cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alena Prokharchyk (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-4622) [IP Reservation][If a VM from guest network is added to network tier of VPC then IP reservation allows the CIDR to be a superset of Network CIDR for that VPC tier
Date Mon, 16 Dec 2013 19:38:07 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-4622?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13849637#comment-13849637
] 

Alena Prokharchyk commented on CLOUDSTACK-4622:
-----------------------------------------------

Saksham,

I reproduced the scenario, and the scenario you've tested, is not quite valid. When you add
a nic from another network to the VPC vm, and do ip reservation in that network, it shoudln't
obey the VPC CIDR limitation. VPC cidr limitation affects only networks that are being the
part of this VPC. I've tested CIDR modification for VPC network, it doesn't let updates outside
of the VPC cidr. Here is the error being thrown: "Invalid value of Guest VM CIDR. For IP Reservation,
Guest VM CIDR  should be a subset of network CIDR :  10.1.1.0/24"

But there is a completely different critical bug in addNetwork functionality - it doesn't
respect VPC limitation: VM can belong to only one VPC + 0-(n) number of Shared networks.

To fix:

* Don't let attach Isolated networks to VM belonging to VPC.
* Don't let attach VPC network(s) to the vm belonging to Isolated network

Both UI and Java code should be fixed. UI should only display networks that can be potentially
attached to the VM. Java code in addNetwork method should obey all the limitations, and throw
an exception if violated. 

Saksham, please go ahead and create a new patch. You can either attach it to this bug, or
file a new one for that matter.

> [IP Reservation][If a VM from guest network is added to network tier of VPC then IP reservation
allows the CIDR to be a superset of Network CIDR  for that VPC tier
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-4622
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4622
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Network Controller
>    Affects Versions: 4.2.0
>            Reporter: Abhinav Roy
>            Assignee: Saksham Srivastava
>            Priority: Critical
>             Fix For: 4.3.0
>
>         Attachments: CS-4622.zip
>
>
> Steps :
> ===================
> 1. Deploy a CS 4.2 advanced networking setup
> 2. Create a Guest network , gn1 and deploy a VM, vm1 on that network.
> 3. Create a VPC Tier, tier1 with CIDR as 10.1.2.1/24 and deploy a vm , v1t1 on that tier.
> 4. Go to Instances -> vm1 -> nics -> Add Network to VM    and add tier1 network
to vm1.
> 5. Now, go to tier1 and do IP reservation with CIDR as 10.1.2.1/23
> Expected behaviour :
> =================
> The IP reservation should fail as the CIDR 10.1.2.1/23 is not a subset of the network
CIDR which is 10.1.2.1/24
> Observed behaviour :
> ================
> The IP reservation goes through , here is a snippet from management server logs
> 2013-09-06 12:13:27,760 DEBUG [cloud.async.AsyncJobManagerImpl] (catalina-exec-13:null)
submit async job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ], details: AsyncJobVO {id:39,
userId: 2, accountId: 2, sessionKey: null, instanceType: None, instanceId: null, cmd: org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd,
cmdOriginator: null, cmdInfo: {"id":"674355e5-8c3b-44a2-b47d-d198548ccea7","response":"json","sessionkey":"moOLxaFrqNc50wz6SDh6v413RnA\u003d","cmdEventType":"NETWORK.UPDATE","ctxUserId":"2","name":"TIER-1","guestvmcidr":"10.1.2.0/23","displaytext":"TIER-1","httpmethod":"GET","_":"1378450020843","ctxAccountId":"2","ctxStartEventId":"134"},
cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0, processStatus: 0, resultCode:
0, result: null, initMsid: 280320865129348, completeMsid: null, lastUpdated: null, lastPolled:
null, created: null}
> 2013-09-06 12:13:27,761 DEBUG [cloud.api.ApiServlet] (catalina-exec-13:null) ===END===
 10.144.7.25 -- GET  command=updateNetwork&response=json&sessionkey=moOLxaFrqNc50wz6SDh6v413RnA%3D&id=674355e5-8c3b-44a2-b47d-d198548ccea7&name=TIER-1&displaytext=TIER-1&guestvmcidr=10.1.2.0%2F23&_=1378450020843
> 2013-09-06 12:13:27,763 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-53:job-39
= [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Executing org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd
for job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]
> 2013-09-06 12:13:27,771 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-53:job-39
= [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Sync job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e
] execution on object network.205
> 2013-09-06 12:13:27,778 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-53:job-39
= [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) job org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd
for job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ] was queued, processing the queue.
> 2013-09-06 12:13:27,782 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-53:job-39
= [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Executing sync queue item: SyncQueueItemVO {id:15,
queueId: 1, contentType: AsyncJob, contentId: 39, lastProcessMsid: 280320865129348, lastprocessNumber:
7, lastProcessTime: Fri Sep 06 12:13:27 IST 2013, created: Fri Sep 06 12:13:27 IST 2013}
> 2013-09-06 12:13:27,783 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-53:job-39
= [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Schedule queued job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e
]
> 2013-09-06 12:13:27,786 DEBUG [cloud.async.SyncQueueManagerImpl] (Job-Executor-53:job-39
= [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) There is a pending process in sync queue(id: 1)
> 2013-09-06 12:13:27,788 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-54:job-39
= [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Executing org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd
for job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]
> 2013-09-06 12:13:27,809 INFO  [cloud.network.NetworkServiceImpl] (Job-Executor-54:job-39
= [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) The start IP of the specified guest vm cidr is:
10.1.2.1 and end IP is: 10.1.3.254
> 2013-09-06 12:13:27,809 INFO  [cloud.network.NetworkServiceImpl] (Job-Executor-54:job-39
= [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) The specified guest vm cidr has 510 IPs
> 2013-09-06 12:13:27,811 INFO  [cloud.network.NetworkServiceImpl] (Job-Executor-54:job-39
= [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) IP Reservation has been applied. The new CIDR
for Guests Vms is 10.1.2.0/23
> 2013-09-06 12:13:27,843 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-54:job-39
= [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Complete async job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e
], jobStatus: 1, resultCode: 0, result: org.apache.cloudstack.api.response.NetworkResponse@3f57d929
> 2013-09-06 12:13:27,851 DEBUG [cloud.async.SyncQueueManagerImpl] (Job-Executor-54:job-39
= [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Sync queue (1) is currently empty
> 2013-09-06 12:13:27,851 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-54:job-39
= [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Done executing org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd
for job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]
> Here is a snippet from api logs :
> 2013-09-06 12:13:27,761 INFO  [cloud.api.ApiServer] (catalina-exec-13:null) (userId=2
accountId=2 sessionId=DA08FA8E57384D44EDBD0EB02D547164) 10.144.7.25 -- GET command=updateNetwork&response=json&sessionkey=moOLxaFrqNc50wz6SDh6v413RnA%3D&id=674355e5-8c3b-44a2-b47d-d198548ccea7&name=TIER-1&displaytext=TIER-1&guestvmcidr=10.1.2.0%2F23&_=1378450020843
200 { "updatenetworkresponse" : {"jobid":"4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e"} }
> 2013-09-06 12:13:30,804 INFO  [cloud.api.ApiServer] (catalina-exec-20:null) (userId=2
accountId=2 sessionId=DA08FA8E57384D44EDBD0EB02D547164) 10.144.7.25 -- GET command=queryAsyncJobResult&jobId=4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e&response=json&sessionkey=moOLxaFrqNc50wz6SDh6v413RnA%3D&_=1378450023951
200 { "queryasyncjobresultresponse" : {"accountid":"0add9fc0-15ef-11e3-9b03-fef34996d384","userid":"0addcf54-15ef-11e3-9b03-fef34996d384","cmd":"org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd","jobstatus":1,"jobprocstatus":0,"jobresultcode":0,"jobresulttype":"object","jobresult":{"network":{"id":"674355e5-8c3b-44a2-b47d-d198548ccea7","name":"TIER-1","displaytext":"TIER-1","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.1.2.1","netmask":"255.255.255.0","cidr":"10.1.2.0/23","networkcidr":"10.1.2.0/24","zoneid":"b53dc749-1576-495a-91b8-49db37aecf15","zonename":"Zone-1","networkofferingid":"6c52357c-3013-4d9e-a035-910bd5eb59ab","networkofferingname":"DefaultIsolatedNetworkOfferingForVpcNetworks","networkofferingdisplaytext":"Offering
for Isolated Vpc networks with Source Nat service enabled","networkofferingconservemode":false,"networkofferingavailability":"Optional","issystem":false,"state":"Implemented","related":"674355e5-8c3b-44a2-b47d-d198548ccea7","broadcasturi":"vlan://726","dns1":"10.103.128.15","type":"Isolated","vlan":"726","acltype":"Account","account":"admin","domainid":"e3b3104c-15ee-11e3-9b03-fef34996d384","domain":"ROOT","service":[{"name":"Vpn","capability":[{"name":"VpnTypes","value":"s2svpn","canchooseservicecapability":false},{"name":"SupportedVpnTypes","value":"pptp,l2tp,ipsec","canchooseservicecapability":false}]},{"name":"PortForwarding"},{"name":"Dns","capability":[{"name":"AllowDnsSuffixModification","value":"true","canchooseservicecapability":false}]},{"name":"Dhcp","capability":[{"name":"DhcpAccrossMultipleSubnets","value":"true","canchooseservicecapability":false}]},{"name":"NetworkACL","capability":[{"name":"SupportedProtocols","value":"tcp,udp,icmp","canchooseservicecapability":false}]},{"name":"StaticNat"},{"name":"UserData"},{"name":"SourceNat","capability":[{"name":"RedundantRouter","value":"false","canchooseservicecapability":false},{"name":"SupportedSourceNatTypes","value":"peraccount","canchooseservicecapability":false}]},{"name":"Lb","capability":[{"name":"SupportedLBIsolation","value":"dedicated","canchooseservicecapability":false},{"name":"SupportedStickinessMethods","value":"[{\"methodname\":\"LbCookie\",\"paramlist\":[{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\":\"
\"},{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\" \"},{\"paramname\":\"nocache\",\"required\":false,\"isflag\":true,\"description\":\"
\"},{\"paramname\":\"indirect\",\"required\":false,\"isflag\":true,\"description\":\" \"},{\"paramname\":\"postonly\",\"required\":false,\"isflag\":true,\"description\":\"
\"},{\"paramname\":\"domain\",\"required\":false,\"isflag\":false,\"description\":\" \"}],\"description\":\"This
is loadbalancer cookie based stickiness method.\"},{\"methodname\":\"AppCookie\",\"paramlist\":[{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\":\"
\"},{\"paramname\":\"length\",\"required\":false,\"isflag\":false,\"description\":\" \"},{\"paramname\":\"holdtime\",\"required\":false,\"isflag\":false,\"description\":\"
\"},{\"paramname\":\"request-learn\",\"required\":false,\"isflag\":true,\"description\":\"
\"},{\"paramname\":\"prefix\",\"required\":false,\"isflag\":true,\"description\":\" \"},{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\"
\"}],\"description\":\"This is App session based sticky method. Define session stickiness
on an existing application cookie. It can be used only for a specific http traffic\"},{\"methodname\":\"SourceBased\",\"paramlist\":[{\"paramname\":\"tablesize\",\"required\":false,\"isflag\":false,\"description\":\"
\"},{\"paramname\":\"expire\",\"required\":false,\"isflag\":false,\"description\":\" \"}],\"description\":\"This
is source based Stickiness method, it can be used for any type of protocol.\"}]","canchooseservicecapability":false},{"name":"SupportedProtocols","value":"tcp,
udp","canchooseservicecapability":false},{"name":"LbSchemes","value":"Public","canchooseservicecapability":false},{"name":"SupportedLbAlgorithms","value":"roundrobin,leastconn,source","canchooseservicecapability":false}]}],"networkdomain":"cs2cloud.internal","physicalnetworkid":"a0368cfe-3d15-4d18-afee-906bd5a998c6","restartrequired":false,"specifyipranges":false,"vpcid":"8a647441-3d3f-49ff-95b9-e4f20a57bdbc","canusefordeploy":true,"ispersistent":false,"tags":[],"displaynetwork":true}},"created":"2013-09-06T12:13:27+0530","jobid":"4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e"}
}
> NOTE :
> =============================
> This problem is seen only in this particular scenario. I executed some other tests around
this and the issue was not seen,
> i)  Add the VM to another guest network and do IP reservation on that network with CIDR
as a subset of network CIDR .
> ii) Add a VM from VPC tier to a guest network and do IP reservation on that network with
CIDR as a subset of network CIDR.
> ii) Add a VM from VPC tier to another VPC tier and do IP reservation on that tier with
CIDR as a subset of network CIDR.
> Attaching management server logs and api logs



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)

Mime
View raw message