incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Manan Shah <manan.s...@citrix.com>
Subject Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per Tenant
Date Fri, 22 Feb 2013 05:57:59 GMT
Hi Likitha,

I agree with you that the 1st solution seems like a better approach.

Regards,
Manan Shah




On 2/21/13 9:39 PM, "Likitha Shetty" <likitha.shetty@citrix.com> wrote:

>Hi Manan,
>
>Thanks for the feedback.  Please find my answers inline.
>
>Thank you,
>Likitha
>
>>-----Original Message-----
>>From: Manan Shah
>>Sent: Friday, February 22, 2013 10:28 AM
>>To: Likitha Shetty; cloudstack-users@incubator.apache.org; cloudstack-
>>dev@incubator.apache.org
>>Cc: Manan Shah
>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>VLANs per
>>Tenant
>>
>>Hi Likitha,
>>
>>Comments in-line belowŠ. Also, please let us know once the FS is updated.
>>
>>Regards,
>>Manan Shah
>>
>>
>>
>>
>>On 2/19/13 8:59 PM, "Likitha Shetty" <likitha.shetty@citrix.com> wrote:
>>
>>>CCing Manan to comment on the requirements.
>>>
>>>>-----Original Message-----
>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>Sent: Friday, February 15, 2013 7:09 PM
>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>dev@incubator.apache.org
>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>VLANs per Tenant
>>>>
>>>>Hi All,
>>>>
>>>>This is with respect to Part 1 of the feature 'Dedicate Public IP
>>>>range'
>>>>which is
>>>>already implemented in CS.
>>>>Following is the observation wrt what is the current CS implementation
>>>>and the proposed changes to the same,
>>>>
>>>>1.       A public VLAN-IP range can only be associated to an account
>>>>during the
>>>>creation of the range
>>>>Proposed change - Admin should be allowed to dedicate a range even
>>>>after it has been created and also allowed to change the owner
>>[Manan] Agreed with the functionality.
>>>>
>>>>2.       If an admin associates an IP range to an account, all the IP's
>>>>of that range
>>>>get acquired by a single isolated network in that account
>>
>>[Manan] Why do you think this is the right functionality. What if the
>>admin wants
>>to allocate a public IP range to a account and wants to allow the tenant
>>to create
>>as many networks as they want and use this public IP range.
>[Likitha] Manan, I agree. I don't think this is the right behavior. So
>the following is what currently happens in CS,
>If an admin associates an IP range to an account, all the IP's of that
>range get acquired by a single isolated network in that account
>1. If there are no isolated guest networks, a new network is created and
>all the IP's from the range are dedicated to the new network
>2. If there is 1 isolated guest network, all the IP's from the range are
>dedicated to the existing network
>3. If there are more than 1 isolated guest network CS throws an error
>
>There are 2 possible changes we can introduce to resolve this,
>1. During dedication we just mark this range of IP's as dedicated. And
>when the user acquires an IP for a particular network we allow the
>network to choose from the dedicated range.
>2. During dedication when an account is chosen, the user also has the
>option to choose one of the network in the account which can acquire the
>IP's
>I prefer the 1st solution because with the 2nd solution, one of the
>networks of the tenant will acquire all the IP's.
>Thoughts?
>>
>>>>
>>>>a.       If there are no isolated guest networks, a new network is
>>>>created and all
>>>>the IP's from the range are dedicated to the new network
>>>>
>>>>b.      If there is 1 isolated guest network, all the IP's from the
>>>>range are
>>>>dedicated to the existing network
>>>>
>>>>c.       If there are more than 1 isolated guest network CS throws an
>>>>error
>>>>
>>>>               Proposed change - When an account is chosen, the user
>>>>also has the option to choose the network in the account which can
>>>>acquire the IP's
>>>>
>>>>3.       When a network that has a dedicated IP range is deleted, the
>>>>mapping
>>>>between the account that owned the network and IP range persists. This
>>>>implies that the admin sees that the range is associated to the
>>>>account. But the IP's from this range can be acquired by any other
>>>>account
>>>>
>>>>Proposed change  - The IP range should no longer be owned by the
>>>>account
>>[Manan] Agree with the proposed change
>>>>
>>>>4.       When an account is deleted the IP ranges dedicated to that
>>>>account get
>>>>deleted
>>>>
>>>>Proposed change - The range should be released back to the free pool
>>>>instead
>>
>>[Manan] Agree with the proposed change. I am assuming if there are any
>>public
>>Ips that are in use (Loadbalancing, Port Forwarding, Static-NAT,
>>etc) then they will remain as is.
>>
>>>>
>>>>5.       I see a potential starving scenario where a certain account
>>>>that has
>>>>dedicated range uses up all the IP's from the free pool as well
>>>>
>>>>Proposed change  - Impose a configurable limit like say, at least one
>>>>range should always belong to the free pool
>>[Manan] Agree with the proposed change
>>>>
>>>>6.       Even if a range is dedicated to an account, any network that
>>>>belongs to
>>>>this account including the one that has acquired the IP's can acquire
>>>>more IP's from the free pool. This is because when we dedicate an IP
>>>>range to an account, one of the networks of that account acquires all
>>>>the IP's.
>>>>
>>>>Proposed change - During dedication we just mark this range of IP's as
>>>>dedicated. And only when the user acquires an IP for a particular
>>>>network we allow the network to choose from the dedicated range. If
>>>>this change is implemented we will not run into issue #2.
>>>>
>>>>Please provide your feedback. I will publish an FS keeping in line
>>>>with the requirements we decide upon.
>>>>
>>>>
>>>>
>>>>Thank you,
>>>>
>>>>Likitha
>>>>
>>>>
>>>>
>>>>-----Original Message-----
>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>Sent: Friday, January 18, 2013 5:11 PM
>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>dev@incubator.apache.org
>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>VLANs per Tenant
>>>>
>>>>
>>>>
>>>>In CloudStack we can already reserve the public IP range to an account
>>>>but not release it back to the free pool, so how about we divide this
>>>>requirement into 2 parts - 1) Dedicate Public IP range 2) Dedicate
>>>>Guest VLAN's per tenant.
>>>>
>>>>
>>>>
>>>>Since Part 1 has already implemented, we need to only add the
>>>>enhancement 'Add releasing these IP Address range to the free pool'. I
>>>>will create an enhancement ticket to track this?
>>>>
>>>>As for Part 2, I will soon publish an FS based on the requirements.
>>>>
>>>>
>>>>
>>>>Any concerns?
>>>>
>>>>
>>>>
>>>>Thank you,
>>>>
>>>>Likitha
>>>>
>>>>
>>>>
>>>>>-----Original Message-----
>>>>
>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>
>>>>>Sent: Thursday, January 17, 2013 3:55 PM
>>>>
>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>
>>>>>dev@incubator.apache.org
>>>>
>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>
>>>>>VLANs per Tenant
>>>>
>>>>>
>>>>
>>>>>Yes, before reserving the public ip range we do verify if the
>>>>
>>>>>account/domain is exceeding the limit.
>>>>
>>>>>
>>>>
>>>>>Thank You,
>>>>
>>>>>Likitha
>>>>
>>>>>
>>>>
>>>>>>-----Original Message-----
>>>>
>>>>>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>>>
>>>>>>Sent: Thursday, January 17, 2013 3:50 PM
>>>>
>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>
>>>>>>dev@incubator.apache.org
>>>>
>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>
>>>>>>VLANs per Tenant
>>>>
>>>>>>
>>>>
>>>>>>Hi Likitha,
>>>>
>>>>>>
>>>>
>>>>>>Currently we can reserve the public IP range to an account. I would
>>>>
>>>>>>assume we are cross checking the account/domain limit for the max
no
>>>>
>>>>>>of Public IP addresses  while reserving the Public IP to an account?
>>>>
>>>>>>
>>>>
>>>>>>Please clarify.
>>>>
>>>>>>
>>>>
>>>>>>Thanks,
>>>>
>>>>>>Sailaja.M
>>>>
>>>>>>
>>>>
>>>>>>-----Original Message-----
>>>>
>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>
>>>>>>Sent: Thursday, January 10, 2013 7:43 PM
>>>>
>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>
>>>>>>dev@incubator.apache.org
>>>>
>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>
>>>>>>VLANs per Tenant
>>>>
>>>>>>
>>>>
>>>>>>For CreateVlanIpRange API call, we can set the account parameter to
>>>>
>>>>>>specify the VLAN owner. If specified, the Public IP's get allocated
>>>>>>to
>>>>
>>>>>>the account and the VLAN get dedicated to it. Could you please
>>>>>>clarify
>>>>
>>>>>>what the difference between this and the mentioned requirement is?
>>>>
>>>>>>
>>>>
>>>>>>But I couldn't figure out a way to release back the VLAN and the
>>>>
>>>>>>allocated IP's to the free pool. I achieved it by deleting the
>>>>>>VLAN-IP
>>>>
>>>>>>range and then adding it back to the system account. Is there a
>>>>>>better
>>>>
>>>>>>way to do it or do we need to implement this?
>>>>
>>>>>>
>>>>
>>>>>>Thank you,
>>>>
>>>>>>Likitha
>>>>
>>>>>>
>>>>
>>>>>>>-----Original Message-----
>>>>
>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>
>>>>>>>Sent: Friday, January 04, 2013 10:11 PM
>>>>
>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>
>>>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses
and
>>>>
>>>>>>>VLANs per Tenant
>>>>
>>>>>>>
>>>>
>>>>>>>Thanks Tamas for bringing up additional requirements. I have
>>>>>>>updated
>>>>
>>>>>>>the requirements document.
>>>>
>>>>>>>
>>>>
>>>>>>>Regards,
>>>>
>>>>>>>Manan Shah
>>>>
>>>>>>>
>>>>
>>>>>>>
>>>>
>>>>>>>
>>>>
>>>>>>>
>>>>
>>>>>>>On 1/4/13 6:32 AM, "Tamas Monos"
>>>><tamasm@veber.co.uk<mailto:tamasm@veber.co.uk>> wrote:
>>>>
>>>>>>>
>>>>
>>>>>>>>+1
>>>>
>>>>>>>>
>>>>
>>>>>>>>Additional to the requirements:
>>>>
>>>>>>>>- Usage must reflect if these are assigned to an Account so
the
>>>>
>>>>>>>>admin can see how many IP is allocated to the account.
>>>>
>>>>>>>>- On allocation it needs to check whether the required range
is
>>>>
>>>>>>>>available (not in use) and conforms with the account limits
>>>>>>>>(cannot
>>>>
>>>>>>>>allocate more IPs than maximum IPs per account).
>>>>
>>>>>>>>
>>>>
>>>>>>>>Regards
>>>>
>>>>>>>>
>>>>
>>>>>>>>Tamas Monos                                              
DDI
>>>>
>>>>>>>>+44(0)2034687012
>>>>
>>>>>>>>Chief Technical                                          
  Office
>>>>
>>>>>>>>+44(0)2034687000
>>>>
>>>>>>>>Veber: The Hosting Specialists               Fax         +44(0)871
>>>>>>>>522
>>>>
>>>>>>>>7057
>>>>
>>>>>>>>http://www.veber.co.uk
>>>>
>>>>>>>>
>>>>
>>>>>>>>Follow us on Twitter:
>>>>www.twitter.com/veberhost<http://www.twitter.com/veberhost> Follow us
>>>>on
>>>>Facebook:
>>>>
>>>>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberhost>
>>>>
>>>>>>>>
>>>>
>>>>>>>>
>>>>
>>>>>>>>-----Original Message-----
>>>>
>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>
>>>>>>>>Sent: 22 December 2012 01:03
>>>>
>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>
>>>>>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses
and
>>>>
>>>>>>>>VLANs per Tenant
>>>>
>>>>>>>>
>>>>
>>>>>>>>Hi,
>>>>
>>>>>>>>
>>>>
>>>>>>>>I would like to propose a new feature for dedicating IP Addresses
>>>>
>>>>>>>>and VLANs per Tenant. I have created a JIRA ticket and provided
>>>>>>>>the
>>>>
>>>>>>>>requirements at the following location.  Please provide feedback
>>>>>>>>on
>>>>
>>>>>>>>the requirements.
>>>>
>>>>>>>>
>>>>
>>>>>>>>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>>
>>>>>>>>Requirements:
>>>>
>>>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+R
>>>>>>>>es
>>>>
>>>>>>>>o
>>>>
>>>>>>>>u
>>>>
>>>>>>>>r
>>>>
>>>>>>>>ces
>>>>
>>>>>>>>+
>>>>
>>>>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>>
>>>>>>>>
>>>>
>>>>>>>>Regards,
>>>>
>>>>>>>>Manan Shah
>>>>
>>>>>>>>
>>>>
>>>>>>>>
>>>>
>>>>>>>>
>>>>
>>>
>


Mime
View raw message