I have a question regarding Eucalyptus networking. We have been virtualizing in our lab for some time now. We currently segregate OS installations across four different subnets (Netware, Linux, Windows and dynamic) on the live lab network. We vlan all four subnets to a nic on each hypervisor and use tagging to appropriately distribute each vm to its assigned network. This process involves the assignment of a fixed ip address to each vm and either a manual or template build of a system and some follow-up configuration. We want to automate this process. In reading over the network section of Eucalyptus' admin guide, it seems pretty clear that we could successfully do this with one vlan, but how would we go about setting up four vlans? We are currently testing this with XEN which is set up to address all four existing vlans and realize we would probably have to do this in subnets designated specifically for this purpose. I'm probably not being clear enough as I am trying to keep this clear. Thanks.
Hello,
if what you are looking for is VM isolation (look into our networking guide for definition of it), then both MANAGED and MANAGED-NOVLAN mode will have it. The isolation will guaranteed at layer 2 or 3 on a per security group basis. Which means that users will be creating the firewall rules.
In your case, it seem that you could either use MANAGED mode, ensure that your network is vlan clean, and use the security groups to enforce whatever isolation you want. Or you can use MANAGED-NOVLAN, ignore the VLANs setting you have, and use VM isolation based on different instance subnets. In either cases Eucalyptus will take care of the networking. In short, at the moment you cannot instruct Eucalyptus to associate certain vlan with certain security group: either you let Eucalyptus do it (you have a vlan-clean network) or you use MANAGED_NOVLAN.
cheers
graziano