cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nitin Kumar Maharana <nitinkumar.mahar...@accelerite.com>
Subject Re: Dedicated IP range for SSVM/CPVM
Date Tue, 17 Jan 2017 04:37:10 GMT
Hi Rene,

The default pool, which means are you mentioning the public IP range?

If it is a public IP range, user VMs won’t be consuming any IP from there.
Only system VMs(CPVM/SSVM/VR) will be consuming. VRs will be providing public access to the
user VMs.


Thanks,
Nitin
> On 16-Jan-2017, at 8:56 PM, Rene Moser <mail@renemoser.net> wrote:
> 
> Hi
> 
> We would like to make a change proposal for SSVM/CPVM.
> 
> Currently, the SSVM/CPVM get an IP from the "default" pool of
> vlaniprange which is the from the account "system"
> 
> 
>  "vlaniprange": [
>    {
>      "account": "system",
>      "domain": "ROOT",
>      "endip": "10.101.0.250",
>      "forvirtualnetwork": true,
>      "gateway": "10.101.0.1",
>      "netmask": "255.255.255.0",
>      "startip": "10.101.0.11",
>      ...
> 
>    },
> 
> 
>  "systemvm": [
>    {
>      "activeviewersessions": 0,
>      "gateway": "10.101.0.1",
>      "hypervisor": "VMware",
>      "id": "d9a8abe5-b1e0-47d6-8f39-01b48ff1e0fa",
>      "name": "v-5877-VM",
>      "privatenetmask": "255.255.255.0",
>      "publicip": "10.101.0.113",
>      "publicnetmask": "255.255.255.0",
>      "state": "Running",
>      ...
>    },
> 
> 
> For security considerations we would like to define a dedicated IP range
> for SSVM/CPVM, which, preferably, should not have any relation to the
> default pool range.
> 
> The default pool range should be used for userVMs only. To indicate the
> use I propolse 2 new flags, which only considered for "account=system"
> and indicate if the range can be used for userVMs or/and systemVMs.
> 
> For backwards compatibility this would be the default
> 
> "foruservms": true,
> "forsystemvms": true,
> 
> 
> to have a separate range for UserVMs/SystemVMs, it would look like
> 
> 
>  "vlaniprange": [
>    {
>      "account": "system",
>      "domain": "ROOT",
>      "foruservms": true,
>      "forsystemvms": false,
>      "endip": "192.160.123.250",
>      "forvirtualnetwork": true,
>      "gateway": "192.160.123.1",
>      "netmask": "255.255.255.0",
>      "startip": "192.160.123.11",
>      ...
> 
>    },
> 
>  "vlaniprange": [
>    {
>      "account": "system",
>      "domain": "ROOT",
>      "foruservms": false,
>      "forsystemvms": true,
>      "endip": "10.101.0.250",
>      "forvirtualnetwork": true,
>      "gateway": "10.101.0.1",
>      "netmask": "255.255.255.0",
>      "startip": "10.101.0.11",
>      ...
> 
>    },
> 
> 
> Does anyone has see any conflicts with this proposal?
> 
> Regards
> René
> 




DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite,
a Persistent Systems business. It is intended only for the use of the individual or entity
to which it is addressed. If you are not the intended recipient, you are not authorized to
read, retain, copy, print, distribute or use this message. If you have received this communication
in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent
Systems business does not accept any liability for virus infected mails.
Mime
View raw message