HOWTO create a network in CloudStack without a Virtual Router

10 March 2012 — 16 Comments

Networking in CloudStack 3.0 is awesome; the Virtual Router provides many cool features like LoadBalancing, PortForwarding, (s)NAT, DHCP, VPN and so on. When a new network is created and being used, a Virtual Router is automatically launched to support these features. Since the Virtual Router is a Single Point of Failure, you should turn on the HA (High Available) option; which actually addes a 2nd Virtual Router on each network. While this is pretty cool, it makes the number of System VM’s go up and when you don’t need them it’s kind of wasting resources.

For example, when I was creating a network for the web servers to talk privately to the database, I didn’t need a Virtual Router. All I want is them to be able to do networking to each other and that is all. When using the default settings, a Virtual Router is launched anyway.

So how to tell CloudStack you don’t need a Virtual Router? Well, this is done through Service Offerings. You find this option on the menu at the left, it’s the last option. Select Network Offerings and a list is displayed.


Click Add Network Offering at the right and fill in the form. When you do not select any service, you’ll create a Network Offering for which CloudStack does not spin off Virtual Routers.

Now, when you create a new Guest Network, make sure to select the Network Offering you just created. This will make sure your new Guest network will have no Virtual Router launched when in use 🙂

Update: I’ve written another blog with more details on how to use this network. Also have a look at the comments in both blogs for some examples and idea’s. Feel free to ask me any questions you have below!

16 responses to HOWTO create a network in CloudStack without a Virtual Router

  1. 

    It’s possible to add a network without router and public traffic ?

    • 

      Yes, that is possible. When you create a network as I describe above, you’ll have a network (vlan based) with no services. In fact, to allow public traffic you’ll have to add a router service. Just don’t add a router if you want a private network.

      Where I work we use both private and public networks in CloudStack. Please let me know if you need any more help.

      (resent this response since it got lost)

  2. 

    You can do this with a custom script leveraging the API too.

  3. 

    your solution doesn’t work for me. I tried this on Cloudstack 3.0.2 and am able to create and enable such virtual router but it isn’t available for selection, when I’m creating new instance… I filled in all the fields but the services (like you suggested, I didn’t select any), and I also left the “tag” window blank. The only other difference I noticed between dialog I got and the one you posted screenshot of, is, that I don’t have “Traffic type” field in the create network offering dialogue.

    Any advice would be appreciated

    Regards,

    Jernej

    • 

      Hi Jenej,

      Thanks for your comment! I’ve had a look in the source code, and that only seems displays networks that have certain services. Since these are provided by the Virtual Router and we intended to create a network without a Virtual Router, our network is not displayed. I’m using the API to create new VM’s (which works) so haven’t run into this. Creating a network without a Virtual Router is currently not something that is supported by CloudStack and that’s probably why the web interface cannot handle it.

      The good news, though, is that using the API isn’t that hard. The command you need to use is ‘deployVirtualMachine()’; the manual is here.. A good way to start is to have a look at Jason Hancock’s PHP code.

      What do you want to accomplish with CloudStack?

      Good luck!

      • 

        Thank you very much for your post! Is very useful.

        Please, can you show an example of the API calls to deploy a new VM without VR?

        Thxs,
        Jorge

      • 

        Hi Jorge,

        Thanks for your message. To use the API, you should choose a class that does a lot of the signatures and signing for you. I’m using Jason’s PHP code, as mentioned above but other languages are available as well. Have a a look at it, because you will need it to use the example below. I will show you an example API call in PHP:

        // supply all arguments in an array. I'm only showing the network parameter here, you should supply all of them.
        $api_arguments = array(
        	..
        	// this is the network you created without virtual router. You need its uuid (or uuid's if you have more than one).
        	'networkids' => $uuid_of_network_you_created
        	..
        );
        
        // then init the class
        $cloudstack = new CloudStackClient($api_url, $api_key, $api_secret_key);
        
        // and fire the api command
        $cloudstack->deployVirtualMachine($api_arguments);
        

        That’s pretty much it!
        Have a look at the API documentation to see what exact parameters you should send in the $api_arguments array.

        Good luck and let me know if it worked for you too!

  4. 

    Hey Remi. Thanks for the feedback. I find it highly unusual that Cloudstack wont display networking options without virtual routers. I suspect many people (who intend to deploy a public cloud) want direct assignment of public and private IPs to their VMs and dont want to hassle with deploying them through the API. We do intend to use the API, but have some manual servers we want to spin up that allows us to take advantage of a public and private interface. Are you aware of a way to hack the system to allow me to create a guest network bound to a network offering that is virtual router-less.

    Right now public, private and storage networks are on separate ethernet interfaces, which are on separate managed switches. The traffic will never interact on the same interface or switch. This strikes me as something easy for Cloudstack to handle. Am I required to deploy a virtual router?

    • 

      The CloudStack model looks like AWS: private ip’s with public ones mapped to them (optional) through the virtual router(s). It’s probably done because that makes it a lot easier to setup for most people.

      The virtual router supplies many networking services, like DHCP, routing, loadbalancing and so on. If you want a setup without a virtual router, you’ve to replace it with something else to make everything work.

      I’ve been hacking with this for several months and came up with a way to replace the virtual routers with Linux machines. You can find that blogpost here. I hope it will give you some idea’s of what is possible.

      Let me know if you have any questions!

  5. 

    Hey Remi, thanks for the interesting post!!

    I have a question about deploying the VM with no VR.
    DHCP server for VM is one of the main features of VR and normaly, you may need some kind of way to provide IPs to VM.

    How do I set IPs to VM without using VR running?

    • 

      Hi George, I use an existing DHCP server on the network for this. It can be a physical server or a VM. All you need to do is make sure the new VM can reach the DHCP server. When you replace the Virtual Router with a Linux Router (see other blog) you can also run DHCP on this Linux router. Good luck!

  6. 
    someonewhowannatoss*stackintothebin 23 May 2013 at 10:20

    stupid question,
    any idea if its possibel to get let it run on dedicaded servers?

    problem is on dedi server you dont have access to any switch,vlans or whatsoever, you
    get
    1 nic
    1ip with a pointopoint to the gateway (i dont think you can even configure that in cloudstack)
    maybe additional ips but they are a challenge within

    i got a setup where i connecot each host with vpn to each other
    so ife public ip on eth0, private network within the hosts by vpn, and a bridge with another private network for the vms

    of course bridge is in routing so vms can communicate to each other across all hosts (if i let em by firewalling)

    vm talk to the internet by nat, i know its very static, but this way i can also iuse each hosts as an transparent firewall, so i dont have nessesarly configure firewalls on each vm
    which reduces the complexity a bit

    any idea how todo that with cloudstack?

    btw i rather not letting cloudsatck configure my network, nor my firewalls, they are pretty complex which branching and tagging and so on, so i would like to stick with firewallbuilder for the time beeing

Trackbacks and Pingbacks:

  1. Going beyond CloudStack Advanced Networking: How I replaced the Virtual Router with my own physical Linux router | Remi Bergsma's blog - August 30, 2012

    […] in March I wrote a blog on how to create a network without a Virtual Router.  I received a lot of questions about it. It’s also a question that pops up now and then on […]

  2. 我怎样把 Cloudstack 中的虚拟路由器换成物理的 Linux 路由器 | Remi Bergsma’s blog | XFOSS.COM - September 5, 2012

    […] blog 发布于 2012 年 9 月 5 日 作者是 laxers Back in March I wrote a blog on how to create a network without a Virtual Router.  I received a lot of questions about it. It’s also a question that pops up now and then on the […]

  3. CloudStack 中使用linux server 替换VRouter | Here is davidstack. - July 8, 2014

    […] in March I wrote a blog on how to create a network without a Virtual Router.  I received a lot of questions about it. It’s also a question that pops up now and then on […]

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s