cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rene Moser <m...@renemoser.net>
Subject Dedicated IP range for SSVM/CPVM
Date Mon, 16 Jan 2017 15:26:31 GMT
Hi

We would like to make a change proposal for SSVM/CPVM.

Currently, the SSVM/CPVM get an IP from the "default" pool of
vlaniprange which is the from the account "system"


  "vlaniprange": [
    {
      "account": "system",
      "domain": "ROOT",
      "endip": "10.101.0.250",
      "forvirtualnetwork": true,
      "gateway": "10.101.0.1",
      "netmask": "255.255.255.0",
      "startip": "10.101.0.11",
      ...

    },


  "systemvm": [
    {
      "activeviewersessions": 0,
      "gateway": "10.101.0.1",
      "hypervisor": "VMware",
      "id": "d9a8abe5-b1e0-47d6-8f39-01b48ff1e0fa",
      "name": "v-5877-VM",
      "privatenetmask": "255.255.255.0",
      "publicip": "10.101.0.113",
      "publicnetmask": "255.255.255.0",
      "state": "Running",
      ...
    },


For security considerations we would like to define a dedicated IP range
for SSVM/CPVM, which, preferably, should not have any relation to the
default pool range.

The default pool range should be used for userVMs only. To indicate the
use I propolse 2 new flags, which only considered for "account=system"
and indicate if the range can be used for userVMs or/and systemVMs.

For backwards compatibility this would be the default

"foruservms": true,
"forsystemvms": true,


to have a separate range for UserVMs/SystemVMs, it would look like


  "vlaniprange": [
    {
      "account": "system",
      "domain": "ROOT",
      "foruservms": true,
      "forsystemvms": false,
      "endip": "192.160.123.250",
      "forvirtualnetwork": true,
      "gateway": "192.160.123.1",
      "netmask": "255.255.255.0",
      "startip": "192.160.123.11",
      ...

    },

  "vlaniprange": [
    {
      "account": "system",
      "domain": "ROOT",
      "foruservms": false,
      "forsystemvms": true,
      "endip": "10.101.0.250",
      "forvirtualnetwork": true,
      "gateway": "10.101.0.1",
      "netmask": "255.255.255.0",
      "startip": "10.101.0.11",
      ...

    },


Does anyone has see any conflicts with this proposal?

Regards
René


Mime
View raw message