cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Somesh Naidu <>
Subject RE: Splitting Public IP Range in Advanced Networking Model
Date Tue, 08 Jul 2014 12:57:21 GMT
I am not sure if this is documented anywhere since it's is not a supported operation.

If this is a production environment then I would recommend that you do it the clean way, that
a. release all the IPs from this range
b. delete this range
c. add new range

If you intend to do this via DB update then you need to ensure that the IP addresses that
you wish to remove from the range are not being used and are contiguous.
For ex. Say the IP address range is - and you wish to make it
- You need to ensure that IP addresses between and are
not being used.
If this is the case then you could run the following SQL to update the IP range:
a. Delete the IPs (should be contiguous) that you wish to remove - delete from user_ip_address
where public_ip_address='<ip_addr>'; (do this for all IP addresses you wish to remove)
b. Change the description column in the table "vlan" with the correct IP range - update vlan
set description='<range>' where vlan_id=<vlan_id>;

However, if there are IP addresses that are being used, specifically as a sourceNAT IP then
it's going to be complicated. Note that IP addresses in a public range can be used in the
following ways,
1. routers sourceNAT IP
2. systemVMs public IP
3. acquired IP

For #1 we need to do in-place update for the routers sourceNAT IP.
a. release the IP currently allocated to the router:
update user_ip_address set allocated=NULL, network_id=NULL, source_nat=0, state='Free' where
b. choose and allocate a new IP address for the router:
update user_ip_address set allocate=now(), network_id=<network_id>, source_nat=1, state='Allocated'
where public_ip_address='<IP_address';
c. associate IP address in step b to the router:
update nics set ip4_address='<ip_address>', device_id=<device_id> where instance_id=<router_vm_id>;

#2 and # above3 can be handled in the following way:
a. Disable the Zone. (to stop CS creating System VMs)
b. Destroy System VMs having IP from the range to be removed.
c. Release all the acquired public IPs from the UI.

I strongly recommend that you try these steps once in a test/staging environment before implementing
in production.

Hope this helps.


-----Original Message-----
From: Timothy Lothering [] 
Sent: Tuesday, July 08, 2014 3:42 PM
Subject: RE: Splitting Public IP Range in Advanced Networking Model

Thanks Somesh,

This is for a production environment. Where can I find details on how to accomplish this task?

Kind Regards,


-----Original Message-----
From: Somesh Naidu [] 
Sent: 08 July 2014 11:30 AM
Subject: RE: Splitting Public IP Range in Advanced Networking Model

Comments in-line.


From: Timothy Lothering []
Sent: Tuesday, July 08, 2014 2:38 PM
Subject: Splitting Public IP Range in Advanced Networking Model

Hi All,

Does anyone know a safe way to split the Public IP Range allocated to a Zone? The Zone already
contains live Instances/Networks, I am unable to delete the Public range and re-create it.
[somesh] this is expected behavior.

Is it safe to change the range in the SQL DB and restart the Management Servers? Or is there
a better way of doing this?
[somesh] it is possible to do and safe as long as the right DB updates are made. Are you looking
to do this on a production environment?

Lastly – If we could possibly add an option to shrink/grow the existing range from the UI,
that would be great!
[somesh] I agree. The existing procedure is to remove the IP range completely and add a new
one but of course for that IP range shouldn’t be in use.

Kind Regards,



Timothy Lothering
Solutions Architect
Managed Services

T: +27877415535
F: +27877415100
C: +27824904099

           Serious about performance, passionate about value


Everything in this e-mail and any attachments relating to the official business of Datacentrix
Holdings Ltd. and its subsidiaries ('Datacentrix') is proprietary to Datacentrix. It is confidential,
legally privileged and protected by law. Datacentrix does not own and endorse any other content.
Views and opinions are those of the sender unless clearly stated as being that of Datacentrix.
The person addressed in the e-mail is the sole authorised recipient. Please notify the sender
immediately if it has unintentionally reached you and do not read, disclose or use the content
in any way. Datacentrix cannot assure that the integrity of this communication has been maintained
nor that it is free of errors, virus, interception or interference.

View raw message