Networking

Both VPCs and Isolated Networks in Apache CloudStack provide Layer-3 network isolation for user VMs, but they differ in design and use cases. Isolated Network An Isolated Network is a single, flat network with one virtual router. All VMs share the same subnet and routing domain. Key points: One subnet per network (e.g., 10.1.1.0/24). One virtual router handles NAT, DHCP, and firewall rules. No inter-tier routing; traffic is flat. Ideal for single-tier applications or quick deployments....

CloudStack components communicate across multiple networks and ports. Port Summary Table Source / Target Port(s) Purpose / Description User → Management Server 8080 / 8096 CloudStack UI / API Management Server ↔ Management Server 9090 / 8250 Clustered management coordination Management Server ↔ MySQL 3306 Database connection CPVM ↔ Management Server 8250 Console proxy and control communication SSVM ↔ Management Server 8250 Secondary storage operations (template, ISO, snapshot jobs) Virtual Router ↔ Management Server 3922 SSH control and configuration SSVM ↔ Secondary Storage (NFS) 111 / 2049 NFS mount and data transfer CPVM ↔ Hypervisors 22 / 443 Console proxy, authentication, and HTTPS access SSVM ↔ HTTP File Share 80 / 443 Template and ISO downloads User Browser ↔ CPVM 443 / 80 HTTPS console access for VM consoles Management Server ↔ Xen Hosts 22 / 80 / 443 Agent management, API communication Management Server ↔ KVM Hosts 22 Agent setup via SSH Management Server ↔ vCenter (ESXi) 443 vCenter API communication Virtual Router ↔ Secondary Storage 111 / 2049 Template and snapshot copy operations Accessing System VMs (CPVM / SSVM / VR) CloudStack deploys system VMs (such as CPVM, SSVM, and Virtual Routers) with an isolated link-local IP and restricted SSH access....

CloudStack uses physical networks to separate different types of traffic within a zone. Each traffic type serves a specific purpose and can share or use dedicated network interfaces depending on deployment scale. Overview A physical network in CloudStack maps to one or more real NICs or bridges on the hypervisor hosts. Each physical network can carry multiple traffic types. Typical traffic types: Management Guest Public Storage Public and Storage networks might not exist in every deployment....