9.2. About Virtual Networks

A virtual network is a logical construct that enables multi-tenancy on a single physical network. In CloudStack a virtual network can be shared or isolated.

9.2.1. Isolated Networks

An isolated network can be accessed only by virtual machines of a single account. Isolated networks have the following properties.

Resources such as VLAN are allocated and garbage collected dynamically
There is one network offering for the entire network
The network offering can be upgraded or downgraded but it is for the entire network

9.2.2. Shared Networks

A shared network can be accessed by virtual machines that belong to many different accounts. Network Isolation on shared networks is accomplished using techniques such as security groups (supported only in basic zones in CloudStack 3.0.3).

Shared Networks are created by the administrator
Shared Networks can be designated to a certain domain
Shared Network resources such as VLAN and physical network that it maps to are designated by the administrator
Shared Networks are isolated by security groups
Public Network is a shared network that is not shown to the end users

9.2.3. Runtime Allocation of Virtual Network Resources

When you define a new virtual network, all your settings for that network are stored in CloudStack. The actual network resources are activated only when the first virtual machine starts in the network. When all virtual machines have left the virtual network, the network resources are garbage collected so they can be allocated again. This helps to conserve network resources..