cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilya musayev <ilya.mailing.li...@gmail.com>
Subject Re: Anybody addressing this bug ? Overlaping IP subnets across different vlans
Date Wed, 18 Jun 2014 05:10:44 GMT
Anthony,

Thanks for response

While i see your point, i believe its a corner case. Consider this scenario:

I have a network 192.168.1.2 - 10 assigned as management network
I have a network 192.168.1.11 - 200 assigned to guests.

The router VM will get two IPs in this case 192.168.1.2 and 
192.168.1.11. IPs should not overlap if check is done on IP Space level.

If customer is using Advanced Shared Network with VMware and VLAN 
Tagging - basic zone cannot be used. In many other enterprise like 
setups that must leverage advanced shared network, CloudStack is 
completely segregated from outside world. This check maybe helpful to 
folks running public clouds with VPC, but in shared network setup - 
which is what enterprise environments run, its creating IP space waste.

Please comment,

Thanks
ilya


On 6/11/14, 11:16 AM, Anthony Xu wrote:
> You can add overlapping IP subnets across different vlans if all vlans belong to guest
network.
>
> CS treats public network differently, CS doesn't want public subnet overlap with other
guest network.
>
> If different vlans are routable, it is possible that a VM has the same ip as a system
VM, public ip is accessible from outside, duplicate ip might cause system VMs stop working.
>
> It is very hard for us to help users to recover from this scenarios.
>
> Basically you want to use the same subnet for both public network and guest network,
maybe basic zone is better fit for you.
>
> Anthony
>
>   
>
>
>
>
> -----Original Message-----
> From: Murali Reddy
> Sent: Wednesday, June 11, 2014 2:45 AM
> To: dev@cloudstack.apache.org; Anthony Xu
> Subject: Re: Anybody addressing this bug ? Overlaping IP subnets across different vlans
>
> This is not related to portable IP. This enforcement was added as part of commit 657d9e4789d73c7c8ed460e59f088b8cb9aa7697.
>
> Anothony might have context for this check.
>
> On 11/06/14 2:18 PM, "Andrija Panic" <andrija.panic@gmail.com> wrote:
>
>> It was not there pre 4.3, and it's just causing me problems, I had to
>> manually add database entries to vlan and user_ip_address tables, not
>> very convinient...
>> Thanks,
>> Andrija
>>
>>
>> On 11 June 2014 02:45, Chiradeep Vittal <Chiradeep.Vittal@citrix.com>
>> wrote:
>>
>>> Not sure what this has to do with Portable IP. But I agree that the
>>> check  should be removed.
>>>
>>> From: ilya musayev <ilya.mailing.lists@gmail.com<mailto:
>>> ilya.mailing.lists@gmail.com>>
>>> Reply-To: "dev@cloudstack.apache.org<mailto:dev@cloudstack.apache.org>"
>>> <
>>> dev@cloudstack.apache.org<mailto:dev@cloudstack.apache.org>>
>>> Date: Friday, June 6, 2014 at 10:38 AM
>>> To: "dev@cloudstack.apache.org<mailto:dev@cloudstack.apache.org>" <
>>> dev@cloudstack.apache.org<mailto:dev@cloudstack.apache.org>>
>>> Subject: Re: Anybody addressing this bug ? Overlaping IP subnets
>>> across  different vlans
>>>
>>> Andrija
>>>
>>> I dont know if we can qualify this as a bug, this check was placed
>>> with some purpose in mind - yet its not clear what it is and why
>>> would someone think its bad.
>>>
>>>
>>>
>>> https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=commit;h=a3
>>> b1a
>>> 49c303a929c754561ca07fd8a9ed84e0382
>>>
>>> https://issues.apache.org/jira/browse/CLOUDSTACK-3911
>>>
>>> Chime in on the discussion in thread above,
>>>
>>> Regards,
>>> ilya
>>>
>>>
>>> On 6/6/14, 5:48 AM, Andrija Panic wrote:
>>> Hi,
>>> aftger upgrade to 4.3, I reported a bug where CS will not let me add
>>> additional IP ranges.... when there are 2 vlans using same IP range -
>>> I don't see point comparing IP ranges across two separate broadcast
>>> domains...
>>>
>>> https://issues.apache.org/jira/browse/CLOUDSTACK-6814
>>>
>>> Thanks,
>>>
>>>
>>>
>>
>> --
>>
>> Andrija Panić
>> --------------------------------------
>>   http://admintweets.com
>> --------------------------------------
>>
>


Mime
View raw message