InformationThis article explains the idea of network groups in Parallels Automation for Cloud Infrastructure (PACI).
PACI provides simple and yet flexible model of managing network access and IP ranges assigned to Cloud Infrastructure (CI) servers.
In this model there are two types of IP addresses available - private and public.
Private network is designed to interconnect all CI servers of a customer even located on different physical nodes providing so-called "back-net" specific to a customer. These IP addresses are usually internal and not globally routed.
Private networks are "cut" from a bigger subnets specified as Private IP Pool for a particular Network Group. The Private Mask shows the amount of IP addresses to be given to a single customer.
Private networks are isolated from each other by PSBM network filters so a customer will not be able to access private network of another customer.
Public network is designed to provide external access to CI servers. A public IP address is assigned to a CI server upon its creation if there are available resources of IP Address or IPv6 Address type for the subscription.
A single public network may consist of any amount of Public IP Pools, the only limitation is that they should not intersect with other Public IP Pools.
Together Private Network and Public Network give us a Network Group, and the relation between CI Nodes and Network Groups is multiple-to-one, that is a CI node can be a member of a single Network Group at time, while a single Network Group may contain multiple hardware nodes.
The following example illustrates the feature:
In this example there is a Network Group called PACI Network Group #1, which consists of Private Network and Public Network:
IP Pool #1: 220.127.116.11-18.104.22.168
IP Pool #2: 22.214.171.124-126.96.36.199
First IP Address: 10.0.0.0
Last IP Address: 10.255.255.255
Private Mask: 255.255.255.0
Two hardware nodes are assigned to the Network Group - CI Node #1 and CI Node #2.One customer #1000001 has two subscriptions and several CI servers created under these subscriptions on both nodes.
The customer is given a Private Network IP range "cut" from Private Network - 10.100.100.0/255.255.255.0.
The network is created on both CI Nodes and CI Servers created by the customer have at least one IP from the range.
Some of CI Servers have public IP addresses, some do not. Depending on the time of IP addresses availability, CI Servers may have public IP addresses from any of Public IP Pools.
The other customer #1000002 also has two subscriptions with several CI servers located on both nodes.
This customer is given the other Private Network IP range - 10.100.200.0/255.255.255.0 which was allocated from the same Private Network by applying Private Mask.
And some CI servers of the customer also have public IP address from Public IP Pools.
If customer #1000001 tries to reach CI servers of customer #1000002 via Private Network he will fail and vice versa, while external IPs for both customers will be accessible from anywhere.
If there is not enough public IP addresses in these two Public IP Pools, it is possible to add yet another IP range to extend Public Network.
Additional informationFor more information also refer to:
POA 5.3 Provider's Guide, page 992 - Setting Up New Network Groups
Cloud Infrastructure Module Deployment Guide, page 24 - Setting Up Network Groups
Parallels Server Bare Metal User's Guide - Managing Private Networks