Manuals / Citrix Systems / Computer Equipment / Network Router

Citrix Systems 4.2 manual ACL on Private Gateway, Creating a Static Route

Models: 4.2

1 272

Download 272 pages 63.23 Kb

Page 224

Chapter 16. Managing Networks and Traffic

gateway to avoid IP conflicts. If Source NAT is enabled, the guest VMs in VPC reaches the enterprise network via private gateway IP address by using the NAT service.

The Source NAT service on a private gateway can be enabled while adding the private gateway. On deletion of a private gateway, source NAT rules specific to the private gateway are deleted.

To enable source NAT on existing private gateways, delete them and create afresh with source NAT.

16.27.5.2. ACL on Private Gateway

The traffic on the VPC private gateway is controlled by creating both ingress and egress network ACL rules. The ACLs contains both allow and deny rules. As per the rule, all the ingress traffic to the private gateway interface and all the egress traffic out from the private gateway interface are blocked.

You can change this default behaviour while creating a private gateway. Alternatively, you can do the following:

1.In a VPC, identify the Private Gateway you want to work with.

2.In the Private Gateway page, do either of the following:

•Use the Quickview. See 3.

•Use the Details tab. See 4 through .

3.In the Quickview of the selected Private Gateway, click Replace ACL, select the ACL rule, then click OK

4.Click the IP address of the Private Gateway you want to work with.

5.

In the Detail tab, click the Replace ACL button.

The Replace ACL dialog is displayed.

6.select the ACL rule, then click OK.

Wait for few seconds. You can see that the new ACL rule is displayed in the Details page.

16.27.5.3. Creating a Static Route

CloudPlatform enables you to specify routing for the VPN connection you create. You can enter one or CIDR addresses to indicate which traffic is to be routed back to the gateway.

1.In a VPC, identify the Private Gateway you want to work with.

2.In the Private Gateway page, click the IP address of the Private Gateway you want to work with.

3.Select the Static Routes tab.

4.Specify the CIDR of destination network.

5.Click Add.

Wait for few seconds until the new route is created.

214

Image 224

Citrix Systems 4.2 manual ACL on Private Gateway, Creating a Static Route

Contents

Page Page User Services Overview Getting More Information and HelpConcepts Cloud Infrastructure ConceptsSteps to Provisioning Your Cloud Infrastructure Service OfferingsSetting Up Networking for Users Working With Virtual Machines Working With Hosts 103Working with Templates 113 Working With Storage 129Working with Usage 141 Managing Networks and Traffic 147Page Tuning 249 Troubleshooting 251Working with System Virtual Machines 229 System Reliability and High Availability 233Event Types 259 Alerts 261 Getting More Information and Help Additional Documentation AvailableCitrix Knowledge Center Contacting Support ChapterPage What Is CloudPlatform? ConceptsWhat Can CloudPlatform Do? Multiple Hypervisor SupportDeployment Architecture Overview Management Server Overview Cloud Infrastructure OverviewNetworking Overview More InformationPage Page About Zones Cloud Infrastructure ConceptsAbout Regions Cloud Infrastructure Concepts About Pods About Clusters About Hosts About Primary StorageAbout Secondary Storage About Physical NetworksBasic Zone Network Traffic Types Advanced Zone Guest IP Addresses Basic Zone Guest IP AddressesAdvanced Zone Network Traffic Types Advanced Zone Public IP Addresses System Reserved IP AddressesAll zones A zone that uses advanced networkingPage Accounts Accounts, Users, and DomainsBehavior of Dedicated Hosts, Clusters, Pods, and Zones How to Use Dedicated HostsDedicating Resources to Accounts and Domains Adding an Ldap Server Using an Ldap Server for User AuthenticationConfiguring an Ldap Server Trust Store Trust Store Password Search Base Example Ldap Configuration CommandsRemoving an Ldap Configuration ApacheDS Query FilterActive Directory SSL Keystore Path and Password Search User Bind DNPage User Services Overview ChapterPage User Interface Supported BrowsersLog In to the UI End Users UI OverviewRoot Administrators UI Overview Logging In as the Root AdministratorCreating an Instance from a Template that Supports SSH Keys Using SSH Keys for AuthenticationChanging the Root Password Output is something similar to what is given below Creating the SSH KeypairCreating an Instance Logging In Using the SSH KeypairResetting SSH Keys Page Using Projects to Organize Users and Resources Configuring ProjectsSetting Up Invitations Overview of ProjectsSetting Resource Limits for Projects Setting Project Creator PermissionsSending Project Membership Invitations Creating a New ProjectAdding Members to a Project Accepting a Membership Invitation Adding Project Members From the UIUsing the Project View Suspending or Deleting a ProjectPage Steps to Provisioning Your Cloud Infrastructure Overview of Provisioning StepsAdding a Region First Region The Default RegionAdding Regions optional Adding Third and Subsequent Regions Deleting a Region Prepare the System VM Template Adding a ZoneCreate a Secondary Storage Mount Point for the New Zone Steps to Add a New Zone Basic Zone Configuration Network Offering DescriptionSteps to Provisioning Your Cloud Infrastructure Page Advanced Zone Configuration Page Steps to Provisioning Your Cloud Infrastructure Page NFS Adding a Pod VmfsAdd Cluster OVM Adding a ClusterAdd Cluster KVM or XenServer Adding a vSphere Cluster Add Cluster vSphereVMware Cluster Size Limit Steps to Provisioning Your Cloud Infrastructure Page Requirements for XenServer, KVM, and OVM Hosts Warning Adding a HostAdding a Host XenServer, KVM, or OVM Adding a XenServer, KVM, or OVM Host KVM Host Additional RequirementsAdding Primary Storage Adding a Host vSphereAdding Secondary Storage Adding an NFS Secondary Staging Store for Each Zone Initialize and Test Steps to Provisioning Your Cloud Infrastructure Creating a New Compute Offering Service OfferingsCompute and Disk Service Offerings Service Offerings Creating a New Disk OfferingCreating a New System Service Offering System Service OfferingsModifying or Deleting a Service Offering For more information, see .7, Stopping and Starting VMs Page Page Setting Up Networking for Users Overview of Setting Up Networking for UsersAbout Virtual Networks Isolated NetworksNetwork Service Providers Network Service Providers Support MatrixRuntime Allocation of Virtual Network Resources IndividualSupport Matrix for an Isolated Network Combination ACLSupport Matrix for Shared Network Combination Network Offerings Support Matrix for Basic ZoneCreating a New Network Offering Supported Services Description Isolated Shared See Section Remote Access VPN Changing the Network Offering on a Guest Network Creating and Changing a Virtual Router Network Offering Page Page Best Practices for Virtual Machines Working With Virtual MachinesAbout Working with Virtual Machines Monitor VMs for Max Capacity Install Required Tools and DriversVM Lifecycle Creating VMs Creating a VM from a templateConfiguring Usage of Linked Clones on VMware Creating a VM from an ISOAccessing VMs Appending a Display Name to the Guest VM’s Internal NameStopping and Starting VMs Assigning VMs to HostsAffinity Groups Creating a New Affinity GroupAssign a New VM to an Affinity Group Change Affinity Group for an Existing VMDelete an Affinity Group Virtual Machine Snapshots for VMwareView Members of an Affinity Group Limitations on VM Snapshots Configuring VM SnapshotsUsing VM Snapshots Changing the VM Name, OS, or Group Changing the Service Offering for a VM CPU and Memory Scaling for Running VMsConfiguring Dynamic CPU and RAM Scaling How to Dynamically Scale CPU and RAMUpdating Existing VMs LimitationsResetting the Virtual Machine Root Volume on Reboot Moving VMs Between Hosts Manual Live MigrationWorking with ISOs Recovering a Destroyed VMDeleting VMs Adding an ISO Attaching an ISO to a VM Changing a VMs Base ImagePage 102 Scheduled Maintenance and Maintenance Mode for Hosts VCenter and Maintenance ModeXenServer and Maintenance Mode Working With HostsTo take a server out of Maintenance Mode Disabling and Enabling Zones, Pods, and ClustersRemoving Hosts Working With HostsRe-Installing Hosts Using Cisco UCS as Bare Metal Host CloudPlatformMaintaining Hypervisors on Hosts Removing XenServer and KVM HostsRegistering a UCS Manager Associating a Profile with a UCS BladeChanging Host Password Disassociating a Profile from a UCS BladeOver-Provisioning and Service Offering Limits Setting Over-Provisioning Ratios Limitations on Over-Provisioning in XenServer and KVMRequirements for Over-Provisioning Balloon DriverService Offering Limits and Over-Provisioning Vlan ProvisioningVlan Allocation Example Adding Non Contiguous Vlan RangesAssigning VLANs to Isolated Networks Default Template Working with TemplatesCreating Templates Overview Requirements for TemplatesWorking with Templates Private and Public TemplatesCreating a Template from an Existing Virtual Machine Creating a Template from a Snapshot Uploading TemplatesWorking with Templates System Preparation for Windows Server 2008 R2 Exporting TemplatesCreating a Windows Template Working with Templates Page Working with Templates System Preparation for Windows Server 2003 R2 Importing Amazon Machine Images Create a grub entry in /boot/grub/grub.conf Exit out of chroot Converting a Hyper-V VM to a Template Adding Password Management to Your Templates Deleting Templates Linux OS InstallationWindows OS Installation 128 Primary Storage Working With StorageStorage Overview Storage Tags Working With StorageFiber Channel support NFS support Local storage support Storage over-provisioningMaintenance Mode for Primary Storage Secondary StorageBest Practices for Secondary Storage Changing the Secondary Storage IP AddressWorking With Volumes Creating a New VolumeUsing Local Storage for Data Volumes Changing Secondary Storage ServersUploading an Existing Volume to a Virtual Machine To Create a New VolumeAttaching a Volume Hypervisor Disk Image FormatDetaching and Moving Volumes VM Storage MigrationMigrating a Data Volume to a New Storage Pool Migrating a VM Root Volume to a New Storage PoolResizing Volumes Reset VM to New Root Disk on Reboot Volume Deletion and Garbage CollectionTo enable root disk reset on VM reboot Working with SnapshotsAutomatic Snapshot Creation and Retention Incremental Snapshots and BackupVolume Status Snapshot Job Throttling Snapshot RestoreVMware Volume Snapshot Performance Configuring the Usage Server Working with UsageWorking with Usage Alerttypeusagesanityresult =Setting Usage Limits Globally Configured Limits Parameter Name DefinitionDefault Account Resource Limits Per-Domain Limits Networking in a Pod Managing Networks and TrafficGuest Traffic Networking in a Zone Managing Networks and TrafficConfiguring Isolated Guest Network Basic Zone Physical Network ConfigurationAdvanced Zone Physical Network Configuration Configure Public Traffic in an Advanced Zone Configuring a Shared Guest Network Using Security Groups to Control Traffic to VMs About Security GroupsSecurity Groups in Advanced Zones KVM Only LimitationAdding Ingress and Egress Rules to a Security Group Enabling Security GroupsAdding a Security Group External Firewalls and Load Balancers About Using a NetScaler Load Balancer MPXConfiguring SNMPCommunity String on a Rhel Server VPXInitial Setup of External Firewalls and Load Balancers Load Balancer Rules Adding a Load Balancer RuleConfiguring AutoScale Prerequisites Configuration Managing Networks and Traffic Disabling and Enabling an AutoScale Configuration Updating an AutoScale ConfigurationRuntime Considerations Sticky Session Policies for Load Balancer RulesHealth Checks for Load Balancer Rules Components of Gslb Global Server Load BalancingAbout Global Server Load Balancing How Gslb Works in CloudPlatform Configuring Gslb For more information, see Configuring a Gslb Virtual Server4 Prerequisites and Guidelines Enabling Gslb in NetScalerAdding a Gslb Rule Assigning Load Balancing Rules to Gslb Adding an Additional Guest Network Using Multiple Guest NetworksReconfiguring Networks in VMs Selecting the Default Network PrerequisitesAdding a Network Removing a NetworkReleasing an IP Address Guest IP RangesAcquiring a New IP Address Reserving Public IP Addresses and VLANs for Accounts Dedicating IP Address Ranges to an AccountStart IP End IP Dedicating Vlan Ranges to an AccountGateway Netmask IP Reservation in Isolated Guest Networks IP Reservation ConsiderationsReserving an IP Range Configuring Multiple IP Addresses on a Single NICBest Practices Port Forwarding and StaticNAT Services Changes Use CasesGuidelines Assigning Additional IPs to a VMAdding Multiple Subnets to a Shared Network Multiple Subnets in Shared NetworkPrerequisites and Guidelines About Elastic IP Managing Networks and Traffic Portable IPs About Portable IPGuidelines Configuring Portable IPsAcquiring a Portable IP Enabling or Disabling Static NAT Static NATTransferring Portable IP Egress Firewall Rules in an Advanced Zone Configuring an Egress Firewall RuleIP Forwarding and Firewalling Deny Configuring the Default Egress PolicyAllow Firewall Rules IP Load Balancing Port ForwardingDNS and Dhcp Remote Access VPNConfiguring Remote Access VPN Using Remote Access VPN with Windows Using Remote Access VPN with Mac OS Setting Up a Site-to-Site VPN ConnectionSee .27, Configuring a Virtual Private Cloud Creating and Updating a VPN Customer Gateway NoteManaging Networks and Traffic Page Creating a VPN gateway for the VPC Updating and Removing a VPN Customer GatewayCreating a VPN Connection Note CidrManaging Networks and Traffic Restarting and Removing a VPN Connection Isolation in Advanced Zone Using Private Vlan About Private VlanCreating a PVLAN-Enabled Guest Network PrerequisitesAbout Inter-VLAN Routing Page Major Components of a VPC Configuring a Virtual Private CloudAbout Virtual Private Clouds VPC Network Considerations Network Architecture in a VPCConnectivity Options for a VPC Adding a Virtual Private Cloud Adding Tiers Managing Networks and Traffic Creating ACL Lists Configuring Network Access Control ListAbout Network ACL Lists Creating an ACL Rule Creating a Tier with Custom ACL List Assigning a Custom ACL List to a TierAdding a Private Gateway to a VPC Source NAT on Private Gateway See .27.5.2, ACL on Private GatewayACL on Private Gateway Creating a Static RouteBlacklisting Routes Deploying VMs to the TierDeploying VMs to VPC Tier and Shared Networks Acquiring a New IP Address for a VPC Releasing an IP Address Alloted to a VPC Enabling or Disabling Static NAT on a VPC Adding Load Balancing Rules on a VPC Load Balancing Public Traffic Public LBCreating a Network Offering for Public LB Creating a Public LB Rule Load Balancing Tier-to-Tier traffic Internal LB How Does Internal LB Work in VPC?Enabling Internal LB on a VPC Tier Creating an Internal LB Rule Adding a Port Forwarding Rule on a VPC Removing Tiers TCP UDPPersistent Network Considerations Persistent NetworksEditing, Restarting, and Removing a Virtual Private Cloud Creating a Persistent Guest Network Working with System Virtual Machines System VM TemplateMultiple System VM Support for VMware Console ProxyChanging the Console Proxy SSL Certificate and Domain Working with System Virtual MachinesConfiguring the Virtual Router Virtual RouterBest Practices for Virtual Routers Upgrading a Virtual Router with System Service OfferingsSecondary Storage VM HA-Enabled Virtual Machines System Reliability and High AvailabilityHA for Management Server Dedicated HA HostsConfiguring the API Request Rate Primary Storage Outage and Data LossSecondary Storage Outage and Data Loss Limiting the Rate of API RequestsLimitations on API Throttling 236 Using Tags to Organize Resources in the Cloud Managing the CloudManaging the Cloud Setting Configuration ParametersAbout Configuration Parameters Setting Global Configuration Parameters Setting Local Configuration ParametersGranular Global Configuration Parameters Cluster.cpu.allocated.capacity.disablThethr Changing the Database Configuration Administrator AlertsSnmp Alert Details Customizing Alerts with Global Configuration SettingsSending Alerts to External Snmp and Syslog Managers Configuring Snmp and Syslog Managers Syslog Alert DetailsCustomizing the Network Domain Name Deleting an Snmp or Syslog ManagerStopping and Restarting the Management Server Provisioning and Authentication API CloudPlatform APIAllocators User Data and Meta DataCloudPlatform API Tuning Performance MonitoringIncrease Management Server Maximum Memory Set Database Buffer Pool SizeSet and Monitor Total VM Limits per Host Configure XenServer dom0 MemoryTuning Troubleshooting EventsEvent Logs Event NotificationLong Running Job Events TroubleshootingStandard Events Event Log Queries Deleting and Archiving Events and AlertsPermissions ProcedureWorking with Server Logs Using cloud-bugtool SymptomLog Collection Utility cloud-bugtool Data Loss on Exported Primary StorageRecovering a Lost Virtual Router Maintenance mode not working on vCenterSolution CauseUnable to power on virtual machine on VMware Unable to deploy VMs from uploaded vSphere templateLoad balancer rules fail after changing network offering Appendix A. Event Types 260 Appendix B. Alerts Appendix B. Alerts