ZStack Cloud Documentation
All
All
ZStack Cloud 4.8.0>Tutorials>Private Cloud>VPC Network Tutorial>Typical Scenarios
Get PDF

Typical Scenarios

The following lists the typical scenarios of a VPC network:
  • Practice of IPv4+IPv6 dual stack in VPC network.
  • Practice of multi-tenant isolation in VPC network.
  • Practice of multi-web server in VPC network.
  • Practice of multiple public network STS in VPC network.
  • Practice of address pool in VPC network.

IPv4+IPv6 Dual Stack

IPv4+IPv6 dual stack means that one NIC has both IPv4 and IPv6 addresses, combining the advantages of IPv4 and IPv6. With IPv4+IPv6 dual stack, you can customize for different scenarios.

Assume the customer environment is as follows:
  1. Public Network
    Table 1. Public Network Configuration
    Public Network Configuration
    NIC em1
    VLAN ID No VLAN
    IP Range 10.108.10.100~10.108.10.200
    Netmask 255.0.0.0
    Gateway 10.0.0.1
    DHCP IP 10.108.10.101
  2. Management Network
    Table 2. Management Network Configuration
    Management Network Configuration
    NIC em2
    VLAN ID No VLAN
    IP Range 192.168.29.10~192.168.29.20
    Netmask 255.255.255.0
    Gateway 192.168.29.1
    Note:
    • For security and stability reasons, we recommend that you deploy an independent management network and separate it from the public networks.
    • The management network we mentioned here is the same as that in ZStack Private Cloud. That is, the management network is the network used to manage hosts, primary storages, and backup storages. If a management network was created before, you can use it directly.
  3. VPC Network-1
    Table 3. IPv4 VPC Network-1 Configuration
    VPC Network Configuration
    NIC em1
    VLAN ID 2800
    IP CIDR 192.168.10.0/24
    Gateway 192.168.10.1
    DHCP IP 192.168.10.2
    Table 4. IPv6 VPC Network-1 configuration
    VPC Network Configuration
    IP CIDR 234e:0:4569::/64
    Gateway 234e:0:4569::1
    DHCP IP 234e:0:4569::2
  4. VPC Network-2
    Table 5. IPv4 VPC Network-2 Configuration
    VPC Network Configuration
    NIC em1
    VLAN ID 2900
    IP CIDR 192.168.11.0/24
    Gateway 192.168.11.1
    DHCP IP 192.168.11.2
    Table 6. IPv6 VPC Network-2 Configuration
    VPC Network Configuration
    IP CIDR 234e:0:456a::/64
    Gateway 234e:0:456a::1
    DHCP IP 234e:0:456a::2
To use IPv4+IPv6 dual stack, follow these steps:
  1. Set up IPv4 network environments.
  2. Add a IPv6 network range.
  3. Reboot the VPC vRouter.
  4. Add a IPv6 DNS.
  5. Create two VM instances using the dual-stack network.
  6. Obtain the IPv6 address of the VM instance.
  7. Test the connectivity among VM instances.
  1. Set up IPv4 network environments.
    Create IPv4 type VPC networks according to IPv4 Basic Deployment. Assume the created VPC networks are L3-VPC-1 and L3-VPC-2. Now, the two VPC networks under the same VPC vRouter are both IPv4 type.
    Note: You can also create a IPv6 flat network and then add a IPv4 network range.
  2. Add a IPv6 network range.

    Add a IPv6 network range to L3-VPC-1 and L3-VPC-2 respectively to set up a IPv4+IPv6 dual-stack network. For IPv6 network configuration information, see Table 4 and Table 6.

    On the VPC Network page, locate the IPv4 network and click Actions > Add IPv6 Range. On the displayed Add Network Range page, set the following parameters:
    • Network Range Method: Select a method to add a network range for the VPC network. You can select IP Range or CIDR. In this scenario, select IP Range.
    • IP Configuration Mode: Select Stateful-DHCP.
      Note:
      • Stateful-DHCP: The interface address and other parameters are all configured through DHCP. The IP range method supports stateful DHCP.
      • Stateless-DHCP: The interface address is automatically derived from the route advertisement prefix and the interface Mac address. Other parameters are configured through DHCP.
      • SLAAC: The interface address is automatically derived from the prefix of the route advertisement that also contains other parameters.
    • Start IP: Set a start IP address for the network range, for example, 234e:0:4568::2.
    • End IP: Set an end IP address for the network range, for example, 234e:0:4568:0:ffff:ffff:ffff:ffff.
    • Prefix Length: Set a prefix length for the network range, for example, 64. The prefix length ranges from 64 to 126.
    • Gateway: Set a gateway for the network range, for example, 234e:0:4568::1.
    • DHCP IP: Optional. Set an IP address for the DHCP server, for example, 234e:0:4568::3.
      Note:
      • When you create an L3 network and enable the DHCP service for the first time, or when you add the first network range for an L3 network that has the DHCP service enabled, you can specify an IP address for the DHCP server.
      • If a DHCP IP is specified for an L3 network, you cannot specify another DHCP IP when you add a network range for the network.
      • The DHCP IP can be within or out of the added IP range. However, the IP address must be within the CIDR block to which the added IP range belongs and must not be in use.
      • The IP range determined by the start IP and end IP cannot contain the link-local address fe80::/10.
      • If not specified, the system would randomly specify a DHCP IP within the added IP range for the DHCP server.
    Figure 1. Add IPv6 Network Range


  3. Reboot the VPC vRouter.

    To add a new type of network range to a VPC network that already has a VPC vRouter attached, you need to reboot the VPC vRouter, otherwise the network may not work as expected.

    On the VPC vRouter page, locate the VPC vRouter and click Actions > Reboot.

  4. Add a IPv6 DNS.
    On the DNS tab of the details page of the VPC vRouter, click Add DNS. On the Add DNS dialogue box, set the following parameters:
    • IP Version: Select IPv6.
    • DNS: Specify a DNS address, for example, 240c::6644.
    Figure 2. Add IPv6 DNS


  5. Create two VM instances using the dual-stack network.

    Create two VM instances using L3-VPC-1 and L3-VPC-2 respectively. In this scenario, we will introduce the creation of VM-dual-stack-1.

    On the main menu of ZStack Cloud, choose Resource Center > Resource Pool > Virtual Resource > VM Instance. Click Create VM Instance. On the displayed Create VM Instance page, set the following parameters:
    • Name: Set the name as VM-dual-stack.
    • Description: Optional. Enter a description for the VM instance.
    • Quantity: Enter 2.
    • Instance Offering: Select an existing instance offering.
    • Image: Select an existing image.
    • Root Disk Offering: Select an existing disk offering for the root volume of the VM instance.
    • Network Configuration: Select the IPv4+IPv6 dual-stack network.
    • User Data: Optional. Inject user-defined parameters or scripts to customize configurations for the VM instance or to accomplish specific tasks.

    Click OK to create two VM instance using the dual-stack network.

  6. Obtain the IPv6 address of the VM instance.
    You need to manually obtain the IP address of the IPv6 VM instance. Launch the console of the two VM instances and run the following command to obtain the IP address:
    [root@localhost~]# dhclient -6 eth0  //eth0 indicates the NIC name [root@localhost~]# ifconfig
    Note: FE80-started address is the link-local address.
    Figure 3. Obtain IPv6 Address


    In this scenario, the obtained IP addresses are as follows:
    • VM-dual-stack-1 IPv4 address: 192.168.10.105
    • VM-dual-stack-1 IPv6 address: 234e:0:4569::61:bcf4
    • VM-dual-stack-2 IPv4 address: 192.168.11.250
    • VM-dual-stack-2 IPv6 address: 234e:0:456a::46:7348
  7. Test the connectivity among VM instances.
    To test the connectivity, follow these steps:
    • Log in to VM-dual-stack-1, use IPv4 and IPv6 address respectively to ping VM-dual-stack-2.
    • Log in to VM-dual-stack-2, use IPv4 and IPv6 address respectively to ping VM-dual-stack-1.
    Figure 4. Test Network Connectivity


So far, we have introduced how to use a IPv4+IPv6 dual-stack VPC network.

Multi-Tenant Isolation

You can use VLAN or VXLAN to provide isolation for multiple tenants on layer 2 network.
Table 1. Comparison Between VLAN and VXLAN
VLAN VXLAN
  • VLAN supports a maximum of 4096 VLAN IDs, that is a maximum of 4096 isolated tenant networks are provided in a single VLAN network, which is difficult to meet the needs of large-scale cloud computing data centers.
  • The VLAN configuration methods of each switch vendors vary differently.
  • VXLAN can support a maximum of 16 million logical networks for multi-tenant isolation, based on the existing network typology of client's IDC.
  • VXLAN is an overlay technology that allows for the creation of overlaying L2 networks. The overlay virtualization process can be realized by software or by a VXLAN-enabled switch. You can choose the method as needs.
  • Compared to VLAN, VXLAN has higher performance loss and higher network latency.

This chapter mainly introduces the practice of multi-tenant isolation provided by the VXLAN VPC network.

To set up a VXLAN VPC network for multi-tenant isolation, follow these steps:
  1. Admin creates two sub-accounts (Sub-Account-A and Sub-Account-B).
  2. Admin creates an L2 public network and attaches it to the corresponding cluster.
  3. Admin creates an L3 public network.
  4. Admin creates an L2 management network and attaches it to the corresponding cluster.
  5. Admin creates an L3 management network that is used to communicate with physical resources, such as hosts, primary storage, and backup storage.
  6. Admin adds a vRouter image.
  7. Admin creates a vRouter offering and shares it to Sub-Account-A and Sub-Account-B.
  8. Admin creates a VXLAN pool, attaches it to the corresponding cluster, and shares it to Sub-Account-A and Sub-Account-B.
  9. Create VPC vRouters from the vRouter offering using Sub-Account-A and Sub-Account-B respectively, for example, VPC vRouter-A and VPC vRouter-B.
  10. Create two VXLAN networks from the VXLAN pool using Sub-Account-A and Sub-Account-B respectively, for example, L2-VXLAN-A1, L2-VXLAN-A2, L2-VXLAN-B1, and L2-VXLAN-B2.
  11. Create VPC networks using the four VXLAN networks in Sub-Account-A and Sub-Account-B respectively, for example, VPC-A1, VPC-A2, VPC-B1, and VPC-B2.
  12. Create a VM instance in each sub-account using the corresponding VPC networks, for example, VM-A1, VM-A2, VM-B1, and VM-B2.
  13. Test the connectivity among VM instances.
  14. Admin shares the L3 public network to Sub-Account-A and Sub-Account-B.
  15. Create a route table to enable VM-A1 and VM-B1 that are isolated in layer 2 can communicate with each other.
  16. Test the connectivity between VM-A1 and VM-B1.
Note:
  • VXLAN pool and VXLAN network together provide configuration for the VXLAN network type.
  • If you create an L2 network of the VxlanNetwork type, you must specify a software SDN-based VXLAN pool. The L2 network must correspond to a VNI in the pool.
  • A VXLAN pool is only a collection of VXLAN networks and cannot be used to create L3 networks. You can L3 networks from L2 VxlanNetworks.
Assume the customer environment is as follows:
  1. Public Network
    Table 2. Public Network Configuration
    Public Network Configuration
    NIC em01
    VLAN ID No VLAN
    IP Range 10.151.10.100~10.151.10.200
    Netmask 255.0.0.0
    Gateway 10.0.0.1
    DHCP IP 10.151.10.101
  2. Management Network
    Table 3. Management Network Configuration
    Management Network Configuration
    NIC em02
    VLAN ID No VLAN
    IP Range 192.168.28.100~192.168.28.200
    Netmask 255.255.255.0
    Gateway 192.168.28.1
    Note:
    • For security and stability reasons, we recommend that you deploy an independent management network and separate it from the public networks.
    • The management network we mentioned here is the same as that in ZStack Private Cloud. That is, the management network is the network used to manage hosts, primary storages, and backup storages. If a management network was created before, you can use it directly.
  3. VXLAN Pool
    Table 4. VXLAN Pool Configuration
    VXLAN Pool Configuration
    VNI Range 20-1200
    VTEP CIDR 192.168.28.1/24
  4. VPC-A1
    Table 5. VPC-A1 Configuration
    VPC Network Configuration
    NIC em01
    IP CIDR 192.168.21.0/24
    Gateway 192.168.21.1
    DHCP IP 192.168.21.2
  5. VPC-A2
    Table 6. VPC-A2 Configuration
    VPC Network Configuration
    NIC em01
    IP CIDR 192.168.22.0/24
    Gateway 192.168.22.1
    DHCP IP 192.168.22.2
  6. VPC-B1
    Table 7. VPC-B1 Configuration
    VPC Network Configuration
    NIC em01
    IP CIDR 192.168.23.0/24
    Gateway 192.168.23.1
    DHCP IP 192.168.23.2
  7. VPC-B2
    Table 8. VPC-B2 Configuration
    VPC Network Configuration
    NIC em01
    IP CIDR 192.168.24.0/24
    Gateway 192.168.24.1
    DHCP IP 192.168.24.2

To create a VXLAN-VPC network, follow these steps:

  1. Admin creates two sub-accounts (Sub-Account-A and Sub-Account-B).
    On the main menu of ZStack Cloud, choose Settings > Sub-Account Setting > Sub-Account Management. On the Sub-Account page, click Create Sub-Account. Then, the Create Sub-Account page is displayed. On the displayed page, set the following parameters:
    • Name: Enter a name for the sub-account, for example, Sub-Account-A.
    • Description: Optional. Enter a description for the sub-account.
    • Password: Enter a password for the sub-account.
    • Confirm Password: Confirm the sub-account password.
    • Pricing List: Optional. Select a pricing list. If left blank, the default pricing list is used.
    Figure 1. Create Sub-Account


    Similarly, create another sub-account named as Sub-Account-B.
    Figure 2. Create Sub-Account


  2. Admin creates an L2 public network and attaches it to the corresponding cluster.

    For network configuration information, see Public Network Configuration.

    On the main menu of ZStack Cloud, choose Resource Center > Network Resource > L2 Network Resources > L2 Network. On the L2 Network page, click Create L2 Network. Then, the Create L2 Network page is displayed. On the displayed page, set the following parameters:
    • Zone: By default, the current zone is displayed.
    • Name: Set the name as L2-Public Network.
    • Description: Optional. Enter a description for the L2 network.
    • Type: Select L2NoVlanNetwork.
    • Cluster: Select a cluster to be attached, for example, Cluster-1.
    • Network Acceleration Mode: You can use different technologies to improve network performance of the L2 network. In this scenario, select Standard.
    • NIC Name: Enter a NIC name for the L2 network. For example, em01.
    Figure 3. Create L2-Public Network


  3. Admin creates an L3 public network.

    For network configuration information, see Public Network Configuration.

    On the main menu of ZStack Cloud, choose Resource Center > Network Resource > L3 Network Resources > Public Network. On the Public Network page, click Create Public Network. The Create Public Network page is displayed. On the displayed page, set the following parameters:
    • Name: Set the name as L3-Public Network.
    • Description: Optional. Enter a description for the public network.
    • L2 Network: Select the existing L2-Public Network.
      Note: ZStack Cloud allows you to use an L2 network to create multiple L3 networks. However, we recommend that you do not use an L2 network to create multiple L3 networks if not for specific business needs.
      On the Select L2 Network page, two tabs are displayed:
      • Recommended: lists L2 networks in the current zone that are not attached to an L3 network.
      • All: lists all L2 networks in the current zone.
    • Network Address Type: Select IPv4.
    • Network Range Method: Select IP Range.
    • Start IP: Set a start IP address for the network range, for example, 10.151.10.100.
    • End IP: Set an end IP address for the network range, for example, 10.151.10.200.
    • Netmask: Set a netmask for the network range, for example, 255.0.0.0.
    • Gateway: Set a gateway for the network range, for example, 10.0.0.1.
    • IP Allocation Policy: Optional. IP addresses can be assigned according to the following three allocation policies:
      • Random: The system randomly assigns IP addresses from the network range.
      • Allocate in Order:
        • The system assigns all available IP addresses from the network range in ascending order. Released IP addresses are assigned in the next allocation.
        • Example: Assume that the network range is 192.168.0.101192.168.0.120, within which 192.168.0.101192.168.0.108 are allocated. If 192.168.0.106 is released, it will be assigned first in the next allocation.
      • Allocate in Cycle:
        • The system assigns available IP addresses to VM instances from the network range in ascending order. Released IP addresses are assigned when currently available IP addresses are used up.
        • Example: Assume that the network range is 192.168.0.101192.168.0.120, within which 192.168.0.101192.168.0.108 are allocated. If 192.168.0.106 is released, it will be assigned after 192.168.0.120 is used.
    • DHCP Service: Choose whether to enable the DHCP service.
      Note:
      • The DHCP service is a built-in distributed service of the Cloud, which assigns IP addresses only to resources in the Cloud and does not conflict with your existing DHCP server.
      • By default, the DHCP service is enabled so that IP addresses are automatically assigned to resources in the Cloud. You can customize a DHCP IP or use the DHCP IP that the system assigned according to the IP allocation policy.
      • If you disable this option, IP addresses are not automatically assigned to resources that use this network. Therefore, you need to manually assign IP addresses to these resources. In addition, you cannot specify a DHCP IP. Neither can the system allocate one.
      • DHCP IP: Optional. Set an IP address for the DHCP server.
        Note:
        • A DHCP IP is an IP address used by the DHCP service to assign IP addresses to resources that use this L3 network.
        • If you create an L3 network for the first time with the DHCP service enabled, or if you add the first network range to an L3 network with the DHCP service enabled, you can customize the DHCP IP.
        • If the L3 network has a DHCP IP, you cannot customize the DHCP IP when you add a network range.
        • The DHCP IP can be in or outside the added IP range, but it must be an unoccupied IP address in the CIDR block of the added IP range
        • The IP range determined by the start IP and end IP cannot contain the link-local address 169.254.0.0/16.
        • If you select random as the IP allocation policy and this field is left blank, the system randomly assigns IP addresses from the added network range.
        • If you select allocate in order/allocate in cycle as the IP allocation policy and this field is left blank, the system uses the start IP address in the network range as the DHCP IP.
    • DNS: Optional. Add a DNS server to provide domain name resolution services for the public network, for example, 223.5.5.5.
      Note: When you add an IP range for an IPv4 L3 network, note that:
      • The IP range cannot contain gateway IP addresses in the format of xxx.xxx.xxx.1, broadcast addresses in the format of xxx.xxx.xxx.255, or network addresses in the format of xxx.xxx.xxx.0.
      • The IP range of a private network cannot overlap with the IP range of a public network used to create a vRouter offering or of a management network.
    Figure 4. Create L3-Public Network


  4. Admin creates an L2 management network and attaches it to the corresponding cluster.

    For network configuration information, see Management Network Configuration.

    On the main menu of ZStack Cloud, choose Resource Center > Network Resource > L2 Network Resources > L2 Network. On the L2 Network page, click Create L2 Network. Then, the Create L2 Network page is displayed. On the displayed page, set the following parameters:
    • Zone: By default, the current zone is displayed.
    • Name: Set the name as L2-Management Network.
    • Description: Optional. Enter a description for the L2 network.
    • Type: Select L2NoVlanNetwork.
    • Cluster: Select a cluster to be attached, for example, Cluster-1.
    • Network Acceleration Mode: You can use different technologies to improve network performance of the L2 network. In this scenario, select Standard.
    • NIC Name: Enter a NIC name for the L2 network. For example, em02.
    Figure 5. Create L2-Management Network


  5. Admin creates an L3 management network that is used to communicate with physical resources, such as hosts, primary storage, and backup storage.

    For network configuration information, see Management Network Configuration.

    On the main menu of ZStack Cloud, choose Resource Center > Network Resource > Dedicated Network > Management Network. On the Management Network page, click Create Management Network. Then, the Create Management Network page is displayed. On the displayed page, set the following parameters:
    • Name: Set the name as L3-Management Network.
    • Description: Optional. Enter a description for the management network.
    • L2 Network: Select the existing L2-Management Network.
      Note: ZStack Cloud allows you to use an L2 network to create multiple L3 networks. However, we recommend that you do not use an L2 network to create multiple L3 networks if not for specific business needs.
      On the Select L2 Network page, two tabs are displayed:
      • Recommended: lists L2 networks in the current zone that are not attached to an L3 network.
      • All: lists all L2 networks in the current zone.
    • Network Range Method: Select IP Range.
    • Start IP:Set a start IP address for the network range, for example, 192.168.28.100.
    • End IP: Set an end IP address for the network range, for example, 192.168.28.200.
    • Netmask: Set a netmask for the network range, for example, 255.255.255.0.
    • Gateway: Set a gateway for the network range, for example, 192.168.28.1.
    • Note: When you add an IP range for an IPv4 L3 network, note that:
      • The IP range cannot contain gateway IP addresses in the format of xxx.xxx.xxx.1, broadcast addresses in the format of xxx.xxx.xxx.255, or network addresses in the format of xxx.xxx.xxx.0.
      • The IP range of a private network cannot overlap with the IP range of a public network used to create a vRouter offering or of a management network.
    Figure 6. Create L3-Management Network


  6. Admin adds a vRouter image.

    On the main menu of ZStack Cloud, choose Resource Center > Network Resource > vRouter > vRouter Image. On the vRouter Image page, click Add vRouter Image. Then, the Add vRouter Image page is displayed.

    Set the following parameters:
    • Name: Enter a name for the vRouter image.
    • Description: Optional. Enter a description for the vRouter image.
    • Image Usage: Specify what the vRouter image is used for. Here, select VPC vRouter.
    • CPU Architecture: Select a CPU architecture for the vRouter image. VPC vRouters created from the vRouter image inherit this CPU architecture.
    • Backup Storage: Select a backup storage to store the vRouter image.
    • Image Path: Enter a URL or upload a local file.
      • URL: Enter the download URL of the vRouter image.
        ZStack Cloud provides you with dedicated VPC vRouter images (KVM). You can download the latest vRouter images from the official website.
        • Software: ZStack-vRouter-4.8.0.qcow2
        • Download address: Click here
      • Local File: Upload a vRouter image file that can directly be accessed by the current browser.
        Note:
        • You can upload the vRouter image to an ImageStore or Ceph backup storage.
        • A local browser will serve as a transmission relay used for uploading the vRouter image. Do not refresh or stop the current browser, nor stop your management node. Otherwise, you will fail to add the vRouter image.
  7. Admin creates a vRouter offering and shares it to Sub-Account-A and Sub-Account-B.
    1. Create a vRouter offering.
      On the displayed page, set the following parameters:
      • Zone: By default, the current zone is displayed.
      • Name: Enter a name for the vRouter offering.
      • Description: Optional. Enter a description for the vRouter offering.
      • CPU: Set the number of CPU cores for a vRouter.
        Note: Currently, a vRouter can have up to 240 CPU cores. In an actual production environment, we recommend that you set more than 8 CPU cores for a vRouter.
      • Memory: Set the memory size for a vRouter. Unit: MB, GB, and TB. In an actual production environment, we recommend that the memory size greater than 8 GB.
      • Image: Select a vRouter image you added before.
        Note: If the L3 public network in the vRouter offering has a network range of the IPv6 type, when you create a VPC vRouter, you must use the vRouter image of version 3.10.0 or later.
      • Management Network: Select an L3 management network you created before.
        • A management network is used by the management node to deploy and configure resources such as hosts and VPC vRouters.
        • If a system network is used to manage physical resources, select the system network as the management network.
        • If you use a public network to manage physical resources, select the public network as the management network.
      • Public Network: Select a public network you created before.
        • vRouters created from this vRouter offering can provide VPC network services.
      Figure 7. Create vRouter Offering


    2. Share the vRouter offering to Sub-Account-A and Sub-Account-B.
      On the main menu of ZStack Cloud, choose Resource Center > Network Resource > vRouter > vRouter Offering. On the vRouter Offering page, locate the vRouter offering and click Actions > Set Sharing Mode. On the Set Sharing Mode dialogue box, select Share to specified projects/accounts and select Sub-Account-A and Sub-Account-B in Specify Account.
      Figure 8. Set Sharing Mode


  8. Admin creates a VXLAN pool, attaches it to the corresponding cluster, and shares it to Sub-Account-A and Sub-Account-B.
    1. Create a VXLAN pool.

      For VXLAN pool configuration information, see VXLAN Pool Configuration.

      On the main menu of ZStack Cloud, choose Resource Center > Network Resource > L2 Network Resources > VXLAN Pool. On the VXLAN Pool page, click Create VXLAN Pool. Then, the Create VXLAN Pool page is displayed. On the displayed page, set the following parameters:
      • Zone: By default, the current zone is displayed.
      • Name: Enter a name for the VXLAN pool.
      • Description: Optional. Enter a description for the VXLAN pool.
      • SDN Type: Select Software.
      • VNI Range: Enter the start ID and end ID of VXLAN networks.
        Note:
        • You can enter an ID that ranges from 1 to 16777214.
        • The end ID must be equal to or greater than the start ID.
        • The two VNI IDs 16777215 and 16777216 are reserved by the system of this cloud platform.
      • Cluster: Optional. Attach the VXLAN pool to a cluster.
        Note:
        • You can attach a VXLAN pool to a cluster when you create the VXLAN pool or after the VXLAN pool is created.
        • When you attach the VXLAN pool to a cluster, IP addresses of the compute nodes must be available in the cluster that correspond to the VTEP CIDR block.
      • VTEP CIDR: Enter the corresponding VTEP CIDR block.
      Figure 9. Create VXLAN Pool


    2. Share the VXLAN pool to Sub-Account-A and Sub-Account-B.

      On the main menu of ZStack Cloud, choose Resource Center > Network Resource > L2 Network Resources > VXLAN Pool. On the VXLAN Pool page, locate the VXLAN pool and click Actions > Set Sharing Mode. On the Set Sharing Mode dialogue box, select Share to specified projects/accounts and select Sub-Account-A and Sub-Account-B in Specify Account.

      Figure 10. Set Sharing Mode


  9. Create VPC vRouters from the vRouter offering using Sub-Account-A and Sub-Account-B respectively, for example, VPC vRouter-A and VPC vRouter-B.
    Log in to the Cloud using Sub-Account-A. On the main menu of ZStack Cloud, choose Resource Center > Network Resource > vRouter > VPC vRouter. On the VPC vRouter page, click Create VPC vRouter. Then, the Create VPC vRouter page is displayed. On the displayed page, set the following parameters:
    • Name: Enter a name for the VPC vRouter.
    • Description: Optional. Enter a description for the VPC vRouter.
    • vRouter Offering: Select a vRouter offering you created before.
    • Cluster: Optional. Specify a cluster for the host on which the VPC vRouter is to be started.
    • Storage Allocation Policy: Specify how the Cloud allocates a primary storage. The following two policies are supported:
      • System Allocation: The Cloud allocates a primary storage according to the preconfigured policy.
      • Custom: Select a primary storage as needed.
        • Primary Storage: Select a primary storage for the VPC vRouter.
    • Host: Optional. Select a host on which the VPC vRouter is started.
    • Default IPv4/IPv6 Address: Optional. Specify a default IP address for the VPC vRouter. If not specified, the Cloud allocates one automatically.
    • Assign Management Network IP: Optional. Assign a management network IP to the VPC vRouter.
      Note: To assign a management network IP, make sure that the management network used by the VPC vRouter is separated from the public network the VPC vRouter uses. If the VPC vRouter uses a same network both as its management network and public network, you cannot assign a management network IP.
    • DNS: Optional. Set the DNS service for the VPC vRouter. If not specified, 223.5.5.5 will be used.
      Note:
      • You can set an IPv4 DNS or IPv6 DNS as needed. For example, you can set the IPv4 DNS to 223.5.5.5 or IPv6 DNS to 240C::6644.
      • Services in the VPC vRouter can access the public network services via DNS. You can also specify the other DNS address if necessary.
      • For VM instances created by using a VPC network, the DNS is the gateway of the VPC network. The VM traffics are forwarded by a VPC vRouter.
    • CPU Pinning: Associate the virtual CPUs (vCPUs) of a VPC vRouter with host pCPUs stringently and allow you to allocate specific pCPUs for the VPC vRouter, thus improving VPC vRouter performances.
      Note:
      • Pinning Format
        • In the left input box, set a vCPU range. In the right input box, set a pCPU range. Range format: integer, hyphen(-), and caret (^). Use commas to separate them.
        • The vCPU range depends on the vRouter offering attached to the VPC vRouter.
        • The pCPU range depends on the pCPU quantity of the selected cluster or host.
      • Example: In the left input box, enter 1. In the right input box, enter 0-3,^2. This example indicates that vCPU 1 is stringently associated with pCPU 0, pCPU 1, and pCPU 3, while ^ represents that vCPU 2 is excluded.
    Figure 11. Create VPC vRouter-A


    Similarly, log in to the Cloud using Sub-Account-B and create another VPC vRouter.
  10. Create two VXLAN networks from the VXLAN pool using Sub-Account-A and Sub-Account-B respectively, for example, L2-VXLAN-A1, L2-VXLAN-A2, L2-VXLAN-B1, and L2-VXLAN-B2.
    On the main menu of ZStack Cloud, choose Resource Center > Network Resource > L2 Network Resources > L2 Network. On the L2 Network page, click Create L2 Network. Then, the Create L2 Network page is displayed. On the displayed page, set the following parameters:
    • Zone: By default, the current zone is displayed.
    • Name: Set the name as L2-VXLAN-A1.
    • Description: Optional. Enter a description for the L2 network.
    • Type: Select VxlanNetwork.
    • Network Acceleration Mode: You can use different technologies to improve network performance of the L2 network. In this scenario, select Standard.
    • VXLAN Pool: Select a VXLAN pool of the software SDN type.
    • VNI: Optional. Select a specified VNI in the VXLAN pool.

      If not specified, the Cloud allocates a VNI randomly.

    Figure 12. Create L2-VXLAN-A1


    Similarly, create L2-VXLAN-A2, L2-VXLAN-B1, and L2-VXLAN-B2 respectively.
  11. Create VPC networks using the four VXLAN networks in Sub-Account-A and Sub-Account-B respectively, for example, VPC-A1, VPC-A2, VPC-B1, and VPC-B2.

    For VPC network configuration information, see VPC-A1 Configuration.

    On the main menu of ZStack Cloud, choose Resource Center > Network Resource > L3 Network Resources > VPC Network. On the VPC Network page, click Create VPC Network. The Create VPC Network page is displayed. On the displayed page, set the following parameters:
    • Name: Set the name as VPC-A1.
    • Description: Optional. Enter a description for the VPC network.
    • L2 Network: Select the existing L2-VXLAN-A1.
      On the Select L2 Network page, two tabs are displayed:
      • Recommended: lists L2 networks in the current zone that are not attached to an L3 network.
      • All: lists all L2 networks in the current zone.
    • VPC vRouter: Optional. You can specify a VPC vRouter when you create a VPC network or attach a VPC vRouter after you create the VPC network.
    • Network Address Type: Select IPv4.
    • Network Range Method: Select CIDR.
    • CIDR: Set a CIDR block for the VPC network, for example, 192.168.108.1/24.
    • Gateway: Set a gateway for the VPC network, for example, 192.168.108.1.
      Note:
      • You can use the first or last IP address in the specified CIDR block as the gateway.
      • If left blank, the first IP address in the specified CIDR block is used as the gateway.
    • DHCP Service: Choose whether to enable the DHCP service.
      Note:
      • The DHCP service is a built-in distributed service of the Cloud, which assigns IP addresses only to resources in the Cloud and does not conflict with your existing DHCP server.
      • By default, the DHCP service is enabled so that IP addresses are automatically assigned to resources in the Cloud. You can customize a DHCP IP or use the DHCP IP that the system assigned according to the IP allocation policy.
      • If you disable this option, IP addresses are not automatically assigned to resources that use this network. Therefore, you need to manually assign IP addresses to these resources. In addition, you cannot specify a DHCP IP. Neither can the system allocate one.
      • IP Allocation Policy: Optional. After the DHCP service is enabled, IP addresses can be assigned according to the following three allocation policies:
        • Random: The system randomly assigns IP addresses from the network range.
        • Allocate in Order:
          • The system assigns all available IP addresses from the network range in ascending order. Released IP addresses are assigned in the next allocation.
          • Example: Assume that the network range is 192.168.0.101192.168.0.120, within which 192.168.0.101192.168.0.108 are allocated. If 192.168.0.106 is released, it will be assigned first in the next allocation.
        • Allocate in Cycle:
          • The system assigns available IP addresses to VM instances from the network range in ascending order. Released IP addresses are assigned when currently available IP addresses are used up.
          • Example: Assume that the network range is 192.168.0.101192.168.0.120, within which 192.168.0.101192.168.0.108 are allocated. If 192.168.0.106 is released, it will be assigned after 192.168.0.120 is used.
      • DHCP IP: Optional. Set an IP address for the DHCP server, for example, 192.168.21.2.
        Note:
        • A DHCP IP is an IP address used by the DHCP service to assign IP addresses to resources that use this L3 network.
        • If you create an L3 network for the first time with the DHCP service enabled, or if you add the first network range to an L3 network with the DHCP service enabled, you can customize the DHCP IP.
        • If the L3 network has a DHCP IP, you cannot customize the DHCP IP when you add a network range.
        • The DHCP IP can be in or outside the added IP range, but it must be an unoccupied IP address in the CIDR block of the added IP range
        • The IP range determined by the start IP and end IP cannot contain the link-local address 169.254.0.0/16.
        • If you select random as the IP allocation policy and this field is left blank, the system randomly assigns IP addresses from the added network range.
        • If you select allocate in order/allocate in cycle as the IP allocation policy and this field is left blank, the system uses the start IP address in the network range as the DHCP IP.
    • DNS: Optional.
    Figure 13. Create VPC-A1


    Similarly, create VPC-A2, VPC-B1, and VPC-B2 respectively.
  12. Create a VM instance in each sub-account using the corresponding VPC networks, for example, VM-A1, VM-A2, VM-B1, and VM-B2.

    As for how to create a VM instance, you can refer to the Create VM Instance chapter of the User Guide.

  13. Test the connectivity among VM instances.
    1. Log in to VM-A1 and use the ping command to test the network connectivity:
      Expected result:
      • ping baidu.com: Successful
      • ping VM-A2: Successful
      • ping VM-B1: Failed (Two VXLAN-VPC network are isolated in layer 2)
      • ping VM-B2: Failed (Two VXLAN-VPC network are isolated in layer 2)
      Note:
      In VM-A1 system, you need to manually add the IP addresses of other VM instances to the /etc/hosts directory.
      [root@Localhost~]# vim /etc/hosts ... 192.168.22.156 VM-A2 192.168.23.177 VM-B1 192.168.24.193 VM-B2 ...
      Figure 14. Test VM-A1 Network Connectivity


    2. Similarly, the network connectivity of VM-A2 is expected the be the same as that of VM-A1.
    3. Log in to VM-B1 and use the ping command to test the network connectivity.
      Expected result:
      • ping baidu.com: Successful
      • ping VM-A1: Failed (Two VXLAN-VPC network are isolated in layer 2)
      • ping VM-A2: Failed (Two VXLAN-VPC network are isolated in layer 2)
      • ping VM-B2: Successful
      Note:
      In VM-B1 system, you need to manually add the IP addresses of other VM instances to the /etc/hosts directory.
      [root@Localhost~]# vim /etc/hosts ... 192.168.21.250 VM-A1 192.168.22.156 VM-A2 192.168.24.193 VM-B2 ...
      Figure 15. Test VM-B2 Network Connectivity


    4. Similarly, the network connectivity of VM-B2 is expected the be the same as that of VM-B1.
  14. Admin shares the L3 public network to Sub-Account-A and Sub-Account-B.

    On the main menu of ZStack Cloud, choose Resource Center > Network Resource > L3 Network Resources > Public Network. On the Public Network page, locate the L3-Public Network and click Actions > Set Sharing Mode. On the Set Sharing Mode dialogue box, select Share to specified projects/accounts and select Sub-Account-A and Sub-Account-B in Specify Account.

    Figure 16. Set Sharing Mode


  15. Create a route table to enable VM-A1 and VM-B1 that are isolated in layer 2 can communicate with each other.
    1. Create a route table.

      On the main menu of ZStack Cloud, choose Resource Center > Network Service > Advanced Network Service > Route Table. On the Route Table page, click Create Route Table. Then, the Create Route Table page is displayed.

      On the displayed page, set the following parameters:
      • Name: Enter a name for the route table.
      • Description: Optional. Enter a description for the route table.
      • VPC vRouter: Optional. Select a VPC vRouter to which the route table is attached.
      Figure 17. Create Route Table


    2. Add two route entries to the route table.
      Table 9. Route Entry Configuration
      Destination Network Next Hop
      Route Entry-1 The VPC network CIDR of VM-A1 The public IP of the VPC vRouter of VM-A1
      Route Entry-2 The VPC network CIDR of VM-B1 The public IP of the VPC vRouter of VM-B1

      On the Route Table page, locate the created route table and enter its details page. On the Route Entry tab of the details page, click Add Route Entry to add two route entries respectively.

      Figure 18. Add Route Entry


  16. Test the connectivity between VM-A1 and VM-B1.
    Expected result:
    • Log in to VM-A1, ping VM-B1: Successful
    • Log in to VM-B1, ping VM-A2: Successful
    Figure 19. Test Connectivity Between VM-A1 and VM-B1




So far, we have introduced the deployment practice of multi-tenant isolation in VPC network.

Multi-Web Server

To deploy a multi-web server of VPC network, follow these steps:
  1. Create three VPC subnets from the same VPC vRouter, for example, VPC-Web, VPC-app, and VPC-database.
    Note: The network range of the three VPC subnets cannot overlap with one another.
  2. Create three VM instances using the three VPC subnets respectively, for example, VM-web, VM-app, and VM-database.
  3. Test the network connectivity among three VM instances.
Assume the customer environment is as follows:
  1. Public Network
    Table 1. Public Network Configuration
    Public Network Configuration
    NIC em01
    VLAN ID No VLAN
    IP Range 10.151.10.100~10.151.10.200
    Netmask 255.0.0.0
    Gateway 10.0.0.1
  2. Management Network
    Table 2. Management Network Configuration
    Management Network Configuration
    NIC em02
    VLAN ID No VLAN
    IP Range 192.168.28.100~192.168.28.200
    Netmask 255.255.255.0
    Gateway 192.168.28.1
    Note:
    • For security and stability reasons, we recommend that you deploy an independent management network and separate it from the public networks.
    • The management network we mentioned here is the same as that in ZStack Cloud. That is, the management network is the network used to manage hosts, primary storages, and backup storages. If a management network was created before, you can use it directly.
  3. VPC-web
    Table 3. VPC-web Configuration
    Private Network Configuration
    NIC em01
    VLAN ID 2017
    IP CIDR 192.168.10.0/24
  4. VPC-app
    Table 4. VPC-app Configuration
    Private Network Configuration
    NIC em01
    VLAN ID 2020
    IP CIDR 192.168.20.0/24
  5. VPC-database
    Table 5. VPC-database Configuration
    Private Network Configuration
    NIC em01
    VLAN ID 2050
    IP CIDR 192.168.50.0/24

The following part describes the practice of deploying a multi-web server of VPC network in detail.

  1. Create three VPC subnets from the same VPC vRouter, for example, VPC-Web, VPC-app, and VPC-database. For detailed information, you can refer to the Create VPC Network chapter of User Guide.
    Note: The network range of the three VPC subnets cannot overlap with one another.
    Figure 1. Three VPC Subnets


  2. Create three VM instances using the three VPC subnets respectively, for example, VM-web, VM-app, and VM-database.
    Figure 2. Three VM Instances


  3. Test the network connectivity among three VM instances.
    1. Log in to VM-web and use the ping command to test network connectivity.
      Expected result:
      • ping baidu.com: Successful
      • ping VM-app: Successful
      • ping VM-database: Successful
      Note:
      In VM-web system, you need to manually add the IP addresses of VM-app and VM-database to the /etc/hosts directory.
      [root@VM-web ~]# vim /etc/hosts ... 192.168.20.187 VM-app 192.168.50.141 VM-database ...
      Figure 3. Test VM-web Network Connectivity


    2. Log in to VM-app and use the ping command to test network connectivity.
      Expected result:
      • ping baidu.com: Successful
      • ping VM-web: Successful
      • ping VM-database: Successful
      Note:
      In VM-app system, you need to manually add the IP addresses of VM-web and VM-database to the /etc/hosts directory.
      [root@VM-app ~]# vim /etc/hosts ... 192.168.10.79 VM-web 192.168.50.141 VM-database ...
      Figure 4. Test VM-app Network Connectivity


    3. Log in to VM-database and use the ping command to test network connectivity.
      Expected result:
      • ping baidu.com: Successful
      • ping VM-app: Successful
      • ping VM-web: Successful
      Note:
      In VM-database system, you need to manually add the IP addresses of VM-app and VM-web to the /etc/hosts directory.
      [root@VM-database ~]# vim /etc/hosts ... 192.168.20.187 VM-app 192.168.10.79 VM-web ...
      Figure 5. Test VM-database Network Connectivity


So far, we have introduced the practice of deploying a multi-web server.












Products

Solutions

Help & Support

Contact Us

Site TermsPrivacy PolicyRules and Conventions on User Management

© 2023, Shanghai Yunzhou Information and Technology Ltd (云轴科技). All Rights Reserved.

Back to Top

Download

Already filled the basic info?Click here.

Enter at least 2 characters.
Invalid mobile number.
Enter at least 4 characters.
Invalid email address.
Wrong code. Try again. Send Code Resend Code (60s)

An email with a verification code will be sent to you. Make sure the address you provided is valid and correct.

同意 不同意

I have read and concur with the Site TermsPrivacy PolicyRules and Conventions on User Management of ZStack Cloud

Download

Not filled the basic info yet? Click here.

Invalid email address or mobile number.
同意 不同意

I have read and concur with the Site TermsPrivacy PolicyRules and Conventions on User Management of ZStack Cloud

Email Us

contact@zstack.io
ZStack Training and Certification
Enter at least 2 characters.
Invalid mobile number.
Enter at least 4 characters.
Invalid email address.
Wrong code. Try again. Send Code Resend Code (60s)

同意 不同意

I have read and concur with the Site TermsPrivacy PolicyRules and Conventions on User Management of ZStack Cloud

Email Us

contact@zstack.io
Request Trial
Enter at least 2 characters.
Invalid mobile number.
Enter at least 4 characters.
Invalid email address.
Wrong code. Try again. Send Code Resend Code (60s)

同意 不同意

I have read and concur with the Site TermsPrivacy PolicyRules and Conventions on User Management of ZStack Cloud

Email Us

contact@zstack.io

The download link is sent to your email address.

If you don't see it, check your spam folder, subscription folder, or AD folder. After receiving the email, click the URL to download the documentation.

The download link is sent to your email address.

If you don't see it, check your spam folder, subscription folder, or AD folder.
Or click on the URL below. (For Internet Explorer, right-click the URL and save it.)

Thank you for using ZStack products and services.

Submit successfully.

We'll connect soon.

Thank you for using ZStack products and services.