Return-Path: X-Original-To: apmail-cloudstack-issues-archive@www.apache.org Delivered-To: apmail-cloudstack-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9ACEF107B8 for ; Fri, 13 Sep 2013 16:10:55 +0000 (UTC) Received: (qmail 81706 invoked by uid 500); 13 Sep 2013 15:51:51 -0000 Delivered-To: apmail-cloudstack-issues-archive@cloudstack.apache.org Received: (qmail 74234 invoked by uid 500); 13 Sep 2013 15:49:21 -0000 Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list issues@cloudstack.apache.org Received: (qmail 68457 invoked by uid 500); 13 Sep 2013 15:46:39 -0000 Delivered-To: apmail-incubator-cloudstack-issues@incubator.apache.org Received: (qmail 65737 invoked by uid 99); 13 Sep 2013 15:15:52 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Sep 2013 15:15:52 +0000 Date: Fri, 13 Sep 2013 15:15:51 +0000 (UTC) From: "Saksham Srivastava (JIRA)" To: cloudstack-issues@incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CLOUDSTACK-4622) [IP Reservation][If a VM from guest network is added to network tier of VPC then IP reservation allows the CIDR to be a superset of Network CIDR for that VPC tier MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CLOUDSTACK-4622?page=3Dcom.atla= ssian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId= =3D13766538#comment-13766538 ]=20 Saksham Srivastava commented on CLOUDSTACK-4622: ------------------------------------------------ Fix available for review at: https://reviews.apache.org/r/14124/ =20 > [IP Reservation][If a VM from guest network is added to network tier of V= PC then IP reservation allows the CIDR to be a superset of Network CIDR fo= r that VPC tier > -------------------------------------------------------------------------= ---------------------------------------------------------------------------= --------------- > > Key: CLOUDSTACK-4622 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-462= 2 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the defa= ult.)=20 > Components: Network Controller > Affects Versions: 4.2.0 > Reporter: Abhinav Roy > Assignee: Saksham Srivastava > Fix For: 4.2.1 > > Attachments: CS-4622.zip > > > Steps : > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > 1. Deploy a CS 4.2 advanced networking setup > 2. Create a Guest network , gn1 and deploy a VM, vm1 on that network. > 3. Create a VPC Tier, tier1 with CIDR as 10.1.2.1/24 and deploy a vm , v1= t1 on that tier. > 4. Go to Instances -> vm1 -> nics -> Add Network to VM and add tier1 n= etwork to vm1. > 5. Now, go to tier1 and do IP reservation with CIDR as 10.1.2.1/23 > Expected behaviour : > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > The IP reservation should fail as the CIDR 10.1.2.1/23 is not a subset of= the network CIDR which is 10.1.2.1/24 > Observed behaviour : > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > The IP reservation goes through , here is a snippet from management serve= r logs > 2013-09-06 12:13:27,760 DEBUG [cloud.async.AsyncJobManagerImpl] (catalina= -exec-13:null) submit async job-39 =3D [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab= 5e ], details: AsyncJobVO {id:39, userId: 2, accountId: 2, sessionKey: null= , instanceType: None, instanceId: null, cmd: org.apache.cloudstack.api.comm= and.user.network.UpdateNetworkCmd, cmdOriginator: null, cmdInfo: {"id":"674= 355e5-8c3b-44a2-b47d-d198548ccea7","response":"json","sessionkey":"moOLxaFr= qNc50wz6SDh6v413RnA\u003d","cmdEventType":"NETWORK.UPDATE","ctxUserId":"2",= "name":"TIER-1","guestvmcidr":"10.1.2.0/23","displaytext":"TIER-1","httpmet= hod":"GET","_":"1378450020843","ctxAccountId":"2","ctxStartEventId":"134"},= cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0, processS= tatus: 0, resultCode: 0, result: null, initMsid: 280320865129348, completeM= sid: null, lastUpdated: null, lastPolled: null, created: null} > 2013-09-06 12:13:27,761 DEBUG [cloud.api.ApiServlet] (catalina-exec-13:nu= ll) =3D=3D=3DEND=3D=3D=3D 10.144.7.25 -- GET command=3DupdateNetwork&resp= onse=3Djson&sessionkey=3DmoOLxaFrqNc50wz6SDh6v413RnA%3D&id=3D674355e5-8c3b-= 44a2-b47d-d198548ccea7&name=3DTIER-1&displaytext=3DTIER-1&guestvmcidr=3D10.= 1.2.0%2F23&_=3D1378450020843 > 2013-09-06 12:13:27,763 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Exec= utor-53:job-39 =3D [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Executing org.= apache.cloudstack.api.command.user.network.UpdateNetworkCmd for job-39 =3D = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ] > 2013-09-06 12:13:27,771 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Exec= utor-53:job-39 =3D [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Sync job-39 = =3D [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ] execution on object network.20= 5 > 2013-09-06 12:13:27,778 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Exec= utor-53:job-39 =3D [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) job org.apache= .cloudstack.api.command.user.network.UpdateNetworkCmd for job-39 =3D [ 4562= cb4d-54d5-4b7e-90bd-e3d2c679ab5e ] was queued, processing the queue. > 2013-09-06 12:13:27,782 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Exec= utor-53:job-39 =3D [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Executing sync= queue item: SyncQueueItemVO {id:15, queueId: 1, contentType: AsyncJob, con= tentId: 39, lastProcessMsid: 280320865129348, lastprocessNumber: 7, lastPro= cessTime: Fri Sep 06 12:13:27 IST 2013, created: Fri Sep 06 12:13:27 IST 20= 13} > 2013-09-06 12:13:27,783 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Exec= utor-53:job-39 =3D [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Schedule queue= d job-39 =3D [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ] > 2013-09-06 12:13:27,786 DEBUG [cloud.async.SyncQueueManagerImpl] (Job-Exe= cutor-53:job-39 =3D [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) There is a pe= nding process in sync queue(id: 1) > 2013-09-06 12:13:27,788 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Exec= utor-54:job-39 =3D [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Executing org.= apache.cloudstack.api.command.user.network.UpdateNetworkCmd for job-39 =3D = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ] > 2013-09-06 12:13:27,809 INFO [cloud.network.NetworkServiceImpl] (Job-Exe= cutor-54:job-39 =3D [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) The start IP = of the specified guest vm cidr is: 10.1.2.1 and end IP is: 10.1.3.254 > 2013-09-06 12:13:27,809 INFO [cloud.network.NetworkServiceImpl] (Job-Exe= cutor-54:job-39 =3D [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) The specified= guest vm cidr has 510 IPs > 2013-09-06 12:13:27,811 INFO [cloud.network.NetworkServiceImpl] (Job-Exe= cutor-54:job-39 =3D [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) IP Reservatio= n has been applied. The new CIDR for Guests Vms is 10.1.2.0/23 > 2013-09-06 12:13:27,843 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Exec= utor-54:job-39 =3D [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Complete async= job-39 =3D [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ], jobStatus: 1, resultC= ode: 0, result: org.apache.cloudstack.api.response.NetworkResponse@3f57d929 > 2013-09-06 12:13:27,851 DEBUG [cloud.async.SyncQueueManagerImpl] (Job-Exe= cutor-54:job-39 =3D [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Sync queue (1= ) is currently empty > 2013-09-06 12:13:27,851 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Exec= utor-54:job-39 =3D [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Done executing= org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd for job-39= =3D [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ] > Here is a snippet from api logs : > 2013-09-06 12:13:27,761 INFO [cloud.api.ApiServer] (catalina-exec-13:nul= l) (userId=3D2 accountId=3D2 sessionId=3DDA08FA8E57384D44EDBD0EB02D547164) = 10.144.7.25 -- GET command=3DupdateNetwork&response=3Djson&sessionkey=3DmoO= LxaFrqNc50wz6SDh6v413RnA%3D&id=3D674355e5-8c3b-44a2-b47d-d198548ccea7&name= =3DTIER-1&displaytext=3DTIER-1&guestvmcidr=3D10.1.2.0%2F23&_=3D137845002084= 3 200 { "updatenetworkresponse" : {"jobid":"4562cb4d-54d5-4b7e-90bd-e3d2c67= 9ab5e"} } > 2013-09-06 12:13:30,804 INFO [cloud.api.ApiServer] (catalina-exec-20:nul= l) (userId=3D2 accountId=3D2 sessionId=3DDA08FA8E57384D44EDBD0EB02D547164) = 10.144.7.25 -- GET command=3DqueryAsyncJobResult&jobId=3D4562cb4d-54d5-4b7e= -90bd-e3d2c679ab5e&response=3Djson&sessionkey=3DmoOLxaFrqNc50wz6SDh6v413RnA= %3D&_=3D1378450023951 200 { "queryasyncjobresultresponse" : {"accountid":"0= add9fc0-15ef-11e3-9b03-fef34996d384","userid":"0addcf54-15ef-11e3-9b03-fef3= 4996d384","cmd":"org.apache.cloudstack.api.command.user.network.UpdateNetwo= rkCmd","jobstatus":1,"jobprocstatus":0,"jobresultcode":0,"jobresulttype":"o= bject","jobresult":{"network":{"id":"674355e5-8c3b-44a2-b47d-d198548ccea7",= "name":"TIER-1","displaytext":"TIER-1","broadcastdomaintype":"Vlan","traffi= ctype":"Guest","gateway":"10.1.2.1","netmask":"255.255.255.0","cidr":"10.1.= 2.0/23","networkcidr":"10.1.2.0/24","zoneid":"b53dc749-1576-495a-91b8-49db3= 7aecf15","zonename":"Zone-1","networkofferingid":"6c52357c-3013-4d9e-a035-9= 10bd5eb59ab","networkofferingname":"DefaultIsolatedNetworkOfferingForVpcNet= works","networkofferingdisplaytext":"Offering for Isolated Vpc networks wit= h Source Nat service enabled","networkofferingconservemode":false,"networko= fferingavailability":"Optional","issystem":false,"state":"Implemented","rel= ated":"674355e5-8c3b-44a2-b47d-d198548ccea7","broadcasturi":"vlan://726","d= ns1":"10.103.128.15","type":"Isolated","vlan":"726","acltype":"Account","ac= count":"admin","domainid":"e3b3104c-15ee-11e3-9b03-fef34996d384","domain":"= ROOT","service":[{"name":"Vpn","capability":[{"name":"VpnTypes","value":"s2= svpn","canchooseservicecapability":false},{"name":"SupportedVpnTypes","valu= e":"pptp,l2tp,ipsec","canchooseservicecapability":false}]},{"name":"PortFor= warding"},{"name":"Dns","capability":[{"name":"AllowDnsSuffixModification",= "value":"true","canchooseservicecapability":false}]},{"name":"Dhcp","capabi= lity":[{"name":"DhcpAccrossMultipleSubnets","value":"true","canchooseservic= ecapability":false}]},{"name":"NetworkACL","capability":[{"name":"Supported= Protocols","value":"tcp,udp,icmp","canchooseservicecapability":false}]},{"n= ame":"StaticNat"},{"name":"UserData"},{"name":"SourceNat","capability":[{"n= ame":"RedundantRouter","value":"false","canchooseservicecapability":false},= {"name":"SupportedSourceNatTypes","value":"peraccount","canchooseservicecap= ability":false}]},{"name":"Lb","capability":[{"name":"SupportedLBIsolation"= ,"value":"dedicated","canchooseservicecapability":false},{"name":"Supported= StickinessMethods","value":"[{\"methodname\":\"LbCookie\",\"paramlist\":[{\= "paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"descript= ion\":\" \"},{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"= description\":\" \"},{\"paramname\":\"nocache\",\"required\":false,\"isflag= \":true,\"description\":\" \"},{\"paramname\":\"indirect\",\"required\":fal= se,\"isflag\":true,\"description\":\" \"},{\"paramname\":\"postonly\",\"req= uired\":false,\"isflag\":true,\"description\":\" \"},{\"paramname\":\"domai= n\",\"required\":false,\"isflag\":false,\"description\":\" \"}],\"descripti= on\":\"This is loadbalancer cookie based stickiness method.\"},{\"methodnam= e\":\"AppCookie\",\"paramlist\":[{\"paramname\":\"cookie-name\",\"required\= ":false,\"isflag\":false,\"description\":\" \"},{\"paramname\":\"length\",\= "required\":false,\"isflag\":false,\"description\":\" \"},{\"paramname\":\"= holdtime\",\"required\":false,\"isflag\":false,\"description\":\" \"},{\"pa= ramname\":\"request-learn\",\"required\":false,\"isflag\":true,\"descriptio= n\":\" \"},{\"paramname\":\"prefix\",\"required\":false,\"isflag\":true,\"d= escription\":\" \"},{\"paramname\":\"mode\",\"required\":false,\"isflag\":f= alse,\"description\":\" \"}],\"description\":\"This is App session based st= icky method. Define session stickiness on an existing application cookie. I= t can be used only for a specific http traffic\"},{\"methodname\":\"SourceB= ased\",\"paramlist\":[{\"paramname\":\"tablesize\",\"required\":false,\"isf= lag\":false,\"description\":\" \"},{\"paramname\":\"expire\",\"required\":f= alse,\"isflag\":false,\"description\":\" \"}],\"description\":\"This is sou= rce based Stickiness method, it can be used for any type of protocol.\"}]",= "canchooseservicecapability":false},{"name":"SupportedProtocols","value":"t= cp, udp","canchooseservicecapability":false},{"name":"LbSchemes","value":"P= ublic","canchooseservicecapability":false},{"name":"SupportedLbAlgorithms",= "value":"roundrobin,leastconn,source","canchooseservicecapability":false}]}= ],"networkdomain":"cs2cloud.internal","physicalnetworkid":"a0368cfe-3d15-4d= 18-afee-906bd5a998c6","restartrequired":false,"specifyipranges":false,"vpci= d":"8a647441-3d3f-49ff-95b9-e4f20a57bdbc","canusefordeploy":true,"ispersist= ent":false,"tags":[],"displaynetwork":true}},"created":"2013-09-06T12:13:27= +0530","jobid":"4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e"} } > NOTE : > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D > This problem is seen only in this particular scenario. I executed some ot= her tests around this and the issue was not seen, > i) Add the VM to another guest network and do IP reservation on that net= work with CIDR as a subset of network CIDR . > ii) Add a VM from VPC tier to a guest network and do IP reservation on th= at network with CIDR as a subset of network CIDR. > ii) Add a VM from VPC tier to another VPC tier and do IP reservation on t= hat tier with CIDR as a subset of network CIDR. > Attaching management server logs and api logs -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrato= rs For more information on JIRA, see: http://www.atlassian.com/software/jira