[ https://issues.apache.org/jira/browse/CLOUDSTACK-6485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15103328#comment-15103328 ] ASF subversion and git services commented on CLOUDSTACK-6485: ------------------------------------------------------------- Commit 317c28a7e5d8161bc3e8755dece3f965b7e74662 in cloudstack's branch refs/heads/4.7 from [~remibergsma] [ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=317c28a ] Merge pull request #1299 from remibergsma/CLOUDSTACK-6485 CLOUDSTACK-6485 prevent ip asignment of private gw ifacePrevent ipaddress asignment of gateway to gateway-interface on vpc router by setting vpcid to null in network. This was fixed in 4.4 by 1f209ff226a24979cf3a43ce0c02e05c84dd4dc2, reimplemented for 4.7 * pr/1299: CLOUDSTACK-6485 prevent ip asignment of private gw iface Signed-off-by: Remi Bergsma > [vpc] new private gateway network is registered wrong in network table > ---------------------------------------------------------------------- > > Key: CLOUDSTACK-6485 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6485 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the default.) > Components: Virtual Router > Affects Versions: 4.2.1, 4.3.0, 4.4.0, 4.3.1 > Reporter: Anton Opgenoort > Assignee: Daan Hoogland > > When creating a private gateway for a VPC router on a network not yet known to Cloudstack, Cloudstack ‘documents’ this network in the networks table. > For normal guest networks, which should be associated with a single VPC, Cloudstack includes the VPC_ID in the database. The VPC_ID field is used to provision all networks and nics on a VPC router when it is created. Since this table is all about network provisioning it makes sense to ‘document’ the network cidr and gateway present in that nework. For guest tiers this usually is the VPC router itself, so the interface IP’s on a VPC router are the gateway IP’s found in the networks table. > Unfortunately the VPC_ID is also recorded for the private gateway network when it is first created. So the first VPC to be plugged on the private gateway network also has that same network associated as a guest network tier, instead of just a private gateway network. > This by itself will not quickly become a problem, because private gateways are first plugged on a running vpc router which is not likely to be recreated any time soon after that. > But as soon as this first ever VPC router on the private gateway network is recreated due to a destroy of the VPC Router, all associated networks are looked up in the networks table. > Because the private gateway network is ‘documented’ with the actual upstream gateway used by the VPC router defintion, the VPC router provisions a NIC on the private gateway network using the IP address of the actual upstream gateway creating an IP conflict on the private gateway network, effectively breaking down the upstream gateway functionality for all attached private gateways of other vpc's. -- This message was sent by Atlassian JIRA (v6.3.4#6332)