Return-Path: X-Original-To: apmail-cloudstack-users-archive@www.apache.org Delivered-To: apmail-cloudstack-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 536A31829B for ; Wed, 8 Jul 2015 07:09:29 +0000 (UTC) Received: (qmail 4393 invoked by uid 500); 8 Jul 2015 07:09:28 -0000 Delivered-To: apmail-cloudstack-users-archive@cloudstack.apache.org Received: (qmail 4336 invoked by uid 500); 8 Jul 2015 07:09:28 -0000 Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cloudstack.apache.org Delivered-To: mailing list users@cloudstack.apache.org Received: (qmail 4325 invoked by uid 99); 8 Jul 2015 07:09:28 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 08 Jul 2015 07:09:28 +0000 Received: from mail-qk0-f179.google.com (mail-qk0-f179.google.com [209.85.220.179]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id E81BE1A0493 for ; Wed, 8 Jul 2015 07:09:27 +0000 (UTC) Received: by qkei195 with SMTP id i195so157012441qke.3 for ; Wed, 08 Jul 2015 00:09:26 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.140.236.22 with SMTP id h22mr13922945qhc.92.1436339366792; Wed, 08 Jul 2015 00:09:26 -0700 (PDT) Received: by 10.96.179.198 with HTTP; Wed, 8 Jul 2015 00:09:26 -0700 (PDT) In-Reply-To: <559A2488.1030401@vertigs.lv> References: <55969A5D.60201@vertigs.lv> <559A2488.1030401@vertigs.lv> Date: Wed, 8 Jul 2015 12:39:26 +0530 Message-ID: Subject: Re: Basic networking issue From: Sanjeev N To: users@cloudstack.apache.org Content-Type: multipart/alternative; boundary=001a1137106cbc1679051a57d10b --001a1137106cbc1679051a57d10b Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable If you want CS not to allocate these IPs to any other vm, you can mark Allocated field in user_ip_address table for all the IPs you want to assign to guest vms manually. On Mon, Jul 6, 2015 at 12:17 PM, M=C4=81rti=C5=86=C5=A1 Jakubovi=C4=8Ds wrote: > Hello, > > In Basic Networking IP address acquisition is not a manual process but CS > it self give IP's for instances. Problems is that if you configure IP > address pool in zone, user can add all this IP addresses to one instance > without informing CS. > > Example: > IP address pool (10.11.11.1 - 10.11.11.10) > 1.) Create instance. (CS will give to instance IP 10.11.11.2) > 2.) In instance manually add IP's (create alias) from same subnet > (10.11.11.3, 10.11.11.4, *without* adding secondary IP's in CS). > 3.) In CloudStack you can see that instance use only one IP (10.11.11.2), > but in reality it use whole IP pool. > 4.) Deploy other instance, to which CS will give IP, which you manually > added before to instance nr. 1 (for example, 10.11.11.3). > > Instance nr. 1: > In CS use only one public IP (10.11.11.2), but in reality have configured > 10 IP's. > > Instance nr. 2: > In CS have one IP (10.11.11.3), but network didn't work, because Instance > Nr. 1 have IP which should be added to instance Nr. 2 and CS didn't know > about that. > > > On 2015.07.06. 07:45, Sanjeev N wrote: > >> What do you mean by IP address is acquired? In Basic Networking we don't >> have IP address acquisition concept. Also alias IPs you are manually >> configuring on deployed vms should not be overlapped with the Guest IP >> address range provided in that zone. >> >> On Fri, Jul 3, 2015 at 7:51 PM, M=C4=81rti=C5=86=C5=A1 Jakubovi=C4=8Ds <= martins@vertigs.lv> >> wrote: >> >> Hello, >>> >>> I test right now infrastructure with base network setup. I faced issue, >>> if >>> I deploy instance, I am able manually add more public IP's. For example= , >>> I >>> deploy VM, though DHCP I acquire IP, and I can manually add alias IP >>> addresses without problems and CloudStack still think that I use only o= ne >>> IP. If IP address is acquired and other user boot VM can be situation >>> when >>> new VM can't get public IP. Am I doing something wrong or is this kind = of >>> security "hole" in Basic Networking? >>> >>> Thanks. >>> >>> > --001a1137106cbc1679051a57d10b--