Using the CLOUDSTACK VPC feature

each guest network in the Cloudstack typically corresponds to a virtual router (vRouter), which is created when the first VM joins the network, and the virtual router is implemented by a VM. Just the creation of it is done by Cloudstack itself. A VPC can be seen as a container for isolated networks (Isolated network), where each isolated network is a layer (tier) in a container, and a VPC container contains a virtual router that communicates through a virtual router, or through the NAT function of a virtual router and the extranet. This article assumes that an available resource domain (Zone) has been set up to use some simple steps of VPC functionality on this basis.

First look at the network view, the guest network and VPC network are not content, as follows:

Click on "Add VPC" to add a vpc named "VPC", Super CIDR "10.10.0.0/16", the interface is as follows:

After successful creation, the VPC list is as follows:

Click on "Configure" to go to the VPC Configuration interface:

Click on the "Create Network" box, the "Add New Layer" interface, where you add a layer called "Web", network information such as:

Add the app and DB layer in the same way, and add a complete interface such as:

Now that the virtual router is connected to the 3 tiers, go to the virtual router interface to view its details, such as:

See the public IP, guest IP, and link local IP. We have added 3 layers, where only one layer of IP is displayed, either by clicking on the "NIC" list on the right, or by executing the commands in XenServer as in the virtual router:

Ifconfig look at the IP of the virtual router, you can see "10.10.10.1", "10.10.20.1", "10.10.30.1", respectively, 3 layers of Gateway IP:

At this point go to the network view, look at the guest network, see more than 3 isolated type of network, each network corresponding to just add a layer:

Create a VM instance in each layer, with the results such as:

3 VMs are assigned to the IP of their respective network segment, at which point they can communicate through the virtual router, but cannot communicate with the external network. In response to this 3-tier architecture, we typically need the Web layer to communicate with the extranet, so here we do NAT to the Web virtual machine in the virtual router.

The Web layer interface has a "STATIC NATS" box, click it to go to the following interface, click "Get New IP":

After acquiring the new public IP, go back to the virtual router public IP interface, as follows:

Just get the new IP is "10.86.11.213", put the mouse on the right side of the quick view of the "+" flag, the lower left side of the bottom of the "Enable static Nat" button, click the button to go to the following interface:

Select a VM called Web layer name "Web", then click "OK" to complete the NAT map operation, the VPC interface view becomes as shown, you can see that the number of "STATIC NATS" in the Web layer becomes 1:

At this time the command "Iptables-t NAT-NVL" is executed in the virtual router system and the following results can be seen:

The IP address of the Web virtual machine is "10.10.10.11" and you can see that both prerouting and postrouting are mapped correctly. Open the console of the Web virtual machine to view its IP, such as:

Ping the network IP "8.8.8.8" respectively, the app virtual machine IP "10.10.20.11", DB virtual machine IP "10.10.30.11", are unimpeded, such as:

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Using the CLOUDSTACK VPC feature