Table of Contents |
---|
Vpc creation
Amazon
createVpc
Unlike cloudStack, Amazon has separate command for setting up the networkDomain for the VPC - CreateDhcpOptions. Following parameters can be set as a part of it:
...
describeVPC/deleteVpc are pretty much the same.
VPN gateway:
Amazon:
...
attachVpnGateway - attaches vpn gateway to the VPC
CloudStack:
createVpnGateway - combines Amazon createVpnGateway + attachVpnGateway. The gateway is created for the particular VPC from the very beginning and can't be detached.
...
Amazon doesn't have equivalent for this command
The main difference - in Amazon, each network in VPC has its own route table; in cloudStack route table is shared across networks, and can be applied either to all of them or none.
Amazon:
createRouteTable - creates route table for VPC.
AssociateRouteTable - associates route table to network
...
cloudStack:
createStaticRoute
Once static route is created, it's available for all networks in the VPC.
...
If customer wants to remove some associations, he can do it with AssociateRouteTable after the ugprade is done.
Amazon:
createNetworkACL - creates network ACL for VPC and adds default ingress (deny all) and egress network acl entry (deny all) to it. NetworkACL acts like a container for networkACLEntries - actual firewall rules.
createNetworkACLEntry - creates new network ACL entry in the network ACL
replaceNetworkACLEntry - replaces network ACL entry with the given priority
By default, each new network gets associated with default networkACL. To change network->ACL association, following API is used:
...
In cloudStack each networkACL entry is tight to the network.
createNetworkACL - equivalent to addNetworkACLEntry; ruleAction and rule number are missing. In cloudStack networkACL rule always has action=allow, and we check for conflicts before allowing the rule creation, so the "rule number" is not applicable with the current implementation.
In order to support more Amazon like model in the future, following needs to be done:
As in CS isolated networks we have no support for extending ip ranges, we can't do it in the VPC networks as Amazon does. So no analogs for following EC2 VPC commands:
In order to be used in VPC, network has to be created fresh in the VPC. We can't attach/detach existing networks to/from VPC the way amazon lets you:
http://docs.aws.amazon.com/AWSEC2/latest/APIReference/ApiReference-query-AttachNetworkInterface.html
http://docs.aws.amazon.com/AWSEC2/latest/APIReference/ApiReference-query-DetachNetworkInterface.html