cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sanjeev N <sanj...@apache.org>
Subject Re: Basic networking issue
Date Wed, 08 Jul 2015 07:09:26 GMT
If you want CS not to allocate these IPs to any other vm, you can mark
Allocated field in user_ip_address table for all the IPs you want to assign
to guest vms manually.

On Mon, Jul 6, 2015 at 12:17 PM, Mārtiņš Jakubovičs <martins@vertigs.lv>
wrote:

> Hello,
>
> In Basic Networking IP address acquisition is not a manual process but CS
> it self give IP's for instances. Problems is that if you configure IP
> address pool in zone, user can add all this IP addresses to one instance
> without informing CS.
>
> Example:
> IP address pool (10.11.11.1 - 10.11.11.10)
> 1.) Create instance. (CS will give to instance IP 10.11.11.2)
> 2.) In instance manually add IP's (create alias) from same subnet
> (10.11.11.3, 10.11.11.4, *without* adding secondary IP's in CS).
> 3.) In CloudStack you can see that instance use only one IP (10.11.11.2),
> but in reality it use whole IP pool.
> 4.) Deploy other instance, to which CS will give IP, which you manually
> added before to instance nr. 1 (for example, 10.11.11.3).
>
> Instance nr. 1:
> In CS use only one public IP (10.11.11.2), but in reality have configured
> 10 IP's.
>
> Instance nr. 2:
> In CS have one IP (10.11.11.3), but network didn't work, because Instance
> Nr. 1 have IP which should be added to instance Nr. 2 and CS didn't know
> about that.
>
>
> On 2015.07.06. 07:45, Sanjeev N wrote:
>
>> What do you mean by IP address is acquired? In Basic Networking we don't
>> have IP address acquisition concept. Also alias IPs you are manually
>> configuring on deployed vms should not be overlapped with the Guest IP
>> address range provided in that zone.
>>
>> On Fri, Jul 3, 2015 at 7:51 PM, Mārtiņš Jakubovičs <martins@vertigs.lv>
>> wrote:
>>
>>  Hello,
>>>
>>> I test right now infrastructure with base network setup. I faced issue,
>>> if
>>> I deploy instance, I am able manually add more public IP's. For example,
>>> I
>>> deploy VM, though DHCP I acquire IP, and I can manually add alias IP
>>> addresses without problems and CloudStack still think that I use only one
>>> IP. If IP address is acquired and other user boot VM can be situation
>>> when
>>> new VM can't get public IP. Am I doing something wrong or is this kind of
>>> security "hole" in Basic Networking?
>>>
>>> Thanks.
>>>
>>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message