Exploring Apache CloudStack

Stack Check

Networking

The glue that brings all of the building blocks together is the network layer. CloudStack has two principal models for Networking, referred to as Basic and Advanced.

Basic networking is very similar to the model used by AWS, and it can be deployed in three slightly different ways, with each adding to the features of the previous. Security Groups, which use Layer 3 IP address filtering, isolate VMs from one another. A Citrix NetScaler provides public IP and load balancing functionality.

You can scale the zone horizontally by simply adding more PODs, consisting of a clusters of hosts and their associated top-of-rack switching and primary storage.

The Advanced networking model brings a raft of features that place power into the hands of the end users. VLANs are the standard method of isolation but Software-Defined Networking (SDN) offerings from Nicira, Big Switch, and soon Midokura bring the possibility of massive scale by overcoming any VLAN limitations.

CloudStack makes excellent use of system virtual machines to provide control and automation of storage and networking. One such system VM is the CloudStack virtual router. The key difference between Advanced and Basic networking is that, in the Advanced mode, users can create CloudStack guest networks, with each network having a dedicated virtual router. A virtual router provides DNS and DHCP, firewall, client IPsec VPN, load balancing, source/static NAT, and port forwarding, and all of these features are configurable by end users through either the GUI (Figure 3) or the CloudStack API.

Figure 3: Virtual router configuration options.

When a user creates a new guest network, then deploys Guest VMs onto that network, the VMs are attached to a dedicated L2 broadcast domain, isolated by VLANS, and fronted by a virtual router. The user has full control of all traffic entering and leaving the network, with a direct connection to the public Internet.

Firewall and port forwarding rules enable the mapping of live IPs to any number of Internal VMs. Load balancing functionality with round-robin, least connections, and source-based algorithms, along with source-based, App Cookie or LB cookie stickiness policies are available out of the box.

Another powerful feature of the Advanced network model is the Virtual Private Cloud (VPC). A VPC enables the user to create a multi-tiered network configuration, placing VMs within their own VLAN. ACLs let users control the flow of traffic between each network tier and also the Internet. A typical VPC might contain three network tiers (Web, App, and DB), with only the Web tier having Internet access.

VPCs also provide additional features, such as Site-2-Site VPN, enabling a persistent connection with infrastructure running in alternate locations. A VPC private gateway is a feature that cloud admins can leverage to provide a second gateway out of the VPC virtual router.

CloudStack optimizes the underlying network architecture within a data center by enabling the Cloud admins to split up the various types of network traffic and map them to different sets of bonded NICs within each compute host.

CloudStack supports four types of physical network, and you can configure them to use a single NIC or multiple bonds, depending on how many NICs are available in the host server. (See the box titled "Network Types.")

Network Types

CloudStack supports the following types of physical networks:

  • Management: Used by the CloudStack management servers and various other components within the system, sometimes referred to as the orchestration network.
  • Guest: Used by all guest VMs when communicating with other guest VMs or gateway devices, such as virtual routers, Juniper SRX firewalls, F5 load balancers, and so on. The Advanced network configuration lets you create multiple guest networks, allowing you to assign a specific NIC to a particular user or function.
  • Public: In an Advanced network configuration, the public network connects the virtual routers to the public Internet. In Basic network mode, the public network only exists when a Citrix NetScaler is used to provide elastic IP and elastic LB services.
  • Storage: Used by the special secondary storage system VM and host server when connecting to secondary storage devices, the storage network enables the optimization of traffic used for deploying new VMs from templates and for handling snapshot traffic in particular – which can become network intensive – without negatively affecting the guest and management traffic.

Network Service Providers

In addition to the virtual router and VPC virtual router, CloudStack can also leverage the power of real hardware, bringing even more functionality and greater scale. Currently supported devices are Citrix NetScaler, F5 Big-IP, and Juniper SRX, but with many more on the way.

Once a device has been integrated by Cloud Admins, the users have control of the features via the standard GUI or API. For example, if a Juniper SRX is deployed, when a user configures a firewall rule within the CloudStack UI, CloudStack uses the Juniper API to apply that configuration on the physical SRX.

When a Citrix NetScaler is deployed, in addition to load balancing, NAT, and port forwarding, it also enables AutoScaling. AutoScaling is a method for monitoring the performance of your existing Guest VMs and then automatically deploying new VMs as the load increases. After the load has dropped off, the extra VMs can be destroyed, bringing your usage and costs back down to a base level. This level of flexibility and scalability is a key driving force in the adoption of cloud computing.

Management

CloudStack is quite easy to set up and administer thanks to its great graphical user interface, API, and CLI tools such as CloudMonkey. A wizard takes you through the configuration and deployment of your first zone, networking, POD, cluster, host, and storage, meaning you can be up and running within a matter of hours.

A simple Role-Based Access Control (RBAC) system presents different levels of users with the features to which they are entitled, and the standard allocations can be fine tuned as required. The authentication can also be passed off to LDAP, enabling integration with enterprise systems, including OpenLDAP and MS Active Directory.

Admins set up new user accounts, which are grouped together into domains, allowing a hierarchical structure. By grouping users into domains, Admins can make certain subsets of the infrastructure available to a particular group of users.

A set of system parameters called global settings allows admins to control all of the features and set up controls such as limits, SMTP alerts, and a host of other settings.

Service offerings enable Admins to set up the parameters that control the end-user environment, such as the number of vCPUs, RAM, network bandwidth, and preferred hardware.

Admins have full control over the infrastructure and can initiate the live migration of any VM between hosts in the same cluster. You can migrate stopped VMs across different clusters by moving their associated volumes to different storage. Storage devices and hosts can be taken offline for maintenance and upgrades, and admins can steer VMs to a particular set of hosts using either the API or tags.

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • CloudStack Up Close
    All the great open source cloud solutions have similar goals, but they all have different histories, different communities, and some subtly different areas of emphasis. We asked CloudStack VP Chip Childers about how Apache CloudStack fits in.
  • CloudStack's Chip Childers

    CloudStack is a versatile cloud alternative that runs in data centers around the world but never seems to get as much press as the ever-popular OpenStack. We talked with CloudStack VP Chip Childers on the state of the CloudStack project and the road into the cloud.

  • Open source cloud technologies at a glance
    With the promotion of CloudStack to an Apache top-level project in March, four open source solutions are now in the race to conquer the cloud, the other contenders being OpenNebula, Eucalyptus, and OpenStack. The projects have a number of similarities.
  • Automated OpenStack instance configuration with cloud-init and metadata service
    Today's OpenStack has become a mature product with automated asset configuration tools, including cloud-init, a powerful script that saves time by automatically configuring a large number of virtual servers in the cloud.
  • Dispatches from the world of IT
comments powered by Disqus