e9b2
msgid "Use a PVLAN supported switch."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:101
# 558f121cf82b419cbacce6914151513e
msgid "See `Private VLAN Catalyst Switch Support Matrix <http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml>`_ for more information."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:105
# bc44ba94ec284076984bcf8bd7345e42
msgid "All the layer 2 switches, which are PVLAN-aware, are connected to each other, and one of them is connected to a router. All the ports connected to the host would be configured in trunk mode. Open Management VLAN, Primary VLAN (public) and Secondary Isolated VLAN ports. Configure the switch port connected to the router in PVLAN promiscuous trunk mode, which would translate an isolated VLAN to primary VLAN for the PVLAN-unaware router."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:113
# 71abf1e9b2ae4a149e565ca17b45f51c
msgid "Note that only Cisco Catalyst 4500 has the PVLAN promiscuous trunk mode to connect both normal VLAN and PVLAN to a PVLAN-unaware switch. For the other Catalyst PVLAN support switch, connect the switch to upper switch by using cables, one each for a PVLAN pair."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:118
# 6b7feb8b8f8646848e0fc9321c60bb0f
msgid "Configure private VLAN on your physical switches out-of-band."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:120
# 06b27f4c4355406886e4aa1e037d9467
msgid "Before you use PVLAN on XenServer and KVM, enable Open vSwitch (OVS)."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:123
# d9b9a5e0ce044d7b94cc7f36f40dac75
msgid "OVS on XenServer and KVM does not support PVLAN natively. Therefore, CloudStack managed to simulate PVLAN on OVS for XenServer and KVM by modifying the flow table."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:129
# 579764808b8b4cee81634b52e650e7f4
msgid "Creating a PVLAN-Enabled Guest Network"
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:161
# 5fd76d10b7a245ca92d599f5d84b04aa
msgid "**Secondary Isolated VLAN ID**: The unique ID of the Secondary Isolated VLAN."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:164
# ba80bf59655f4806845c6b592500c85a
msgid "For the description on Secondary Isolated VLAN, see `About Private VLAN\" <#about-private-vlan>`_."
msgstr ""

#: ../../networking/security_groups.rst:18
# cb6cc7de1ccf43ceb4fee732f2374d3a
msgid "Security Groups"
msgstr ""

#: ../../networking/security_groups.rst:21
# d27a88932a2a40c580ff31cd04f7c5b1
msgid "About Security Groups"
msgstr ""

#: ../../networking/security_groups.rst:23
# f5ba715a47234ff3a2bb8f9c56d490ab
msgid "Security groups provide a way to isolate traffic to VMs. A security group is a group of VMs that filter their incoming and outgoing traffic according to a set of rules, called ingress and egress rules. These rules filter network traffic according to the IP address that is attempting to communicate with the VM. Security groups are particularly useful in zones that use basic networking, because there is a single guest network for all guest VMs. In advanced zones, security groups are supported only on the KVM hypervisor."
msgstr ""

#: ../../networking/security_groups.rst:33
# 29c17e93f2554fe99e042dbc72b337d9
msgid "In a zone that uses advanced networking, you can instead define multiple guest networks to isolate traffic to VMs."
msgstr ""

#: ../../networking/security_groups.rst:36
# b0e658a849c44ade96fd212d6c6b2589
msgid "Each CloudStack account comes with a default security group that denies all inbound traffic and allows all outbound traffic. The default security group can be modified so that all new VMs inherit some other desired set of rules."
msgstr ""

#: ../../networking/security_groups.rst:41
# 03c3350e08fe420da4f2f221c5773dba
msgid "Any CloudStack user can set up any number of additional security groups. When a new VM is launched, it is assigned to the default security group unless another user-defined security group is specified. A VM can be a member of any number of security groups. Once a VM is assigned to a security group, it remains in that group for its entire lifetime; you can not move a running VM from one security group to another."
msgstr ""

#: ../../networking/security_groups.rst:48
# 4b6f67cf254b46589e9ddd94ff94b1bc
msgid "You can modify a security group by deleting or adding any number of ingress and egress rules. When you do, the new rules apply to all VMs in the group, whether running or stopped."
msgstr ""

#: ../../networking/security_groups.rst:52
# d23292c15bd3444c9ce839ff69392d35
msgid "If no ingress rules are specified, then no traffic will be allowed in, except for responses to any traffic that has been allowed out through an egress rule."
msgstr ""

#: ../../networking/security_groups.rst:58
# c22e98199bb447fd9a71ddcec88a9deb
msgid "Adding a Security Group"
msgstr ""

#: ../../networking/security_groups.rst:60
# 8a6a28fa1d434e4fbe428253b48eb3b8
msgid "A user or administrator can define a new security group."
msgstr ""

#: ../../networking/security_groups.rst:66
# 1ed905affb2a472aa04efaf4868c54d6
msgid "In Select view, choose Security Groups."
msgstr ""

#: ../../networking/security_groups.rst:68
# b052c553469c485a8ff0422d5b0abf73
msgid "Click Add Security Group."
msgstr ""

#: ../../networking/security_groups.rst:70
# 3db27ac74dd94357a381d19d64f5759e
msgid "Provide a name and description."
msgstr ""

#: ../../networking/security_groups.rst:74
# 5715f7737e534f99853d1f7ef2ff13f0
msgid "The new security group appears in the Security Groups Details tab."
msgstr ""

#: ../../networking/security_groups.rst:76
# 581f75deea1c4ce98b419a71f864130e
msgid "To make the security group useful, continue to Adding Ingress and Egress Rules to a Security Group."
msgstr ""

#: ../../networking/security_groups.rst:81
# f35cc6563a5e4857b8feee6cf88f29a3
msgid "Security Groups in Advanced Zones (KVM Only)"
msgstr ""

#: ../../networking/security_groups.rst:83
# fe26402e50fd46458f4ad511d322ba21
msgid "CloudStack provides the ability to use security groups to provide isolation between guests on a single shared, zone-wide network in an advanced zone where KVM is the hypervisor. Using security groups in advanced zones rather than multiple VLANs allows a greater range of options for setting up guest isolation in a cloud."
msgstr ""

#: ../../networking/security_groups.rst:93
# 6199b2fe0a1346459e8db63371e35db5
msgid "The following are not supported for this feature:"
msgstr ""

#: ../../networking/security_groups.rst:95
# 68ca4f1c51804347a9af6d0fd227f701
msgid "Two IP ranges with the same VLAN and different gateway or netmask in security group-enabled shared network."
msgstr ""

#: ../../networking/security_groups.rst:98
# 6d6ded6fa4fe4853b91bbaea875c3db7
msgid "Two IP ranges with the same VLAN and different gateway or netmask in account-specific shared networks."
msgstr ""

#: ../../networking/security_groups.rst:101
# fb280b17f22e4093b26c6e9d1891f60c
msgid "Multiple VLAN ranges in security group-enabled shared network."
msgstr ""

#: ../../networking/security_groups.rst:103
# 465a90dfe47647f28f1d23f859ff2f8a
msgid "Multiple VLAN ranges in account-specific shared networks."
msgstr ""

#: ../../networking/security_groups.rst:105
# d5d9f22d58634efcbbd25a21f05d9ddf
msgid "Security groups must be enabled in the zone in order for this feature to be used."
msgstr ""

#: ../../networking/security_groups.rst:110
# 4f0382c2c0e349d0b3df1e3c6f9ae199
msgid "Enabling Security Groups"
msgstr ""

#: ../../networking/security_groups.rst:112
# 5b48cea9b0254d6b92404b64173b5f9f
msgid "In order for security groups to function in a zone, the security groups feature must first be enabled for the zone. The administrator can do this when creating a new zone, by selecting a network offering that includes security groups. The procedure is described in Basic Zone Configuration in the Advanced Installation Guide. The administrator can not enable security groups for an existing zone, only when creating a new zone."
msgstr ""

#: ../../networking/security_groups.rst:122
# f31414cc005f439194236fdcf63adaba
msgid "Adding Ingress and Egress Rules to a Security Group"
msgstr ""

#: ../../networking/security_groups.rst:126
# 13f6fe7914834d94be54eccfd3a6571e
msgid "In the left navigation, choose Network"
msgstr ""

#: ../../networking/security_groups.rst:128
# 012c6f8bd96840d5b500950bbb99d37a
msgid "In Select view, choose Security Groups, then click the security group you want."
msgstr ""

#: ../../networking/security_groups.rst:131
# c5c93da9ab4542f288c0ea7dacc7015d
msgid "To add an ingress rule, click the Ingress Rules tab and fill out the following fields to specify what network traffic is allowed into VM instances in this security group. If no ingress rules are specified, then no traffic will be allowed in, except for responses to any traffic that has been allowed out through an egress rule."
msgstr ""

#: ../../networking/security_groups.rst:137
# a2545fd9c6a14c158863af3aca3b3a6d
msgid "**Add by CIDR/Account**. Indicate whether the source of the traffic will be defined by IP address (CIDR) or an existing security group in a CloudStack account (Account). Choose Account if you want to allow incoming traffic from all VMs in another security group"
msgstr ""

#: ../../networking/security_groups.rst:143
# b0594fd78a124efd8984037ef17e6b89
msgid "**Protocol**. The networking protocol that sources will use to send traffic to the security group. TCP and UDP are typically used for data exchange and end-user communications. ICMP is typically used to send error messages or network monitoring data."
msgstr ""

#: ../../networking/security_groups.rst:148
# 3af9a8d515614eccafed5e09672a8f15
msgid "**Start Port, End Port**. (TCP, UDP only) A range of listening ports that are the destination for the incoming traffic. If you are opening a single port, use the same number in both fields."
msgstr ""

#: ../../networking/security_groups.rst:152
# 27a7bc38a030400e9d8f1dedb608659e
msgid "**ICMP Type, ICMP Code**. (ICMP only) The type of message and error code that will be accepted."
msgstr ""

#: ../../networking/security_groups.rst:155
# 0ce4ad2050184376bdd26ed654e59599
msgid "**CIDR**. (Add by CIDR only) To accept only traffic from IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. The CIDR is the base IP address of the incoming traffic. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0."
msgstr ""

#: ../../networking/security_groups.rst:161
# 91ef8eb9529941acbded2108e7c153e0
msgid "**Account, Security Group**. (Add by Account only) To accept only traffic from another security group, enter the CloudStack account and name of a security group that has already been defined in that account. To allow traffic between VMs within the security group you are editing now, enter the same name you used in step 7."
msgstr ""

#: ../../networking/security_groups.rst:167
# 813409a701e84482ab284821eb359fe2
msgid "The following example allows inbound HTTP access from anywhere:"
msgstr ""

#: ../../networking/security_groups.rst:169
# 7ac1c499669b4a3cafd27ef10695d298
msgid "|httpaccess.png|"
msgstr ""

#: ../../networking/security_groups.rst:171
# e1083636f84c412fab7099c64bed463a
msgid "To add an egress rule, click the Egress Rules tab and fill out the following fields to specify what type of traffic is allowed to be sent out of VM instances in this security group. If no egress rules are specified, then all traffic will be allowed out. Once egress rules are specified, the following types of traffic are allowed out: traffic specified in egress rules; queries to DNS and DHCP servers; and responses to any traffic that has been allowed in through an ingress rule"
msgstr ""

#: ../../networking/security_groups.rst:180
# 69e5e83165db4e4ea9fd33a5bd1b0fff
msgid "**Add by CIDR/Account**. Indicate whether the destination of the traffic will be defined by IP address (CIDR) or an existing security group in a CloudStack account (Account). Choose Account if you want to allow outgoing traffic to all VMs in another security group."
msgstr ""

#: ../../networking/security_groups.rst:186
# 63fc0c9e030d4dc193c101bcb0e4b3fb
msgid "**Protocol**. The networking protocol that VMs will use to send outgoing traffic. TCP and UDP are typically used for data exchange and end-user communications. ICMP is typically used to send error messages or network monitoring data."
msgstr ""

#: ../../networking/security_groups.rst:191
# 0aa4b36b063a4f05a08b6a2ebb65d1f7
msgid "**Start Port, End Port**. (TCP, UDP only) A range of listening ports that are the destination for the outgoing traffic. If you are opening a single port, use the same number in both fields."
msgstr ""

#: ../../networking/security_groups.rst:195
# c2b03378b50f4e2b8ad15946702ddb5c
msgid "**ICMP Type, ICMP Code**. (ICMP only) The type of message and error code that will be sent"
msgstr ""

#: ../../networking/security_groups.rst:198
# f8d9e0334b9a4b1faa27a9fa5f918dae
msgid "**CIDR**. (Add by CIDR only) To send traffic only to IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. The CIDR is the base IP address of the destination. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0."
msgstr ""

#: ../../networking/security_groups.rst:204
# 748c734315774d6ea521e50471bbadab
msgid "**Account, Security Group**. (Add by Account only) To allow traffic to be sent to another security group, enter the CloudStack account and name of a security group that has already been defined in that account. To allow traffic between VMs within the security group you are editing now, enter its name."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:18
# 121a5a4d0fdf4adbadf0e9018abbb3f2
msgid "External Firewalls and Load Balancers"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:20
# da0033de7a88452b92b35dc42a5409ca
msgid "CloudStack is capable of replacing its Virtual Router with an external Juniper SRX device and an optional external NetScaler or F5 load balancer for gateway and load balancing services. In this case, the VMs use the SRX as their gateway."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:27
# 1758f3bbc4ec49b6a87df151d32c7822
msgid "About Using a NetScaler Load Balancer"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:29
# edf025a8432d4d2e916b9e1e4506292b
msgid "Citrix NetScaler is supported as an external network element for load balancing in zones that use isolated networking in advanced zones. Set up an external load balancer when you want to provide load balancing through means other than CloudStack's provided virtual router."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:35
# e6c1fa94b4a44fe9af51313b701a4c0a
msgid "In a Basic zone, load balancing service is supported only if Elastic IP or Elastic LB services are enabled."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:38
# 919e3b6335ec43cbb41cd06193a91872
msgid "When NetScaler load balancer is used to provide EIP or ELB services in a Basic zone, ensure that all guest VM traffic must enter and exit through the NetScaler device. When inbound traffic goes through the NetScaler device, traffic is routed by using the NAT protocol depending on the EIP/ELB configured on the public IP to the private IP. The traffic that is originated from the guest VMs usually goes through the layer 3 router. To ensure that outbound traffic goes through NetScaler device providing EIP/ELB, layer 3 router must have a policy-based routing. A policy-based route must be set up so that all traffic originated from the guest VM's are directed to NetScaler device. This is required to ensure that the outbound traffic from the guest VM's is routed to a public IP by using NAT.For more information on Elastic IP, see `\"About Elastic IP\" <#about-elastic-ip>`_."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:52
# e8f3e9f2b1bd412a99284612b6c7e030
msgid "The NetScaler can be set up in direct (outside the firewall) mode. It must be added before any load balancing rules are deployed on guest VMs in the zone."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:56
# 523f98e01f234306b388d42100392a01
msgid "The functional behavior of the NetScaler with CloudStack is the same as described in the CloudStack documentation for using an F5 external load balancer. The only exception is that the F5 supports routing domains, and NetScaler does not. NetScaler can not yet be used as a firewall."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:61
# 9526107823ab4b9bbdf3aeabea512cbd
msgid "To install and enable an external load balancer for CloudStack management, see External Guest Load Balancer Integration in the Installation Guide."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:65
# b606dd0a26944ae7abe244a91ae68dce
msgid "The Citrix NetScaler comes in three varieties. The following summarizes how these variants are treated in CloudStack."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:68
# 4d4acf453ee34b99bcd9422624a29d4f
msgid "**MPX**"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:70
# 31bf9c295f6f41ceba97d553ee88a09e
msgid "Physical appliance. Capable of deep packet inspection. Can act as application firewall and load balancer"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:73
# 9393642591e14352a7b452e06213da83
msgid "In advanced zones, load balancer functionality fully supported without limitation. In basic zones, static NAT, elastic IP (EIP), and elastic load balancing (ELB) are also provided."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:77
# b9313747ed1d4f2bb9ceb37cc651ef0e
msgid "**VPX**"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:79
# 726835d9e8994018bac41442046eebab
msgid "Virtual appliance. Can run as VM on XenServer, ESXi, and Hyper-V hypervisors. Same functionality as MPX"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:82
# c85737d038fa4926a9e5e9ea965a24ce
msgid "Supported on ESXi and XenServer. Same functional support as for MPX. CloudStack will treat VPX and MPX as the same device type."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:85
# 6aa4be1b809449b48793dde65f3fee9c
msgid "**SDX**"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:87
# ffe20a22c29347ff81fd3ac28699bc4c
msgid "Physical appliance. Can create multiple fully isolated VPX instances on a single appliance to support multi-tenant usage"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:90
# 363ff0dd6af349ae9fb5dfe4b0264655
msgid "CloudStack will dynamically provision, configure, and manage the life cycle of VPX instances on the SDX. Provisioned instances are added into CloudStack automatically - no manual configuration by the administrator is required. Once a VPX instance is added into CloudStack, it is treated the same as a VPX on an ESXi host."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:98
# 48be3cf5cf894ea3be2012a3fd52b693
msgid "Configuring SNMP Community String on a RHEL Server"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:100
# 124686b380a8434fbe22ff4861dcf466
msgid "The SNMP Community string is similar to a user id or password that provides access to a network device, such as router. This string is sent along with all SNMP requests. If the community string is correct, the device responds with the requested information. If the community string is incorrect, the device discards the request and does not respond."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:106
# db1b06466d9042489699add305179ed0
msgid "The NetScaler device uses SNMP to communicate with the VMs. You must install SNMP and configure SNMP Community string for a secure communication between the NetScaler device and the RHEL machine."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:110
# 86bf1082cfba4dd0ab1ae1cd1fc55280
msgid "Ensure that you installed SNMP on RedHat. If not, run the following command:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:117
# b57fd1f457bb47559202771c0c0e81b9
msgid "Edit the /etc/snmp/snmpd.conf file to allow the SNMP polling from the NetScaler device."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:120
# 7cc4f86ef08341519c58b04122531955
msgid "Map the community name into a security name (local and mynetwork, depending on where the request is coming from):"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:124
# 96e1da8de4da414f8ba5659fc97790f5
msgid "Use a strong password instead of public when you edit the following table."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:133
# e0dfb13b632f40ee91f2522b6545638c
msgid "Setting to 0.0.0.0 allows all IPs to poll the NetScaler server."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:135
# 8bbf09e13cf4449eab6802c2e431d166
msgid "Map the security names into group names:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:145
# 28f26a19a75e4d38b8cbe455da453945
msgid "Create a view to allow the groups to have the permission to:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:151
# cbb139269f8f422ea3ced1eb9e1f20d4
msgid "Grant access with different write permissions to the two groups to the view you created."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:160
# 4b8fa0c0c42b41e585535c6e0a66012c
msgid "Unblock SNMP in iptables."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:166
# 62e7b099d03c4a73bfcac8ea208630d3
msgid "Start the SNMP service:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:172
# 54522a637adb4007a9a82f11819c2c59
msgid "Ensure that the SNMP service is started automatically during the system startup:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:181
# 5949212234ed48b6adc372a7c7ce1637
msgid "Initial Setup of External Firewalls and Load Balancers"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:183
# 4cac2b9077964674844de4e3e3a93a0b
msgid "When the first VM is created for a new account, CloudStack programs the external firewall and load balancer to work with the VM. The following objects are created on the firewall:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:187
# 4bf4042c7f4f4def95f95bb7a9c4c3ec
msgid "A new logical interface to connect to the account's private VLAN. The interface IP is always the first IP of the account's private subnet (e.g. 10.1.1.1)."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:191
# 0691cec2a7cf4c178b39117f7d1ae324
msgid "A source NAT rule that forwards all outgoing traffic from the account's private VLAN to the public Internet, using the account's public IP address as the source address"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:195
# 493986833b5c4b068a45f8c644330cc3
msgid "A firewall filter counter that measures the number of bytes of outgoing traffic for the account"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:198
# d94c05bebe7142f69087aa01f32a8dd2
msgid "The following objects are created on the load balancer:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:200
# 3038b6bbaf9a40e4bf717fc65b7b5f7a
msgid "A new VLAN that matches the account's provisioned Zone VLAN"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:202
# 6babff57f8864990afeabf3aa8702676
msgid "A self IP for the VLAN. This is always the second IP of the account's private subnet (e.g. 10.1.1.2)."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:207
# c78efbcb1b344675a63143a5fa305c80
msgid "Ongoing Configuration of External Firewalls and Load Balancers"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:209
# 778d4134b7bd4fec9bc3c731d1dd006f
msgid "Additional user actions (e.g. setting a port forward) will cause further programming of the firewall and load balancer. A user may request additional public IP addresses and forward traffic received at these IPs to specific VMs. This is accomplished by enabling static NAT for a public IP address, assigning the IP to a VM, and specifying a set of protocols and port ranges to open. When a static NAT rule is created, CloudStack programs the zone's external firewall with the following objects:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:218
# 98d20f26e4be4a6693dbe1d69cbd1dc6
msgid "A static NAT rule that maps the public IP address to the private IP address of a VM."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:221
# 21bcfd0a7295477cb6daae191a4b5300
msgid "A security policy that allows traffic within the set of protocols and port ranges that are specified."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:224
# d57954e8fd754ec291d98eda142d626c
msgid "A firewall filter counter that measures the number of bytes of incoming traffic to the public IP."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:227
# fe43a5a0e7e9497595d1e43626bc76de
msgid "The number of incoming and outgoing bytes through source NAT, static NAT, and load balancing rules is measured and saved on each external element. This data is collected on a regular basis and stored in the CloudStack database."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:234
# 6db8db0667bd4e58b757a87adabda6bc
msgid "Load Balancer Rules"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:236
# 146c1ce3466a4755a2e0733761dc4ed0
msgid "A CloudStack user or administrator may create load balancing rules that balance traffic received at a public IP to one or more VMs. A user creates a rule, specifies an algorithm, and assigns the rule to a set of VMs."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:242
# c95ce127b66547f6922052b2dd046529
msgid "If you create load balancing rules while using a network service offering that includes an external load balancer device such as NetScaler, and later change the network service offering to one that uses the CloudStack virtual router, you must create a firewall rule on the virtual router for each of your existing load balancing rules so that they continue to function."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:253
# 1cb0607405a54290aac63427224142d3
msgid "Adding a Load Balancer Rule"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:259
# e9125f99985c4930b8ca325f3fcf515a
msgid "Click the name of the network where you want to load balance the traffic."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:264
#: ../../networking/virtual_private_cloud_config.rst:1055
#: ../../networking/virtual_private_cloud_config.rst:1323
# e2976048502c4d5a9d5bee635ce5ee1b
# 5b388625f3784583b0752e36f9353e8a
# aa8c8d52101742e9a804ccc41cbcfbb3
msgid "Click the IP address for which you want to create the rule, then click the Configuration tab."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:267
#: ../../networking/virtual_private_cloud_config.rst:1058
# d0100e755da442c3a5f073f8219b5816
# bc3f9224355b4e66b73a49411a2326b8
msgid "In the Load Balancing node of the diagram, click View All."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:269
# aed2916e2f794074898738f6a54fd470
msgid "In a Basic zone, you can also create a load balancing rule without acquiring or selecting an IP address. CloudStack internally assign an IP when you create the load balancing rule, which is listed in the IP Addresses page when the rule is created."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:274
# cdcdffd84542448691328bee08d8de97
msgid "To do that, select the name of the network, then click Add Load Balancer tab. Continue with #7."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:277
#: ../../networking/ip_forwarding_and_firewalling.rst:265
# c90d375729ae4857b6cbfad14e955c25
# 899cdfae1e1b423fa4228db904e74d4c
msgid "Fill in the following:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:279
#: ../../networking/virtual_private_cloud_config.rst:1064
#: ../../networking/virtual_private_cloud_config.rst:1249
# ee36f3f0257549b5a157b2c373cc595f
# 03c1b13d01dd4d93abf1db0df4d270c3
# 35a1954cf7ed4135a2a506e65626b63b
msgid "**Name**: A name for the load balancer rule."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:281
# 13aa4f60513144f581eaaea2a25fc259
msgid "**Public Port**: The port receiving incoming traffic to be balanced."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:284
#: ../../networking/virtual_private_cloud_config.rst:1069
# 94a4f9710f0548e9b5efb1ced085ee7c
# 43dd6392f9004b9ea68310e1bda21332
msgid "**Private Port**: The port that the VMs will use to receive the traffic."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:287
# 6dadc08ee20e449882fb626362f7af7f
msgid "**Algorithm**: Choose the load balancing algorithm you want CloudStack to use. CloudStack supports a variety of well-known algorithms. If you are not familiar with these choices, you will find plenty of information about them on the Internet."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:292
# b7ba39ce29984655a3fee83759341968
msgid "**Stickiness**: (Optional) Click Configure and choose the algorithm for the stickiness policy. See Sticky Session Policies for Load Balancer Rules."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:296
# a79ee74d2a374432bae88b284375af8d
msgid "**AutoScale**: Click Configure and complete the AutoScale configuration as explained in :ref:`conf-autoscale`."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:299
# 748f88b5e1234460b650bb46124ebf32
msgid "**Health Check**: (Optional; NetScaler load balancers only) Click Configure and fill in the characteristics of the health check policy. See :ref:`health-check`."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:303
# 57115cc9cda44c37ab09f3b0a846ddb6
msgid "**Ping path (Optional)**: Sequence of destinations to which to send health check queries. Default: / (all)."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:306
# 4f4a56c64b114bfbbc4a00ffe27666f1
msgid "**Response time (Optional)**: How long to wait for a response from the health check (2 - 60 seconds). Default: 5 seconds."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:309
# 5d063fd6cf084d458e9bb553fdcaa398
msgid "**Interval time (Optional)**: Amount of time between health checks (1 second - 5 minutes). Default value is set in the global configuration parameter lbrule\\_health check\\_time\\_interval."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:314
# 6550d0fabfa042e698d1e24bab46eae8
msgid "**Healthy threshold (Optional)**: Number of consecutive health check successes that are required before declaring an instance healthy. Default: 2."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:318
# d30d4c6e04f84624988f359219dfe504
msgid "**Unhealthy threshold (Optional)**: Number of consecutive health check failures that are required before declaring an instance unhealthy. Default: 10."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:322
# 427464c4195c4474982b88b06a60bd2b
msgid "Click Add VMs, then select two or more VMs that will divide the load of incoming traffic, and click Apply."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:325
# b57e6480829e4e1ea39a935dfae60828
msgid "The new load balancer rule appears in the list. You can repeat these steps to add more load balancer rules for this IP address."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:330
# 5b7fc7b5ea6d40a5bc3f415a80425764
msgid "Sticky Session Policies for Load Balancer Rules"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:332
# b9827a93606d4bd78ba8176109a6543b
msgid "Sticky sessions are used in Web-based applications to ensure continued availability of information across the multiple requests in a user's session. For example, if a shopper is filling a cart, you need to remember what has been purchased so far. The concept of \"stickiness\" is also referred to as persistence or maintaining state."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:338
# a0e599620e7d421795bf10da5e68221f
msgid "Any load balancer rule defined in CloudStack can have a stickiness policy. The policy consists of a name, stickiness method, and parameters. The parameters are name-value pairs or flags, which are defined by the load balancer vendor. The stickiness method could be load balancer-generated cookie, application-generated cookie, or source-based. In the source-based method, the source IP address is used to identify the user and locate the user's stored data. In the other methods, cookies are used. The cookie generated by the load balancer or application is included in request and response URLs to create persistence. The cookie name can be specified by the administrator or automatically generated. A variety of options are provided to control the exact behavior of cookies, such as how they are generated and whether they are cached."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:352
# 788d44c8346c41e88c23f175e62c939b
msgid "For the most up to date list of available stickiness methods, see the CloudStack UI or call listNetworks and check the SupportedStickinessMethods capability."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:360
# 44e5efde27ff453a945b83ed79f8935b
msgid "Health Checks for Load Balancer Rules"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:362
# e0222e643eba40e5b2a9d97fbebef725
msgid "(NetScaler load balancer only; requires NetScaler version 10.0)"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:364
# cdf4e72bdd1842b38d1c7c61809209b5
msgid "Health checks are used in load-balanced applications to ensure that requests are forwarded only to running, available services. When creating a load balancer rule, you can specify a health check policy. This is in addition to specifying the stickiness policy, algorithm, and other load balancer rule options. You can configure one health check policy per load balancer rule."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:371
# 3186740a23ed4c6ba61108544d0a4aec
msgid "Any load balancer rule defined on a NetScaler load balancer in CloudStack can have a health check policy. The policy consists of a ping path, thresholds to define \"healthy\" and \"unhealthy\" states, health check frequency, and timeout wait interval."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:376
# ec37f719769d4b7386f0b940981fed70
msgid "When a health check policy is in effect, the load balancer will stop forwarding requests to any resources that are found to be unhealthy. If the resource later becomes available again, the periodic health check will discover it, and the resource will once again be added to the pool of resources that can receive requests from the load balancer. At any given time, the most recent result of the health check is displayed in the UI. For any VM that is attached to a load balancer rule with a health check configured, the state will be shown as UP or DOWN in the UI depending on the result of the most recent health check."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:386
# e7b935bafd4a47d68590f912c335e640
msgid "You can delete or modify existing health check policies."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:388
# c111733988ec45f6bcd2979e368c5226
msgid "To configure how often the health check is performed by default, use the global configuration setting healthcheck.update.interval (default value is 600 seconds). You can override this value for an individual health check policy."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:393
# 4c9ae4abb3c04ebda936ddf28d4b1250
msgid "For details on how to set a health check policy using the UI, see :ref:`adding-lb-rule`."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:400
# 3d3b622fa6c24a71a43dfb7d262e68ff
msgid "Configuring AutoScale"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:402
# 5b23f0c9a3884ba4a454fd703688166f
msgid "AutoScaling allows you to scale your back-end services or application VMs up or down seamlessly and automatically according to the conditions you define. With AutoScaling enabled, you can ensure that the number of VMs you are using seamlessly scale up when demand increases, and automatically decreases when demand subsides. Thus it helps you save compute costs by terminating underused VMs automatically and launching new VMs when you need them, without the need for manual intervention."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:410
# 5141d63f3ea14b7cb903e6c53d86085f
msgid "NetScaler AutoScaling is designed to seamlessly launch or terminate VMs based on user-defined conditions. Conditions for triggering a scaleup or scaledown action can vary from a simple use case like monitoring the CPU usage of a server to a complex use case of monitoring a combination of server's responsiveness and its CPU usage. For example, you can configure AutoScaling to launch an additional VM whenever CPU usage exceeds 80 percent for 15 minutes, or to remove a VM whenever CPU usage is less than 20 percent for 30 minutes."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:419
# f32191641b9644909945358cb69ebe4d
msgid "CloudStack uses the NetScaler load balancer to monitor all aspects of a system's health and work in unison with CloudStack to initiate scale-up or scale-down actions."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:424
# 56002db08e75494cac10bdd7f2b5c707
msgid "AutoScale is supported on NetScaler Release 10 Build 74.4006.e and beyond."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:430
# 45a1a6402e1e40a0a91763809e1b7729
msgid "Before you configure an AutoScale rule, consider the following:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:432
# 0a687417e2094c359d8a604e95095fc5
msgid "Ensure that the necessary template is prepared before configuring AutoScale. When a VM is deployed by using a template and when it comes up, the application should be up and running."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:437
# 7d9b17872f514d4c88eedbe080005a94
msgid "If the application is not running, the NetScaler device considers the VM as ineffective and continues provisioning the VMs unconditionally until the resource limit is exhausted."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:441
# c72572ced880471fa607c51156f11bda
msgid "Deploy the templates you prepared. Ensure that the applications come up on the first boot and is ready to take the traffic. Observe the time requires to deploy the template. Consider this time when you specify the quiet time while configuring AutoScale."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:446
# ff134327842d420886adb98a42f2723a
msgid "The AutoScale feature supports the SNMP counters that can be used to define conditions for taking scale up or scale down actions. To monitor the SNMP-based counter, ensure that the SNMP agent is installed in the template used for creating the AutoScale VMs, and the SNMP operations work with the configured SNMP community and port by using standard SNMP managers. For example, see `\"Configuring SNMP Community String on a RHELServer\" <#configuring-snmp-community-string-on-a-rhel-server>`_ to configure SNMP on a RHEL machine."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:456
# d8cef4ea8860477489a80f3a715fbd90
msgid "Ensure that the endpointe.url parameter present in the Global Settings is set to the Management Server API URL. For example, ``http://10.102.102.22:8080/client/api``. In a multi-node Management Server deployment, use the virtual IP address configured in the load balancer for the management server's cluster. Additionally, ensure that the NetScaler device has access to this IP address to provide AutoScale support."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:464
# 1cd70adcb30d47abbcc3dc69e3707036
msgid "If you update the endpointe.url, disable the AutoScale functionality of the load balancer rules in the system, then enable them back to reflect the changes. For more information see :ref:`update-autoscale`."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:468
# 55df6ae7033b4ca3a3f52dd90fd74501
msgid "If the API Key and Secret Key are regenerated for an AutoScale user, ensure that the AutoScale functionality of the load balancers that the user participates in are disabled and then enabled to reflect the configuration changes in the NetScaler."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:473
# f6552bde1aaf4055b316eb9c17b5f64a
msgid "In an advanced Zone, ensure that at least one VM should be present before configuring a load balancer rule with AutoScale. Having one VM in the network ensures that the network is in implemented state for configuring AutoScale."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:480
# a79a1b3a477d4397abe465f3b5ba2c56
msgid "Configuration"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:484
# 7d9d1fe996094830bd4e91ea3b3632e7
msgid "|autoscaleateconfig.png|"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:486
# 4fc1aed8f2864acba56525d8509dfc38
msgid "**Template**: A template consists of a base OS image and application. A template is used to provision the new instance of an application on a scaleup action. When a VM is deployed from a template, the VM can start taking the traffic from the load balancer without any admin intervention. For example, if the VM is deployed for a Web service, it should have the Web server running, the database connected, and so on."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:494
# 15493a90f6c04d51a80a4caaa5a833c5
msgid "**Compute offering**: A predefined set of virtual hardware attributes, including CPU speed, number of CPUs, and RAM size, that the user can select when creating a new virtual machine instance. Choose one of the compute offerings to be used while provisioning a VM instance as part of scaleup action."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:500
# 55397884cbb84b2cb778668b2f01bb7e
msgid "**Min Instance**: The minimum number of active VM instances that is assigned to a load balancing rule. The active VM instances are the application instances that are up and serving the traffic, and are being load balanced. This parameter ensures that a load balancing rule has at least the configured number of active VM instances are available to serve the traffic."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:508
# c33b18f0b309446eb974ca219945f004
msgid "If an application, such as SAP, running on a VM instance is down for some reason, the VM is then not counted as part of Min Instance parameter, and the AutoScale feature initiates a scaleup action if the number of active VM instances is below the configured value. Similarly, when an application instance comes up from its earlier down state, this application instance is counted as part of the active instance count and the AutoScale process initiates a scaledown action when the active instance count breaches the Max instance value."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:518
# f040e7755d074bee8817ada9261b421b
msgid "**Max Instance**: Maximum number of active VM instances that **should be assigned to**\\ a load balancing rule. This parameter defines the upper limit of active VM instances that can be assigned to a load balancing rule."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:523
# 2115dadd36d541558713322993492848
msgid "Specifying a large value for the maximum instance parameter might result in provisioning large number of VM instances, which in turn leads to a single load balancing rule exhausting the VM instances limit specified at the account or domain level."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:529
# 40a5c798ef9d4d7584efa6400c0edfac
msgid "If an application, such as SAP, running on a VM instance is down for some reason, the VM is not counted as part of Max Instance parameter. So there may be scenarios where the number of VMs provisioned for a scaleup action might be more than the configured Max Instance value. Once the application instances in the VMs are up from an earlier down state, the AutoScale feature starts aligning to the configured Max Instance value."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:537
# 19812fc19c6a4a7d9ebc51b8e0ecb75b
msgid "Specify the following scale-up and scale-down policies:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:539
# 74891b0d3cfd491f863a6557f788d493
msgid "**Duration**: The duration, in seconds, for which the conditions you specify must be true to trigger a scaleup action. The conditions defined should hold true for the entire duration you specify for an AutoScale action to be invoked."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:544
# 436acb44653a45cc9c54ff9c950b7a56
msgid "**Counter**: The performance counters expose the state of the monitored instances. By default, CloudStack offers four performance counters: Three SNMP counters and one NetScaler counter. The SNMP counters are Linux User CPU, Linux System CPU, and Linux CPU Idle. The NetScaler counter is ResponseTime. The root administrator can add additional counters into CloudStack by using the CloudStack API."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:551
# 2137176110684b2db672902ab582654c
msgid "**Operator**: The following five relational operators are supported in AutoScale feature: Greater than, Less than, Less than or equal to, Greater than or equal to, and Equal to."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:555
# fce26387204d4e949d43cee1c917b9c0
msgid "**Threshold**: Threshold value to be used for the counter. Once the counter defined above breaches the threshold value, the AutoScale feature initiates a scaleup or scaledown action."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:559
# f9e47cc9e3ad4739a2e6ef1470a50570
msgid "**Add**: Click Add to add the condition."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:561
# 3ea8d8738fdd408fb23e11b899d7b418
msgid "Additionally, if you want to configure the advanced settings, click Show advanced settings, and specify the following:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:564
# 9fafd8d4c0614661af2bc64d9c06879e
msgid "**Polling interval**: Frequency in which the conditions, combination of counter, operator and threshold, are to be evaluated before taking a scale up or down action. The default polling interval is 30 seconds."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:569
# c719d597315640dc81a33fab44ae0a0e
msgid "**Quiet Time**: This is the cool down period after an AutoScale action is initiated. The time includes the time taken to complete provisioning a VM instance from its template and the time taken by an application to be ready to serve traffic. This quiet time allows the fleet to come up to a stable state before any action can take place. The default is 300 seconds."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:576
# 98b814f48ff24f0c9ed3bca9f2dd1619
msgid "**Destroy VM Grace Period**: The duration in seconds, after a scaledown action is initiated, to wait before the VM is destroyed as part of scaledown action. This is to ensure graceful close of any pending sessions or transactions being served by the VM marked for destroy. The default is 120 seconds."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:582
# bcae2f20091343669f94311a955eb918
msgid "**Security Groups**: Security groups provide a way to isolate traffic to the VM instances. A security group is a group of VMs that filter their incoming and outgoing traffic according to a set of rules, called ingress and egress rules. These rules filter network traffic according to the IP address that is attempting to communicate with the VM."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:589
# 24e7476382c24a7a8bdb85ceef987fcb
msgid "**Disk Offerings**: A predefined set of disk size for primary data storage."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:592
# 8b28accd4fce47b6afc47f2341e26d5d
msgid "**SNMP Community**: The SNMP community string to be used by the NetScaler device to query the configured counter value from the provisioned VM instances. Default is public."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:596
# e01443d94f864a8e80ec211f1a96c910
msgid "**SNMP Port**: The port number on which the SNMP agent that run on the provisioned VMs is listening. Default port is 161."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:599
# 64c6d2f9ae6f4ac3b09f31d6fb0e360c
msgid "**User**: This is the user that the NetScaler device use to invoke scaleup and scaledown API calls to the cloud. If no option is specified, the user who configures AutoScaling is applied. Specify another user name to override."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:604
# 062c87f44c6f4c92916dae1a85b891cc
msgid "**Apply**: Click Apply to create the AutoScale configuration."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:608
# 6563ec698c3d499ab5e8e86cb3073ff0
msgid "Disabling and Enabling an AutoScale Configuration"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:610
# e1b4da3ad2534f6c8fba4e5ec4616af2
msgid "If you want to perform any maintenance operation on the AutoScale VM instances, disable the AutoScale configuration. When the AutoScale configuration is disabled, no scaleup or scaledown action is performed. You can use this downtime for the maintenance activities. To disable the AutoScale configuration, click the Disable AutoScale |EnableDisable.png| button."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:616
# eb31769bc729463bbdd6b8d9bd472847
msgid "The button toggles between enable and disable, depending on whether AutoScale is currently enabled or not. After the maintenance operations are done, you can enable the AutoScale configuration back. To enable, open the AutoScale configuration page again, then click the Enable AutoScale |EnableDisable.png| button."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:626
# 800c645e10c34f3b96d364a7e7b44570
msgid "Updating an AutoScale Configuration"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:628
# 35012a4fdbe84c63a612c99f0ba31d1b
msgid "You can update the various parameters and add or delete the conditions in a scaleup or scaledown rule. Before you update an AutoScale configuration, ensure that you disable the AutoScale load balancer rule by clicking the Disable AutoScale button."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:633
# b87ea7a2a6c5474392ec23163db4cadb
msgid "After you modify the required AutoScale parameters, click Apply. To apply the new AutoScale policies, open the AutoScale configuration page again, then click the Enable AutoScale button."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:639
# 4b66b8ccf0284d27afeafec62196c28b
msgid "Runtime Considerations"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:641
# c38f40d156554c08a840a51d5bc01d89
msgid "An administrator should not assign a VM to a load balancing rule which is configured for AutoScale."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:644
# dee362b009924ebea8ca92bdd9f61f8d
msgid "Before a VM provisioning is completed if NetScaler is shutdown or restarted, the provisioned VM cannot be a part of the load balancing rule though the intent was to assign it to a load balancing rule. To workaround, rename the AutoScale provisioned VMs based on the rule name or ID so at any point of time the VMs can be reconciled to its load balancing rule."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:651
# 68fd9fba22874c88aeee1a1e17da457f
msgid "Making API calls outside the context of AutoScale, such as destroyVM, on an autoscaled VM leaves the load balancing configuration in an inconsistent state. Though VM is destroyed from the load balancer rule, NetScaler continues to show the VM as a service assigned to a rule."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:18
# 25734f8479cd4aeaa96bc94c9e97b3f0
msgid "Global Server Load Balancing Support"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:20
# 4281e272ec6741e89ba2c668c2b466e9
msgid "CloudStack supports Global Server Load Balancing (GSLB) functionalities to provide business continuity, and enable seamless resource movement within a CloudStack environment. CloudStack achieve this by extending its functionality of integrating with NetScaler Application Delivery Controller (ADC), which also provides various GSLB capabilities, such as disaster recovery and load balancing. The DNS redirection technique is used to achieve GSLB in CloudStack."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:28
# 6945e2d89c9d4d758cba8b0168f0b818
msgid "In order to support this functionality, region level services and service provider are introduced. A new service 'GSLB' is introduced as a region level service. The GSLB service provider is introduced that will provider the GSLB service. Currently, NetScaler is the supported GSLB provider in CloudStack. GSLB functionality works in an Active-Active data center environment."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:37
# e5df28b9850c419293fdae6e4e253ab5
msgid "About Global Server Load Balancing"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:39
# 0b8dcd5aa2ba4b9984c94850cd1c44a9
msgid "Global Server Load Balancing (GSLB) is an extension of load balancing functionality, which is highly efficient in avoiding downtime. Based on the nature of deployment, GSLB represents a set of technologies that is used for various purposes, such as load sharing, disaster recovery, performance, and legal obligations. With GSLB, workloads can be distributed across multiple data centers situated at geographically separated locations. GSLB can also provide an alternate location for accessing a resource in the event of a failure, or to provide a means of shifting traffic easily to simplify maintenance, or both."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:51
# ab0467a3e9d24e78b8e9e16d225ce4b3
msgid "Components of GSLB"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:53
# f131bfe486894f13961e91b6409ae286
msgid "A typical GSLB environment is comprised of the following components:"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:55
# 6bc81bb78e4c4bd9974edba31c58d4cf
msgid "**GSLB Site**: In CloudStack terminology, GSLB sites are represented by zones that are mapped to data centers, each of which has various network appliances. Each GSLB site is managed by a NetScaler appliance that is local to that site. Each of these appliances treats its own site as the local site and all other sites, managed by other appliances, as remote sites. It is the central entity in a GSLB deployment, and is represented by a name and an IP address."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:63
# ed55296b3210425390ee6cb680b0f347
msgid "**GSLB Services**: A GSLB service is typically represented by a load balancing or content switching virtual server. In a GSLB environment, you can have a local as well as remote GSLB services. A local GSLB service represents a local load balancing or content switching virtual server. A remote GSLB service is the one configured at one of the other sites in the GSLB setup. At each site in the GSLB setup, you can create one local GSLB service and any number of remote GSLB services."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:72
# f00eb1ec7b75437699e4603066de4f63
msgid "**GSLB Virtual Servers**: A GSLB virtual server refers to one or more GSLB services and balances traffic between traffic across the VMs in multiple zones by using the CloudStack functionality. It evaluates the configured GSLB methods or algorithms to select a GSLB service to which to send the client requests. One or more virtual servers from different zones are bound to the GSLB virtual server. GSLB virtual server does not have a public IP associated with it, instead it will have a FQDN DNS name."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:81
# ca80f04e2c8542269d92af6e7de92d03
msgid "**Load Balancing or Content Switching Virtual Servers**: According to Citrix NetScaler terminology, a load balancing or content switching virtual server represents one or many servers on the local network. Clients send their requests to the load balancing or content switching virtual server's virtual IP (VIP) address, and the virtual server balances the load across the local servers. After a GSLB virtual server selects a GSLB service representing either a local or a remote load balancing or content switching virtual server, the client sends the request to that virtual server's VIP address."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:91
# d008156342444851b79a1c914ff2dbcb
msgid "**DNS VIPs**: DNS virtual IP represents a load balancing DNS virtual server on the GSLB service provider. The DNS requests for domains for which the GSLB service provider is authoritative can be sent to a DNS VIP."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:96
# 71d33e18670d4b49a2881ebc9a6de115
msgid "**Authoritative DNS**: ADNS (Authoritative Domain Name Server) is a service that provides actual answer to DNS queries, such as web site IP address. In a GSLB environment, an ADNS service responds only to DNS requests for domains for which the GSLB service provider is authoritative. When an ADNS service is configured, the service provider owns that IP address and advertises it. When you create an ADNS service, the NetScaler responds to DNS queries on the configured ADNS service IP and port."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:107
# 0a4b19e96b7140af83a35ab77bc744af
msgid "How Does GSLB Works in CloudStack?"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:109
# 3fcf9c5675d647d09f1b6df17ad60cc1
msgid "Global server load balancing is used to manage the traffic flow to a web site hosted on two separate zones that ideally are in different geographic locations. The following is an illustration of how GLSB functionality is provided in CloudStack: An organization, xyztelco, has set up a public cloud that spans two zones, Zone-1 and Zone-2, across geographically separated data centers that are managed by CloudStack. Tenant-A of the cloud launches a highly available solution by using xyztelco cloud. For that purpose, they launch two instances each in both the zones: VM1 and VM2 in Zone-1 and VM5 and VM6 in Zone-2. Tenant-A acquires a public IP, IP-1 in Zone-1, and configures a load balancer rule to load balance the traffic between VM1 and VM2 instances. CloudStack orchestrates setting up a virtual server on the LB service provider in Zone-1. Virtual server 1 that is set up on the LB service provider in Zone-1 represents a publicly accessible virtual server that client reaches at IP-1. The client traffic to virtual server 1 at IP-1 will be load balanced across VM1 and VM2 instances."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:126
# 16209a7b07e746f19adc6902ea420f50
msgid "Tenant-A acquires another public IP, IP-2 in Zone-2 and sets up a load balancer rule to load balance the traffic between VM5 and VM6 instances. Similarly in Zone-2, CloudStack orchestrates setting up a virtual server on the LB service provider. Virtual server 2 that is setup on the LB service provider in Zone-2 represents a publicly accessible virtual server that client reaches at IP-2. The client traffic that reaches virtual server 2 at IP-2 is load balanced across VM5 and VM6 instances. At this point Tenant-A has the service enabled in both the zones, but has no means to set up a disaster recovery plan if one of the zone fails. Additionally, there is no way for Tenant-A to load balance the traffic intelligently to one of the zones based on load, proximity and so on. The cloud administrator of xyztelco provisions a GSLB service provider to both the zones. A GSLB provider is typically an ADC that has the ability to act as an ADNS (Authoritative Domain Name Server) and has the mechanism to monitor health of virtual servers both at local and remote sites. The cloud admin enables GSLB as a service to the tenants that use zones 1 and 2."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:144
# d073e26f378940f9b2b7bacfdc8d7e0a
msgid "|gslb.png|"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:146
# 78fe59c21fad44febb867459cdd3c4fc
msgid "Tenant-A wishes to leverage the GSLB service provided by the xyztelco cloud. Tenant-A configures a GSLB rule to load balance traffic across virtual server 1 at Zone-1 and virtual server 2 at Zone-2. The domain name is provided as A.xyztelco.com. CloudStack orchestrates setting up GSLB virtual server 1 on the GSLB service provider at Zone-1. CloudStack binds virtual server 1 of Zone-1 and virtual server 2 of Zone-2 to GLSB virtual server 1. GSLB virtual server 1 is configured to start monitoring the health of virtual server 1 and 2 in Zone-1. CloudStack will also orchestrate setting up GSLB virtual server 2 on GSLB service provider at Zone-2. CloudStack will bind virtual server 1 of Zone-1 and virtual server 2 of Zone-2 to GLSB virtual server 2. GSLB virtual server 2 is configured to start monitoring the health of virtual server 1 and 2. CloudStack will bind the domain A.xyztelco.com to both the GSLB virtual server 1 and 2. At this point, Tenant-A service will be globally reachable at A.xyztelco.com. The private DNS server for the domain xyztelcom.com is configured by the admin out-of-band to resolve the domain A.xyztelco.com to the GSLB providers at both the zones, which are configured as ADNS for the domain A.xyztelco.com. A client when sends a DNS request to resolve A.xyztelcom.com, will eventually get DNS delegation to the address of GSLB providers at zone 1 and 2. A client DNS request will be received by the GSLB provider. The GSLB provider, depending on the domain for which it needs to resolve, will pick up the GSLB virtual server associated with the domain. Depending on the health of the virtual servers being load balanced, DNS request for the domain will be resolved to the public IP associated with the selected virtual server."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:175
# ec2c5b7b09154785b795d77e01eadd4d
msgid "Configuring GSLB"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:177
# 9df6a592e23d49148060b5c6ca5e52ac
msgid "To configure a GSLB deployment, you must first configure a standard load balancing setup for each zone. This enables you to balance load across the different servers in each zone in the region. Then on the NetScaler side, configure both NetScaler appliances that you plan to add to each zone as authoritative DNS (ADNS) servers. Next, create a GSLB site for each zone, configure GSLB virtual servers for each site, create GLSB services, and bind the GSLB services to the GSLB virtual servers. Finally, bind the domain to the GSLB virtual servers. The GSLB configurations on the two appliances at the two different zones are identical, although each sites load-balancing configuration is specific to that site."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:189
# ea099698d96f40f7adcc38a2fc9c997d
msgid "Perform the following as a cloud administrator. As per the example given above, the administrator of xyztelco is the one who sets up GSLB:"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:192
# ac5abddeadb048d794cccae84c2689cb
msgid "In the cloud.dns.name global parameter, specify the DNS name of your tenant's cloud that make use of the GSLB service."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:195
# 628b54626394479caf7ea8d6fd8d3210
msgid "On the NetScaler side, configure GSLB as given in `Configuring Global Server Load Balancing (GSLB) <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-con.html>`_:"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:199
# 4ae673b1b0a741d4a8ae715022d39bfc
msgid "Configuring a standard load balancing setup."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:201
# a3e3a1d93b6a48128aea3a0dee30c2ce
msgid "Configure Authoritative DNS, as explained in `Configuring an Authoritative DNS Service <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-adns-svc-tsk.html>`_."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:205
# 1bbbaf3fabe54fa8bd1f12d3cf85553d
msgid "Configure a GSLB site with site name formed from the domain name details."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:208
# 9bbfadb6046f4a089e701c8968231bf1
msgid "Configure a GSLB site with the site name formed from the domain name."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:211
# 5c91f57c9b0a4c1b81467b113da3b368
msgid "As per the example given above, the site names are A.xyztelco.com and B.xyztelco.com."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:214
# cf4285866ee549228e56d7a5b5423e75
msgid "For more information, see `Configuring a Basic GSLB Site <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-basic-site-tsk.html>`_."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:217
# 665433a1ecba490ca6d1a6f594d8d15d
msgid "Configure a GSLB virtual server."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:219
# 62a5af1b8ba947619f77fffcc044737e
msgid "For more information, see `Configuring a GSLB Virtual Server <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-vsvr-tsk.html>`_."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:222
# b5348156d5684555bf4a16f7b0aed2e1
msgid "Configure a GSLB service for each virtual server."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:224
# 1be7e75accb342118f2db621053cd0ca
msgid "For more information, see `Configuring a GSLB Service <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-svc-tsk.html>`_."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:227
# a057f57840c249baa28d0ea92fb18a4d
msgid "Bind the GSLB services to the GSLB virtual server."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:229
# 54fde0c1b28d4b218b1b38fd69512fc7
msgid "For more information, see `Binding GSLB Services to a GSLB Virtual Server <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-bind-svc-vsvr-tsk.html>`_."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:232
# b238ffa658954d6bb8950514feb4309e
msgid "Bind domain name to GSLB virtual server. Domain name is obtained from the domain details."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:235
# ddb89d80e86542fca93e99d812871a42
msgid "For more information, see `Binding a Domain to a GSLB Virtual Server <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-bind-dom-vsvr-tsk.html>`_."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:238
# 994ecce5579142d68bbcabc7fbbcee66
msgid "In each zone that are participating in GSLB, add GSLB-enabled NetScaler device."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:241
# 77a9ecb28f3c42fa871ca4293f5fb3c2
msgid "For more information, see :ref:`enabling-gslb-in-ns`."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:243
# 9d1700ef75be4986a54fd1e51b7daf09
msgid "As a domain administrator/ user perform the following:"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:245
# 1b28e385ddd9459f934219e64252f08a
msgid "Add a GSLB rule on both the sites."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:247
# b3f6d2228fdd4f249692765a44df3257
msgid "See \":ref:`adding-gslb-rule`\"."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:249
# d4539ca63ba143f5a57e95a7cc50c138
msgid "Assign load balancer rules."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:251
# 5e832683ca534485b0fbd672a249e511
msgid "See \":ref:`assigning-lb-rule-gslb`\"."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:257
# 9fd9a67186904ceda46fa7d9e61e6dce
msgid "The GSLB functionality is supported both Basic and Advanced zones."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:259
# 155a1b915c7840afae25327ef3a7f6bb
msgid "GSLB is added as a new network service."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:261
# b5681032556f4430a86b311f53d393c5
msgid "GSLB service provider can be added to a physical network in a zone."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:263
# ba83a0e977bc4a3abc65c3f30c4684d4
msgid "The admin is allowed to enable or disable GSLB functionality at region level."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:266
# 682239c65afe4c2fa7312feeac21e9bf
msgid "The admin is allowed to configure a zone as GSLB capable or enabled."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:268
# 16c808c16f1e4f22a5294f1060dfe2c3
msgid "A zone shall be considered as GSLB capable only if a GSLB service provider is provisioned in the zone."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:271
# 54c1b30001084a9d88eb89799461dc9f
msgid "When users have VMs deployed in multiple availability zones which are GSLB enabled, they can use the GSLB functionality to load balance traffic across the VMs in multiple zones."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:275
# 04c2a492332c437daed8f4ef774ba016
msgid "The users can use GSLB to load balance across the VMs across zones in a region only if the admin has enabled GSLB in that region."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:278
# 1f9b8a3555524eaea6e144288b6f74a6
msgid "The users can load balance traffic across the availability zones in the same region or different regions."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:281
# 56f19e5d46de43f5b7e3ac6674a8084b
msgid "The admin can configure DNS name for the entire cloud."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:283
# 5d62e65b44ab487688e71984b4665f2b
msgid "The users can specify an unique name across the cloud for a globally load balanced service. The provided name is used as the domain name under the DNS name associated with the cloud."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:287
# ed7a5577959a4271b7b98ac369d63874
msgid "The user-provided name along with the admin-provided DNS name is used to produce a globally resolvable FQDN for the globally load balanced service of the user. For example, if the admin has configured xyztelco.com as the DNS name for the cloud, and user specifies 'foo' for the GSLB virtual service, then the FQDN name of the GSLB virtual service is foo.xyztelco.com."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:294
# 8cac76f1529943b5a001cc5e9e8978ac
msgid "While setting up GSLB, users can select a load balancing method, such as round robin, for using across the zones that are part of GSLB."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:297
# d53da99edf45482fae37a6beabd277e0
msgid "The user shall be able to set weight to zone-level virtual server. Weight shall be considered by the load balancing method for distributing the traffic."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:301
# 7a49a6392b3841eea149e6bda34bf00a
msgid "The GSLB functionality shall support session persistence, where series of client requests for particular domain name is sent to a virtual server on the same zone."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:305
# bb4138b786e9474fb0ed35738608df60
msgid "Statistics is collected from each GSLB virtual server."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:311
# 47055f92a29342529bfcdc61d569e7e5
msgid "Enabling GSLB in NetScaler"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:313
# 993ee7e5933440be90a5d733c261dbfa
msgid "In each zone, add GSLB-enabled NetScaler device for load balancing."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:315
# 1ccc47562da1485ebadaf564a75a1e8f
msgid "Log in as administrator to the CloudStack UI."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:319
# 50c53a288e5c4ba8a5873ae93ce2ebc1
msgid "In Zones, click View More."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:323
# 426b0fac04b243adae39f7591362417b
msgid "Click the Physical Network tab, then click the name of the physical network."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:326
# fafed439faa145cfbd6e0660489f0c23
msgid "In the Network Service Providers node of the diagram, click Configure."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:329
# fd8f072b359a4f04ad326eb3d908940d
msgid "You might have to scroll down to see this."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:331
# 4cb81ecc1e2041ac85015a942c236caf
msgid "Click NetScaler."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:333
# fd9c663d6f344362bc282938fa9a7568
msgid "Click Add NetScaler device and provide the following:"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:335
# 482e597c23cc41b798a1610afce4cdeb
msgid "For NetScaler:"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:337
# 3294458f8c544dd2b784f2fa14c2aa67
msgid "**IP Address**: The IP address of the SDX."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:339
# b70b5b91f59c409c9dd3966293451a99
msgid "**Username/Password**: The authentication credentials to access the device. CloudStack uses these credentials to access the device."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:343
# 8ef3b665ac154e6287ad6ea81148049c
msgid "**Type**: The type of device that is being added. It could be F5 Big Ip Load Balancer, NetScaler VPX, NetScaler MPX, or NetScaler SDX. For a comparison of the NetScaler types, see the CloudStack Administration Guide."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:348
# 2e237e04e2dc44aa9a63e9b610481683
msgid "**Public interface**: Interface of device that is configured to be part of the public network."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:351
# 1768efdd0e38457882de8c3f6a4bc7ac
msgid "**Private interface**: Interface of device that is configured to be part of the private network."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:354
# d7a97e5326bf493ea8de67360056032f
msgid "**GSLB service**: Select this option."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:356
# 3169f742f2b541cf9ba5e47685b71979
msgid "**GSLB service Public IP**: The public IP address of the NAT translator for a GSLB service that is on a private network."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:359
# 8aea303aff5746d887377f892f81bedb
msgid "**GSLB service Private IP**: The private IP of the GSLB service."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:361
# 12ef6d7387b1493fbb70926187f28853
msgid "**Number of Retries**. Number of times to attempt a command on the device before considering the operation failed. Default is 2."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:364
# 66bbb327d60548f78a85f6f748811885
msgid "**Capacity**: The number of networks the device can handle."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:366
# d60d1dd86fb4433b99b28a0c96f1576a
msgid "**Dedicated**: When marked as dedicated, this device will be dedicated to a single account. When Dedicated is checked, the value in the Capacity field has no significance implicitly, its value is 1."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:377
# 69bd10926c1b4f639cc360e4c6418c3e
msgid "Adding a GSLB Rule"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:379
#: ../../networking/global_server_load_balancing.rst:423
# d8d474dabeab4c1f8f00fa162277cd18
# 2533afdf8c2f4af0ae6a8c0a349218af
msgid "Log in to the CloudStack UI as a domain administrator or user."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:381
#: ../../networking/global_server_load_balancing.rst:425
# 7550ed528a27426c853c744100fd4ae1
# a6856d0d96014ad4bcf0169664b844e3
msgid "In the left navigation pane, click Region."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:383
#: ../../networking/global_server_load_balancing.rst:427
# 5a1ef80e398e476bb8d0a513004669b9
# 8f5b19bc2a244501b359c7b31af3d903
msgid "Select the region for which you want to create a GSLB rule."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:385
#: ../../networking/global_server_load_balancing.rst:429
# de6f8ae256d04834b07c2f957c2d329f
# 14610babee3a4c4f98ccda032d8a1a24
msgid "In the Details tab, click View GSLB."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:387
# 9c265b9b1d6f450fbb90a2dab4a3dd4d
msgid "Click Add GSLB."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:389
# 7b20c6e1ba68451d9c097b40cf182ed5
msgid "The Add GSLB page is displayed as follows:"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:391
# 156298ad77934768a3936c310cb506c7
msgid "|gslb-add.png|"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:395
# 94ceaa226a6348128cee4e536b67def7
msgid "**Name**: Name for the GSLB rule."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:397
# 1bedbf6a59124f5ab5ad9ae9d676f428
msgid "**Description**: (Optional) A short description of the GSLB rule that can be displayed to users."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:400
# 760fed68b0f1425d813d3da44e010ef0
msgid "**GSLB Domain Name**: A preferred domain name for the service."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:402
# f10e909d63a847f2ac92ce505fbe7453
msgid "**Algorithm**: (Optional) The algorithm to use to load balance the traffic across the zones. The options are Round Robin, Least Connection, and Proximity."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:406
# 5bd10eaef9ea49fdafb1aaf2a6d04f89
msgid "**Service Type**: The transport protocol to use for GSLB. The options are TCP and UDP."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:409
# 5a07001702fd46899b6363fe3e335dda
msgid "**Domain**: (Optional) The domain for which you want to create the GSLB rule."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:412
# f95e0967cf5b4586af07b8c278fa7f2c
msgid "**Account**: (Optional) The account on which you want to apply the GSLB rule."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:421
# 8e6fff3aabfc4338a6d75cc7a0817e74
msgid "Assigning Load Balancing Rules to GSLB"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:431
# c1a5b66d72da4e03acd469f7c6097117
msgid "Select the desired GSLB."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:433
# 1a740350bc534faaaa40f53959d4fee9
msgid "Click view assigned load balancing."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:435
# daff37ebdd2349a497dab10e0d234426
msgid "Click assign more load balancing."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:437
# d63a5166197e4a17b6bd9ab1cd618814
msgid "Select the load balancing rule you have created for the zone."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:443
# 35f5b11c84c142c58580b76bb4ddadfd
msgid "Known Limitation"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:445
# 89c2b07fa33e40838e9c4de58e3296be
msgid "Currently, CloudStack does not support orchestration of services across the zones. The notion of services and service providers in region are to be introduced."
msgstr ""

#: ../../networking/guest_ip_ranges.rst:18
# 43426b72e0e24e35a5898286a3dd3dc2
msgid "Guest IP Ranges"
msgstr ""

#: ../../networking/guest_ip_ranges.rst:20
# 8ad2743b8f6d4eb1bf10b5afb1c89f54
msgid "The IP ranges for guest network traffic are set on a per-account basis by the user. This allows the users to configure their network in a fashion that will enable VPN linking between their guest network and their clients."
msgstr ""

#: ../../networking/guest_ip_ranges.rst:25
# dc1be0f75ec04a468b17af4d2750b1ca
msgid "In shared networks in Basic zone and Security Group-enabled Advanced networks, you will have the flexibility to add multiple guest IP ranges from different subnets. You can add or remove one IP range at a time. For more information, see `\"About Multiple IP Ranges\" <#about-multiple-ip-ranges>`_."
msgstr ""

#: ../../networking/acquiring_an_ip_address.rst:18
# 5daf1c058a0c43718015e5812d9c0836
msgid "Acquiring a New IP Address"
msgstr ""

#: ../../networking/acquiring_an_ip_address.rst:34
# 32dbea4bf3a6422da3941f2407b12a71
msgid "If you want Portable IP click Yes in the confirmation dialog. If you want a normal Public IP click No."
msgstr ""

#: ../../networking/acquiring_an_ip_address.rst:37
# b8ffa6eff3794134bf11db68c7c32099
msgid "For more information on Portable IP, see `\"Portable IPs\" <#portable-ips>`_."
msgstr ""

#: ../../networking/releasing_an_ip_address.rst:18
# d5be22795b3d4926be02f94cc069db79
msgid "Releasing an IP Address"
msgstr ""

#: ../../networking/releasing_an_ip_address.rst:20
# d608beb5fbb544afaaad161b9661dcb0
msgid "When the last rule for an IP address is removed, you can release that IP address. The IP address still belongs to the VPC; however, it can be picked up for any guest network again."
msgstr ""

#: ../../networking/releasing_an_ip_address.rst:32
# cbede7f4af98499c97ff53a446ca173d
msgid "Click the IP address you want to release."
msgstr ""

#: ../../networking/releasing_an_ip_address.rst:34
# b5f7d64cc75b4ee18855fa6ad6f1438d
msgid "Click the Release IP button. |ReleaseIPButton.png|"
msgstr ""

#: ../../networking/static_nat.rst:18
#: ../../networking/remote_access_vpn.rst:118
#: ../../networking/remote_access_vpn.rst:452
#: ../../networking/remote_access_vpn.rst:515
#: ../../networking/remote_access_vpn.rst:647
#: ../../networking/virtual_private_cloud_config.rst:348
#: ../../networking/virtual_private_cloud_config.rst:515
#: ../../networking/virtual_private_cloud_config.rst:750
#: ../../networking/virtual_private_cloud_config.rst:808
#: ../../networking/virtual_private_cloud_config.rst:869
#: ../../networking/virtual_private_cloud_config.rst:1035
#: ../../networking/virtual_private_cloud_config.rst:1303
# 6d82408293c1416ca310c302379aa09a
# 2fb7e2316ee54739935361a2c3eaeeb3
# e63c1fef73664de395b24f2fd3232139
# a499d21cfffe4303bb3b23988d32ed53
# 692e4e5ab7df4a7cbc791aa7fa428661
# bd6701c2c7bb43c3b81bd5a810215d73
# e357c811590c493c8341f10d87e99492
# ad2e62635b524cfd95d4640c69979c8e
# ba9cd4d358194f5bb69c7779b84c8c27
# 24720c3dbfa6455a9c417b49062ebfd7
# c7886284bd2c4db990aecc9f5d015a0c
# b1144b4196da4257868a1599fb14431d
msgid "Static NAT"
msgstr ""

#: ../../networking/static_nat.rst:20
# 894073bd52434748977055e7ee9a6604
msgid "A static NAT rule maps a public IP address to the private IP address of a VM in order to allow Internet traffic into the VM. The public IP address always remains the same, which is why it is called static NAT. This section tells how to enable or disable static NAT for a particular IP address."
msgstr ""

#: ../../networking/static_nat.rst:28
# 3ce1cecac4bf48f6bc8b81b403d9e42b
msgid "Enabling or Disabling Static NAT"
msgstr ""

#: ../../networking/static_nat.rst:30
#: ../../networking/virtual_private_cloud_config.rst:842
# ca8d159797c4416288520787181cb2f5
# 7732dac53f9c44c3884d468654271191
msgid "If port forwarding rules are already in effect for an IP address, you cannot enable static NAT to that IP."
msgstr ""

#: ../../networking/static_nat.rst:33
#: ../../networking/virtual_private_cloud_config.rst:845
# a931121d677f4d04b656aca83f043d26
# c2bb747e18d64159bd3605ffa4f2f044
msgid "If a guest VM is part of more than one network, static NAT rules will function only if they are defined on the default network."
msgstr ""

#: ../../networking/static_nat.rst:44
#: ../../networking/ip_forwarding_and_firewalling.rst:67
# 33a01340d067438a8dfaf19d33406d95
# 39954d50f8bc407f84931182c3e7dd86
msgid "Click the IP address you want to work with."
msgstr ""

#: ../../networking/static_nat.rst:46
# a33212ef265c4bc68a9ed53a9c693df0
msgid "Click the Static NAT |enabledisablenat.png| button."
msgstr ""

#: ../../networking/static_nat.rst:48
# c6c4c974f1b44a05823bc42e28095e76
msgid "The button toggles between Enable and Disable, depending on whether static NAT is currently enabled for the IP address."
msgstr ""

#: ../../networking/static_nat.rst:51
# 0e003c10fb6b4b86a1c8fb0d260fb702
msgid "If you are enabling static NAT, a dialog appears where you can choose the destination VM and click Apply."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:18
# ab5d3e20a35044a490aa5251c4b85f4d
msgid "IP Forwarding and Firewalling"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:20
# aee28d66b74c499597d47124ee883143
msgid "By default, all incoming traffic to the public IP address is rejected. All outgoing traffic from the guests is also blocked by default."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:23
# 387c2271d56a4e12beb6624f511851c8
msgid "To allow outgoing traffic, follow the procedure in :ref:`egress-fw-rules`."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:25
# 2e337162d6dd4714a9a6a2542e8a146e
msgid "To allow incoming traffic, users may set up firewall rules and/or port forwarding rules. For example, you can use a firewall rule to open a range of ports on the public IP address, such as 33 through 44. Then use port forwarding rules to direct traffic from individual ports within that range to specific ports on user VMs. For example, one port forwarding rule could route incoming traffic on the public IP's port 33 to port 100 on one user VM's private IP."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:35
# 3b46ec3be763405b94a219d0c00a44d9
msgid "Firewall Rules"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:37
# 289b2b9b80b942a7bd122ec6a45830a1
msgid "By default, all incoming traffic to the public IP address is rejected by the firewall. To allow external traffic, you can open firewall ports by specifying firewall rules. You can optionally specify one or more CIDRs to filter the source IPs. This is useful when you want to allow only incoming requests from certain IP addresses."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:43
# aebb1c0165554e0eaf7198fa58bb0243
msgid "You cannot use firewall rules to open ports for an elastic IP address. When elastic IP is used, outside access is instead controlled through the use of security groups. See `\"Adding a Security Group\" <#adding-a-security-group>`_."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:48
# a63a51dddfbc4821b71342f76ea15396
msgid "In an advanced zone, you can also create egress firewall rules by using the virtual router. For more information, see \":ref:`egress-fw-rules`\"."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:51
# 9cdd6b4c846447d8bf19cfb8b5b22829
msgid "Firewall rules can be created using the Firewall tab in the Management Server UI. This tab is not displayed by default when CloudStack is installed. To display the Firewall tab, the CloudStack administrator must set the global configuration parameter firewall.rule.ui.enabled to \"true.\""
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:57
# 109ed3b0aad347d99e3cff3240722f30
msgid "To create a firewall rule:"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:69
# ec5934105a19458782c675dd18684173
msgid "Click the Configuration tab and fill in the following values."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:71
# 61cd332681ea4fccb7a69d35effdfbe0
msgid "**Source CIDR**: (Optional) To accept only traffic from IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. Example: 192.168.0.0/22. Leave empty to allow all CIDRs."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:76
# fbecf77ee36345b38502a02307d58865
msgid "**Protocol**: The communication protocol in use on the opened port(s)."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:79
# 87689392abf14a949afbc25ee0410466
msgid "**Start Port and End Port**: The port(s) you want to open on the firewall. If you are opening a single port, use the same number in both fields"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:83
# 9e4666af35d043358c3246ec14509b78
msgid "**ICMP Type and ICMP Code**: Used only if Protocol is set to ICMP. Provide the type and code required by the ICMP protocol to fill out the ICMP header. Refer to ICMP documentation for more details if you are not sure what to enter"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:94
# c0ae5406014e43d4a50a05ed74aa8dc8
msgid "Egress Firewall Rules in an Advanced Zone"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:96
# bf3e32d6e33f4bb199a83e9ee2a6d307
msgid "The egress traffic originates from a private network to a public network, such as the Internet. By default, the egress traffic is blocked in default network offerings, so no outgoing traffic is allowed from a guest network to the Internet. However, you can control the egress traffic in an Advanced zone by creating egress firewall rules. When an egress firewall rule is applied, the traffic specific to the rule is allowed and the remaining traffic is blocked. When all the firewall rules are removed the default policy, Block, is applied."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:109
# bedc63fb7a3b4ba2ad3a4f4c4992b742
msgid "Consider the following scenarios to apply egress firewall rules:"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:111
# 20406d7e04b74d6d9adb04b039195d77
msgid "Egress firewall rules are supported on Juniper SRX and virtual router."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:114
# 97a42a58db4c4505919b767f168001e8
msgid "The egress firewall rules are not supported on shared networks."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:116
# 1bd785cd4def48be9265615471d02ced
msgid "Allow the egress traffic from specified source CIDR. The Source CIDR is part of guest network CIDR."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:119
# ff0740d14f3f454395f0342767084065
msgid "Allow the egress traffic with protocol TCP,UDP,ICMP, or ALL."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:121
# 3da424158d4a46fb955bad940049cfaf
msgid "Allow the egress traffic with protocol and destination port range. The port range is specified for TCP, UDP or for ICMP type and code."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:124
# bfec00d70b32484abdd2be7a7067fb12
msgid "The default policy is Allow for the new network offerings, whereas on upgrade existing network offerings with firewall service providers will have the default egress policy Deny."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:130
# 77a21030af6444aaac365dc1d6c1a40e
msgid "Configuring an Egress Firewall Rule"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:136
# d7e0415b36d0404bb5d71baf38d49af2
msgid "In Select view, choose Guest networks, then click the Guest network you want."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:139
# acbfbe60bbfa423ab99d7faeea324dac
msgid "To add an egress rule, click the Egress rules tab and fill out the following fields to specify what type of traffic is allowed to be sent out of VM instances in this guest network:"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:143
# 93d9dbdbdf68488fb08f2c93714eb381
msgid "|egress-firewall-rule.png|"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:145
# 71041bfd382d4c2ea6e0339c055e8e66
msgid "**CIDR**: (Add by CIDR only) To send traffic only to the IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. The CIDR is the base IP address of the destination. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:151
# 136a4ea4a1424e4fb3a4e36f7ba438c7
msgid "**Protocol**: The networking protocol that VMs uses to send outgoing traffic. The TCP and UDP protocols are typically used for data exchange and end-user communications. The ICMP protocol is typically used to send error messages or network monitoring data."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:156
# a710752f5a514f3e92ca3474b03d66b0
msgid "**Start Port, End Port**: (TCP, UDP only) A range of listening ports that are the destination for the outgoing traffic. If you are opening a single port, use the same number in both fields."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:160
# 273049a1dabe4b00aab163a686500120
msgid "**ICMP Type, ICMP Code**: (ICMP only) The type of message and error code that are sent."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:167
# 0ba1bc60e7114766b5562aa9f590799d
msgid "Configuring the Default Egress Policy"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:169
# 8b256b4cb62e43fe879f448d1cb5c940
msgid "The default egress policy for Isolated guest network is configured by using Network offering. Use the create network offering option to determine whether the default policy should be block or allow all the traffic to the public network from a guest network. Use this network offering to create the network. If no policy is specified, by default all the traffic is allowed from the guest network that you create by using this network offering."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:177
# b03f1cb4957b4a18b437e26cca194176
msgid "You have two options: Allow and Deny."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:180
# faccf3355885414e87bbb03070f6a7c0
msgid "Allow"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:182
# a7d3b32fbf8448c5ab02390ca3e1cc21
msgid "If you select Allow for a network offering, by default egress traffic is allowed. However, when an egress rule is configured for a guest network, rules are applied to block the specified traffic and rest are allowed. If no egress rules are configured for the network, egress traffic is accepted."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:189
#: ../../networking/virtual_private_cloud_config.rst:323
#: ../../networking/virtual_private_cloud_config.rst:324
# 17b36c3415d3468896d8b48ae47ca8a8
# 6cccf344439e4750904131cef8ef2b39
# 1208ff713d13448f8bb67189a2a733dd
msgid "Deny"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:191
# 933662ed493243f599791cfc52e41965
msgid "If you select Deny for a network offering, by default egress traffic for the guest network is blocked. However, when an egress rules is configured for a guest network, rules are applied to allow the specified traffic. While implementing a guest network, CloudStack adds the firewall egress rule specific to the default egress policy for the guest network."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:198
# 0f97837bd48b43808e4499c3bca32f0a
msgid "This feature is supported only on virtual router and Juniper SRX."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:200
# 12362b3472604a26858c49a699414934
msgid "Create a network offering with your desirable default egress policy:"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:202
# e3686a1cbaa54de4adb23df170fdbb9a
msgid "Log in with admin privileges to the CloudStack UI."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:204
# 2b34103f06b74a83956a2e4aa4c43e89
msgid "In the left navigation bar, click Service Offerings."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:206
# be40a0ea880c4159a9d420c70881eeba
msgid "In Select Offering, choose Network Offering."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:208
#: ../../networking/virtual_private_cloud_config.rst:961
#: ../../networking/virtual_private_cloud_config.rst:1167
# 3b005d62ac404f7a971817f2e813a88a
# 42bbce384f5b43a39000860f820fe3a0
# 80979f7b880b45f0864683361aa46fd3
msgid "Click Add Network Offering."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:210
# d3e708006ce243298b2fdbfef4a94a28
msgid "In the dialog, make necessary choices, including firewall provider."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:213
# a6aaeba01e87402cab4799e384a7e8b7
msgid "In the Default egress policy field, specify the behaviour."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:217
# dfeed74eee834f7aa70dc9a0ebca0b5d
msgid "Create an isolated network by using this network offering."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:219
# d4f2f0db67ad4becad9ecf217e63fc08
msgid "Based on your selection, the network will have the egress public traffic blocked or allowed."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:224
# 49dbcf0869cc408aac40d8ace99c793b
msgid "Port Forwarding"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:226
# d63e7dc020174931a136b5f851d10342
msgid "A port forward service is a set of port forwarding rules that define a policy. A port forward service is then applied to one or more guest VMs. The guest VM then has its inbound network access managed according to the policy defined by the port forwarding service. You can optionally specify one or more CIDRs to filter the source IPs. This is useful when you want to allow only incoming requests from certain IP addresses to be forwarded."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:234
# 28ad8f3213ac41ed9debe3407c4cf783
msgid "A guest VM can be in any number of port forward services. Port forward services can be defined but have no members. If a guest VM is part of more than one network, port forwarding rules will function only if they are defined on the default network"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:239
# acee955e81034850834c7f10a308dd65
msgid "You cannot use port forwarding to open ports for an elastic IP address. When elastic IP is used, outside access is instead controlled through the use of security groups. See Security Groups."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:243
# 456211f25f094d9090dc8de808d1c666
msgid "To set up port forwarding:"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:247
# d0f998d8aa0a48f9a3f19ea0d36f07d2
msgid "If you have not already done so, add a public IP address range to a zone in CloudStack. See Adding a Zone and Pod in the Installation Guide."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:251
# 10d08ed8092843f18456b1a0752ba168
msgid "Add one or more VM instances to CloudStack."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:253
# bdd495a8008d4823b8bd78a763cca275
msgid "In the left navigation bar, click Network."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:255
# 73ad1f9cd260427bb05aeb2d4ca2f056
msgid "Click the name of the guest network where the VMs are running."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:257
# 89c3b56ae71346e9b89fa5e446f3f43d
msgid "Choose an existing IP address or acquire a new IP address. See `\"Acquiring a New IP Address\" <#acquiring-a-new-ip-address>`_. Click the name of the IP address in the list."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:261
# 2c19d7e25d8845cbba9fd2d132c04fb7
msgid "Click the Configuration tab."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:263
#: ../../networking/virtual_private_cloud_config.rst:1326
# a9244a779ecb4355bbabd6689495a9ae
# 35dbd54b25cb438f97ccf2f32ff9370e
msgid "In the Port Forwarding node of the diagram, click View All."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:267
#: ../../networking/virtual_private_cloud_config.rst:1332
# a51ed2228b8a437386ad9ff99ee96a04
# e6d29f52eea44172bfaa95b47d20d5b9
msgid "**Public Port**: The port to which public traffic will be addressed on the IP address you acquired in the previous step."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:270
#: ../../networking/virtual_private_cloud_config.rst:1335
# 994ccfa7425f4863ade7a74a14b9e011
# 5fbd968022954bba912d0dfdbe504ad9
msgid "**Private Port**: The port on which the instance is listening for forwarded public traffic."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:273
# 98023e5bfedb4649a79fadc67850521f
msgid "**Protocol**: The communication protocol in use between the two ports"
msgstr ""

#: ../../networking/ip_load_balancing.rst:18
# b71d2a4a35644691974638b71dbe56b1
msgid "IP Load Balancing"
msgstr ""

#: ../../networking/ip_load_balancing.rst:20
# 982a5f5a6b7f481dbf623c4ae30c9ef1
msgid "The user may choose to associate the same public IP for multiple guests. CloudStack implements a TCP-level load balancer with the following policies."
msgstr ""

#: ../../networking/ip_load_balancing.rst:24
#: ../../networking/virtual_private_cloud_config.rst:1076
#: ../../networking/virtual_private_cloud_config.rst:1272
# a01b6fefc32a4fce911ca69c16c670d9
# 28c60cdb8d574461b463ea6e8e14675c
# b09a939f044f421d83e16513b3a9dc7b
msgid "Round-robin"
msgstr ""

#: ../../networking/ip_load_balancing.rst:26
# e8cdafa2b1f645e99d3133d52f0a355a
msgid "Least connection"
msgstr ""

#: ../../networking/ip_load_balancing.rst:28
# 803259d2ae8f446a9c4ec7c8ed71a28b
msgid "Source IP"
msgstr ""

#: ../../networking/ip_load_balancing.rst:30
# 6ba67a79525947f49fd89a4630112c11
msgid "This is similar to port forwarding but the destination may be multiple IP addresses."
msgstr ""

#: ../../networking/dns_and_dhcp.rst:18
# f64b9bee4c5c4f5b8edb7227f447c380
msgid "DNS and DHCP"
msgstr ""

#: ../../networking/dns_and_dhcp.rst:20
# b1490bbc343240eba492e29dd3431440
msgid "The Virtual Router provides DNS and DHCP services to the guests. It proxies DNS requests to the DNS server configured on the Availability Zone."
msgstr ""

#: ../../networking/remote_access_vpn.rst:18
# 380298c917b144379af6fe612e2d842a
msgid "Remote Access VPN"
msgstr ""

#: ../../networking/remote_access_vpn.rst:20
# 6e90c60bc41e4969b0281b09531745b8
msgid "CloudStack account owners can create virtual private networks (VPN) to access their virtual machines. If the guest network is instantiated from a network offering that offers the Remote Access VPN service, the virtual router (based on the System VM) is used to provide the service. CloudStack provides a L2TP-over-IPsec-based remote access VPN service to guest virtual networks. Since each network gets its own virtual router, VPNs are not shared across the networks. VPN clients native to Windows, Mac OS X and iOS can be used to connect to the guest networks. The account owner can create and manage users for their VPN. CloudStack does not use its account database for this purpose but uses a separate table. The VPN user database is shared across all the VPNs created by the account owner. All VPN users get access to all VPNs created by the account owner."
msgstr ""

#: ../../networking/remote_access_vpn.rst:35
# c670185e66c148958a214fecee43aff5
msgid "Make sure that not all traffic goes through the VPN. That is, the route installed by the VPN should be only for the guest network and not for all traffic."
msgstr ""

#: ../../networking/remote_access_vpn.rst:39
# dba6da095c764124a25c5a98d801496e
msgid "**Road Warrior / Remote Access**. Users want to be able to connect securely from a home or office to a private network in the cloud. Typically, the IP address of the connecting client is dynamic and cannot be preconfigured on the VPN server."
msgstr ""

#: ../../networking/remote_access_vpn.rst:44
# 8793d40a1a80441398907f711e568b99
msgid "**Site to Site**. In this scenario, two private subnets are connected over the public Internet with a secure VPN tunnel. The cloud user's subnet (for example, an office network) is connected through a gateway to the network in the cloud. The address of the user's gateway must be preconfigured on the VPN server in the cloud. Note that although L2TP-over-IPsec can be used to set up Site-to-Site VPNs, this is not the primary intent of this feature. For more information, see \":ref:`setting-s2s-vpn-conn`\"."
msgstr ""

#: ../../networking/remote_access_vpn.rst:55
# 8c8d8279293b421c868d44267f2291d1
msgid "Configuring Remote Access VPN"
msgstr ""

#: ../../networking/remote_access_vpn.rst:57
# 90ad6dccf00c4430ac2951fce79496d6
msgid "To set up VPN for the cloud:"
msgstr ""

#: ../../networking/remote_access_vpn.rst:61
# e37d36e8639e48b5a1043c2e57008523
msgid "In the left navigation, click Global Settings."
msgstr ""

#: ../../networking/remote_access_vpn.rst:63
# 505b3a7726bc48fda8c03560c7bf88b1
msgid "Set the following global configuration parameters."
msgstr ""

#: ../../networking/remote_access_vpn.rst:65
# 53ec16f914374f86a2beb90e7af26ece
msgid "remote.access.vpn.client.ip.range - The range of IP addresses to be allocated to remote access VPN clients. The first IP in the range is used by the VPN server."
msgstr ""

#: ../../networking/remote_access_vpn.rst:69
# f4300671c2a149c284a642b6f79ef00e
msgid "remote.access.vpn.psk.length - Length of the IPSec key."
msgstr ""

#: ../../networking/remote_access_vpn.rst:71
# 231df586fa3c4ed1970d5b7575cc5b83
msgid "remote.access.vpn.user.limit - Maximum number of VPN users per account."
msgstr ""

#: ../../networking/remote_access_vpn.rst:74
# 76cfe55cf6cf458e93e7c31c53fd06c7
msgid "To enable VPN for a particular network:"
msgstr ""

#: ../../networking/remote_access_vpn.rst:76
#: ../../networking/remote_access_vpn.rst:101
# 7c4372020568480ea2a617b164d7fde7
# 84de4841949448d09c061ed72abcd263
msgid "Log in as a user or administrator to the CloudStack UI."
msgstr ""

#: ../../networking/remote_access_vpn.rst:78
#: ../../networking/remote_access_vpn.rst:103
# 1b8df6da450a4c73b2f16aa4eaca745f
# 5be9a0df2c9b497c95947824049942f6
msgid "In the left navigation, click Network."
msgstr ""

#: ../../networking/remote_access_vpn.rst:80
# 4a0bb2f81c4f4829853bbbb9f5fdcdea
msgid "Click the name of the network you want to work with."
msgstr ""

#: ../../networking/remote_access_vpn.rst:84
# dcdbca37932e4934822095b46a7460fd
msgid "Click one of the displayed IP address names."
msgstr ""

#: ../../networking/remote_access_vpn.rst:86
#: ../../networking/remote_access_vpn.rst:140
# c58b358559ab46a8b37d20c157cabb78
# 3d371180587a4467995d29840af82de7
msgid "Click the Enable VPN button. |vpn-icon.png|"
msgstr ""

#: ../../networking/remote_access_vpn.rst:88
# d3fc3632ae204d92945354ecf5b17a1c
msgid "The IPsec key is displayed in a popup window."
msgstr ""

#: ../../networking/remote_access_vpn.rst:92
# 866b778ea915477a8513f360a7923a9f
msgid "Configuring Remote Access VPN in VPC"
msgstr ""

#: ../../networking/remote_access_vpn.rst:94
# 4f7b18dfcf584e5c90d57d8e8a471744
msgid "On enabling Remote Access VPN on a VPC, any VPN client present outside the VPC can access VMs present in the VPC by using the Remote VPN connection. The VPN client can be present anywhere except inside the VPC on which the user enabled the Remote Access VPN service."
msgstr ""

#: ../../networking/remote_access_vpn.rst:99
# cf87d57665af4942874e753a98b32768
msgid "To enable VPN for a VPC:"
msgstr ""

#: ../../networking/remote_access_vpn.rst:105
#: ../../networking/remote_access_vpn.rst:435
#: ../../networking/remote_access_vpn.rst:497
#: ../../networking/remote_access_vpn.rst:628
#: ../../networking/virtual_private_cloud_config.rst:183
#: ../../networking/virtual_private_cloud_config.rst:227
#: ../../networking/virtual_private_cloud_config.rst:335
#: ../../networking/virtual_private_cloud_config.rst:384
#: ../../networking/virtual_private_cloud_config.rst:496
#: ../../networking/virtual_private_cloud_config.rst:666
#: ../../networking/virtual_private_cloud_config.rst:733
#: ../../networking/virtual_private_cloud_config.rst:792
#: ../../networking/virtual_private_cloud_config.rst:852
#: ../../networking/virtual_private_cloud_config.rst:1018
#: ../../networking/virtual_private_cloud_config.rst:1231
#: ../../networking/virtual_private_cloud_config.rst:1286
#: ../../networking/virtual_private_cloud_config.rst:1364
#: ../../networking/virtual_private_cloud_config.rst:1392
# a851855e564c4ad2abb7f191c35fc2e8
# 7696ccb576dc417482a5c054ceca9b60
# e018f229d0304c21bc251e3bcaf4174e
# 853e8a12190242e1922b7e3eceeacd90
# 858d04db9e0d49328574f666ca08832b
# 7e353532572644f29c0956717585ae5d
# 3788df11cb0b4d9f99e69906815734a3
# 2bb59ff5316a4315ad133017bc7aaa7b
# 19560e560096444384f47cc8bcc957a9
# 92e2187aa49046a4a1c1d8e8b50caeda
# 74ff9845b2fc4a28a4f6e5c10d5b5e41
# 3f4c3248f6b74195aadf920c9d064ea0
# 37596bbfca114dd292c20a4d712a56d4
# 474cd3b9ddcf45209e8b7f7c20094087
# f011af1bc62c416bb2cc09b3e6d1da82
# 51106dd7db2e450480c1b806d5f8c575
# 20cb483c8c1a457d88d907105a2df0b6
# 20037f12721b44a5b069106ec01c9037
msgid "In the Select view, select VPC."
msgstr ""

#: ../../networking/remote_access_vpn.rst:107
#: ../../networking/remote_access_vpn.rst:437
#: ../../networking/remote_access_vpn.rst:630
#: ../../networking/virtual_private_cloud_config.rst:337
#: ../../networking/virtual_private_cloud_config.rst:386
#: ../../networking/virtual_private_cloud_config.rst:498
#: ../../networking/virtual_private_cloud_config.rst:668
#: ../../networking/virtual_private_cloud_config.rst:735
#: ../../networking/virtual_private_cloud_config.rst:794
#: ../../networking/virtual_private_cloud_config.rst:854
#: ../../networking/virtual_private_cloud_config.rst:1020
#: ../../networking/virtual_private_cloud_config.rst:1233
#: ../../networking/virtual_private_cloud_config.rst:1288
#: ../../networking/virtual_private_cloud_config.rst:1394
# 433a058aaf2c4f7abcac16a4a89c0cb0
# 253f99defd504664bca4c20805fad8d8
# b03f74003e0f49f7b107d129dc8378f5
# 0c712fdfecf145558f1363a547a5be30
# 73d10dfbf9fe4ada98571d825e6a514f
# df3ab8626fa64f6aac0e4c7b4baba5f6
# 7d49d58694804462b40ebf7853c9f722
# b343232e12944a0fa7e090d98eb63cdd
# 01f2e1ef8d4a4fdd977b417d2e5a263f
# 93c2804d558a4e9d838e266756a2a563
# d561a8755b42408f897f89f7078867ec
# c51038c5a8a44985867d6ba9c27b9d9d
# fbee3b23e526460b81062dca124f6118
# 0e98fee7920f4d06bebf81cf58e4cc47
msgid "All the VPCs that you have created for the account is listed in the page."
msgstr ""

#: ../../networking/remote_access_vpn.rst:110
#: ../../networking/virtual_private_cloud_config.rst:340
#: ../../networking/virtual_private_cloud_config.rst:389
# 9be1f95a9d58404cbd6e4417d049f493
# 101241fe7ad147dd849d0b52d7648247
# 1448cfd34b3f43a480717b41c5eebb77
msgid "Click the Configure button of the VPC."
msgstr ""

#: ../../networking/remote_access_vpn.rst:112
#: ../../networking/remote_access_vpn.rst:446
#: ../../networking/remote_access_vpn.rst:509
#: ../../networking/remote_access_vpn.rst:641
#: ../../networking/virtual_private_cloud_config.rst:342
#: ../../networking/virtual_private_cloud_config.rst:1029
#: ../../networking/virtual_private_cloud_config.rst:1297
# c95b38d3084f49a79782733848b3ecca
# ab89f03b01054efcbdc4b304e895e95b
# e9dc8a6495354766a07447565741a528
# 985ac077ba8248a7a48dfa8c5c506d16
# 9bc1baaed7ec4515ad2c3b5c6ce0451e
# 801d602110c041cabcf0cc684584957a
# be7596ebba2542159b95b5abc0607142
msgid "For each tier, the following options are displayed:"
msgstr ""

#: ../../networking/remote_access_vpn.rst:114
#: ../../networking/remote_access_vpn.rst:448
#: ../../networking/remote_access_vpn.rst:511
#: ../../networking/remote_access_vpn.rst:643
#: ../../networking/virtual_private_cloud_config.rst:344
#: ../../networking/virtual_private_cloud_config.rst:511
#: ../../networking/virtual_private_cloud_config.rst:746
#: ../../networking/virtual_private_cloud_config.rst:804
#: ../../networking/virtual_private_cloud_config.rst:865
#: ../../networking/virtual_private_cloud_config.rst:1031
#: ../../networking/virtual_private_cloud_config.rst:1299
# 0d83a023e9014f9aade55353c79e3170
# 401ffa05eaf246a28e37840ebe9292cc
# 067e314f365a480ca4a21f8e163015f1
# f9a89e98ace24da0b17c3378764628ec
# df1588b26c554c8ebb2120108c70f35d
# 14d477e028374bc7ba1a23e02c9a1b4c
# 3961aede6bf54c31b9c546f46b4e6aa5
# 8f1f5dfc2d674fc194d70276d8d18468
# 0a8f19a5e8734bcab55acd9fca629358
# 445b7ca76fea45e8a3439159d1faa90e
# 1487ab642c08402ca5ba42c3837ea69a
msgid "Internal LB"
msgstr ""

#: ../../networking/remote_access_vpn.rst:116
#: ../../networking/remote_access_vpn.rst:450
#: ../../networking/remote_access_vpn.rst:513
#: ../../networking/remote_access_vpn.rst:645
#: ../../networking/virtual_private_cloud_config.rst:346
#: ../../networking/virtual_private_cloud_config.rst:513
#: ../../networking/virtual_private_cloud_config.rst:748
#: ../../networking/virtual_private_cloud_config.rst:806
#: ../../networking/virtual_private_cloud_config.rst:867
#: ../../networking/virtual_private_cloud_config.rst:1033
#: ../../networking/virtual_private_cloud_config.rst:1301
# 31d49abe67634960a557928d198a117b
# d9f6c55773f44decab0c8f7c54706ab1
# 77bc18fed48f46e4ac2df77187e262df
# 2261a78bcdfd4e6da5136e979c35bb88
# cbbd2dca656549c884e00639b9ae2035
# e61e6beeae9c412bbe90181105cf2ae1
# 909e61b8202a4b838f82ea576f748d63
# 44b5133723344f3bbd1c7783e59642ed
# b4286c8c1b954ab2bf7fe43800649c15
# 0c9f5baff8f847a8871c2dc07441e145
# 39db39923d924abba04f7eb190b0c065
msgid "Public LB IP"
msgstr ""

#: ../../networking/remote_access_vpn.rst:120
#: ../../networking/remote_access_vpn.rst:454
#: ../../networking/remote_access_vpn.rst:517
#: ../../networking/remote_access_vpn.rst:649
#: ../../networking/virtual_private_cloud_config.rst:350
#: ../../networking/virtual_private_cloud_config.rst:517
#: ../../networking/virtual_private_cloud_config.rst:752
#: ../../networking/virtual_private_cloud_config.rst:810
#: ../../networking/virtual_private_cloud_config.rst:871
#: ../../networking/virtual_private_cloud_config.rst:1037
#: ../../networking/virtual_private_cloud_config.rst:1305
# 5eaac9ad38594847b17964661cf9236c
# 92df7a88e8e04a3483d10de7d9e73800
# 5a76cc0a9455476cbc8b2c81878d7f05
# 89f6fcd63e4f4cd1a5c2ae9d98d431d3
# 3848ce6d7b224573a45a3daa5e369d11
# ef82afc618e2465d879fb6566335f979
# 4270f6ecdc324f22951c5acb77c4ee23
# 39a7d2038d76415498e328d304159562
# 593c2b74c4fc46a68613d48864ea1ea1
# 442f49fa53564d63ac1c056170b5b4a8
# 1679c7f2f3d74f87941189cd7a8eadf1
msgid "Virtual Machines"
msgstr ""

#: ../../networking/remote_access_vpn.rst:124
#: ../../networking/remote_access_vpn.rst:458
#: ../../networking/remote_access_vpn.rst:521
#: ../../networking/remote_access_vpn.rst:653
#: ../../networking/virtual_private_cloud_config.rst:354
#: ../../networking/virtual_private_cloud_config.rst:521
#: ../../networking/virtual_private_cloud_config.rst:756
#: ../../networking/virtual_private_cloud_config.rst:814
#: ../../networking/virtual_private_cloud_config.rst:875
#: ../../networking/virtual_private_cloud_config.rst:1041
#: ../../networking/virtual_private_cloud_config.rst:1309
# f5bae5ffb2f542f1a50da6263d5830fc
# 1353046d5778408f926e87efdf7cfff4
# 86105ce7fed24f5cb1731b0445e71c58
# d0a50513766f4193a8ae3ce206f4f27f
# 9494e63e7f1345eab39614b094d5418c
# e840260e3fbe4d8e9ee76819e55c2271
# 6e3d9062bdbb4bba84da4f570fd7c7fb
# b76b5756109d44ddb7bcf3eee9b52377
# ad03548aa7c148f1b0bb6d6489c1b169
# 2eeb832b8f2744ff994afa7f34a8d110
# fef8407d652246f9b64d3af9fab77e4c
msgid "The following router information is displayed:"
msgstr ""

#: ../../networking/remote_access_vpn.rst:126
#: ../../networking/remote_access_vpn.rst:460
#: ../../networking/remote_access_vpn.rst:523
#: ../../networking/remote_access_vpn.rst:655
#: ../../networking/virtual_private_cloud_config.rst:356
#: ../../networking/virtual_private_cloud_config.rst:523
#: ../../networking/virtual_private_cloud_config.rst:758
#: ../../networking/virtual_private_cloud_config.rst:816
#: ../../networking/virtual_private_cloud_config.rst:877
#: ../../networking/virtual_private_cloud_config.rst:1043
#: ../../networking/virtual_private_cloud_config.rst:1311
# daf0d5dc2d9040e19b1366f58af4b3c6
# a4596fec8cdb45bba1c99bc713b0d10c
# 8da0cfd9fed2460cb97816a778997f9d
# 056a09262bfc4d6482a20801b8acaaf5
# 777bc6a7065949dbb37c74c841759e3c
# b2c193538ac94be38e2a27ee2bf943d0
# 0f492f18d1ae4cee885b69b82980784f
# 5afe0c98d94b4a129c170577873b4208
# d371bf7bd366484abd327ba22b4906d8
# 7cf1fde7dabe40ecb52db6750a1508f7
# 0369ed96499e48b3a23519de10fa02a8
msgid "Private Gateways"
msgstr ""

#: ../../networking/remote_access_vpn.rst:128
#: ../../networking/remote_access_vpn.rst:462
#: ../../networking/remote_access_vpn.rst:525
#: ../../networking/remote_access_vpn.rst:657
#: ../../networking/virtual_private_cloud_config.rst:358
#: ../../networking/virtual_private_cloud_config.rst:525
#: ../../networking/virtual_private_cloud_config.rst:760
#: ../../networking/virtual_private_cloud_config.rst:818
#: ../../networking/virtual_private_cloud_config.rst:879
#: ../../networking/virtual_private_cloud_config.rst:1045
#: ../../networking/virtual_private_cloud_config.rst:1313
# 5f0457bd87ee495a8d5bfe9c4e4140b9
# be6d3ce6cbaf4b5784187f736898bbb4
# 137340b6a07047f5b4105b550bd2dea5
# 16a448bd22a34fd59b341f0be0cfad13
# 98dd6a7c42284bd7ab5a086176692d74
# 77e662d10339479c93999acb83f50aab
# f87b9d1bf7c8489d824e4bc2c1edb94a
# 4627c69d41294c8fab4d9898db33c83f
# 0c430ab6225a479a8e58afe0436292db
# f224a8b6cbea436aaea2ce0b6c58b5a5
# 50ff9ec30a43472aaaea14d658f3ede1
msgid "Public IP Addresses"
msgstr ""

#: ../../networking/remote_access_vpn.rst:130
#: ../../networking/remote_access_vpn.rst:464
#: ../../networking/remote_access_vpn.rst:527
#: ../../networking/remote_access_vpn.rst:659
#: ../../networking/virtual_private_cloud_config.rst:360
#: ../../networking/virtual_private_cloud_config.rst:527
#: ../../networking/virtual_private_cloud_config.rst:762
#: ../../networking/virtual_private_cloud_config.rst:820
#: ../../networking/virtual_private_cloud_config.rst:881
#: ../../networking/virtual_private_cloud_config.rst:1047
#: ../../networking/virtual_private_cloud_config.rst:1315
# 2a01498545a9403e8315ab2b9dc8d3ff
# 5c6c556abdb042cd95b91af10067d5b6
# 863fdc1a436149ec81d2a240d4d22a2f
# 79192eb67b614bd58e10729375bddf8c
# d36fe14908f246bf83e43933e55ef3b4
# 65e2c761e70f4440ad714dd09cd91349
# 5aeddf583b6743bb889616c075b0793a
# 147238d0cb65480c9d78837c05e43bd9
# 1b2e46ec5bea49d09a0c7c272595d111
# 26fcc9420a3f49edb4de8b1efbb457bc
# 63efa7ad47a34105874929f9bbd9427f
msgid "Site-to-Site VPNs"
msgstr ""

#: ../../networking/remote_access_vpn.rst:132
#: ../../networking/remote_access_vpn.rst:466
#: ../../networking/remote_access_vpn.rst:529
#: ../../networking/remote_access_vpn.rst:661
#: ../../networking/virtual_private_cloud_config.rst:362
#: ../../networking/virtual_private_cloud_config.rst:529
#: ../../networking/virtual_private_cloud_config.rst:764
#: ../../networking/virtual_private_cloud_config.rst:822
#: ../../networking/virtual_private_cloud_config.rst:883
#: ../../networking/virtual_private_cloud_config.rst:1049
#: ../../networking/virtual_private_cloud_config.rst:1317
# b27df81c137d4ada8a78b99a42ce9318
# ce6512f959b543ed84a43badeb5efb3c
# b81bad1751644d18810aa0953be2bea5
# 9f3e88679a5d4387855b32022dbff52c
# 0e0ee230ef824ba0a10c19e3b311b598
# 78ef6f691db5444eb53d8f8e2876e4e9
# 3a98e8ef4c754c41ab1345025b5cc625
# 0e6c5b8161104349a11cb3207b8b813a
# 383a9b461f6b4113acb24f60ec71b1fc
# cc1ad8b9d34945a9baa02216efbc2555
# 299782736e884755a67a9ff9eae837dd
msgid "Network ACL Lists"
msgstr ""

#: ../../networking/remote_access_vpn.rst:134
#: ../../networking/virtual_private_cloud_config.rst:885
#: ../../networking/virtual_private_cloud_config.rst:1051
#: ../../networking/virtual_private_cloud_config.rst:1319
# c6c2c79f850f4077829c5505885e62f5
# 1062ef9c7f464e158c482bea53e6ea61
# e6718162b3284e44a60f542408ae32fc
# 6a480049441d4ccc8a31e3f11799dd7b
msgid "In the Router node, select Public IP Addresses."
msgstr ""

#: ../../networking/remote_access_vpn.rst:136
#: ../../networking/virtual_private_cloud_config.rst:826
#: ../../networking/virtual_private_cloud_config.rst:887
#: ../../networking/virtual_private_cloud_config.rst:1053
#: ../../networking/virtual_private_cloud_config.rst:1321
# 7d553b7fbdc6413d8c633ce8dfb4868c
# 2b2b55ab8a624bb78e95913869ab2a05
# 0de20186cc34473cb61133c9b865f960
# 3e9dafbca1bc4a50b60617d6c81f170f
# 9abe20eba64240cd90a18743af0e00c2
msgid "The IP Addresses page is displayed."
msgstr ""

#: ../../networking/remote_access_vpn.rst:138
# f1ce2b4d26b145d49d98a4cecca586e8
msgid "Click Source NAT IP address."
msgstr ""

#: ../../networking/remote_access_vpn.rst:142
# e83452437c9449d7b1f7508735d5e35a
msgid "Click OK to confirm. The IPsec key is displayed in a pop-up window."
msgstr ""

#: ../../networking/remote_access_vpn.rst:144
# d9c262cf3fdb476ea6a3500b5c9e3102
msgid "Now, you need to add the VPN users."
msgstr ""

#: ../../networking/remote_access_vpn.rst:146
# 93e980a2795646be9a5fbc975be42289
msgid "Click the Source NAT IP."
msgstr ""

#: ../../networking/remote_access_vpn.rst:148
# 15e0e443545942579a324fda601e2686
msgid "Select the VPN tab."
msgstr ""

#: ../../networking/remote_access_vpn.rst:150
# 400f2955d75b4fe29ece4d0b82cdadf3
msgid "Add the username and the corresponding password of the user you wanted to add."
msgstr ""

#: ../../networking/remote_access_vpn.rst:155
# 13bbf1c44ce8451e9fda9df0a55488d9
msgid "Repeat the same steps to add the VPN users."
msgstr ""

#: ../../networking/remote_access_vpn.rst:159
# f882d1b965574377abb5c47c46d2017d
msgid "Using Remote Access VPN with Windows"
msgstr ""

#: ../../networking/remote_access_vpn.rst:161
# 7dac5068f0b244e1a144a09d45c39932
msgid "The procedure to use VPN varies by Windows version. Generally, the user must edit the VPN properties and make sure that the default route is not the VPN. The following steps are for Windows L2TP clients on Windows Vista. The commands should be similar for other Windows versions."
msgstr ""

#: ../../networking/remote_access_vpn.rst:166
# 9863de47db9f4572ad58ea772de9f36d
msgid "Log in to the CloudStack UI and click on the source NAT IP for the account. The VPN tab should display the IPsec preshared key. Make a note of this and the source NAT IP. The UI also lists one or more users and their passwords. Choose one of these users, or, if none exists, add a user and password."
msgstr ""

#: ../../networking/remote_access_vpn.rst:172
# 7fda5d36b51847d49837befe10623588
msgid "On the Windows box, go to Control Panel, then select Network and Sharing center. Click Setup a connection or network."
msgstr ""

#: ../../networking/remote_access_vpn.rst:175
# da78d151c9234aed8997f0bc85337cf6
msgid "In the next dialog, select No, create a new connection."
msgstr ""

#: ../../networking/remote_access_vpn.rst:177
# 43e868088a2941f2b050d28f6420c815
msgid "In the next dialog, select Use my Internet Connection (VPN)."
msgstr ""

#: ../../networking/remote_access_vpn.rst:179
# 239288f41e5547d280e2293ec8da8206
msgid "In the next dialog, enter the source NAT IP from step #1 and give the connection a name. Check Don't connect now."
msgstr ""

#: ../../networking/remote_access_vpn.rst:183
# 38f025d6b59c4032a92973f1c1a27c07
msgid "In the next dialog, enter the user name and password selected in step #1."
msgstr ""

#: ../../networking/remote_access_vpn.rst:188
# 65891d17f3074ed9b484f59841022124
msgid "Go back to the Control Panel and click Network Connections to see the new connection. The connection is not active yet."
msgstr ""

#: ../../networking/remote_access_vpn.rst:191
# 90aee2a731374796ae19cb91e6c4eaca
msgid "Right-click the new connection and select Properties. In the Properties dialog, select the Networking tab."
msgstr ""

#: ../../networking/remote_access_vpn.rst:196
# 785904429cc24b31a7cf663347b72344
msgid "In Type of VPN, choose L2TP IPsec VPN, then click IPsec settings. Select Use preshared key. Enter the preshared key from step #1."
msgstr ""

#: ../../networking/remote_access_vpn.rst:199
# 3e29d7f5cd6b43428b98157632b35cfe
msgid "The connection is ready for activation. Go back to Control Panel -> Network Connections and double-click the created connection."
msgstr ""

#: ../../networking/remote_access_vpn.rst:202
# 658b86e57b2145119bff660e836d339d
msgid "Enter the user name and password from step #1."
msgstr ""

#: ../../networking/remote_access_vpn.rst:206
# f28b68b93a984f618a8681036210e3b9
msgid "Using Remote Access VPN with Mac OS X"
msgstr ""

#: ../../networking/remote_access_vpn.rst:208
# 8b76f5b992cc490bad145d28495ce704
msgid "First, be sure you've configured the VPN settings in your CloudStack install. This section is only concerned with connecting via Mac OS X to your VPN."
msgstr ""

#: ../../networking/remote_access_vpn.rst:212
# 7da87b538a3b4bd98149a9dc28b99cb5
msgid "Note, these instructions were written on Mac OS X 10.7.5. They may differ slightly in older or newer releases of Mac OS X."
msgstr ""

#: ../../networking/remote_access_vpn.rst:215
# 99afa11cb02448889b90260c46e6daf2
msgid "On your Mac, open System Preferences and click Network."
msgstr ""

#: ../../networking/remote_access_vpn.rst:217
# 1b60714f0b664945b51a0b61be0399a5
msgid "Make sure Send all traffic over VPN connection is not checked."
msgstr ""

#: ../../networking/remote_access_vpn.rst:219
# bcd319828ca0418fb3c241dfe5096e41
msgid "If your preferences are locked, you'll need to click the lock in the bottom left-hand corner to make any changes and provide your administrator credentials."
msgstr ""

#: ../../networking/remote_access_vpn.rst:223
# 4300ee6f178548d5a9905a6bbe2d9860
msgid "You will need to create a new network entry. Click the plus icon on the bottom left-hand side and you'll see a dialog that says \"Select the interface and enter a name for the new service.\" Select VPN from the Interface drop-down menu, and \"L2TP over IPSec\" for the VPN Type. Enter whatever you like within the \"Service Name\" field."
msgstr ""

#: ../../networking/remote_access_vpn.rst:229
# 23650c313b074382a57881042b50304e
msgid "You'll now have a new network interface with the name of whatever you put in the \"Service Name\" field. For the purposes of this example, we'll assume you've named it \"CloudStack.\" Click on that interface and provide the IP address of the interface for your VPN under the Server Address field, and the user name for your VPN under Account Name."
msgstr ""

#: ../../networking/remote_access_vpn.rst:236
# 6b61feadee8d476583c5ac8024ecf9dc
msgid "Click Authentication Settings, and add the user's password under User Authentication and enter the pre-shared IPSec key in the Shared Secret field under Machine Authentication. Click OK."
msgstr ""

#: ../../networking/remote_access_vpn.rst:240
# 82160d6db5874a5fb691804a0f4064ee
msgid "You may also want to click the \"Show VPN status in menu bar\" but that's entirely optional."
msgstr ""

#: ../../networking/remote_access_vpn.rst:243
# 7888991db08f4692af070e20a8f548e4
msgid "Now click \"Connect\" and you will be connected to the CloudStack VPN."
msgstr ""

#: ../../networking/remote_access_vpn.rst:249
# b8fcb8654d4045cabab65cc607473fa0
msgid "Setting Up a Site-to-Site VPN Connection"
msgstr ""

#: ../../networking/remote_access_vpn.rst:251
# bf33833486e34298bbd54de0d5e5c883
msgid "A Site-to-Site VPN connection helps you establish a secure connection from an enterprise datacenter to the cloud infrastructure. This allows users to access the guest VMs by establishing a VPN connection to the virtual router of the account from a device in the datacenter of the enterprise. You can also establish a secure connection between two VPC setups or high availability zones in your environment. Having this facility eliminates the need to establish VPN connections to individual VMs."
msgstr ""

#: ../../networking/remote_access_vpn.rst:260
# 4bf27ce4183e47dda88b6603d61b46b8
msgid "The difference from Remote VPN is that Site-to-site VPNs connects entire networks to each other, for example, connecting a branch office network to a company headquarters network. In a site-to-site VPN, hosts do not have VPN client software; they send and receive normal TCP/IP traffic through a VPN gateway."
msgstr ""

#: ../../networking/remote_access_vpn.rst:266
# 153b937b1c0e4de69b3b94451840a13f
msgid "The supported endpoints on the remote datacenters are:"
msgstr ""

#: ../../networking/remote_access_vpn.rst:268
# 5ebb68947e8846959fdb844894eba6eb
msgid "Cisco ISR with IOS 12.4 or later"
msgstr ""

#: ../../networking/remote_access_vpn.rst:270
# e3a55a3999da49baa81621a7f7ffb70a
msgid "Juniper J-Series routers with JunOS 9.5 or later"
msgstr ""

#: ../../networking/remote_access_vpn.rst:272
# ffc402a2243c4da9bcd196372f78bf94
msgid "CloudStack virtual routers"
msgstr ""

#: ../../networking/remote_access_vpn.rst:275
# af60329a6d1b421db96e66d969e7148a
msgid "In addition to the specific Cisco and Juniper devices listed above, the expectation is that any Cisco or Juniper device running on the supported operating systems are able to establish VPN connections."
msgstr ""

#: ../../networking/remote_access_vpn.rst:279
# 4e099c5b2d15403d841fca6ab971b147
msgid "To set up a Site-to-Site VPN connection, perform the following:"
msgstr ""

#: ../../networking/remote_access_vpn.rst:281
# 9f0c55b7e3d1405ea91d412d82570573
msgid "Create a Virtual Private Cloud (VPC)."
msgstr ""

#: ../../networking/remote_access_vpn.rst:283
# 1cc41acb25564437bf47069632c1e47f
msgid "See \":ref:`configuring-vpc`\"."
msgstr ""

#: ../../networking/remote_access_vpn.rst:285
# 0350dab55c154adb8bfb5fc2329bc99b
msgid "Create a VPN Customer Gateway."
msgstr ""

#: ../../networking/remote_access_vpn.rst:287
# 9e0ade3afda44783837277f292aac18e
msgid "Create a VPN gateway for the VPC that you created."
msgstr ""

#: ../../networking/remote_access_vpn.rst:289
# bd574fc0e611460eb6f1cf836570d65a
msgid "Create VPN connection from the VPC VPN gateway to the customer VPN gateway."
msgstr ""

#: ../../networking/remote_access_vpn.rst:294
# 94a11afb4f284c39876ab9e7ad9b4203
msgid "Creating and Updating a VPN Customer Gateway"
msgstr ""

#: ../../networking/remote_access_vpn.rst:297
# d7741a7964f14270836f90faa50dee5e
msgid "A VPN customer gateway can be connected to only one VPN gateway at a time."
msgstr ""

#: ../../networking/remote_access_vpn.rst:299
# b0237b80ce7945038ccf7e43814bc271
msgid "To add a VPN Customer Gateway:"
msgstr ""

#: ../../networking/remote_access_vpn.rst:305
#: ../../networking/remote_access_vpn.rst:415
# 101bb0d15ff04d2b833841a38622b5a3
# 2b4e8de7b2b8461685571e9bd8677151
msgid "In the Select view, select VPN Customer Gateway."
msgstr ""

#: ../../networking/remote_access_vpn.rst:307
# 7731e51aab804267b5d9a1b77c2a563f
msgid "Click Add VPN Customer Gateway."
msgstr ""

#: ../../networking/remote_access_vpn.rst:309
# a28ae413767b455ba902116cbfb65b62
msgid "|addvpncustomergateway.png|"
msgstr ""

#: ../../networking/remote_access_vpn.rst:313
# 4b1ee71a183a40f08f2c0f6153980745
msgid "**Name**: A unique name for the VPN customer gateway you create."
msgstr ""

#: ../../networking/remote_access_vpn.rst:315
# 4a55d6fffb10456eb7eedd3b877f3290
msgid "**Gateway**: The IP address for the remote gateway."
msgstr ""

#: ../../networking/remote_access_vpn.rst:317
# a1719efbdbf3445e88fe8b57058e647d
msgid "**CIDR list**: The guest CIDR list of the remote subnets. Enter a CIDR or a comma-separated list of CIDRs. Ensure that a guest CIDR list is not overlapped with the VPC's CIDR, or another guest CIDR. The CIDR must be RFC1918-compliant."
msgstr ""

#: ../../networking/remote_access_vpn.rst:322
# 45e753e1aca84d72a27705c47e7359fe
msgid "**IPsec Preshared Key**: Preshared keying is a method where the endpoints of the VPN share a secret key. This key value is used to authenticate the customer gateway and the VPC VPN gateway to each other."
msgstr ""

#: ../../networking/remote_access_vpn.rst:328
# 685253a274ff4f8ab93ec131da0a8e17
msgid "The IKE peers (VPN end points) authenticate each other by computing and sending a keyed hash of data that includes the Preshared key. If the receiving peer is able to create the same hash independently by using its Preshared key, it knows that both peers must share the same secret, thus authenticating the customer gateway."
msgstr ""

#: ../../networking/remote_access_vpn.rst:335
# 99c6b3d0d9b644ac963db1bbbec803aa
msgid "**IKE Encryption**: The Internet Key Exchange (IKE) policy for phase-1. The supported encryption algorithms are AES128, AES192, AES256, and 3DES. Authentication is accomplished through the Preshared Keys."
msgstr ""

#: ../../networking/remote_access_vpn.rst:341
# 5fc1a26b6376451e99e9e5edb6e43b8c
msgid "The phase-1 is the first phase in the IKE process. In this initial negotiation phase, the two VPN endpoints agree on the methods to be used to provide security for the underlying IP traffic. The phase-1 authenticates the two VPN gateways to each other, by confirming that the remote gateway has a matching Preshared Key."
msgstr ""

#: ../../networking/remote_access_vpn.rst:347
# 4a50daea38b94c4c8f566640f9423d59
msgid "**IKE Hash**: The IKE hash for phase-1. The supported hash algorithms are SHA1 and MD5."
msgstr ""

#: ../../networking/remote_access_vpn.rst:350
# 164ad3cc6c1d4be09637856b2caebc73
msgid "**IKE DH**: A public-key cryptography protocol which allows two parties to establish a shared secret over an insecure communications channel. The 1536-bit Diffie-Hellman group is used within IKE to establish session keys. The supported options are None, Group-5 (1536-bit) and Group-2 (1024-bit)."
msgstr ""

#: ../../networking/remote_access_vpn.rst:356
# 7f48a32285424744aed43ca25afe1013
msgid "**ESP Encryption**: Encapsulating Security Payload (ESP) algorithm within phase-2. The supported encryption algorithms are AES128, AES192, AES256, and 3DES."
msgstr ""

#: ../../networking/remote_access_vpn.rst:361
# b406299f4fea47069d76bb649b8708f9
msgid "The phase-2 is the second phase in the IKE process. The purpose of IKE phase-2 is to negotiate IPSec security associations (SA) to set up the IPSec tunnel. In phase-2, new keying material is extracted from the Diffie-Hellman key exchange in phase-1, to provide session keys to use in protecting the VPN data flow."
msgstr ""

#: ../../networking/remote_access_vpn.rst:367
# a27571240d7c4f3c9acf4a0a4aa3b628
msgid "**ESP Hash**: Encapsulating Security Payload (ESP) hash for phase-2. Supported hash algorithms are SHA1 and MD5."
msgstr ""

#: ../../networking/remote_access_vpn.rst:370
# 4b7ceba042f249029e0dbf978aa690d3
msgid "**Perfect Forward Secrecy**: Perfect Forward Secrecy (or PFS) is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised. This property enforces a new Diffie-Hellman key exchange. It provides the keying material that has greater key material life and thereby greater resistance to cryptographic attacks. The available options are None, Group-5 (1536-bit) and Group-2 (1024-bit). The security of the key exchanges increase as the DH groups grow larger, as does the time of the exchanges."
msgstr ""

#: ../../networking/remote_access_vpn.rst:381
# 31cd21a987c94c2593fa18b480d5655a
msgid "When PFS is turned on, for every negotiation of a new phase-2 SA the two gateways must generate a new set of phase-1 keys. This adds an extra layer of protection that PFS adds, which ensures if the phase-2 SA's have expired, the keys used for new phase-2 SA's have not been generated from the current phase-1 keying material."
msgstr ""

#: ../../networking/remote_access_vpn.rst:387
# c4fac70acb7546528e8f03a69aec87d6
msgid "**IKE Lifetime (seconds)**: The phase-1 lifetime of the security association in seconds. Default is 86400 seconds (1 day). Whenever the time expires, a new phase-1 exchange is performed."
msgstr ""

#: ../../networking/remote_access_vpn.rst:391
# 253e1c3775154909922b7f978944cd3e
msgid "**ESP Lifetime (seconds)**: The phase-2 lifetime of the security association in seconds. Default is 3600 seconds (1 hour). Whenever the value is exceeded, a re-key is initiated to provide a new IPsec encryption and authentication session keys."
msgstr ""

#: ../../networking/remote_access_vpn.rst:396
# c0c484db7f344e408d168f25bb654809
msgid "**Dead Peer Detection**: A method to detect an unavailable Internet Key Exchange (IKE) peer. Select this option if you want the virtual router to query the liveliness of its IKE peer at regular intervals. It's recommended to have the same configuration of DPD on both side of VPN connection."
msgstr ""

#: ../../networking/remote_access_vpn.rst:406
# bbbaed88ff1d435c8172e82d1ba38621
msgid "Updating and Removing a VPN Customer Gateway"
msgstr ""

#: ../../networking/remote_access_vpn.rst:408
# dce2c8dc1af941d3995eccd689185d2f
msgid "You can update a customer gateway either with no VPN connection, or related VPN connection is in error state."
msgstr ""

#: ../../networking/remote_access_vpn.rst:417
# a2663d4c4c664967b66aed432bc15feb
msgid "Select the VPN customer gateway you want to work with."
msgstr ""

#: ../../networking/remote_access_vpn.rst:419
# a7ded8e5a4764341a0616505650a00e8
msgid "To modify the required parameters, click the Edit VPN Customer Gateway button |vpn-edit-icon.png|"
msgstr ""

#: ../../networking/remote_access_vpn.rst:422
# 756841a8fa024fd8a5c97c8f30e876d3
msgid "To remove the VPN customer gateway, click the Delete VPN Customer Gateway button |delete.png|"
msgstr ""

#: ../../networking/remote_access_vpn.rst:429
# b8b2a50b82054314966bddcea5e58624
msgid "Creating a VPN gateway for the VPC"
msgstr ""

#: ../../networking/remote_access_vpn.rst:440
#: ../../networking/remote_access_vpn.rst:501
#: ../../networking/remote_access_vpn.rst:633
#: ../../networking/virtual_private_cloud_config.rst:671
#: ../../networking/virtual_private_cloud_config.rst:738
#: ../../networking/virtual_private_cloud_config.rst:857
#: ../../networking/virtual_private_cloud_config.rst:1291
# 55ffd9d38baf4689915216b245eb0345
# 9dffc7abb0334653a04e9da28c3986eb
# cafe1c918b254231856621d595a969ea
# 629408b6b4d44c488f179e9d12c9d1c8
# 12f2c2ca637145198bd85e6aefc78803
# 322ff7890b6647d89fc773f95de5ca97
# b5eb13586b2d401b9224cc304d4d596e
msgid "Click the Configure button of the VPC to which you want to deploy the VMs."
msgstr ""

#: ../../networking/remote_access_vpn.rst:443
#: ../../networking/remote_access_vpn.rst:504
#: ../../networking/remote_access_vpn.rst:636
#: ../../networking/virtual_private_cloud_config.rst:504
#: ../../networking/virtual_private_cloud_config.rst:741
#: ../../networking/virtual_private_cloud_config.rst:799
#: ../../networking/virtual_private_cloud_config.rst:860
#: ../../networking/virtual_private_cloud_config.rst:1294
# 3ede94e26b2243618297004100dde13e
# 2f52e248552b455a87f010302f709dad
# 053eb6822dcf4582b9bba73ede381afb
# d368f1f8019d471eb6596301beba362c
# dfea3c0fff89489eac70a967cc49c5aa
# 73059e34302c43d1a5a4c816f43b9382
# fb07c649ea2b4a768d6e5716e8030063
# 28f7d7ee821449b29c5cd912fde10a27
msgid "The VPC page is displayed where all the tiers you created are listed in a diagram."
msgstr ""

#: ../../networking/remote_access_vpn.rst:468
#: ../../networking/remote_access_vpn.rst:531
#: ../../networking/remote_access_vpn.rst:663
# bb47b6a4c9894b0ba98c007547e23a7b
# 5f44ee9703334af187a5f781a5bdd3ca
# 90eeedf47dda43f69ca4cd79e42918d7
msgid "Select Site-to-Site VPN."
msgstr ""

#: ../../networking/remote_access_vpn.rst:470
# 3904e2f97d404bd0ac8c9e9461127c9c
msgid "If you are creating the VPN gateway for the first time, selecting Site-to-Site VPN prompts you to create a VPN gateway."
msgstr ""

#: ../../networking/remote_access_vpn.rst:473
# 58e6c2a9a3ca472c8470f2da068490b4
msgid "In the confirmation dialog, click Yes to confirm."
msgstr ""

#: ../../networking/remote_access_vpn.rst:475
# 0dcce7d9ba7e44fea93fd343b6eb8ccd
msgid "Within a few moments, the VPN gateway is created. You will be prompted to view the details of the VPN gateway you have created. Click Yes to confirm."
msgstr ""

#: ../../networking/remote_access_vpn.rst:479
# 08c91c396238462eb6a6a86c3bc34356
msgid "The following details are displayed in the VPN Gateway page:"
msgstr ""

#: ../../networking/remote_access_vpn.rst:483
# a77fc54a7c8146a3ac276762ce040121
msgid "Account"
msgstr ""

#: ../../networking/remote_access_vpn.rst:485
# 7d5a08b580ca444fa94ea41cf933bbed
msgid "Domain"
msgstr ""

#: ../../networking/remote_access_vpn.rst:489
# a9bedddab6d94613aa7949d22530c563
msgid "Creating a VPN Connection"
msgstr ""

#: ../../networking/remote_access_vpn.rst:491
# eb9ff504d03f4098abe385052da3a163
msgid "CloudStack supports creating up to 8 VPN connections."
msgstr ""

#: ../../networking/remote_access_vpn.rst:499
# 4106c6c68d6d468fa69e8066df52a37d
msgid "All the VPCs that you create for the account are listed in the page."
msgstr ""

#: ../../networking/remote_access_vpn.rst:507
#: ../../networking/remote_access_vpn.rst:639
#: ../../networking/virtual_private_cloud_config.rst:507
# 30ef75902e6a416e943de29ba0ae78f2
# 2ea0f0278379492ba4ae3fe6df1acc1e
# 9120ca60dcc143a28655716ade74dd8d
msgid "Click the Settings icon."
msgstr ""

#: ../../networking/remote_access_vpn.rst:533
#: ../../networking/remote_access_vpn.rst:665
# c17fddae85054e48acc62417d618005b
# d51c787e2c3641bda74032c8dda674a2
msgid "The Site-to-Site VPN page is displayed."
msgstr ""

#: ../../networking/remote_access_vpn.rst:535
#: ../../networking/remote_access_vpn.rst:667
# d20933656e614d3c90bbeca3c9dfa1e8
# ae7c48ded27f46fba258b7713abe8020
msgid "From the Select View drop-down, ensure that VPN Connection is selected."
msgstr ""

#: ../../networking/remote_access_vpn.rst:538
# e805d37fb5de4010a4e653ecc10fe88f
msgid "Click Create VPN Connection."
msgstr ""

#: ../../networking/remote_access_vpn.rst:540
# 6461a9409d0d43af95085f7592764ec5
msgid "The Create VPN Connection dialog is displayed:"
msgstr ""

#: ../../networking/remote_access_vpn.rst:542
# 302fc42f8855480ea855ba83253ae510
msgid "|createvpnconnection.png|"
msgstr ""

#: ../../networking/remote_access_vpn.rst:544
# 256fd2eeb83d4c8ca42223952cda2eaa
msgid "Select the desired customer gateway."
msgstr ""

#: ../../networking/remote_access_vpn.rst:546
# 1216cafe939448ce89002732610150f9
msgid "Select Passive if you want to establish a connection between two VPC virtual routers."
msgstr ""

#: ../../networking/remote_access_vpn.rst:549
# 31801a53933d4e8e98ac8b775c9547ad
msgid "If you want to establish a connection between two VPC virtual routers, select Passive only on one of the VPC virtual routers, which waits for the other VPC virtual router to initiate the connection. Do not select Passive on the VPC virtual router that initiates the connection."
msgstr ""

#: ../../networking/remote_access_vpn.rst:557
# 06301a1ae56d4aa0829075cea0e779b2
msgid "Within a few moments, the VPN Connection is displayed."
msgstr ""

#: ../../networking/remote_access_vpn.rst:559
# aa7133cb7a2f415180d09d0a134d39b2
msgid "The following information on the VPN connection is displayed:"
msgstr ""

#: ../../networking/remote_access_vpn.rst:565
# 0c0a058f5bba400ba3f349f62ea660f1
msgid "State"
msgstr ""

#: ../../networking/remote_access_vpn.rst:567
# c7cdf1f2c13b4df7852fb798ffb852f1
msgid "IPSec Preshared Key"
msgstr ""

#: ../../networking/remote_access_vpn.rst:569
# 97c84bf1a75c4e84a20bda2e28f8dd99
msgid "IKE Policy"
msgstr ""

#: ../../networking/remote_access_vpn.rst:571
# 7d9d2e44ca2e45118dd87874aab3660c
msgid "ESP Policy"
msgstr ""

#: ../../networking/remote_access_vpn.rst:575
# 53ad2d1f828e40a5a6e793ae3c464cf6
msgid "Site-to-Site VPN Connection Between VPC Networks"
msgstr ""

#: ../../networking/remote_access_vpn.rst:577
# bfe3ddb6f0054692ade09235d6409226
msgid "CloudStack provides you with the ability to establish a site-to-site VPN connection between CloudStack virtual routers. To achieve that, add a passive mode Site-to-Site VPN. With this functionality, users can deploy applications in multiple Availability Zones or VPCs, which can communicate with each other by using a secure Site-to-Site VPN Tunnel."
msgstr ""

#: ../../networking/remote_access_vpn.rst:583
# 4d7b48c89729493fab30a6c8fa3e3d8a
msgid "This feature is supported on all the hypervisors."
msgstr ""

#: ../../networking/remote_access_vpn.rst:585
# 63d33594095642d6bd759d685c327728
msgid "Create two VPCs. For example, VPC A and VPC B."
msgstr ""

#: ../../networking/remote_access_vpn.rst:587
# f38ada5b2bf347699a13c440cdbb6d6d
msgid "For more information, see \":ref:`configuring-vpc`\"."
msgstr ""

#: ../../networking/remote_access_vpn.rst:589
# 9725f2c0a7804cd08dabeb07ccced69e
msgid "Create VPN gateways on both the VPCs you created."
msgstr ""

#: ../../networking/remote_access_vpn.rst:591
# 863b39380dc440b39636aefc3f305286
msgid "For more information, see `\"Creating a VPN gateway for the VPC\" <#creating-a-vpn-gateway-for-the-vpc>`_."
msgstr ""

#: ../../networking/remote_access_vpn.rst:594
# 80e6cc23902e4983926d330301305245
msgid "Create VPN customer gateway for both the VPCs."
msgstr ""

#: ../../networking/remote_access_vpn.rst:596
# 8b053f18f0cf45d7a54c9a55525e51d5
msgid "For more information, see `\"Creating and Updating a VPN Customer Gateway\" <#creating-and-updating-a-vpn-customer-gateway>`_."
msgstr ""

#: ../../networking/remote_access_vpn.rst:599
# e62bfd0cb16b4506af656ac300d2b9d6
msgid "Enable a VPN connection on VPC A in passive mode."
msgstr ""

#: ../../networking/remote_access_vpn.rst:601
# e9a973fc175a4c358a0961c603185a9b
msgid "For more information, see `\"Creating a VPN Connection\" <#creating-a-vpn-connection>`_."
msgstr ""

#: ../../networking/remote_access_vpn.rst:604
# 077205cc874949ebb23a94463f757867
msgid "Ensure that the customer gateway is pointed to VPC B. The VPN connection is shown in the Disconnected state."
msgstr ""

#: ../../networking/remote_access_vpn.rst:607
# a1f2ec5982ca4ee88e0e1b6d64a341e4
msgid "Enable a VPN connection on VPC B."
msgstr ""

#: ../../networking/remote_access_vpn.rst:609
# 9b111a2dd2fb47d384d121a954fb00d0
msgid "Ensure that the customer gateway is pointed to VPC A. Because virtual router of VPC A, in this case, is in passive mode and is waiting for the virtual router of VPC B to initiate the connection, VPC B virtual router should not be in passive mode."
msgstr ""

#: ../../networking/remote_access_vpn.rst:614
# 6f48c7f01a334934959f0048f9a19913
msgid "The VPN connection is shown in the Disconnected state."
msgstr ""

#: ../../networking/remote_access_vpn.rst:616
# f9289b1f358541dcbbea60dd60547408
msgid "Creating VPN connection on both the VPCs initiates a VPN connection. Wait for few seconds. The default is 30 seconds for both the VPN connections to show the Connected state."
msgstr ""

#: ../../networking/remote_access_vpn.rst:622
# 9fe12894f28c427a9daba08709f4326d
msgid "Restarting and Removing a VPN Connection"
msgstr ""

#: ../../networking/remote_access_vpn.rst:670
# 4f1aa09db210412ca829b0fadcbc3175
msgid "All the VPN connections you created are displayed."
msgstr ""

#: ../../networking/remote_access_vpn.rst:672
# 17e6855dfa4241a58cce788d5d96a057
msgid "Select the VPN connection you want to work with."
msgstr ""

#: ../../networking/remote_access_vpn.rst:674
# bc52370e920b4f288050d7fcf2c623f4
msgid "The Details tab is displayed."
msgstr ""

#: ../../networking/remote_access_vpn.rst:676
# dd3715695c204665987222ab000106cd
msgid "To remove a VPN connection, click the Delete VPN connection button |remove-vpn.png|"
msgstr ""

#: ../../networking/remote_access_vpn.rst:679
# 4b987b9761934af19b5d8a4be76875a5
msgid "To restart a VPN connection, click the Reset VPN connection button present in the Details tab. |reset-vpn.png|"
msgstr ""

#: ../../networking/inter_vlan_routing.rst:18
# 1280b685b60c4cd9b6c84035e7c3ff2a
msgid "About Inter-VLAN Routing (nTier Apps)"
msgstr ""

#: ../../networking/inter_vlan_routing.rst:20
# be2045156b3041218bc42ecd27d7d6f0
msgid "Inter-VLAN Routing (nTier Apps) is the capability to route network traffic between VLANs. This feature enables you to build Virtual Private Clouds (VPC), an isolated segment of your cloud, that can hold multi-tier applications. These tiers are deployed on different VLANs that can communicate with each other. You provision VLANs to the tiers your create, and VMs can be deployed on different tiers. The VLANs are connected to a virtual router, which facilitates communication between the VMs. In effect, you can segment VMs by means of VLANs into different networks that can host multi-tier applications, such as Web, Application, or Database. Such segmentation by means of VLANs logically separate application VMs for higher security and lower broadcasts, while remaining physically connected to the same device."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:33
# ee648742bfb3421f8a3889c2349f279b
msgid "This feature is supported on XenServer, KVM, and VMware hypervisors."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:35
# ef162a16526641098e51a139989ae97e
msgid "The major advantages are:"
msgstr ""

#: ../../networking/inter_vlan_routing.rst:37
# 3e6de8dbeba5419abdb2b03019116141
msgid "The administrator can deploy a set of VLANs and allow users to deploy VMs on these VLANs. A guest VLAN is randomly alloted to an account from a pre-specified set of guest VLANs. All the VMs of a certain tier of an account reside on the guest VLAN allotted to that account."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:43
# bc8ba74b90594f12a5fd5677cc9ff6d1
msgid "A VLAN allocated for an account cannot be shared between multiple accounts."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:45
# 1ab1ca8e96254434870948d662709b43
msgid "The administrator can allow users create their own VPC and deploy the application. In this scenario, the VMs that belong to the account are deployed on the VLANs allotted to that account."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:49
# a3116bd8472e48a7aa7cda71b97e27cc
msgid "Both administrators and users can create multiple VPCs. The guest network NIC is plugged to the VPC virtual router when the first VM is deployed in a tier."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:53
# 6fd43509fad74559adbc29b02d394dc9
msgid "The administrator can create the following gateways to send to or receive traffic from the VMs:"
msgstr ""

#: ../../networking/inter_vlan_routing.rst:56
# 8ddc983de3d241f09f98b725eb5816b9
msgid "**VPN Gateway**: For more information, see `\"Creating a VPN gateway for the VPC\" <#creating-a-vpn-gateway-for-the-vpc>`_."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:59
# 61e9f85faff44050a4964c4318e14c71
msgid "**Public Gateway**: The public gateway for a VPC is added to the virtual router when the virtual router is created for VPC. The public gateway is not exposed to the end users. You are not allowed to list it, nor allowed to create any static routes."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:64
# b56703bb9e304d9eb985cf50d8467b88
msgid "**Private Gateway**: For more information, see \":ref:`adding-priv-gw-vpc`\"."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:66
# 971a020719584df99604941837f413e9
msgid "Both administrators and users can create various possible destinations-gateway combinations. However, only one gateway of each type can be used in a deployment."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:70
# a959d3a87f854875b155e4dd0378bc58
msgid "For example:"
msgstr ""

#: ../../networking/inter_vlan_routing.rst:72
# c8562933cf3a49dabea40ebda77c173e
msgid "**VLANs and Public Gateway**: For example, an application is deployed in the cloud, and the Web application VMs communicate with the Internet."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:76
# 9a0414207cf1455fa28030b70576f628
msgid "**VLANs, VPN Gateway, and Public Gateway**: For example, an application is deployed in the cloud; the Web application VMs communicate with the Internet; and the database VMs communicate with the on-premise devices."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:81
# 8534c0f613cb4afd87cee4abbbeb1864
msgid "The administrator can define Network Access Control List (ACL) on the virtual router to filter the traffic among the VLANs or between the Internet and a VLAN. You can define ACL based on CIDR, port range, protocol, type code (if ICMP protocol is selected) and Ingress/Egress type."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:87
# dbc5184ebe294b3c978a2597145d1afc
msgid "The following figure shows the possible deployment scenarios of a Inter-VLAN setup:"
msgstr ""

#: ../../networking/inter_vlan_routing.rst:90
# 7b6b27d712ab4049bb9e18da1df3f10f
msgid "|mutltier.png|"
msgstr ""

#: ../../networking/inter_vlan_routing.rst:92
# a73c0ccfe9e242bbafc920ed4db89f8c
msgid "To set up a multi-tier Inter-VLAN deployment, see \":ref:`configuring-vpc`\"."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:20
# 68230541a8c04698a2cd4782fa199025
msgid "Configuring a Virtual Private Cloud"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:23
# c96dce204b9449f096ddff43e7c501e4
msgid "About Virtual Private Clouds"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:25
# 39a15c9ebdbf402189072d4ad538b511
msgid "CloudStack Virtual Private Cloud is a private, isolated part of CloudStack. A VPC can have its own virtual network topology that resembles a traditional physical network. You can launch VMs in the virtual network that can have private addresses in the range of your choice, for example: 10.0.0.0/16. You can define network tiers within your VPC network range, which in turn enables you to group similar kinds of instances based on IP address range."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:33
# 52f1ec4df5f14d00acc410893a48cd12
msgid "For example, if a VPC has the private range 10.0.0.0/16, its guest networks can have the network ranges 10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24, and so on."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:39
# c427f4f401964436adf6600e085f1c73
msgid "Major Components of a VPC"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:41
# aa65d02ab49c4593ab9a6304e97b0499
msgid "A VPC is comprised of the following network components:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:43
# 6ce250346a5b4839af2f807498d27a93
msgid "**VPC**: A VPC acts as a container for multiple isolated networks that can communicate with each other via its virtual router."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:46
# bf8dcbee37f94f398e40dcc29aa1b1f2
msgid "**Network Tiers**: Each tier acts as an isolated network with its own VLANs and CIDR list, where you can place groups of resources, such as VMs. The tiers are segmented by means of VLANs. The NIC of each tier acts as its gateway."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:51
# 85c01a3feddd4eefa12e8569dc29abdb
msgid "**Virtual Router**: A virtual router is automatically created and started when you create a VPC. The virtual router connect the tiers and direct traffic among the public gateway, the VPN gateways, and the NAT instances. For each tier, a corresponding NIC and IP exist in the virtual router. The virtual router provides DNS and DHCP services through its IP."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:58
# 084d9e9386154de29f7c85e78edcbddf
msgid "**Public Gateway**: The traffic to and from the Internet routed to the VPC through the public gateway. In a VPC, the public gateway is not exposed to the end user; therefore, static routes are not support for the public gateway."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:63
# 0a67aeaa8469476786141e2d15792113
msgid "**Private Gateway**: All the traffic to and from a private network routed to the VPC through the private gateway. For more information, see \":ref:`adding-priv-gw-vpc`\"."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:67
# 7f1df774c21345d183d04571db70c24d
msgid "**VPN Gateway**: The VPC side of a VPN connection."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:69
# d4f1eced716140b2ba2e5c4a4bb94733
msgid "**Site-to-Site VPN Connection**: A hardware-based VPN connection between your VPC and your datacenter, home network, or co-location facility. For more information, see \":ref:`setting-s2s-vpn-conn`\"."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:73
# d96c6c8f7e914115913908328dafe225
msgid "**Customer Gateway**: The customer side of a VPN Connection. For more information, see `\"Creating and Updating a VPN Customer Gateway\" <#creating-and-updating-a-vpn-customer-gateway>`_."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:77
# 4a709f7fe7a644bcbf353a4841f01b9d
msgid "**NAT Instance**: An instance that provides Port Address Translation for instances to access the Internet via the public gateway. For more information, see \":ref:`enabling-disabling-static-nat-on-vpc`\"."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:81
# d3585dd79a1e4e7e89912c04813bb102
msgid "**Network ACL**: Network ACL is a group of Network ACL items. Network ACL items are nothing but numbered rules that are evaluated in order, starting with the lowest numbered rule. These rules determine whether traffic is allowed in or out of any tier associated with the network ACL. For more information, see \":ref:`conf-net-acl`\"."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:89
# d9a20cb6323241afa91a6c2cbc307ff9
msgid "Network Architecture in a VPC"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:91
# 7ee1153de76a4c929d0b1fa6a71fd31d
msgid "In a VPC, the following four basic options of network architectures are present:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:94
# 1451c0ec747146d4b4c7cef8cb2721de
msgid "VPC with a public gateway only"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:96
# 10f537ebc4544eb487ff69cb3d4925f7
msgid "VPC with public and private gateways"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:98
# 6df0df8e0b47452e978347b896d0550a
msgid "VPC with public and private gateways and site-to-site VPN access"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:100
# 7210a6e941a1458299c8b7853414ea18
msgid "VPC with a private gateway only and site-to-site VPN access"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:104
# 41f1471fc8d144d4a2ae08eaa26079e5
msgid "Connectivity Options for a VPC"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:106
# 7939a1a9ae10427e945a7598b60a6acb
msgid "You can connect your VPC to:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:108
# 92785d31fb8449578b7a7d78f8d59eb4
msgid "The Internet through the public gateway."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:110
# 013122ffc01c46aabad011737399bc1b
msgid "The corporate datacenter by using a site-to-site VPN connection through the VPN gateway."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:113
# 3199327142444fe1bd185a5b40149130
msgid "Both the Internet and your corporate datacenter by using both the public gateway and a VPN gateway."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:118
# 2a91b9eca4284fbcb69ab5478b249d29
msgid "VPC Network Considerations"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:120
# 8e8bd043a0c34c77885f6c613181a421
msgid "Consider the following before you create a VPC:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:122
# f39001cdf8054dcfbd61db983190b41f
msgid "A VPC, by default, is created in the enabled state."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:124
# 82792dd3f27546d2a3c42b67ba5b29f4
msgid "A VPC can be created in Advance zone only, and can't belong to more than one zone at a time."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:127
# 8a09712594af4741822a39824fdef070
msgid "The default number of VPCs an account can create is 20. However, you can change it by using the max.account.vpcs global parameter, which controls the maximum number of VPCs an account is allowed to create."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:131
# 261cae4270494826bf83e0dcae8af848
msgid "The default number of tiers an account can create within a VPC is 3. You can configure this number by using the vpc.max.networks parameter."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:135
# 62fc1185526b4470b7cc2d5eebfcbdfd
msgid "Each tier should have an unique CIDR in the VPC. Ensure that the tier's CIDR should be within the VPC CIDR range."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:138
# 96300f5d5fe44005a32e9cf1f40b4ea4
msgid "A tier belongs to only one VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:140
# 3fa6bb2bbfc54d1da2bab5ebfe5b22b2
msgid "All network tiers inside the VPC should belong to the same account."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:142
# abd18af86f4e44958067a2f7dc82012f
msgid "When a VPC is created, by default, a SourceNAT IP is allocated to it. The Source NAT IP is released only when the VPC is removed."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:145
# 14ebd559d22240e29e435b14253ef654
msgid "A public IP can be used for only one purpose at a time. If the IP is a sourceNAT, it cannot be used for StaticNAT or port forwarding."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:148
# c29d747872084beb8924548c54211fae
msgid "The instances can only have a private IP address that you provision. To communicate with the Internet, enable NAT to an instance that you launch in your VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:152
# 8d3468d50b334a3389cb81da8b464dea
msgid "Only new networks can be added to a VPC. The maximum number of networks per VPC is limited by the value you specify in the vpc.max.networks parameter. The default value is three."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:156
# af8282a7c19c4580a62b69371106d6f2
msgid "The load balancing service can be supported by only one tier inside the VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:159
# 39cb5b3dc8fe40988ffba7f5ede4490d
msgid "If an IP address is assigned to a tier:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:161
# 176c27ebe07048b3a7836a228d011441
msgid "That IP can't be used by more than one tier at a time in the VPC. For example, if you have tiers A and B, and a public IP1, you can create a port forwarding rule by using the IP either for A or B, but not for both."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:166
# f43348e85da24485a1d92b63da2366ac
msgid "That IP can't be used for StaticNAT, load balancing, or port forwarding rules for another guest network inside the VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:169
# fee8e4c6c5954adeb9005bf1d5ce023e
msgid "Remote access VPN is not supported in VPC networks."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:173
# 96fc9927ad5141bba2d657b1963d9d87
msgid "Adding a Virtual Private Cloud"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:175
# 5f129175d6144d298c7ede91ac9ec513
msgid "When creating the VPC, you simply provide the zone and a set of IP addresses for the VPC network address space. You specify this set of addresses in the form of a Classless Inter-Domain Routing (CIDR) block."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:185
# c91fb511977940b7b6f4adbffe2da030
msgid "Click Add VPC. The Add VPC page is displayed as follows:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:187
# 7632a958cf894fb9a2bfac92d1f5600d
msgid "|add-vpc.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:191
# 8ecd10dee5dc44baa12a0ec575b6f501
msgid "**Name**: A short name for the VPC that you are creating."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:193
# 27ae714de91a400780ba0479927daaf5
msgid "**Description**: A brief description of the VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:195
# 1824e109bd6c46ac8a5a0c0f2057b2fa
msgid "**Zone**: Choose the zone where you want the VPC to be available."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:197
# e936203c2e05451299d2de67f4f47ebc
msgid "**Super CIDR for Guest Networks**: Defines the CIDR range for all the tiers (guest networks) within a VPC. When you create a tier, ensure that its CIDR is within the Super CIDR value you enter. The CIDR must be RFC1918 compliant."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:202
# 6ca68d15f75048b0b195f40134796a2c
msgid "**DNS domain for Guest Networks**: If you want to assign a special domain name, specify the DNS suffix. This parameter is applied to all the tiers within the VPC. That implies, all the tiers you create in the VPC belong to the same DNS domain. If the parameter is not specified, a DNS domain name is generated automatically."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:208
# 71b34c1e720143dfa39c979df560f4ca
msgid "**Public Load Balancer Provider**: You have two options: VPC Virtual Router and Netscaler."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:215
# 8798d1945a1c4084a1b2a0614ec9db32
msgid "Adding Tiers"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:217
# 98d4e1b6db094ef3be8c292cd0efa54b
msgid "Tiers are distinct locations within a VPC that act as isolated networks, which do not have access to other tiers by default. Tiers are set up on different VLANs that can communicate with each other by using a virtual router. Tiers provide inexpensive, low latency network connectivity to other tiers within the VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:229
#: ../../networking/virtual_private_cloud_config.rst:1366
# 3314f3a5a14a4b969d7ee70acab97a4a
# f747c26b980441cc9b6ecb7baf8f8557
msgid "All the VPC that you have created for the account is listed in the page."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:233
# 8844e1d7896046a7881fdb53a34d3dce
msgid "The end users can see their own VPCs, while root and domain admin can see any VPC they are authorized to see."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:236
#: ../../networking/virtual_private_cloud_config.rst:1369
# 9771fbcf9e3e4bc7adeceaeb5db1a8ff
# 19ef7e315e30411398c644e4ee829252
msgid "Click the Configure button of the VPC for which you want to set up tiers."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:239
# c78aa8064f6342b481fd5870fce87c54
msgid "Click Create network."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:241
# c405f8d748a04cbe8c19e538c402ff7e
msgid "The Add new tier dialog is displayed, as follows:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:243
# 34e2e606b003480ab786bf798340707f
msgid "|add-tier.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:245
# e176f3eb0eff46849004f861f27d70ba
msgid "If you have already created tiers, the VPC diagram is displayed. Click Create Tier to add a new tier."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:252
# 6da7a219b10c4cd393a25728f68792f6
msgid "**Name**: A unique name for the tier you create."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:254
# 1b4af9e2df5d4c45a8fe0846d9421847
msgid "**Network Offering**: The following default network offerings are listed: Internal LB, DefaultIsolatedNetworkOfferingForVpcNetworksNoLB, DefaultIsolatedNetworkOfferingForVpcNetworks"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:259
# ee49520ec77a4c7097618acebca06e0a
msgid "In a VPC, only one tier can be created by using LB-enabled network offering."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:267
# fe3e7690b8434d17bee25931f77b4060
msgid "**VLAN**: The VLAN ID for the tier that the root admin creates."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:269
# ac4187501eb24391a8fe48b9eaea78db
msgid "This option is only visible if the network offering you selected is VLAN-enabled."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:272
# 4f0b4d89f6904969ae3ee5e09664a312
msgid "For more information, see `\"Assigning VLANs to Isolated Networks\" <hosts.html#assigning-vlans-to-isolated-networks>`_."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:283
# 9d2a27efdd3340729e2b4d326a7ae82f
msgid "Continue with configuring access control list for the tier."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:289
# cfc11ab12602462ea15568f2ee59a571
msgid "Configuring Network Access Control List"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:291
# 80d05b449ec74dcf9676a890310dd627
msgid "Define Network Access Control List (ACL) on the VPC virtual router to control incoming (ingress) and outgoing (egress) traffic between the VPC tiers, and the tiers and Internet. By default, all incoming traffic to the guest networks is blocked and all outgoing traffic from guest networks is allowed, once you add an ACL rule for outgoing traffic, then only outgoing traffic specified in this ACL rule is allowed, the rest is blocked. To open the ports, you must create a new network ACL. The network ACLs can be created for the tiers only if the NetworkACL service is supported."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:303
# aa42198a93034f1c84348ea431669aa6
msgid "About Network ACL Lists"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:305
# b8c70fbf1bc54242a435cb7f6a8bcfff
msgid "In CloudStack terminology, Network ACL is a group of Network ACL items. Network ACL items are nothing but numbered rules that are evaluated in order, starting with the lowest numbered rule. These rules determine whether traffic is allowed in or out of any tier associated with the network ACL. You need to add the Network ACL items to the Network ACL, then associate the Network ACL with a tier. Network ACL is associated with a VPC and can be assigned to multiple VPC tiers within a VPC. A Tier is associated with a Network ACL at all the times. Each tier can be associated with only one ACL."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:315
# 2b2f7cf9c53546368b42fa70f544bd0a
msgid "The default Network ACL is used when no ACL is associated. Default behavior is all the incoming traffic is blocked and outgoing traffic is allowed from the tiers. Default network ACL cannot be removed or modified. Contents of the default Network ACL is:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:321
# 94ec3c0bd9ad4d2694658ae87c05a6dc
msgid "Rule"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:321
# cdf1ee2618b8425fa236a5ba71e879f8
msgid "Protocol"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:321
# 71beb1131ecc4bf79f519067b0cc0421
msgid "Traffic type"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:321
# 02feb18dc4204c6d816848bece6753f2
msgid "Action"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:323
#: ../../networking/virtual_private_cloud_config.rst:324
# 7b039a75bc4e40b0998ee720fc9be7af
# b4c3a2a2f8274af8b1e3a9590128b37e
msgid "All"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:323
# 29b1464ed65441e9aef0eac71c0aee88
msgid "Ingress"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:323
#: ../../networking/virtual_private_cloud_config.rst:324
# 0f25a9ce81214a8db99b2c15ca68ecaf
# 1f7b00eb40c84e49afad68ec636cf017
msgid "0.0.0.0/0"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:324
# 2a938982deaf4bee91999a560045df0f
msgid "Egress"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:329
# a89760a050314e7687a774e021984e36
msgid "Creating ACL Lists"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:364
#: ../../networking/virtual_private_cloud_config.rst:391
# 3eda1f1ad1e84a5fa0abdd0d63298377
# c9c0ef8b2d724a88af647c817e2e60b3
msgid "Select Network ACL Lists."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:366
# d948b72948e443708b6aa2c594cbf48c
msgid "The following default rules are displayed in the Network ACLs page: default\\_allow, default\\_deny."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:369
# a06453197ea54b78a1671d85bf9e73d7
msgid "Click Add ACL Lists, and specify the following:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:371
# 936eba7c1c614d71b4d81a9836930774
msgid "**ACL List Name**: A name for the ACL list."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:373
# 33929738488f4ea9919dcf6a7e3fe2f5
msgid "**Description**: A short description of the ACL list that can be displayed to users."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:378
# 7c8c60eca2c549f5b45770647d1aa00c
msgid "Creating an ACL Rule"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:393
# 9dd4e8a5913f4029b9009edcec1a873e
msgid "In addition to the custom ACL lists you have created, the following default rules are displayed in the Network ACLs page: default\\_allow, default\\_deny."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:397
#: ../../networking/virtual_private_cloud_config.rst:477
# a6f4bd8cfb1b4f6fad84ffaa0cb8be7d
# 8f83289dee8e4333b67e394e3c8d0f0d
msgid "Select the desired ACL list."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:399
# 92b66b5dafcf4032a201494a372c5a09
msgid "Select the ACL List Rules tab."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:401
# dfaf3ab49c4a4d8c89f6e9f968c769ac
msgid "To add an ACL rule, fill in the following fields to specify what kind of network traffic is allowed in the VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:404
# 51c1de77519e4d1dbd873ec733e2ba75
msgid "**Rule Number**: The order in which the rules are evaluated."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:406
# 86a9b66780f94ece927187a782db5a7b
msgid "**CIDR**: The CIDR acts as the Source CIDR for the Ingress rules, and Destination CIDR for the Egress rules. To accept traffic only from or to the IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. The CIDR is the base IP address of the incoming traffic. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:413
# 8330289162464c20a853e935c0a8994c
msgid "**Action**: What action to be taken. Allow traffic or block."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:415
# 498ccf8b2f69422382f0f84e1ca4539c
msgid "**Protocol**: The networking protocol that sources use to send traffic to the tier. The TCP and UDP protocols are typically used for data exchange and end-user communications. The ICMP protocol is typically used to send error messages or network monitoring data. All supports all the traffic. Other option is Protocol Number."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:422
# e63c6c1906af4a6b8ed6d87b9c73ed40
msgid "**Start Port**, **End Port** (TCP, UDP only): A range of listening ports that are the destination for the incoming traffic. If you are opening a single port, use the same number in both fields."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:426
# 7c79246e902c4bbc8186dda26670b328
msgid "**Protocol Number**: The protocol number associated with IPv4 or IPv6. For more information, see `Protocol Numbers <http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml>`_."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:430
# f108c8672b5549f0b7bccead5633f71e
msgid "**ICMP Type**, **ICMP Code** (ICMP only): The type of message and error code that will be sent."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:433
# aea6fa8baba04251bd617d19ec0fac50
msgid "**Traffic Type**: The type of traffic: Incoming or outgoing."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:435
# 8837fecc5cbe4deb9b9b32eb1e7a22bb
msgid "Click Add. The ACL rule is added."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:437
# ff24506a3edf4b368b6851738d3cd4a6
msgid "You can edit the tags assigned to the ACL rules and delete the ACL rules you have created. Click the appropriate button in the Details tab."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:443
# 686d25e2eb934b228756cffad503dc14
msgid "Creating a Tier with Custom ACL List"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:445
#: ../../networking/virtual_private_cloud_config.rst:461
# 12b4daba446b406188c175ab28efa5c1
# e044ead1ada14ab5b3ec8b3e711b655c
msgid "Create a VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:447
#: ../../networking/virtual_private_cloud_config.rst:467
# 5f8cae5888424f2a90e4e67bb1174768
# 1a83d09401c84e96a549f864c6695017
msgid "Create a custom ACL list."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:449
#: ../../networking/virtual_private_cloud_config.rst:469
# a0a748dbf9a14a6292e606e617c28d64
# b359fbe706df412e8209f49644e377e0
msgid "Add ACL rules to the ACL list."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:451
#: ../../networking/virtual_private_cloud_config.rst:463
# 3c202066013d4bc0adfd54fbb57b6a40
# c1084edbb18d4e88a8862f51a676882d
msgid "Create a tier in the VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:453
# 2693d2f98f2144d2bd046d2a6ee9edc4
msgid "Select the desired ACL list while creating a tier."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:459
# 8d75f722483847bfbaf121d50683108f
msgid "Assigning a Custom ACL List to a Tier"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:465
# fb8e5f4022c7464683a31b78f61d773e
msgid "Associate the tier with the default ACL rule."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:471
# 39e12cdf7861405b9cb6e499e2a43a69
msgid "Select the tier for which you want to assign the custom ACL."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:473
# 948fcbc5ab17415abed167dfec847398
msgid "Click the Replace ACL List icon. |replace-acl-icon.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:475
# 1e59b7c5187d410c84f77a2de169bfd2
msgid "The Replace ACL List dialog is displayed."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:485
# 6a8102624df0467d816ba212863e0f4a
msgid "Adding a Private Gateway to a VPC"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:487
# d90a68b590214ef5a6ef4f86afbf6fd5
msgid "A private gateway can be added by the root admin only. The VPC private network has 1:1 relationship with the NIC of the physical network. You can configure multiple private gateways to a single VPC. No gateways with duplicated VLAN and IP are allowed in the same data center."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:501
# 8834cea2024a427e8ed0a565fd66bd19
msgid "Click the Configure button of the VPC to which you want to configure load balancing rules."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:509
#: ../../networking/virtual_private_cloud_config.rst:744
#: ../../networking/virtual_private_cloud_config.rst:802
# b947ba8a391e4148ae31611b4dd8a083
# 97f4415d522c4cd0bcb3fccbe14ce6bb
# 3ee1ffc35ae4421ab543c330faa61f59
msgid "The following options are displayed."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:531
# 0486f473e9e3414bb92b039e48b87494
msgid "Select Private Gateways."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:533
# a70922624b2b4f53abab8e82e8145edb
msgid "The Gateways page is displayed."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:535
# 997a7c9466244a49a73f4b7b36f80498
msgid "Click Add new gateway:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:537
# 46ae796875074a9bb87aa12a389ff481
msgid "|add-new-gateway-vpc.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:541
# 2bdb16a51b0c4b0ebc5ecc1fe2301931
msgid "**Physical Network**: The physical network you have created in the zone."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:544
# 40e19742c3d6491ba0358d3376dca15c
msgid "**IP Address**: The IP address associated with the VPC gateway."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:546
# b992f8b2e26749a7b8eb0483fbe18516
msgid "**Gateway**: The gateway through which the traffic is routed to and from the VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:549
# 08b7e18cfef146d5aac5e3a932b9ceee
msgid "**Netmask**: The netmask associated with the VPC gateway."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:551
# 17bf2c0bfeb849c286ef214c11472b88
msgid "**VLAN**: The VLAN associated with the VPC gateway."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:553
# 7c787d4d6da0489494c04559abeb12bb
msgid "**Source NAT**: Select this option to enable the source NAT service on the VPC private gateway."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:556
# d3c83ba870aa46f481f5b326130c542f
msgid "See \":ref:`source-nat-priv-gw`\"."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:558
# d19b3a39546842e5a175f1e7e7819cef
msgid "**ACL**: Controls both ingress and egress traffic on a VPC private gateway. By default, all the traffic is blocked."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:561
# eb9e7232fbad4dc5b0bae719d0592256
msgid "See \":ref:`acl-priv-gw`\"."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:563
# 7aa9fc8200334aa4901dc0974c908c27
msgid "The new gateway appears in the list. You can repeat these steps to add more gateway for this VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:570
# 2b0ce92e7bed418b936208b7bad7d5b7
msgid "Source NAT on Private Gateway"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:572
# fe7ed22a9393446c9cc5ad4d4cd5edc3
msgid "You might want to deploy multiple VPCs with the same super CIDR and guest tier CIDR. Therefore, multiple guest VMs from different VPCs can have the same IPs to reach a enterprise data center through the private gateway. In such cases, a NAT service need to be configured on the private gateway to avoid IP conflicts. If Source NAT is enabled, the guest VMs in VPC reaches the enterprise network via private gateway IP address by using the NAT service."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:580
# 5a711a13a70c4237b78e207150d2aa6b
msgid "The Source NAT service on a private gateway can be enabled while adding the private gateway. On deletion of a private gateway, source NAT rules specific to the private gateway are deleted."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:584
# 63952cd0c2df4a2ba370e8e3f499ebb3
msgid "To enable source NAT on existing private gateways, delete them and create afresh with source NAT."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:591
# ca4ce702729d44de9545633f08b8e2c0
msgid "ACL on Private Gateway"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:593
# f6b347934c2d421d9b87c66c8944a8b9
msgid "The traffic on the VPC private gateway is controlled by creating both ingress and egress network ACL rules. The ACLs contains both allow and deny rules. As per the rule, all the ingress traffic to the private gateway interface and all the egress traffic out from the private gateway interface are blocked."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:599
# 6f1f3b0dd74f4ce594dbb45f33ef48e9
msgid "You can change this default behaviour while creating a private gateway. Alternatively, you can do the following:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:602
#: ../../networking/virtual_private_cloud_config.rst:633
# 8238d9adc04246d9a930b0b546fc0dc4
# b52342a1c90a4d8588ad601a3cb95384
msgid "In a VPC, identify the Private Gateway you want to work with."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:604
# d0331cbe6cb343e9baeed7ebabf6898b
msgid "In the Private Gateway page, do either of the following:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:606
# d004af9551994806b983a6b59283779b
msgid "Use the Quickview. See 3."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:608
# 40cc4d8cf410478e812d5cb50a621341
msgid "Use the Details tab. See 4 through ."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:610
# 6d609b2091244d7ca3405dc4269efe6f
msgid "In the Quickview of the selected Private Gateway, click Replace ACL, select the ACL rule, then click OK"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:613
# 83b99b7439014125a36b48a6b0a7f80e
msgid "Click the IP address of the Private Gateway you want to work with."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:615
# 14187251994f4a8c8ccffac034d839d3
msgid "In the Detail tab, click the Replace ACL button. |replace-acl-icon.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:618
# 9dbebf0df0394108a99bc5c305a172cb
msgid "The Replace ACL dialog is displayed."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:620
# ec9140575d1943d0b76f6536f0862e43
msgid "select the ACL rule, then click OK."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:622
# a324b1ff2ee443c885f67b4510b32b3e
msgid "Wait for few seconds. You can see that the new ACL rule is displayed in the Details page."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:627
# 9a47b3e0d1cf4da0990cb87352ca3de5
msgid "Creating a Static Route"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:629
# e189527e17704f7cab4e4e21f6b2549f
msgid "CloudStack enables you to specify routing for the VPN connection you create. You can enter one or CIDR addresses to indicate which traffic is to be routed back to the gateway."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:635
# b95c782aec15430ab351080cb9dc47ba
msgid "In the Private Gateway page, click the IP address of the Private Gateway you want to work with."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:638
# f62c207d59b144dd8e5724167fb00821
msgid "Select the Static Routes tab."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:640
# 98e5544022bb4cf39452861c830d9665
msgid "Specify the CIDR of destination network."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:644
# 35f9f527d4364d4db2faefcd92d3a394
msgid "Wait for few seconds until the new route is created."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:648
# f5f80f387b5246caa603111d30dcfab7
msgid "Denylisting Routes"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:650
# 8515025cd30a4b30b46f527ea9be5b2b
msgid "CloudStack enables you to block a list of routes so that they are not assigned to any of the VPC private gateways. Specify the list of routes that you want to denylist in the ``denied.routes`` global parameter. Note that the parameter update affects only new static route creations. If you block an existing static route, it remains intact and continue functioning. You cannot add a static route if the route is denied for the zone."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:660
# 0a8f5a5461c9432188d46d5dc80a91a0
msgid "Deploying VMs to the Tier"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:674
# ad6ac67751dc4a668c90b3901921cecf
msgid "The VPC page is displayed where all the tiers you have created are listed."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:677
# 8da453ba01704444966e4877573b0073
msgid "Click Virtual Machines tab of the tier to which you want to add a VM."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:679
# 7564a13e0be543f29abd89bd7ef0c987
msgid "|add-vm-vpc.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:681
# ceb06d16d0d545d79a24d120e0cc1557
msgid "The Add Instance page is displayed."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:683
# e0c2b5aaefda4e768eca34fdf762257c
msgid "Follow the on-screen instruction to add an instance. For information on adding an instance, see the Installation Guide."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:688
# 23b31383376b429ab397c708f57a73bb
msgid "Deploying VMs to VPC Tier and Shared Networks"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:690
# 2bac09bc2c4a4906abd70bb5d83a5111
msgid "CloudStack allows you deploy VMs on a VPC tier and one or more shared networks. With this feature, VMs deployed in a multi-tier application can receive monitoring services via a shared network provided by a service provider."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:695
# e86ba5c678024942ba0da9ff54dd94ae
msgid "Log in to the CloudStack UI as an administrator."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:697
# 50b2ea4e91a94d79b91efe6ba058dadd
msgid "In the left navigation, choose Instances."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:699
# 0f4af44df518497191f2b3af865061d2
msgid "Click Add Instance."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:701
# a5a3bb272f26416fa231be8972453e35
msgid "Select a zone."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:703
# 51a5385be8d5470b859a693b22b5c52b
msgid "Select a template or ISO, then follow the steps in the wizard."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:705
# bb1283c54a10494a96923abd8273c452
msgid "Ensure that the hardware you have allows starting the selected service offering."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:708
# afcf609fa1fb4cc5a296c5eb20e7c9f5
msgid "Under Networks, select the desired networks for the VM you are launching."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:711
# f749aa3668cd4b44bb2ebeff764f56dd
msgid "You can deploy a VM to a VPC tier and multiple shared networks."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:713
# b0aa4f80622f4438a373dce39b0c6537
msgid "|addvm-tier-sharednw.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:715
# d3d95e78e214447ab42817d669d4fb61
msgid "Click Next, review the configuration and click Launch."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:717
# 2f1d867de64e4eef8f377943f7f76f2b
msgid "Your VM will be deployed to the selected VPC tier and shared network."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:721
# 5dfeffe5b39b420b8932120cf5a86f75
msgid "Acquiring a New IP Address for a VPC"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:723
# 31693458308e43659d6be92a4f78c332
msgid "When you acquire an IP address, all IP addresses are allocated to VPC, not to the guest networks within the VPC. The IPs are associated to the guest network only when the first port-forwarding, load balancing, or Static NAT rule is created for the IP or the network. IP can't be associated to more than one network at a time."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:766
# 075db32f8684487ebf86e97f17da3fb0
msgid "Select IP Addresses."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:768
# ca26d66e3c0644258b7e33c973c87793
msgid "The Public IP Addresses page is displayed."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:770
# 501fe4755a8a4045952f5337c4e34ad3
msgid "Click Acquire New IP, and click Yes in the confirmation dialog."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:772
# 6654947db0c74b30bedc7c3644dad688
msgid "You are prompted for confirmation because, typically, IP addresses are a limited resource. Within a few moments, the new IP address should appear with the state Allocated. You can now use the IP address in port forwarding, load balancing, and static NAT rules."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:779
# 8c7d4d3811bd4e5a9cdc8fd5b9fc07a4
msgid "Releasing an IP Address Alloted to a VPC"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:781
# fa1d68cb193b4e8186bc44093bb34441
msgid "The IP address is a limited resource. If you no longer need a particular IP, you can disassociate it from its VPC and return it to the pool of available addresses. An IP address can be released from its tier, only when all the networking ( port forwarding, load balancing, or StaticNAT ) rules are removed for this IP address. The released IP address will still belongs to the same VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:797
# 2ce137b1395747dc8e893c80bcda0e22
msgid "Click the Configure button of the VPC whose IP you want to release."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:824
# 9fd161045cbe45a281c9d8e874926856
msgid "Select Public IP Addresses."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:828
# 5efdb9a8c3284fe195862d5624cd2ad7
msgid "Click the IP you want to release."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:830
# 2a495a61f8ae472bb5500bb1d609c595
msgid "In the Details tab, click the Release IP button |release-ip-icon.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:836
# 0d6369bc16a24d93ab131097fa1c26d0
msgid "Enabling or Disabling Static NAT on a VPC"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:838
# ca62a217246f4a06a8d12965cdfa849c
msgid "A static NAT rule maps a public IP address to the private IP address of a VM in a VPC to allow Internet traffic to it. This section tells how to enable or disable static NAT for a particular IP address in a VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:863
# 2b8f37a180cf44aabf4c1102171a0a0f
msgid "For each tier, the following options are displayed."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:889
# 27a3e8f27ef74f348d38e0a750d4b22d
msgid "Click the IP you want to work with."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:891
# cdf3e4bc65504a1ba280c33c311c5ff3
msgid "In the Details tab,click the Static NAT button. |enable-disable.png| The button toggles between Enable and Disable, depending on whether static NAT is currently enabled for the IP address."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:896
# 5d57c9b6170d475cb726d63bd8a7d4b4
msgid "If you are enabling static NAT, a dialog appears as follows:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:898
# 8652f2ad4f894964b5749224fa457264
msgid "|select-vmstatic-nat.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:900
# 8642184696854f59a8be93ce090ef2fb
msgid "Select the tier and the destination VM, then click Apply."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:904
# 3f81050b54e046ce8e1509efface1df4
msgid "Adding Load Balancing Rules on a VPC"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:906
# 64775e05d52c4fd68cdf87d2e24c802f
msgid "In a VPC, you can configure two types of load balancing: external LB and internal LB. External LB is nothing but a LB rule created to redirect the traffic received at a public IP of the VPC virtual router. The traffic is load balanced within a tier based on your configuration. Citrix NetScaler and VPC virtual router are supported for external LB. When you use internal LB service, traffic received at a tier is load balanced across different VMs within that tier. For example, traffic reached at Web tier is redirected to another VM in that tier. External load balancing devices are not supported for internal LB. The service is provided by a internal LB VM configured on the target tier."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:919
# 5f34d7b800174adea102238371bbf537
msgid "Load Balancing Within a Tier (External LB)"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:921
# 060c73cf4ee8497d961587b4e5e88f8e
msgid "A CloudStack user or administrator may create load balancing rules that balance traffic received at a public IP to one or more VMs that belong to a network tier that provides load balancing service in a VPC. A user creates a rule, specifies an algorithm, and assigns the rule to a set of VMs within a tier."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:929
# e988811e64294d9690e628d0a32d6f6e
msgid "Enabling NetScaler as the LB Provider on a VPC Tier"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:931
# 1a47a4579a094d95b8a0de664ef21a91
msgid "Add and enable Netscaler VPX in dedicated mode."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:933
# 9cd82ffd68b24939ae095006b094d212
msgid "Netscaler can be used in a VPC environment only if it is in dedicated mode."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:936
# b3484bb76994414e9ea417121e40d040
msgid "Create a network offering, as given in \":ref:`create-net-offering-ext-lb`\"."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:938
# 121f69be457f40c5a9230d5ea3592bfb
msgid "Create a VPC with Netscaler as the Public LB provider."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:940
# e3da4dec088145cdab1337246f694c25
msgid "For more information, see `\"Adding a Virtual Private Cloud\" <#adding-a-virtual-private-cloud>`_."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:943
# a9a66b4ea7f240caa72b7230eb594dca
msgid "For the VPC, acquire an IP."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:945
# 41f7df1af1ff4bd8b55750efc9e38211
msgid "Create an external load balancing rule and apply, as given in :ref:`create-ext-lb-rule`."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:952
# 6f16d85076c347eb9f22335560475ef4
msgid "Creating a Network Offering for External LB"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:954
# 709e2fd0e27745f68f26028a48c613a5
msgid "To have external LB support on VPC, create a network offering as follows:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:957
#: ../../networking/virtual_private_cloud_config.rst:1163
# 76d5fee0b6ef4598b2f4f80ee690c974
# 80171134c89b4246b8e6d948ddf36a21
msgid "Log in to the CloudStack UI as a user or admin."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:959
#: ../../networking/virtual_private_cloud_config.rst:1165
# d6358f1cb80b45c6becf012d6670f0ff
# 19877c93762c4d95b38bfafc90fc110c
msgid "From the Select Offering drop-down, choose Network Offering."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:963
#: ../../networking/virtual_private_cloud_config.rst:1169
# 34b1dc57da234cfcbef32cbb10126c3c
# 1bba2b0d34da443ea11b5a194c8a3b59
msgid "In the dialog, make the following choices:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:965
#: ../../networking/virtual_private_cloud_config.rst:1171
# 86e34c74e6134c7bb7c04554bfed9df0
# 4e3f1479665d42f78ead497e7f965f00
msgid "**Name**: Any desired name for the network offering."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:967
#: ../../networking/virtual_private_cloud_config.rst:1173
# c960eb115c114434af67b0fbc25be487
# bc5490caeeff4328865c3f318b98cfee
msgid "**Description**: A short description of the offering that can be displayed to users."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:970
#: ../../networking/virtual_private_cloud_config.rst:1176
# 84e47db19f574c3ba5d0b2f1154fbc45
# 93388787993544a4901e262399be3022
msgid "**Network Rate**: Allowed data transfer rate in MB per second."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:972
#: ../../networking/virtual_private_cloud_config.rst:1178
# 816b6192dc2f4e3ca02aeb6804edb355
# 27411d0400294e9ba1bfb67609002343
msgid "**Traffic Type**: The type of network traffic that will be carried on the network."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:975
#: ../../networking/virtual_private_cloud_config.rst:1181
# c74a767bceed4a628199500712d7c8c7
# eb0786cb716a4706a211b3b6088bb4b9
msgid "**Guest Type**: Choose whether the guest network is isolated or shared."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:978
#: ../../networking/virtual_private_cloud_config.rst:1184
# c522088c1c6e47d79f06f5fe842e40ee
# 0aea3f7e943e49b291046f8fc45d6484
msgid "**Persistent**: Indicate whether the guest network is persistent or not. The network that you can provision without having to deploy a VM on it is termed persistent network."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:982
#: ../../networking/virtual_private_cloud_config.rst:1188
# b84887ec1f6c4513aa057f3a630484a1
# 930505e9acaa4d9193047e12ab7c3a3e
msgid "**VPC**: This option indicate whether the guest network is Virtual Private Cloud-enabled. A Virtual Private Cloud (VPC) is a private, isolated part of CloudStack. A VPC can have its own virtual network topology that resembles a traditional physical network. For more information on VPCs, see `\"About Virtual Private Clouds\" <#about-virtual-private-clouds>`_."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:988
#: ../../networking/virtual_private_cloud_config.rst:1195
# ed834a8fdce7467eb36d015cba5a8227
# dbc9e89b121148e296344a7619ca01db
msgid "**Specify VLAN**: (Isolated guest networks only) Indicate whether a VLAN should be specified when this offering is used."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:991
# 6e7a1944576040bbb72e01310aa2b99d
msgid "**Supported Services**: Select Load Balancer. Use Netscaler or VpcVirtualRouter."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:994
# 89f5557a4a6546158f9fdc778ad029c1
msgid "**Load Balancer Type**: Select Public LB from the drop-down."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:996
# 7a932d710a9843c0af0b0cf4522a5284
msgid "**LB Isolation**: Select Dedicated if Netscaler is used as the external LB provider."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:999
#: ../../networking/virtual_private_cloud_config.rst:1203
# 4ac8eb66ecab474195206ca9dd076d42
# fe97ea397c194e4284760800bee72bea
msgid "**System Offering**: Choose the system service offering that you want virtual routers to use in this network."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1002
#: ../../networking/virtual_private_cloud_config.rst:1206
# fdf046b7980844e19139feacede80d66
# 6f5f9241b8e1492a846b95d1bf8c9fe1
msgid "**Conserve mode**: Indicate whether to use conserve mode. In this mode, network resources are allocated only when the first virtual machine starts in the network."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1006
#: ../../networking/virtual_private_cloud_config.rst:1210
# d3ed6db3fe1745b78b2b927bc7d01a53
# c9781285467f4ad1b249ead320965229
msgid "Click OK and the network offering is created."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1012
# 88f68116cf4240d1b534cf9122dca89d
msgid "Creating an External LB Rule"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1023
# 08a7150e85df4a9f8efd234f87de819b
msgid "Click the Configure button of the VPC, for which you want to configure load balancing rules."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1026
#: ../../networking/virtual_private_cloud_config.rst:1239
# ea4d0a7fdac64d889620ae55b699113e
# 0d81aa1b316a4977838e69024fa1072a
msgid "The VPC page is displayed where all the tiers you created listed in a diagram."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1060
#: ../../networking/virtual_private_cloud_config.rst:1328
# a5ab0f5fbd054d0790aeb9802997b2d0
# 5ff05892aa8e4255bd7bc42730f2c699
msgid "Select the tier to which you want to apply the rule."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1066
# ef5c662d47e24cd2bd98a84a97bf37cd
msgid "**Public Port**: The port that receives the incoming traffic to be balanced."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1072
#: ../../networking/virtual_private_cloud_config.rst:1268
# 36f023f1ff9f4854a6413a29e48a1be5
# 4842c5ef77d840658853291a3ee85181
msgid "**Algorithm**. Choose the load balancing algorithm you want CloudStack to use. CloudStack supports the following well-known algorithms:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1078
#: ../../networking/virtual_private_cloud_config.rst:1274
# 70c9123d5f194ebf9c345f9ad993cdc0
# 7ac4ebb233324a8eb27698cc7a04a5be
msgid "Least connections"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1080
#: ../../networking/virtual_private_cloud_config.rst:1276
# 23d0139cefac4b7a805b0d7e4a1a43e5
# 7eeb60a40f294f1dacce7d723e8e193c
msgid "Source"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1082
# 75a5279c04344957bc0a080be77c8274
msgid "**Stickiness**. (Optional) Click Configure and choose the algorithm for the stickiness policy. See Sticky Session Policies for Load Balancer Rules."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1086
# 43d9888e2f9440e984b9541afc588eea
msgid "**Add VMs**: Click Add VMs, then select two or more VMs that will divide the load of incoming traffic, and click Apply."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1089
# 59f6f69006154b2f8ce3eb5d9e9e5351
msgid "The new load balancing rule appears in the list. You can repeat these steps to add more load balancing rules for this IP address."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1094
# b829d10e71d44f6eae3ea7663c35f418
msgid "Load Balancing Across Tiers"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1096
# ee38327ce5984aab9e56b1a4096f683f
msgid "CloudStack supports sharing workload across different tiers within your VPC. Assume that multiple tiers are set up in your environment, such as Web tier and Application tier. Traffic to each tier is balanced on the VPC virtual router on the public side, as explained in `\"Adding Load Balancing Rules on a VPC\" <#adding-load-balancing-rules-on-a-vpc>`_. If you want the traffic coming from the Web tier to the Application tier to be balanced, use the internal load balancing feature offered by CloudStack."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1107
# d83d8db5511d4aba8c9c4efd61e0f5e6
msgid "How Does Internal LB Work in VPC?"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1109
# c710a43f15e34b5ab71f20ea2709e950
msgid "In this figure, a public LB rule is created for the public IP 72.52.125.10 with public port 80 and private port 81. The LB rule, created on the VPC virtual router, is applied on the traffic coming from the Internet to the VMs on the Web tier. On the Application tier two internal load balancing rules are created. An internal LB rule for the guest IP 10.10.10.4 with load balancer port 23 and instance port 25 is configured on the VM, InternalLBVM1. Another internal LB rule for the guest IP 10.10.10.4 with load balancer port 45 and instance port 46 is configured on the VM, InternalLBVM1. Another internal LB rule for the guest IP 10.10.10.6, with load balancer port 23 and instance port 25 is configured on the VM, InternalLBVM2."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1121
# 37cf27e0f1d34d6eb0aed4b83bbd2b4c
msgid "|vpc-lb.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1127
# 2ebee5edba904c0a9de6b022c5d1e3d8
msgid "Internal LB and Public LB are mutually exclusive on a tier. If the tier has LB on the public side, then it can't have the Internal LB."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1130
# 82754be2930f483c83607cde35e73470
msgid "Internal LB is supported just on VPC networks in CloudStack 4.2 release."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1133
# a8769b5a4a9e48caab6c9ecc82e77234
msgid "Only Internal LB VM can act as the Internal LB provider in CloudStack 4.2 release."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1136
# b076139f831c4e3ba6417259ac863de8
msgid "Network upgrade is not supported from the network offering with Internal LB to the network offering with Public LB."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1139
# 969d6f5939874bca859151e7d0d68447
msgid "Multiple tiers can have internal LB support in a VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1141
# 67372cabb36b437a8232a78a78f08515
msgid "Only one tier can have Public LB support in a VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1145
# 69768caec218466dafc06876ae8e797f
msgid "Enabling Internal LB on a VPC Tier"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1147
# daf581a704674dc287b6516c737b20e9
msgid "Create a network offering, as given in :ref:`creating-net-offering-internal-lb`."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1150
# a3b6f09db9e44bc597c6dd364de8f2ec
msgid "Create an internal load balancing rule and apply, as given in :ref:`create-int-lb-rule`."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1157
# e6d4695c11f545a09e177701ad41e3c4
msgid "Creating a Network Offering for Internal LB"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1159
# b711b583939045f2b881dd3d65a60666
msgid "To have internal LB support on VPC, either use the default offering, DefaultIsolatedNetworkOfferingForVpcNetworksWithInternalLB, or create a network offering as follows:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1198
# 3248edb0427641c389adc91e927709f9
msgid "**Supported Services**: Select Load Balancer. Select ``InternalLbVM`` from the provider list."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1201
# e7e35dcafc134423bff098fbd63e22e9
msgid "**Load Balancer Type**: Select Internal LB from the drop-down."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1216
# 56e0a94386164762912004a783f992e4
msgid "Creating an Internal LB Rule"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1218
# 89853887164549829b5d2bf60bd1820d
msgid "When you create the Internal LB rule and applies to a VM, an Internal LB VM, which is responsible for load balancing, is created."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1221
# 353f381499f141628587960d6e26f5b0
msgid "You can view the created Internal LB VM in the Instances page if you navigate to **Infrastructure** > **Zones** > <zone\\_ name> > <physical\\_network\\_name> > **Network Service Providers** > **Internal LB VM**. You can manage the Internal LB VMs as and when required from the location."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1236
# 695b01da42ba4aafa25052faf19cfb61
msgid "Locate the VPC for which you want to configure internal LB, then click Configure."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1242
# 353f4dce86ad490c9f02ffb55550faf1
msgid "Locate the Tier for which you want to configure an internal LB rule, click Internal LB."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1245
# 2950ef7334d8445db81781a662805752
msgid "In the Internal LB page, click Add Internal LB."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1247
# c7bb9deb227d41a08b2d4a17f0c56272
msgid "In the dialog, specify the following:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1251
# acee91ffe73343149992e4445c25639d
msgid "**Description**: A short description of the rule that can be displayed to users."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1254
# 21c16720a2424baba66dd99f17596511
msgid "**Source IP Address**: (Optional) The source IP from which traffic originates. The IP is acquired from the CIDR of that particular tier on which you want to create the Internal LB rule. If not specified, the IP address is automatically allocated from the network CIDR."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1260
# 09ee6ad213fe4332930cd10d34913eba
msgid "For every Source IP, a new Internal LB VM is created for load balancing."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1263
# d79a0aa56c2d43a99118d61cdee35de5
msgid "**Source Port**: The port associated with the source IP. Traffic on this port is load balanced."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1266
# 2aa21466b141411194bccbfbce825ad3
msgid "**Instance Port**: The port of the internal LB VM."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1280
# 519302d094284d71b5c6fb38328a1324
msgid "Adding a Port Forwarding Rule on a VPC"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1338
# 8637eb165f5a4accba725d09dc0f0a2b
msgid "**Protocol**: The communication protocol in use between the two ports."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1341
# 6acdc3f1bfe647e8bc3f77d1c6ebe7cc
msgid "TCP"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1343
# a94613fd8a23416cbcd8dddc6013a988
msgid "UDP"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1345
# 10549636e52849679931a001d1d335eb
msgid "**Add VM**: Click Add VM. Select the name of the instance to which this rule applies, and click Apply."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1348
# 5be772f552314f2d8e9cee0ff65bf489
msgid "You can test the rule by opening an SSH session to the instance."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1352
# e0d8c785784b42e5b872d0d1e0e01fc8
msgid "Removing Tiers"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1354
# 7568184600d04040b5e2be7097d75720
msgid "You can remove a tier from a VPC. A removed tier cannot be revoked. When a tier is removed, only the resources of the tier are expunged. All the network rules (port forwarding, load balancing and staticNAT) and the IP addresses associated to the tier are removed. The IP address still be belonging to the same VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1372
# f487d939ba954e449d7080e7517574a6
msgid "The Configure VPC page is displayed. Locate the tier you want to work with."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1375
# c7fbdf1d685a4919a2ea4a0624d9d045
msgid "Select the tier you want to remove."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1377
# f5493869c62248649482971d798e37ca
msgid "In the Network Details tab, click the Delete Network button. |del-tier.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1380
# aa755672baae4d7697f96b16039da071
msgid "Click Yes to confirm. Wait for some time for the tier to be removed."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1384
# 9b44d6e7259c4c4d88ddd3fbec0511de
msgid "Editing, Restarting, and Removing a Virtual Private Cloud"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1386
# a72ab3649f44452fad64ca5e5c27699f
msgid "Ensure that all the tiers are removed before you remove a VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1397
# 528e37d6eed24e24a482eda24bba84b4
msgid "Select the VPC you want to work with."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1399
# 85aecab9e0aa42e285e0946a9b7fc270
msgid "In the Details tab, click the Remove VPC button |remove-vpc.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1401
# d499762e52f543f7a82c853e728a5516
msgid "You can remove the VPC by also using the remove button in the Quick View."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1404
# db5c63c401ed457d8296666c3e708e2b
msgid "You can edit the name and description of a VPC. To do that, select the VPC, then click the Edit button. |vpc-edit-icon.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1407
# 85223757733c41afac7e59be10812ad4
msgid "To restart a VPC, select the VPC, then click the Restart button. |restart-vpc.png|"
msgstr ""

#: ../../networking/persistent_networks.rst:18
# c73707abeeee4762af99c2fe10074730
msgid "Persistent Networks"
msgstr ""

#: ../../networking/persistent_networks.rst:20
# f57736d14d734e409d67507b6128fbec
msgid "The network that you can provision without having to deploy any VMs on it is called a persistent network. A persistent network can be part of a VPC or a non-VPC environment."
msgstr ""

#: ../../networking/persistent_networks.rst:24
# ce6fd8a3ec00423d86e7ba4f4cba6189
msgid "When you create other types of network, a network is only a database entry until the first VM is created on that network. When the first VM is created, a VLAN ID is assigned and the network is provisioned. Also, when the last VM is destroyed, the VLAN ID is released and the network is no longer available. With the addition of persistent network, you will have the ability to create a network in CloudStack in which physical devices can be deployed without having to run any VMs. Additionally, you can deploy physical devices on that network."
msgstr ""

#: ../../networking/persistent_networks.rst:33
# 6fcce92beeff40cb864882157e6e38eb
msgid "One of the advantages of having a persistent network is that you can create a VPC with a tier consisting of only physical devices. For example, you might create a VPC for a three-tier application, deploy VMs for Web and Application tier, and use physical machines for the Database tier. Another use case is that if you are providing services by using physical hardware, you can define the network as persistent and therefore even if all its VMs are destroyed the services will not be discontinued."
msgstr ""

#: ../../networking/persistent_networks.rst:44
# 2967de4df3df472abd55988c65ca1c07
msgid "Persistent Network Considerations"
msgstr ""

#: ../../networking/persistent_networks.rst:46
# 4091d1efe69a4148864ddea8b1361e5f
msgid "Persistent network is designed for isolated networks."
msgstr ""

#: ../../networking/persistent_networks.rst:48
# 153b60917c5c49d3982f1098e01b59b7
msgid "All default network offerings are non-persistent."
msgstr ""

#: ../../networking/persistent_networks.rst:50
# 77c3328fec084f13967871c9b7123076
msgid "A network offering cannot be editable because changing it affects the behavior of the existing networks that were created using this network offering."
msgstr ""

#: ../../networking/persistent_networks.rst:54
# 06bccf901e8a4ee8be58f15bfd579e68
msgid "When you create a guest network, the network offering that you select defines the network persistence. This in turn depends on whether persistent network is enabled in the selected network offering."
msgstr ""

#: ../../networking/persistent_networks.rst:58
# d92b9c95102f488ba671717466ac055f
msgid "An existing network can be made persistent by changing its network offering to an offering that has the Persistent option enabled. While setting this property, even if the network has no running VMs, the network is provisioned."
msgstr ""

#: ../../networking/persistent_networks.rst:63
# ef669f1e80be470eb1e8a8db355b2d4a
msgid "An existing network can be made non-persistent by changing its network offering to an offering that has the Persistent option disabled. If the network has no running VMs, during the next network garbage collection run the network is shut down."
msgstr ""

#: ../../networking/persistent_networks.rst:68
# 007f1cc1aa7c42f8a66e3fb305143475
msgid "When the last VM on a network is destroyed, the network garbage collector checks if the network offering associated with the network is persistent, and shuts down the network only if it is non-persistent."
msgstr ""

#: ../../networking/persistent_networks.rst:75
# 4d27044c9aad4e059509066b13f9dc3a
msgid "Creating a Persistent Guest Network"
msgstr ""

#: ../../networking/persistent_networks.rst:77
# 30f307ec95db44a0b8c70317f2a9c100
msgid "To create a persistent network, perform the following:"
msgstr ""

#: ../../networking/persistent_networks.rst:79
# f479c47b1f454044bc8c2e67d6f14f0a
msgid "Create a network offering with the Persistent option enabled."
msgstr ""

#: ../../networking/persistent_networks.rst:81
# 08ed25ddd4a8403e98bddb19816af5cf
msgid "See `\"Creating a New Network Offering\" <networking.html#creating-a-new-network-offering>`_."
msgstr ""

#: ../../networking/persistent_networks.rst:84
# fd6c23139519494b901a461ef6fd445e
msgid "Select Network from the left navigation pane."
msgstr ""

#: ../../networking/persistent_networks.rst:86
# 92c525d55a6643c6a9f89f6b1ee2ff2e
msgid "Select the guest network that you want to offer this network service to."
msgstr ""

#: ../../networking/persistent_networks.rst:89
# 7c5a5842cf864317a92199d463521c9f
msgid "Click the Edit button."
msgstr ""

#: ../../networking/persistent_networks.rst:91
# 552f67c193a3437586fc226221b340e3
msgid "From the Network Offering drop-down, select the persistent network offering you have just created."
msgstr ""

#: ../../networking/palo_alto_config.rst:18
# 4cd6d99517e445589fe0847cd2035e84
msgid "Setup a Palo Alto Networks Firewall"
msgstr ""

#: ../../networking/palo_alto_config.rst:22
# a25de960bb5944a9a2ffe54913707ab8
msgid "Functionality Provided"
msgstr ""

#: ../../networking/palo_alto_config.rst:24
# c9b058343ea14748825cfcc53a551dcf
msgid "This implementation enables the orchestration of a Palo Alto Networks Firewall from within CloudStack UI and API."
msgstr ""

#: ../../networking/palo_alto_config.rst:27
# 0f204dd9374d4ca281f9fa055813bcb0
msgid "**The following features are supported**:"
msgstr ""

#: ../../networking/palo_alto_config.rst:29
# 0a04c861f9c64663836468cf37783f6d
msgid "List/Add/Delete Palo Alto Networks service provider"
msgstr ""

#: ../../networking/palo_alto_config.rst:31
# f032d6431c414cb3bbb06b959df9a121
msgid "List/Add/Delete Palo Alto Networks network service offering"
msgstr ""

#: ../../networking/palo_alto_config.rst:33
# c1ad64a629ce42868368c8787dd4f3b8
msgid "List/Add/Delete Palo Alto Networks network using the above service offering"
msgstr ""

#: ../../networking/palo_alto_config.rst:35
# 983ec08ac8f442c580217a2a2fb8a596
msgid "Add an instance to a Palo Alto Networks network"
msgstr ""

#: ../../networking/palo_alto_config.rst:37
# 3ad3b15459c64a6eae255957c08316de
msgid "Source NAT management on network create and delete"
msgstr ""

#: ../../networking/palo_alto_config.rst:39
# 452d433b69644504b60597d2c0abd868
msgid "List/Add/Delete Ingress Firewall rule"
msgstr ""

#: ../../networking/palo_alto_config.rst:41
# 0a537c6e22f5405a970698d492049bda
msgid "List/Add/Delete Egress Firewall rule (both 'Allow' and 'Deny' default rules supported)"
msgstr ""

#: ../../networking/palo_alto_config.rst:44
# 6df7942d9fdd4433a02767a4b6bbd97a
msgid "List/Add/Delete Port Forwarding rule"
msgstr ""

#: ../../networking/palo_alto_config.rst:46
# 5adfa913867943e9a5334e717ba621b6
msgid "List/Add/Delete Static NAT rule"
msgstr ""

#: ../../networking/palo_alto_config.rst:48
# 9073fd9f1c574f99830d3323ff81b059
msgid "Apply a Threat Profile to all firewall rules (more details in the Additional Features section)"
msgstr ""

#: ../../networking/palo_alto_config.rst:51
# de1483044bfa4bb6a8d75e7825ab54af
msgid "Apply a Log Forwarding profile to all firewall rules (more details in the Additional Features section)"
msgstr ""

#: ../../networking/palo_alto_config.rst:57
# bb979ee8007748adb71a5a35c819303f
msgid "Initial Palo Alto Networks Firewall Configuration"
msgstr ""

#: ../../networking/palo_alto_config.rst:60
# 933f635eb00e45d291ea9b284dde50c8
msgid "Anatomy of the Palo Alto Networks Firewall"
msgstr ""

#: ../../networking/palo_alto_config.rst:62
# 6c130d9bd83d4265aa57e471d8849d87
msgid "In **'Network > Interfaces'** there is a list of physical interfaces as well as aggregated physical interfaces which are used for managing traffic in and out of the Palo Alto Networks Firewall device."
msgstr ""

#: ../../networking/palo_alto_config.rst:66
# f3ed9b3a42c94267a7aa3c8799d6f2d4
msgid "In **'Network > Zones'** there is a list of the different configuration zones.  This implementation will use two zones; a public (defaults to 'untrust') and private (defaults to 'trust') zone."
msgstr ""

#: ../../networking/palo_alto_config.rst:70
# 702c5d78734a4fb8ad9bdde0f6fe0fa8
msgid "In **'Network > Virtual Routers'** there is a list of VRs which handle traffic routing for the Palo Alto Firewall.  We only use a single Virtual Router on the firewall and it is used to handle all the routing to the next network hop."
msgstr ""

#: ../../networking/palo_alto_config.rst:75
# fa5e01b476f8473cb2cd6dba3c93b26d
msgid "In **'Objects > Security Profile Groups'** there is a list of profiles which can be applied to firewall rules.  These profiles are used to better understand the types of traffic that is flowing through your network. Configured when you add the firewall provider to CloudStack."
msgstr ""

#: ../../networking/palo_alto_config.rst:80
# 6ec861ebd15247b2a9d647243d07b9dc
msgid "In **'Objects > Log Forwarding'** there is a list of profiles which can be applied to firewall rules.  These profiles are used to better track the logs generated by the firewall.  Configured when you add the firewall provider to CloudStack."
msgstr ""

#: ../../networking/palo_alto_config.rst:85
# 10bd8a298e9b4499a4e2b8158b2781ec
msgid "In **'Policies > Security'** there is a list of firewall rules that are currently configured.  You will not need to modify this section because it will be completely automated by CloudStack, but you can review the firewall rules which have been created here."
msgstr ""

#: ../../networking/palo_alto_config.rst:90
# 5deafeaa993b405cafa909f5c07398af
msgid "In **'Policies > NAT'** there is a list of the different NAT rules.  You will not need to modify this section because it will be completely automated by CloudStack, but you can review the different NAT rules that have been created here.  Source NAT, Static NAT and Destination NAT (Port Forwarding) rules will show up in this list."
msgstr ""

#: ../../networking/palo_alto_config.rst:99
# 97d928354c784496b323810668db7981
msgid "Configure the Public / Private Zones on the firewall"
msgstr ""

#: ../../networking/palo_alto_config.rst:101
# fc57f3d20fc6497093dfee06aed841b5
msgid "No manual configuration is required to setup these zones because CloudStack will configure them automatically when you add the Palo Alto Networks firewall device to CloudStack as a service provider.  This implementation depends on two zones, one for the public side and one for the private side of the firewall."
msgstr ""

#: ../../networking/palo_alto_config.rst:107
# 5dc660fae9f340ae9d54c5ba27bccdc1
msgid "The public zone (defaults to 'untrust') will contain all of the public interfaces and public IPs."
msgstr ""

#: ../../networking/palo_alto_config.rst:110
# af5503e4adbb4dff94c7db0cbfeda2b0
msgid "The private zone (defaults to 'trust') will contain all of the private interfaces and guest network gateways."
msgstr ""

#: ../../networking/palo_alto_config.rst:113
# 0c1f328f71d949568997a16e0ee29ebb
msgid "The NAT and firewall rules will be configured between these zones."
msgstr ""

#: ../../networking/palo_alto_config.rst:118
# 4edccd68911e4eb8ad8d16aae69c40c7
msgid "Configure the Public / Private Interfaces on the firewall"
msgstr ""

#: ../../networking/palo_alto_config.rst:120
# 7b5d71324ae94b4eb1345496cb5fc980
msgid "This implementation supports standard physical interfaces as well as grouped physical interfaces called aggregated interfaces.  Both standard interfaces and aggregated interfaces are treated the same, so they can be used interchangeably. For this document, we will assume that we are using 'ethernet1/1' as the public interface and 'ethernet1/2' as the private interface.  If aggregated interfaces where used, you would use something like 'ae1' and 'ae2' as the interfaces."
msgstr ""

#: ../../networking/palo_alto_config.rst:128
# ce56405d9b404dd8abcbd2b47dbd6002
msgid "This implementation requires that the 'Interface Type' be set to 'Layer3' for both the public and private interfaces.  If you want to be able to use the 'Untagged' VLAN tag for public traffic in CloudStack, you will need to enable support for it in the public 'ethernet1/1' interface (details below)."
msgstr ""

#: ../../networking/palo_alto_config.rst:133
# e655877c1c3c4268b51d1f17b4d569e1
msgid "**Steps to configure the Public Interface**:"
msgstr ""

#: ../../networking/palo_alto_config.rst:135
#: ../../networking/palo_alto_config.rst:171
#: ../../networking/palo_alto_config.rst:228
# e8057bd4216c433a90d5747562875a83
# e308adb3c6de47c3998377447d260f7e
# 25d30e44808748d2bb2915a15019e45e
msgid "Log into Palo Alto Networks Firewall"
msgstr ""

#: ../../networking/palo_alto_config.rst:137
#: ../../networking/palo_alto_config.rst:230
# 86c58907aa3c4905ac84366e69565cd9
# 9e1f9a8ecebd488e8489f498bfc9409a
msgid "Navigate to 'Network > Interfaces'"
msgstr ""

#: ../../networking/palo_alto_config.rst:139
# d130fc55cd9d49c5a73893a0c995e367
msgid "Click on 'ethernet1/1' (for aggregated ethernet, it will probably be called 'ae1')"
msgstr ""

#: ../../networking/palo_alto_config.rst:142
#: ../../networking/palo_alto_config.rst:155
# 33208ee8235747389e981e3758d7dc4e
# 39345e835bac41baa611bcf824968ff2
msgid "Select 'Layer3' from the 'Interface Type' list"
msgstr ""

#: ../../networking/palo_alto_config.rst:144
# b0867e0d6cb34b75b442b55cfa026322
msgid "Click 'Advanced'"
msgstr ""

#: ../../networking/palo_alto_config.rst:146
# 0c56d4c03cf243f6a1a87f9d8ca7e880
msgid "Check the 'Untagged Subinterface' check-box"
msgstr ""

#: ../../networking/palo_alto_config.rst:148
#: ../../networking/palo_alto_config.rst:157
#: ../../networking/palo_alto_config.rst:193
#: ../../networking/palo_alto_config.rst:195
#: ../../networking/palo_alto_config.rst:265
#: ../../networking/palo_alto_config.rst:339
#: ../../networking/palo_alto_config.rst:388
#: ../../networking/palo_alto_config.rst:426
#: ../../networking/palo_alto_config.rst:455
# 9166a2200b574af9b0ffe071ed3f4b87
# 00c33fde208a445a9be7a319592575fc
# 987a5a8988304ce2896e1879196846a5
# 065cd5ad2daf471ea266f1b0d2fda873
# c3f6ec8691624d8ab74249c07e266983
# 91645da523df4c5ab7b8492737d911f5
# 4240529e3bd14c3ca9c9d3376612f6f7
# d3d09b3543e544f3bddba24c6963e421
# 380b2d7379934a6da1b399eab4d37c07
msgid "Click 'OK'"
msgstr ""

#: ../../networking/palo_alto_config.rst:150
# a53d6716c3174e058cf5ad15298f16e9
msgid "**Steps to configure the Private Interface**:"
msgstr ""

#: ../../networking/palo_alto_config.rst:152
# 3aa72dc4f76541deb400a07b2b6b6787
msgid "Click on 'ethernet1/2' (for aggregated ethernet, it will probably be called 'ae2')"
msgstr ""

#: ../../networking/palo_alto_config.rst:162
# 9be091f2707545c88df4139ff618a457
msgid "Configure a Virtual Router on the firewall"
msgstr ""

#: ../../networking/palo_alto_config.rst:164
# 84d511674355441bbe7dbe76d66c768f
msgid "The Virtual Router on the Palo Alto Networks Firewall is not to be confused with the Virtual Routers that CloudStack provisions.  For this implementation, the Virtual Router on the Palo Alto Networks Firewall will ONLY handle the upstream routing from the Firewall to the next hop."
msgstr ""

#: ../../networking/palo_alto_config.rst:169
# e82ded6aea36475f968637969a284573
msgid "**Steps to configure the Virtual Router**:"
msgstr ""

#: ../../networking/palo_alto_config.rst:173
# 579fa3c360f448d08cbcf3ed1ac4c275
msgid "Navigate to 'Network > Virtual Routers'"
msgstr ""

#: ../../networking/palo_alto_config.rst:175
# c0ff1f9d1a7247718698f44028af33b5
msgid "Select the 'default' Virtual Router or Add a new Virtual Router if there are none in the list"
msgstr ""

#: ../../networking/palo_alto_config.rst:178
# 9d99adc7f2b74c30b6053032d36fabb3
msgid "If you added a new Virtual Router, you will need to give it a 'Name'"
msgstr ""

#: ../../networking/palo_alto_config.rst:180
# feab30a949cd4a22885bd65920931c99
msgid "Navigate to 'Static Routes > IPv4'"
msgstr ""

#: ../../networking/palo_alto_config.rst:182
# ac625a8780de43ed897656d4cfb74bcd
msgid "'Add' a new static route"
msgstr ""

#: ../../networking/palo_alto_config.rst:184
# 472da2053fed453e96fb4acb49fd7e62
msgid "**Name**: next_hop (you can name it anything you want)"
msgstr ""

#: ../../networking/palo_alto_config.rst:186
# cbfb1fb365b04c96b7df8ee388ae85d7
msgid "**Destination**: 0.0.0.0/0 (send all traffic to this route)"
msgstr ""

#: ../../networking/palo_alto_config.rst:188
# cda878dca5164d2f8e01aa0ff2848a96
msgid "**Interface**: ethernet1/1 (or whatever you set your public interface as)"
msgstr ""

#: ../../networking/palo_alto_config.rst:191
# a8dff252ac8841e1b30d1b61396e2f83
msgid "**Next Hop**: (specify the gateway IP for the next hop in your network)"
msgstr ""

#: ../../networking/palo_alto_config.rst:200
# 903e21b9a4a14125bacefde84d94aff4
msgid "Configure the default Public Subinterface"
msgstr ""

#: ../../networking/palo_alto_config.rst:202
# 2bd085187cbc476bbd72de056c01f9b1
msgid "The current implementation of the Palo Alto Networks firewall integration uses CIDRs in the form of 'w.x.y.z/32' for the public IP addresses that CloudStack provisions.  Because no broadcast or gateway IPs are in this single IP range, there is no way for the firewall to route the traffic for these IPs.  To route the traffic for these IPs, we create a single subinterface on the public interface with an IP and a CIDR which encapsulates the CloudStack public IP range.  This IP will need to be inside the subnet defined by the CloudStack public range netmask, but outside the CloudStack public IP range.  The CIDR should reflect the same subnet defined by the CloudStack public range netmask. The name of the subinterface is determined by the VLAN configured for the public range in CloudStack."
msgstr ""

#: ../../networking/palo_alto_config.rst:214
# 1027972bdb804444a04abfcb173c3213
msgid "To clarify this concept, we will use the following example."
msgstr ""

#: ../../networking/palo_alto_config.rst:216
# a217cfb35c1942b49aad39cf26323af1
msgid "**Example CloudStack Public Range Configuration**:"
msgstr ""

#: ../../networking/palo_alto_config.rst:218
# 0d8df54c42af461d957cae7fb26c8b0f
msgid "**Gateway**: 172.30.0.1"
msgstr ""

#: ../../networking/palo_alto_config.rst:220
# 203a1dcc624243cebe5260b914ca588d
msgid "**Netmask**: 255.255.255.0"
msgstr ""

#: ../../networking/palo_alto_config.rst:222
# fe0cf8e78a914ef6a9d994d84e33f273
msgid "**IP Range**: 172.30.0.100 - 172.30.0.199"
msgstr ""

#: ../../networking/palo_alto_config.rst:224
# 763cbf33799e4a66ba4ebba67deedea8
msgid "**VLAN**: Untagged"
msgstr ""

#: ../../networking/palo_alto_config.rst:226
# ef7b22d901134531a4ddc52d109f3884
msgid "**Configure the Public Subinterface**:"
msgstr ""

#: ../../networking/palo_alto_config.rst:232
# ce16b404e8fa422cb8d798d367d8ef89
msgid "Select the 'ethernet1/1' line (not clicking on the name)"
msgstr ""

#: ../../networking/palo_alto_config.rst:234
# 032bbee32d6343328a3ad9989c008a6d
msgid "Click 'Add Subinterface' at the bottom of the window"
msgstr ""

#: ../../networking/palo_alto_config.rst:236
# 6359f5f7ec124236b0f34c9d7e6c3635
msgid "Enter 'Interface Name': 'ethernet1/1' . '9999'"
msgstr ""

#: ../../networking/palo_alto_config.rst:238
# ed56cd87d56b41ed87efb9d1bf1c66f8
msgid "9999 is used if the CloudStack public range VLAN is 'Untagged'"
msgstr ""

#: ../../networking/palo_alto_config.rst:240
# 57a09d78c0084f9d839011aec1eed2eb
msgid "If the CloudStack public range VLAN is tagged (eg: 333), then the name will reflect that tag"
msgstr ""

#: ../../networking/palo_alto_config.rst:243
# bcde49681f784127a31d97e7b792eed0
msgid "The 'Tag' is the VLAN tag that the traffic is sent to the next hop with, so set it accordingly.  If you are passing 'Untagged' traffic from CloudStack to your next hop, leave it blank.  If you want to pass tagged traffic from CloudStack, specify the tag."
msgstr ""

#: ../../networking/palo_alto_config.rst:248
# 579804e4cdd9464eb30e3ff2621fb8a1
msgid "Select 'default' from the 'Config > Virtual Router' drop-down (assuming that is what your virtual router is called)"
msgstr ""

#: ../../networking/palo_alto_config.rst:251
# 3a5160b4f5c042c6b940642fa2b05b2c
msgid "Click the 'IPv4' tab"
msgstr ""

#: ../../networking/palo_alto_config.rst:253
# 84bf732b36934a829114ed49a2742f17
msgid "Select 'Static' from the 'Type' radio options"
msgstr ""

#: ../../networking/palo_alto_config.rst:255
# 5870dee962e9418d9d87eeacec3d35ad
msgid "Click 'Add' in the 'IP' section"
msgstr ""

#: ../../networking/palo_alto_config.rst:257
# 5b9f289d72b14be9b4cfa38ef1728f76
msgid "Enter '172.30.0.254/24' in the new line"
msgstr ""

#: ../../networking/palo_alto_config.rst:259
# a57d0d5ce83540e0a1b3d855b376e6b8
msgid "The IP can be any IP outside the CloudStack public IP range, but inside the CloudStack public range netmask (it can NOT be the gateway IP)"
msgstr ""

#: ../../networking/palo_alto_config.rst:262
# 359215f62863484ba745f8d2e03ce161
msgid "The subnet defined by the CIDR should match the CloudStack public range netmask"
msgstr ""

#: ../../networking/palo_alto_config.rst:269
# c46252e83d114010880044c824b7e57b
msgid "Commit configuration on the Palo Alto Networks Firewall"
msgstr ""

#: ../../networking/palo_alto_config.rst:271
# 365f937b3fec42aea6aea597efca79fd
msgid "In order for all the changes we just made to take effect, we need to commit the changes."
msgstr ""

#: ../../networking/palo_alto_config.rst:274
# e5f848bca30e4beba84d97eb6c369c28
msgid "Click the 'Commit' link in the top right corner of the window"
msgstr ""

#: ../../networking/palo_alto_config.rst:276
# 506c144a4d5e4583b1ac84b1eead3373
msgid "Click 'OK' in the commit window overlay"
msgstr ""

#: ../../networking/palo_alto_config.rst:278
# c6025e0b37e240a4bbb98c10672afae7
msgid "Click 'Close' to the resulting commit status window after the commit finishes"
msgstr ""

#: ../../networking/palo_alto_config.rst:284
# 37fa8b13701846cc9138c340b9c5c1c9
msgid "Setup the Palo Alto Networks Firewall in CloudStack"
msgstr ""

#: ../../networking/palo_alto_config.rst:287
# bf172f38242047e6a97f2181882e672f
msgid "Add the Palo Alto Networks Firewall as a Service Provider"
msgstr ""

#: ../../networking/palo_alto_config.rst:289
# 937455f6c6d4494680d9216fc506771b
msgid "Navigate to 'Infrastructure > Zones > ZONE_NAME > Physical Network > NETWORK_NAME (guest) > Configure; Network Service Providers'"
msgstr ""

#: ../../networking/palo_alto_config.rst:292
# cf68cff820a249ceb84fe458347aa12b
msgid "Click on 'Palo Alto' in the list"
msgstr ""

#: ../../networking/palo_alto_config.rst:294
# 46ab280934294383a25c46ec2f79b443
msgid "Click 'View Devices'"
msgstr ""

#: ../../networking/palo_alto_config.rst:296
# 7560d69ce9b843b6bf611c931c0675bb
msgid "Click 'Add Palo Alto Device'"
msgstr ""

#: ../../networking/palo_alto_config.rst:298
# 8956b2ff67f7426190554aae0701fcfa
msgid "Enter your configuration in the overlay.  This example will reflect the details previously used in this guide."
msgstr ""

#: ../../networking/palo_alto_config.rst:301
# 30d5213a36ba4d038e33bd011c545565
msgid "**IP Address**: (the IP of the Palo Alto Networks Firewall)"
msgstr ""

#: ../../networking/palo_alto_config.rst:303
# 521f94e44aa74f7d80c7fa7e161c899e
msgid "**Username**: (the admin username for the firewall)"
msgstr ""

#: ../../networking/palo_alto_config.rst:305
# 8e9ee920bf3e4af9ac7f6b3577fa353d
msgid "**Password**: (the admin password for the firewall)"
msgstr ""

#: ../../networking/palo_alto_config.rst:307
# bb1105db236c4fe2a3565df1a58ce8f1
msgid "**Type**: Palo Alto Firewall"
msgstr ""

#: ../../networking/palo_alto_config.rst:309
# dc49c3aae7c3461cbd16d505f7fd294b
msgid "**Public Interface**: ethernet1/1 (use what you setup earlier as the public interface if it is different from my examples)"
msgstr ""

#: ../../networking/palo_alto_config.rst:312
# 752d21019c2944548bded6ff17d05189
msgid "**Private Interface**: ethernet1/2 (use what you setup earlier as the private interface if it is different from my examples)"
msgstr ""

#: ../../networking/palo_alto_config.rst:315
# d71bcfebd9824cd59280dfb23f87fc94
msgid "**Number of Retries**: 2 (the default is fine)"
msgstr ""

#: ../../networking/palo_alto_config.rst:317
# 8f1e92bb49df4bf69a4983820930b5b6
msgid "**Timeout**: 300 (the default is fine)"
msgstr ""

#: ../../networking/palo_alto_config.rst:319
# ac1090afc1b14b8a9dd41ebfe6fd059e
msgid "**Public Network**: untrust (this is the public zone on the firewall and did not need to be configured)"
msgstr ""

#: ../../networking/palo_alto_config.rst:322
# 81323dc3b1b5477a84f1f9a0aca02f1d
msgid "**Private Network**: trust (this is the private zone on the firewall and did not need to be configured)"
msgstr ""

#: ../../networking/palo_alto_config.rst:325
# 0587f506923242dba7d30acfa5f444bc
msgid "**Virtual Router**: default (this is the name of the Virtual Router we setup on the firewall)"
msgstr ""

#: ../../networking/palo_alto_config.rst:328
# 64503dfbfc6a4a52a027fb5580d77e45
msgid "**Palo Alto Threat Profile**: (not required.  name of the 'Security Profile Groups' to apply.  more details in the 'Additional Features' section)"
msgstr ""

#: ../../networking/palo_alto_config.rst:332
# 6a825e2b4acf42e89c8918ec303b4857
msgid "**Palo Alto Log Profile**: (not required.  name of the 'Log Forwarding' profile to apply.  more details in the 'Additional Features' section)"
msgstr ""

#: ../../networking/palo_alto_config.rst:335
# 096b8832d07e48e49b72747a73f81495
msgid "**Capacity**: (not required)"
msgstr ""

#: ../../networking/palo_alto_config.rst:337
# f58dd37d12ff463a8cf1cf7fd24c6249
msgid "**Dedicated**: (not required)"
msgstr ""

#: ../../networking/palo_alto_config.rst:341
# fffae74d8e664c85be11eaef42463e99
msgid "Click on 'Palo Alto' in the breadcrumbs to go back one screen."
msgstr ""

#: ../../networking/palo_alto_config.rst:343
# 3eb2449be08d4f88b8175a9fbd1e399a
msgid "Click on 'Enable Provider' |EnableDisableFeature.png|"
msgstr ""

#: ../../networking/palo_alto_config.rst:347
# f471b4d3e1334984931fdfba6c1e3630
msgid "Add a Network Service Offering to use the new Provider"
msgstr ""

#: ../../networking/palo_alto_config.rst:349
# 4e9125d7228d4e1d82ac0e317b41a5db
msgid "There are 6 'Supported Services' that need to be configured in the network service offering for this functionality.  They are DHCP, DNS, Firewall, Source NAT, Static NAT and Port Forwarding.  For the other settings, there are probably additional configurations which will work, but I will just document a common case."
msgstr ""

#: ../../networking/palo_alto_config.rst:355
# b591b1d771584a438ede97f7071cd655
msgid "Navigate to 'Service Offerings'"
msgstr ""

#: ../../networking/palo_alto_config.rst:357
# 14059062e0634e599485931cf2e0733b
msgid "In the drop-down at the top, select 'Network Offerings'"
msgstr ""

#: ../../networking/palo_alto_config.rst:359
# 2b3a92a7cce44d9792ac52aea4305a79
msgid "Click 'Add Network Offering'"
msgstr ""

#: ../../networking/palo_alto_config.rst:361
# 6b9a36687b1c429aa2bedbe8afb2a16c
msgid "**Name**: (name it whatever you want)"
msgstr ""

#: ../../networking/palo_alto_config.rst:363
# 3dd061afb48b49d5828e2ffafa973281
msgid "**Description**: (again, can be whatever you want)"
msgstr ""

#: ../../networking/palo_alto_config.rst:365
# 49f121a90bb6407484225354829e4f76
msgid "**Guest Type**: Isolated"
msgstr ""

#: ../../networking/palo_alto_config.rst:367
# 3ac932b614024736adfe4404b0994b15
msgid "**Supported Services**:"
msgstr ""

#: ../../networking/palo_alto_config.rst:369
# 5326f2fa7c3046859d71e526cbb378d3
msgid "**DHCP**: Provided by 'VirtualRouter'"
msgstr ""

#: ../../networking/palo_alto_config.rst:371
# 8380eb62feed49cf9defb0c46d0d965a
msgid "**DNS**: Provided by 'VirtualRouter'"
msgstr ""

#: ../../networking/palo_alto_config.rst:373
# c1a7cc369b54411b886e9cf936f96da2
msgid "**Firewall**: Provided by 'PaloAlto'"
msgstr ""

#: ../../networking/palo_alto_config.rst:375
# 2c93d4effcc3444b8ab2c3da1933602d
msgid "**Source NAT**: Provided by 'PaloAlto'"
msgstr ""

#: ../../networking/palo_alto_config.rst:377
# 4279d687aefd4657a9a25f5a81681496
msgid "**Static NAT**: Provided by 'PaloAlto'"
msgstr ""

#: ../../networking/palo_alto_config.rst:379
# 629dfab5c1dc40cc99930ae86c10df50
msgid "**Port Forwarding**: Provided by 'PaloAlto'"
msgstr ""

#: ../../networking/palo_alto_config.rst:381
# 7d48d89ad530444db29511d673a7df5e
msgid "**System Offering for Router**: System Offering For Software Router"
msgstr ""

#: ../../networking/palo_alto_config.rst:383
# 5ea8ba9b5eab4284ae26af32a837796e
msgid "**Supported Source NAT Type**: Per account (this is the only supported option)"
msgstr ""

#: ../../networking/palo_alto_config.rst:386
# c1ce203c827e446d855abb79dc033d31
msgid "**Default egress policy**: (both 'Allow' and 'Deny' are supported)"
msgstr ""

#: ../../networking/palo_alto_config.rst:390
# 1e2fa21b7c18491d943e71b38a893339
msgid "Click on the newly created service offering"
msgstr ""

#: ../../networking/palo_alto_config.rst:392
# ded26656c3714a89969c20ed0145aeca
msgid "Click 'Enable network offering' |EnableDisableFeature.png|"
msgstr ""

#: ../../networking/palo_alto_config.rst:394
# 961c14735e81493e85f84b384a2cf059
msgid "When adding networks in CloudStack, select this network offering to use the Palo Alto Networks firewall."
msgstr ""

#: ../../networking/palo_alto_config.rst:399
# 625a28d178864aeba73bb243f68af405
msgid "Additional Features"
msgstr ""

#: ../../networking/palo_alto_config.rst:401
# 966abd9906d540eeb3992080bfa4e79b
msgid "In addition to the standard functionality exposed by CloudStack, we have added a couple additional features to this implementation.  We did not add any new screens to CloudStack, but we have added a couple fields to the 'Add Palo Alto Service Provider' screen which will add functionality globally for the device."
msgstr ""

#: ../../networking/palo_alto_config.rst:408
# a0955c0b218e4ead9953db5f3e933ebc
msgid "Palo Alto Networks Threat Profile"
msgstr ""

#: ../../networking/palo_alto_config.rst:410
# b56617dd1b7a49439204d45bd3ddc540
msgid "This feature allows you to specify a 'Security Profile Group' to be applied to all of the firewall rules which are created on the Palo Alto Networks firewall device."
msgstr ""

#: ../../networking/palo_alto_config.rst:414
# ddf43faad14a41deb2f807650433579e
msgid "To create a 'Security Profile Group' on the Palo Alto Networks firewall, do the following:"
msgstr ""

#: ../../networking/palo_alto_config.rst:417
#: ../../networking/palo_alto_config.rst:446
# a77eb7c4a55b45db96ba922310c92a31
# 401e0ddfb24441f3a01f0406fed5ea8c
msgid "Log into the Palo Alto Networks firewall"
msgstr ""

#: ../../networking/palo_alto_config.rst:419
# d1cffa0eb5b84c4fac78345a6a1eac14
msgid "Navigate to 'Objects > Security Profile Groups'"
msgstr ""

#: ../../networking/palo_alto_config.rst:421
# d8a2cff026f443e48ddc23e758c6b433
msgid "Click 'Add' at the bottom of the page to add a new group"
msgstr ""

#: ../../networking/palo_alto_config.rst:423
# 2260b8c3d00f4fb48409751005878ea3
msgid "Give the group a Name and specify the profiles you would like to include in the group"
msgstr ""

#: ../../networking/palo_alto_config.rst:428
#: ../../networking/palo_alto_config.rst:457
# 71409d6bba4e4cefb293a3a2adb62a58
# b0ff6a165cf648f59bb775cb80b7bae8
msgid "Click the 'Commit' link in the top right of the screen and follow the on screen instructions"
msgstr ""

#: ../../networking/palo_alto_config.rst:431
# 39f6f68e96514eb687aee18212a17720
msgid "Once you have created a profile, you can reference it by Name in the 'Palo Alto Threat Profile' field in the 'Add the Palo Alto Networks Firewall as a Service Provider' step."
msgstr ""

#: ../../networking/palo_alto_config.rst:437
# 19e3020b2cb741dcbeaf2757b1c46b0e
msgid "Palo Alto Networks Log Forwarding Profile"
msgstr ""

#: ../../networking/palo_alto_config.rst:439
# 8e702ba47eb14d06953df77990976d35
msgid "This feature allows you to specify a 'Log Forwarding' profile to better manage where the firewall logs are sent to.  This is helpful for keeping track of issues that can arise on the firewall."
msgstr ""

#: ../../networking/palo_alto_config.rst:443
# a924dcc217f44a8d9ea1bf038038cc48
msgid "To create a 'Log Forwarding' profile on the Palo Alto Networks Firewall, do the following:"
msgstr ""

#: ../../networking/palo_alto_config.rst:448
# ae0e76d3eff94c3aae3e4b2c7d55b745
msgid "Navigate to 'Objects > Log Forwarding'"
msgstr ""

#: ../../networking/palo_alto_config.rst:450
# 2568e7109c7a4034872602eaf73fc171
msgid "Click 'Add' at the bottom of the page to add a new profile"
msgstr ""

#: ../../networking/palo_alto_config.rst:452
# b3e2a50453874aa591e0592eea54a974
msgid "Give the profile a Name and specify the details you want for the traffic and threat settings"
msgstr ""

#: ../../networking/palo_alto_config.rst:460
# 15fa6db47be1443fa69fb555db7583b7
msgid "Once you have created a profile, you can reference it by Name in the 'Palo Alto Log Profile' field in the 'Add the Palo Alto Networks Firewall as a Service Provider' step."
msgstr ""

#: ../../networking/palo_alto_config.rst:469
# 5d10eda1d77e4cdcaef70d1cded35c75
msgid "The implementation currently only supports a single public IP range in CloudStack"
msgstr ""

#: ../../networking/palo_alto_config.rst:472
# 01f1108e82134be5bf3daf49f3d331ea
msgid "Usage tracking is not yet implemented"
msgstr ""