Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cloudstack.apache.org
Date: Fri, 5 Jul 2013 11:41:48 +0000 (UTC)
From: "ASF subversion and git services (JIRA)" <jira@apache.org>
To: cloudstack-issues@incubator.apache.org
Message-ID: <JIRA.12609603.1348869415144.3717.1373024508158@arcas>
In-Reply-To: <JIRA.12609603.1348869415144@arcas>
References: <JIRA.12609603.1348869415144@arcas>
Subject: [jira] [Commented] (CLOUDSTACK-234) create/delete firewa/lb/pf
 rule: send ip assoc command only on first rule is created on the IP and
 last rule is revoked on the IP
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


    [ https://issues.apache.org/jira/browse/CLOUDSTACK-234?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13700618#comment-13700618 ] 

ASF subversion and git services commented on CLOUDSTACK-234:
------------------------------------------------------------

Commit 1e1ccb8e1ee82fd2639c20bee2bcc7cf744afe16 in branch refs/heads/CLOUDSTACK-234 from [~murali.reddy]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=1e1ccb8 ]

CLOUDSTACK-234: create/delete firewa/lb/pf rule: send ip assoc command
only on first rule is created on the IP and last rule is revoked on the
IP

Current suboptima logic of IP Assoc

 - On associate IP to GuestNetwork there is an IPAssoc command sent to
   corresponding network service providers of the network
 - On every rule apply on IP associated with the network send IP assoc
   to the network service providers
 - On every rule deletion on IP associated with a network sernd IP assoc
   command to the network service providers

With this fix logic of IP assoc is changed as below which eliminates
executio of unnessary and expensive IpAssocCommand resource command

 - On associate IP to GuestNetwork, associate IP only to the network,
   Untill any service is associated with the IP dont send IP Assoc
 - On creation of first rule on the IP send IPAssoc to corresponding
   network service provider. Since IP is used for a service, IPAssoc
   need to be sent to correpondign service provider
 - On deletion of last rule on the IP send IPAssoc to corresponding
   network service provider. When last rule is deleted, IP has no
   service associated with it, so send IP assoc to service provider to
   remove the IP association

                
> create/delete firewa/lb/pf rule: send ip assoc command only on first rule is created on the IP and last rule is revoked on the IP
> ---------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-234
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-234
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>    Affects Versions: 4.0.0
>            Reporter: Alena Prokharchyk
>            Assignee: Murali Reddy
>             Fix For: 4.2.0
>
>
> We have to improve the logic for creating/deleting any kind of firewall rules. At the moment ipAssoc is being called when:
> * the first rule for the ip address is being created
> * the last rule for the IP address is being removed
> As a part of ipAssoc command, we send all ip addresses assigned to the guest network of the rule. The behavior has to be fixed the way we send ip assoc only for the ip address the rule is being created for.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira