CloudStack automatically creates and destroys interfaces bridged to VLANs on the hosts. In general the administrator does not need to manage this process.
CloudStack manages VLANs differently based on hypervisor type. For XenServer or KVM, the VLANs are created on only the hosts where they will be used and then they are destroyed when all guests that require them have been terminated or moved to another host.
For vSphere the VLANs are provisioned on all hosts in the cluster even if there is no guest running on a particular Host that requires the VLAN. This allows the administrator to perform live migration and other functions in vCenter without having to create the VLAN on the destination Host. Additionally, the VLANs are not removed from the Hosts when they are no longer needed.
You can use the same VLANs on different physical networks provided that each physical network has its own underlying layer-2 infrastructure, such as switches. For example, you can specify VLAN range 500 to 1000 while deploying physical networks A and B in an Advanced zone setup. This capability allows you to set up an additional layer-2 physical infrastructure on a different physical NIC and use the same set of VLANs if you run out of VLANs. Another advantage is that you can use the same set of IPs for different customers, each one with their own routers and the guest networks on different physical NICs.
11.9.1. VLAN Allocation Example
VLANs are required for public and guest traffic. The following is an example of a VLAN allocation scheme:
11.9.2. Adding Non Contiguous VLAN Ranges
CloudStack provides you with the flexibility to add non contiguous VLAN ranges to your network. The administrator can either update an existing VLAN range or add multiple non contiguous VLAN ranges while creating a zone. You can also use the UpdatephysicalNetwork API to extend the VLAN range.
Log in to the CloudStack UI as an administrator or end user.
Ensure that the VLAN range does not already exist.
In the left navigation, choose Infrastructure.
On Zones, click View More, then click the zone to which you want to work with.
Click Physical Network.
In the Guest node of the diagram, click Configure.
Click Edit
The VLAN Ranges field now is editable.
Specify the start and end of the VLAN range in comma-separated list.
Specify all the VLANs you want to use, VLANs not specified will be removed if you are adding new ranges to the existing list.
Click Apply.
11.9.3. Assigning VLANs to Isolated Networks
CloudStack provides you the ability to control VLAN assignment to Isolated networks. As a Root admin, you can assign a VLAN ID when a network is created, just the way it's done for Shared networks.
The former behaviour also is supported — VLAN is randomly allocated to a network from the VNET range of the physical network when the network turns to Implemented state. The VLAN is released back to the VNET pool when the network shuts down as a part of the Network Garbage Collection. The VLAN can be re-used either by the same network when it is implemented again, or by any other network. On each subsequent implementation of a network, a new VLAN can be assigned.
Only the Root admin can assign VLANs because the regular users or domain admin are not aware of the physical network topology. They cannot even view what VLAN is assigned to a network.
To enable you to assign VLANs to Isolated networks,
Create a network offering by specifying the following:
For more information, see the CloudStack Installation Guide.
Using this network offering, create a network.
You can create a VPC tier or an Isolated network.
Specify the VLAN when you create the network.
When VLAN is specified, a CIDR and gateway are assigned to this network and the state is changed to Setup. In this state, the network will not be garbage collected.
You cannot change a VLAN once it's assigned to the network. The VLAN remains with the network for its entire life cycle.
