Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id E04BF200BFF for ; Tue, 17 Jan 2017 11:04:49 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id DEE17160B46; Tue, 17 Jan 2017 10:04:49 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 349FD160B43 for ; Tue, 17 Jan 2017 11:04:49 +0100 (CET) Received: (qmail 18892 invoked by uid 500); 17 Jan 2017 10:04:48 -0000 Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list issues@cloudstack.apache.org Received: (qmail 18883 invoked by uid 500); 17 Jan 2017 10:04:48 -0000 Delivered-To: apmail-incubator-cloudstack-issues@incubator.apache.org Received: (qmail 18880 invoked by uid 99); 17 Jan 2017 10:04:48 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 Jan 2017 10:04:48 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id C768F180BB7 for ; Tue, 17 Jan 2017 10:04:47 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -1.199 X-Spam-Level: X-Spam-Status: No, score=-1.199 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RP_MATCHES_RCVD=-2.999] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id fku_r8lR6ntH for ; Tue, 17 Jan 2017 10:04:45 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 6FB585FCC6 for ; Tue, 17 Jan 2017 10:04:45 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 34624E866A for ; Tue, 17 Jan 2017 10:04:28 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id AE6D92528B for ; Tue, 17 Jan 2017 10:04:26 +0000 (UTC) Date: Tue, 17 Jan 2017 10:04:26 +0000 (UTC) From: "rashmidixit (JIRA)" To: cloudstack-issues@incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CLOUDSTACK-9317) Disabling static NAT on many IPs can leave wrong IPs on the router MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Tue, 17 Jan 2017 10:04:50 -0000 [ https://issues.apache.org/jira/browse/CLOUDSTACK-9317?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15825765#comment-15825765 ] rashmidixit commented on CLOUDSTACK-9317: ----------------------------------------- Github user ProjectMoon commented on the issue: https://github.com/apache/cloudstack/pull/1908 Thanks for adding the missing parts. Here is the PR that was open against 4.8 for this, which I guess can be closed now: https://github.com/apache/cloudstack/pull/1623 I guess the comment from @jburwell still applies to this. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastructure@apache.org or file a JIRA ticket with INFRA. --- > Disabling static NAT on many IPs can leave wrong IPs on the router > ------------------------------------------------------------------ > > Key: CLOUDSTACK-9317 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9317 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the default.) > Components: Management Server, Virtual Router > Affects Versions: 4.7.0, 4.7.1, 4.7.2 > Reporter: Jeff Hair > > The current behavior of enabling or disabling static NAT will call the apply IP associations method in the management server. The method is not thread-safe. If it's called from multiple threads, each thread will load up the list of public IPs in different states (add or revoke)--correct for the thread, but not correct overall. Depending on execution order on the virtual router, the router can end up with public IPs assigned to it that are not supposed to be on it anymore. When another account acquires the same IP, this of course leads to network problems. > The problem has been in CS since at least 4.2, and likely affects all recently released versions. Affected version is set to 4.7.x because that's what we verified against. -- This message was sent by Atlassian JIRA (v6.3.4#6332)