Flexiant Cloud Orchestrator supports both Public Virtual IP (PVIP) and Virtual Local Area Network (VLAN) based networking modes. These are detailed below. Flexiant Cloud Orchestrator also supports both 802.1q & 802.1q-in-q/802.1af VLAN modes, as well as emulated technologies such as VMware's distributed switch.
Public Virtual IP Mode
Public IP Mode enables individual Virtual Machines and individual Virtual Network Interface Cards (vNICs) to have secure Layer 3 connectivity to the internet. This, however, requires a more complex network setup by the Licensee initially. Each server with a Public Virtual IP address is provided a secure routed IP address (in fact it is provided with a /32 IPv4 address and a /64 IPv6 prefix). The server and its virtual router appear as the only devices on a switched virtual LAN segment, and traffic to all other servers is routed at layer 3.
Note: A vNIC is a virtual network interface presented to a virtual machine as if it was a proper physical interface.
Public VLANs are individual Layer 2 Connections allocated to an individual customer. Such VLANs may be implemented using actual VLANs (meaning VLANs configured on the physical switches themselves) as 802.1q or 802.1q-in-q/802.1af VLANs, or they may be emulated using technologies like VMware's Distributed vSwitch. A customer can have one or more VLANs per Virtual Data Centre (VDC). They provide a publically routable connection to the internet. Any data transfer (even between servers on the VLAN) is counted towards the charge (if you are set up to charge for bandwidth/data transfer) as it is impossible to distinguish between internal and external data transfer.
IPv4 Allocation in Public VLAN Mode
In Public VLAN Mode as standard customers are allocated a configurable range of IP Addresses, and then automatically allocated further ranges as they are used up via the UI. There is an API call to request an additional subnet if required.
IPv6 Allocation in Public VLAN Mode
In Public VLAN Mode (as standard) a customer is allocated a /64 (18,446,744,073,709,551,616 addresses) per VLAN with three reserved for internal use. Due to the large volume of addresses, this will be the only IPv6 Subnet they ever need, therefore the system is designed to only give one of these out per VLAN. A standard /48 allocation from the relevant LIR will thus allow 65536 /64 ranges to be allocated, although obviously a larger range can be requested from the LIR if required.
Each time a server is created, an IPv6 address is automatically allocated to it. The system does not currently support adding additional IPv6 addresses as aliases on existing network interfaces.
Private VLANs are Individual layer 2 connections allocated to individual customers. Such VLANs may be implemented using actual VLANs (meaning VLANs configured on the physical switches themselves) as 802.1q or 802.1q-in-q/802.1af VLANs, or they may be emulated, using technologies like VMware's Distributed vSwitch. A customer can have one or more VLANs per Virtual Data Centre (VDC). They provide a private, non-internet routable connection upon which customers can use whatever IP configuration they require; indeed protocols other than IP will work. Data transfer between machines on a private VLAN is not charged for as standard.
Quite often a customer will use a combination of public and private VLANs with a Virtual Machine acting as a gateway between them, or a tunnel endpoint.
Interworking VLANs are VLANs that have been integrated into the platform from the external network. Essentially, they are a variant of Private VLANs in which physical machines can participate as well as virtual machines. This allows the Licensee to integrate both physical and virtual machines on the same VLAN, whilst leaving control with the end customer to start, stop, create or delete virtual machines as required.
They can also be used to connect external hardware devices into a virtual machine network, such as hardware firewalls or load balancers. If you are using an Interworking VLAN, the bandwidth monitoring in Flexiant Cloud Orchestrator's metering and charging system is disabled as they are not routed through the relevant parts of the Flexiant Cloud Orchestrator network.
Flexiant Cloud Orchestrator offers an integrated firewall service that runs at the router level of the platform in VLAN mode, or at the node level in PVIP mode, enabling secure firewalling to be done outside the virtual machine.