cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Manan Shah <manan.s...@citrix.com>
Subject Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per Tenant
Date Fri, 22 Feb 2013 06:38:00 GMT
Thanks Likitha for your prompt response. I will wait for the FS.

Regards,
Manan Shah




On 2/21/13 10:30 PM, "Likitha Shetty" <likitha.shetty@citrix.com> wrote:

>Yes Manan, with the 1st solution the dedication should be applicable for
>both Isolated and VPC networks.
>I will capture all that is being discussed here in the FS (yet to
>publish).
>
>Thank you,
>Likitha
>
>>-----Original Message-----
>>From: Manan Shah
>>Sent: Friday, February 22, 2013 11:55 AM
>>To: Manan Shah; Likitha Shetty; cloudstack-users@incubator.apache.org;
>>cloudstack-dev@incubator.apache.org
>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>VLANs per
>>Tenant
>>
>>Hi Likitha,
>>
>>One additional question. When an admin assigns a Public IP Address range
>>to an
>>account and if that account creates a VPC, I am assuming they will still
>>get the
>>Public IP Address from this reserved IP range. Can you please confirm
>>that this
>>reserved Public IP Address would work for both Isolated Networks as well
>>as
>>VPC?
>>
>>Regards,
>>Manan Shah
>>
>>
>>
>>
>>On 2/21/13 9:57 PM, "Manan Shah" <manan.shah@citrix.com> wrote:
>>
>>>Hi Likitha,
>>>
>>>I agree with you that the 1st solution seems like a better approach.
>>>
>>>Regards,
>>>Manan Shah
>>>
>>>
>>>
>>>
>>>On 2/21/13 9:39 PM, "Likitha Shetty" <likitha.shetty@citrix.com> wrote:
>>>
>>>>Hi Manan,
>>>>
>>>>Thanks for the feedback.  Please find my answers inline.
>>>>
>>>>Thank you,
>>>>Likitha
>>>>
>>>>>-----Original Message-----
>>>>>From: Manan Shah
>>>>>Sent: Friday, February 22, 2013 10:28 AM
>>>>>To: Likitha Shetty; cloudstack-users@incubator.apache.org;
>>>>>cloudstack- dev@incubator.apache.org
>>>>>Cc: Manan Shah
>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>VLANs per Tenant
>>>>>
>>>>>Hi Likitha,
>>>>>
>>>>>Comments in-line belowŠ. Also, please let us know once the FS is
>>>>>updated.
>>>>>
>>>>>Regards,
>>>>>Manan Shah
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>On 2/19/13 8:59 PM, "Likitha Shetty" <likitha.shetty@citrix.com>
>>>>>wrote:
>>>>>
>>>>>>CCing Manan to comment on the requirements.
>>>>>>
>>>>>>>-----Original Message-----
>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>Sent: Friday, February 15, 2013 7:09 PM
>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>dev@incubator.apache.org
>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
and
>>>>>>>VLANs per Tenant
>>>>>>>
>>>>>>>Hi All,
>>>>>>>
>>>>>>>This is with respect to Part 1 of the feature 'Dedicate Public
IP
>>>>>>>range'
>>>>>>>which is
>>>>>>>already implemented in CS.
>>>>>>>Following is the observation wrt what is the current CS
>>>>>>>implementation and the proposed changes to the same,
>>>>>>>
>>>>>>>1.       A public VLAN-IP range can only be associated to an account
>>>>>>>during the
>>>>>>>creation of the range
>>>>>>>Proposed change - Admin should be allowed to dedicate a range
even
>>>>>>>after it has been created and also allowed to change the owner
>>>>>[Manan] Agreed with the functionality.
>>>>>>>
>>>>>>>2.       If an admin associates an IP range to an account, all
the
>>>>>>>IP's
>>>>>>>of that range
>>>>>>>get acquired by a single isolated network in that account
>>>>>
>>>>>[Manan] Why do you think this is the right functionality. What if the
>>>>>admin wants to allocate a public IP range to a account and wants to
>>>>>allow the tenant to create as many networks as they want and use this
>>>>>public IP range.
>>>>[Likitha] Manan, I agree. I don't think this is the right behavior. So
>>>>the following is what currently happens in CS, If an admin associates
>>>>an IP range to an account, all the IP's of that range get acquired by
>>>>a single isolated network in that account 1. If there are no isolated
>>>>guest networks, a new network is created and all the IP's from the
>>>>range are dedicated to the new network 2. If there is 1 isolated guest
>>>>network, all the IP's from the range are dedicated to the existing
>>>>network 3. If there are more than 1 isolated guest network CS throws
>>>>an error
>>>>
>>>>There are 2 possible changes we can introduce to resolve this, 1.
>>>>During dedication we just mark this range of IP's as dedicated. And
>>>>when the user acquires an IP for a particular network we allow the
>>>>network to choose from the dedicated range.
>>>>2. During dedication when an account is chosen, the user also has the
>>>>option to choose one of the network in the account which can acquire
>>>>the IP's I prefer the 1st solution because with the 2nd solution, one
>>>>of the networks of the tenant will acquire all the IP's.
>>>>Thoughts?
>>>>>
>>>>>>>
>>>>>>>a.       If there are no isolated guest networks, a new network
is
>>>>>>>created and all
>>>>>>>the IP's from the range are dedicated to the new network
>>>>>>>
>>>>>>>b.      If there is 1 isolated guest network, all the IP's from
the
>>>>>>>range are
>>>>>>>dedicated to the existing network
>>>>>>>
>>>>>>>c.       If there are more than 1 isolated guest network CS throws
>>>>>>>an
>>>>>>>error
>>>>>>>
>>>>>>>               Proposed change - When an account is chosen, the
>>>>>>>user also has the option to choose the network in the account
which
>>>>>>>can acquire the IP's
>>>>>>>
>>>>>>>3.       When a network that has a dedicated IP range is deleted,
>>>>>>>the
>>>>>>>mapping
>>>>>>>between the account that owned the network and IP range persists.
>>>>>>>This implies that the admin sees that the range is associated
to
>>>>>>>the account. But the IP's from this range can be acquired by any
>>>>>>>other account
>>>>>>>
>>>>>>>Proposed change  - The IP range should no longer be owned by the
>>>>>>>account
>>>>>[Manan] Agree with the proposed change
>>>>>>>
>>>>>>>4.       When an account is deleted the IP ranges dedicated to
that
>>>>>>>account get
>>>>>>>deleted
>>>>>>>
>>>>>>>Proposed change - The range should be released back to the free
>>>>>>>pool instead
>>>>>
>>>>>[Manan] Agree with the proposed change. I am assuming if there are
>>>>>any public Ips that are in use (Loadbalancing, Port Forwarding,
>>>>>Static-NAT,
>>>>>etc) then they will remain as is.
>>>>>
>>>>>>>
>>>>>>>5.       I see a potential starving scenario where a certain account
>>>>>>>that has
>>>>>>>dedicated range uses up all the IP's from the free pool as well
>>>>>>>
>>>>>>>Proposed change  - Impose a configurable limit like say, at least
>>>>>>>one range should always belong to the free pool
>>>>>[Manan] Agree with the proposed change
>>>>>>>
>>>>>>>6.       Even if a range is dedicated to an account, any network
>>>>>>>that
>>>>>>>belongs to
>>>>>>>this account including the one that has acquired the IP's can
>>>>>>>acquire more IP's from the free pool. This is because when we
>>>>>>>dedicate an IP range to an account, one of the networks of that
>>>>>>>account acquires all the IP's.
>>>>>>>
>>>>>>>Proposed change - During dedication we just mark this range of
IP's
>>>>>>>as dedicated. And only when the user acquires an IP for a
>>>>>>>particular network we allow the network to choose from the
>>>>>>>dedicated range. If this change is implemented we will not run
into
>>>>>>>issue
>>#2.
>>>>>>>
>>>>>>>Please provide your feedback. I will publish an FS keeping in
line
>>>>>>>with the requirements we decide upon.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>Thank you,
>>>>>>>
>>>>>>>Likitha
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>-----Original Message-----
>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>Sent: Friday, January 18, 2013 5:11 PM
>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>dev@incubator.apache.org
>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
and
>>>>>>>VLANs per Tenant
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>In CloudStack we can already reserve the public IP range to an
>>>>>>>account but not release it back to the free pool, so how about
we
>>>>>>>divide this requirement into 2 parts - 1) Dedicate Public IP range
>>>>>>>2) Dedicate Guest VLAN's per tenant.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>Since Part 1 has already implemented, we need to only add the
>>>>>>>enhancement 'Add releasing these IP Address range to the free
>>>>>>>pool'. I will create an enhancement ticket to track this?
>>>>>>>
>>>>>>>As for Part 2, I will soon publish an FS based on the requirements.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>Any concerns?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>Thank you,
>>>>>>>
>>>>>>>Likitha
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>-----Original Message-----
>>>>>>>
>>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>
>>>>>>>>Sent: Thursday, January 17, 2013 3:55 PM
>>>>>>>
>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>
>>>>>>>>dev@incubator.apache.org
>>>>>>>
>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>and
>>>>>>>
>>>>>>>>VLANs per Tenant
>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>>Yes, before reserving the public ip range we do verify if
the
>>>>>>>
>>>>>>>>account/domain is exceeding the limit.
>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>>Thank You,
>>>>>>>
>>>>>>>>Likitha
>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>>>-----Original Message-----
>>>>>>>
>>>>>>>>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>>>>>>
>>>>>>>>>Sent: Thursday, January 17, 2013 3:50 PM
>>>>>>>
>>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>
>>>>>>>>>dev@incubator.apache.org
>>>>>>>
>>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP
Addresses
>>>>>>>>>and
>>>>>>>
>>>>>>>>>VLANs per Tenant
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>Hi Likitha,
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>Currently we can reserve the public IP range to an account.
I
>>>>>>>>>would
>>>>>>>
>>>>>>>>>assume we are cross checking the account/domain limit
for the max
>>>>>>>>>no
>>>>>>>
>>>>>>>>>of Public IP addresses  while reserving the Public IP
to an
>>>>>>>>>account?
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>Please clarify.
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>Thanks,
>>>>>>>
>>>>>>>>>Sailaja.M
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>-----Original Message-----
>>>>>>>
>>>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>
>>>>>>>>>Sent: Thursday, January 10, 2013 7:43 PM
>>>>>>>
>>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>
>>>>>>>>>dev@incubator.apache.org
>>>>>>>
>>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP
Addresses
>>>>>>>>>and
>>>>>>>
>>>>>>>>>VLANs per Tenant
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>For CreateVlanIpRange API call, we can set the account
parameter
>>>>>>>>>to
>>>>>>>
>>>>>>>>>specify the VLAN owner. If specified, the Public IP's
get
>>>>>>>>>allocated to
>>>>>>>
>>>>>>>>>the account and the VLAN get dedicated to it. Could you
please
>>>>>>>>>clarify
>>>>>>>
>>>>>>>>>what the difference between this and the mentioned requirement
is?
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>But I couldn't figure out a way to release back the VLAN
and the
>>>>>>>
>>>>>>>>>allocated IP's to the free pool. I achieved it by deleting
the
>>>>>>>>>VLAN-IP
>>>>>>>
>>>>>>>>>range and then adding it back to the system account. Is
there a
>>>>>>>>>better
>>>>>>>
>>>>>>>>>way to do it or do we need to implement this?
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>Thank you,
>>>>>>>
>>>>>>>>>Likitha
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>>-----Original Message-----
>>>>>>>
>>>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>>>
>>>>>>>>>>Sent: Friday, January 04, 2013 10:11 PM
>>>>>>>
>>>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>>>
>>>>>>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public
IP Addresses
>>>>>>>>>>and
>>>>>>>
>>>>>>>>>>VLANs per Tenant
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>Thanks Tamas for bringing up additional requirements.
I have
>>>>>>>>>>updated
>>>>>>>
>>>>>>>>>>the requirements document.
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>Regards,
>>>>>>>
>>>>>>>>>>Manan Shah
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>On 1/4/13 6:32 AM, "Tamas Monos"
>>>>>>><tamasm@veber.co.uk<mailto:tamasm@veber.co.uk>> wrote:
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>+1
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>Additional to the requirements:
>>>>>>>
>>>>>>>>>>>- Usage must reflect if these are assigned to
an Account so the
>>>>>>>
>>>>>>>>>>>admin can see how many IP is allocated to the
account.
>>>>>>>
>>>>>>>>>>>- On allocation it needs to check whether the
required range is
>>>>>>>
>>>>>>>>>>>available (not in use) and conforms with the account
limits
>>>>>>>>>>>(cannot
>>>>>>>
>>>>>>>>>>>allocate more IPs than maximum IPs per account).
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>Regards
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>Tamas Monos                                  
            DDI
>>>>>>>
>>>>>>>>>>>+44(0)2034687012
>>>>>>>
>>>>>>>>>>>Chief Technical
>>>>>>>>>>>Office
>>>>>>>
>>>>>>>>>>>+44(0)2034687000
>>>>>>>
>>>>>>>>>>>Veber: The Hosting Specialists               Fax
>>>>>>>>>>>+44(0)871
>>>>>>>>>>>522
>>>>>>>
>>>>>>>>>>>7057
>>>>>>>
>>>>>>>>>>>http://www.veber.co.uk
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>Follow us on Twitter:
>>>>>>>www.twitter.com/veberhost<http://www.twitter.com/veberhost>
Follow
>>>>>>>us on
>>>>>>>Facebook:
>>>>>>>
>>>>>>>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberhost>
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>-----Original Message-----
>>>>>>>
>>>>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>>>
>>>>>>>>>>>Sent: 22 December 2012 01:03
>>>>>>>
>>>>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>>>
>>>>>>>>>>>Subject: [DISCUSS] Dedicated Resources: Public
IP Addresses and
>>>>>>>
>>>>>>>>>>>VLANs per Tenant
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>Hi,
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>I would like to propose a new feature for dedicating
IP
>>>>>>>>>>>Addresses
>>>>>>>
>>>>>>>>>>>and VLANs per Tenant. I have created a JIRA ticket
and provided
>>>>>>>>>>>the
>>>>>>>
>>>>>>>>>>>requirements at the following location.  Please
provide
>>>>>>>>>>>feedback on
>>>>>>>
>>>>>>>>>>>the requirements.
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>JIRA Ticket:
>>>>>>>>>>>https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>>>>>
>>>>>>>>>>>Requirements:
>>>>>>>
>>>>>>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicate
>>>>>>>>>>>d+R
>>>>>>>>>>>es
>>>>>>>
>>>>>>>>>>>o
>>>>>>>
>>>>>>>>>>>u
>>>>>>>
>>>>>>>>>>>r
>>>>>>>
>>>>>>>>>>>ces
>>>>>>>
>>>>>>>>>>>+
>>>>>>>
>>>>>>>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>Regards,
>>>>>>>
>>>>>>>>>>>Manan Shah
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>
>>>>
>>>
>


Mime
View raw message