Cloudstack VPC is a private and isolated part of cloudstack. It can have its own virtual network topology that resembles a traditional physical network.
In a VPC you can launch Virtual Machines with private IP addresses in a subnet range of your choice e.g 192.168.10.0/24, 172.26.20.0/16 e.t.c
You can also define network tiers within your VPC network range, which enables you to group similar kinds of instances in the same network range.
Components of a VPC
- VPC – Acts as a container for multiple isolated networks that can communicate with each other via its virtual router.
- Network tiers – Each tier acts as an isolated network with its own Vlans and CIDR list, where you can place groups of resources such as VMs. The tiers are segmented by means of VLANS. The nic on each tier acts as its gateway.
- Virtual Router – Its automatically created and started when you create a VPC. It connects the tiers and directs traffic among the public gateways, VPN gateways and NAT instances. For each tier, a corresponding nic and ip exist in the virtual router.
- Public Gateway – Traffic to and from the internet is routed to the VPC through the public gateway.
- Private Gateway – All traffic to and from the private network are routed to the VPC through the private gateway.
- VPN gateway – The VPC side of a vpn connection.
- Site-to-site vpn connection– A hardware based vpn connection btw your VPC and your datacenter, home network or co-location facility. Supported endpoints are Cisco ISR and Juniper J-Series
- NAT Instance – An instance that provides Port Address Translation for instances to access the internet via public gateway.
- A VPC can only be created in an advanced zone
- A tier belongs to only one VPC
- All network tiers within a VPC should belong to the same account
- When a VPC is created, by default, a SourceNAT IP is allocated to it. The Source NAT IP is released only when the VPC is removed.
- A public IP can be used for only one purpose at a time. If the IP is a sourceNAT, it cannot be used for StaticNAT or port forwarding.
- The instances only have a private IP address that you provision. To communicate with the Internet, enable NAT to an instance that you launch in your VPC.
- Only new networks can be added to a VPC. The maximum number of networks per VPC is limited by the value you specify in the vpc.max.networks parameter. The default value is three.
- The load balancing service can be supported by only one tier inside the VPC.
- Remote access VPN is not supported in VPC networks
Now that we know what a VPC is, next we’ll look at how to create and use a VPC