L3 Network
An L3 network is a collection of network configurations for VM
instances, including the network range, gateway, DNS, and network services.
- A network range includes an IP range (start IP and end IP), netmask, and gateway. For example, you can specify the IP range from 172.20.12.2 to 172.20.12.255, set the netmask to 255.255.0.0, and set the gateway to 172.20.0.1. In addition, you can use a CIDR to specify a network range, such as 192.168.1.0/24.
- DNS provides DNS resolution services used for configuring VM networks.
Concepts
- Public network: Generally, a public network is a logical network that is
connected to the Internet. However, in an environment that has no access to the
Internet, you can also create a public network.
- A public network can be used in the flat network environment to create VM instances.
- A public network can be used in the VPC network environment to create VM instances that work with public networks.
- Flat network: A flat network is connected to the network where the host
is located and has direct access to the Internet. VM instances in a flat network can
access public networks by using elastic IP addresses.
- A flat network supports multiple network services, including DHCP, EIP, security group, and User Data.
- The network services provided by a flat network use the distributed DHCP and the distributed EIP structure.
- The DHCP service provided by a flat network also includes the DNS feature.
- VPC network: A VPC network is a private network where VM instances can
be created. A VM instance in a VPC network can access the Internet through a VPC
vRouter.
- A VPC network provides the following network services by using a VPC vRouter: DHCP, DNS, SNAT, route table, security group, EIP, port forwarding, load balancing, IPsec tunnel, dynamic routing, multicast routing, VPC firewall, and netflow.
- You can specify a vRouter when you create a VPC network. You can also attach a vRouter after you create a VPC network.
- If a VPC network is used by a VM instance, you could not detach the VPC network from the associated VPC vRouter.
- The newly created network range cannot overlap with that in the VPC vRouter.
- Dedicated network:
- Management network: A management network is used to manage physical resources
in the Cloud. For example, you can create a management network to manage access to
hosts, primary storages, backup storages, and VPC vRouters.
Note: When you create a VPC vRouter, you need an IP address
that can be interconnected between the management nodes of the
VPC vRouter. With this IP address, you can deploy an agent and
obtain messages returned by the agent. - Flow network: A flow network is a dedicated network for port mirror transmission. You can use a flow network to transmit the mirrors of data packets of NIC ports to the target ports. A flow network cannot be used for other purposes, such as creating VM instances.
- Management network: A management network is used to manage physical resources
in the Cloud. For example, you can create a management network to manage access to
hosts, primary storages, backup storages, and VPC vRouters.
- Specific network scenarios:
- Storage network: A storage network is the network specified by the shared storage. You can use a storage network to check the health state of a VM instance. We recommend that you plan for an independent storage network in advance to avoid potential risks.
- VDI network: When you create a cluster, you can specify CIDR for the VDI network in the cluster. In the VDI scenario, the network traffics generated by the protocol communication between the server side and client side use the VDI network. If you do not make any configuration to the VDI network, notice that the management network will be used by default.
- Migration network: When you create a cluster, you can specify CIDR for the migration network in the cluster. The migration network is used to migrate VM instances in the Cloud. If you do not make any configuration to the migration network, notice that the management network will be used for VM migrations.
- Image synchronization network: An image synchronization network is
used to synchronize images among ImageStore backup storages in the
same management node.
- If you deployed an independent network for synchronizing images, you can specify CIDR for the image synchronization network when you add an ImageStore backup storage.
- If you do not make any configuration to the image synchronization network, notice that the management network will be used by default.
- If you set an image synchronization network for both the source ImageStore backup storage and target one, only the image synchronization network in the target ImageStore backup storage takes effect.
- Data network: A data network is the network where data can transfer
between a compute node and a backup storage.
- Using an independent data network can avoid network congestion and improve the data transfer rate.
- If you do not make any configuration to the data network, notice that the management network will be used by default.
- Backup network: ZStack Cloud provides the
backup service, which is an add-on licensed feature. A backup
network is the network where you can back up your local VM data,
volume data, and databases to the local backup storage. Also, you
can restore the local backup data from the local backup storage by
using the backup network.
- If you deploy an independent network for local backups, you can specify CIDR for the backup network when you add a local backup server.
- Using an independent backup network can avoid network congestion and improve the data transfer rate.
- If you do not make any configuration to the backup network, notice that the management network will be used for local backup by default.
Note:
The Backup Service is provided in a separate module. To use this feature, purchase both the Base License and the Plus License of Backup Service. Note that a Base License is required before you can install a Plus License.
Considerations
- When you create a VM instance, you can specify multiple networks. That is, you can specify multiple flat networks, VPC networks, or a combination of flat networks and VPC networks.
- The Cloud supports multi-layer networks. In addition, the L2 networks of multi-layer networks can intercommunicate. Therefore, you need to pay a special attention to avoid the conflict of IP address spaces.
- You can create multiple L3 networks by using an L2 network. If the L2 network is the HarewareVxlanNetwork type, the private network created from this L2 network supports only the flat network and the corresponding network services.