Networking Architecture Overview

Owned by Apostolos Karakaxas
Last updated: Jul 17, 2020 by Panagiotis Papanastasiou
3 min read

There are three (3) distinct network pools for IaaS provisioning: VM External Network, VM Private Network and VM Management network.

  • VM External Network IPs are assigned to PFSense WAN interface: One IP is considered the primary WAN IP and the rest are declared as virtual IPs)
  • VM Private Network IPs are assigned to customer VMs and to PFSense LAN interface: One Private IP is assigned to PFSense LAN interface and acts as a gateway for all underlying customer VMs. For each VM private IP, a NAT rule is added to the PFSense configuration so that it will be translated to a public IP address (virtual IP in PFSense) and an access rule is also added to permit outgoing traffic originating from that VM towards internet (through PFSense). Private IPs are automatically generated by the Service Manager based on specific settings you choose during configuration of the Service Manager settings.
  • VM Management Network IPs are assigned to PFSense Management interface: Customers do not have access to that network, it can only be used for administrative purposes as well as intercommunication between Cloud OSS Service Manager and Orchestration Servers.


For each one of those network pools you can define a VLAN assignment policy in Service Manager configuration settings. Cloud OSS Service Manager for IaaS (code name CloudWorks) currently offers three (3) different configuration settings for the networks of the service:

Auto

In this configuration, you define the VLANs that will be made available to all network pools (External, Private, Management) and also define raw IP ranges for each network pool. The Service Manager will automatically assign during provisioning an available IP from each network pool and assign it to an available VLAN. Each customer will be assigned a unique VLAN, so all customer VMs will reside in the same VLAN, isolated from other customer VMs.

Custom

In this configuration, you define the VLANs that will be made available to all network pools (External, Private, Management) and define raw IP ranges for each network pool, but you also assign those IP ranges to specific VLANs from the beginning. The Service Manager will automatically assign during provisioning an available IP from each network pool. The same principle applies here as above, that is, each customer will be assigned a unique VLAN, so all customer VMs will reside in the same VLAN, isolated from other customer VMs.

Fixed

In this configuration you define the VLANs that will be made available to all network pools (External, Private, Management) and define raw IP ranges for each network pool, but you also assign those IP ranges to specific VLANs from the beginning. In Service Manager configuration settings you define one specific VLAN for the network pool. The Service Manager will automatically assign an available IP address from that specific VLAN. This scenario does not provide isolation as all customer VMs will reside in the same VLAN.