Mailing-List: contact cloudstack-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
Reply-To: cloudstack-dev@incubator.apache.org
Received-SPF: pass (athena.apache.org: domain of likitha.shetty@citrix.com
 designates 203.166.19.134 as permitted sender)
From: Likitha Shetty <likitha.shetty@citrix.com>
To: Manan Shah <manan.shah@citrix.com>,
	"cloudstack-users@incubator.apache.org"
	<cloudstack-users@incubator.apache.org>,
	"cloudstack-dev@incubator.apache.org" <cloudstack-dev@incubator.apache.org>
Date: Fri, 22 Feb 2013 12:00:46 +0530
Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
 per Tenant
Thread-Topic: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
 per Tenant
Thread-Index: Ac4QxWfbTp0A6tfkRtK3s9E2D587IAAABlug
Message-ID: 
 <64FB1554ABC9B44FAA773FBD6CB889C2010D9B71BA1E@BANPMAILBOX01.citrite.net>
References: <CD4C48BB.23853%manan.shah@citrix.com>
 <CD4C4EF0.23896%manan.shah@citrix.com>
In-Reply-To: <CD4C4EF0.23896%manan.shah@citrix.com>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

Yes Manan, with the 1st solution the dedication should be applicable for bo=
th Isolated and VPC networks.
I will capture all that is being discussed here in the FS (yet to publish).

Thank you,
Likitha

>-----Original Message-----
>From: Manan Shah
>Sent: Friday, February 22, 2013 11:55 AM
>To: Manan Shah; Likitha Shetty; cloudstack-users@incubator.apache.org;
>cloudstack-dev@incubator.apache.org
>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs =
per
>Tenant
>
>Hi Likitha,
>
>One additional question. When an admin assigns a Public IP Address range t=
o an
>account and if that account creates a VPC, I am assuming they will still g=
et the
>Public IP Address from this reserved IP range. Can you please confirm that=
 this
>reserved Public IP Address would work for both Isolated Networks as well a=
s
>VPC?
>
>Regards,
>Manan Shah
>
>
>
>
>On 2/21/13 9:57 PM, "Manan Shah" <manan.shah@citrix.com> wrote:
>
>>Hi Likitha,
>>
>>I agree with you that the 1st solution seems like a better approach.
>>
>>Regards,
>>Manan Shah
>>
>>
>>
>>
>>On 2/21/13 9:39 PM, "Likitha Shetty" <likitha.shetty@citrix.com> wrote:
>>
>>>Hi Manan,
>>>
>>>Thanks for the feedback.  Please find my answers inline.
>>>
>>>Thank you,
>>>Likitha
>>>
>>>>-----Original Message-----
>>>>From: Manan Shah
>>>>Sent: Friday, February 22, 2013 10:28 AM
>>>>To: Likitha Shetty; cloudstack-users@incubator.apache.org;
>>>>cloudstack- dev@incubator.apache.org
>>>>Cc: Manan Shah
>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>VLANs per Tenant
>>>>
>>>>Hi Likitha,
>>>>
>>>>Comments in-line below=A9. Also, please let us know once the FS is
>>>>updated.
>>>>
>>>>Regards,
>>>>Manan Shah
>>>>
>>>>
>>>>
>>>>
>>>>On 2/19/13 8:59 PM, "Likitha Shetty" <likitha.shetty@citrix.com> wrote:
>>>>
>>>>>CCing Manan to comment on the requirements.
>>>>>
>>>>>>-----Original Message-----
>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>Sent: Friday, February 15, 2013 7:09 PM
>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>dev@incubator.apache.org
>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>>VLANs per Tenant
>>>>>>
>>>>>>Hi All,
>>>>>>
>>>>>>This is with respect to Part 1 of the feature 'Dedicate Public IP
>>>>>>range'
>>>>>>which is
>>>>>>already implemented in CS.
>>>>>>Following is the observation wrt what is the current CS
>>>>>>implementation and the proposed changes to the same,
>>>>>>
>>>>>>1.       A public VLAN-IP range can only be associated to an account
>>>>>>during the
>>>>>>creation of the range
>>>>>>Proposed change - Admin should be allowed to dedicate a range even
>>>>>>after it has been created and also allowed to change the owner
>>>>[Manan] Agreed with the functionality.
>>>>>>
>>>>>>2.       If an admin associates an IP range to an account, all the
>>>>>>IP's
>>>>>>of that range
>>>>>>get acquired by a single isolated network in that account
>>>>
>>>>[Manan] Why do you think this is the right functionality. What if the
>>>>admin wants to allocate a public IP range to a account and wants to
>>>>allow the tenant to create as many networks as they want and use this
>>>>public IP range.
>>>[Likitha] Manan, I agree. I don't think this is the right behavior. So
>>>the following is what currently happens in CS, If an admin associates
>>>an IP range to an account, all the IP's of that range get acquired by
>>>a single isolated network in that account 1. If there are no isolated
>>>guest networks, a new network is created and all the IP's from the
>>>range are dedicated to the new network 2. If there is 1 isolated guest
>>>network, all the IP's from the range are dedicated to the existing
>>>network 3. If there are more than 1 isolated guest network CS throws
>>>an error
>>>
>>>There are 2 possible changes we can introduce to resolve this, 1.
>>>During dedication we just mark this range of IP's as dedicated. And
>>>when the user acquires an IP for a particular network we allow the
>>>network to choose from the dedicated range.
>>>2. During dedication when an account is chosen, the user also has the
>>>option to choose one of the network in the account which can acquire
>>>the IP's I prefer the 1st solution because with the 2nd solution, one
>>>of the networks of the tenant will acquire all the IP's.
>>>Thoughts?
>>>>
>>>>>>
>>>>>>a.       If there are no isolated guest networks, a new network is
>>>>>>created and all
>>>>>>the IP's from the range are dedicated to the new network
>>>>>>
>>>>>>b.      If there is 1 isolated guest network, all the IP's from the
>>>>>>range are
>>>>>>dedicated to the existing network
>>>>>>
>>>>>>c.       If there are more than 1 isolated guest network CS throws an
>>>>>>error
>>>>>>
>>>>>>               Proposed change - When an account is chosen, the
>>>>>>user also has the option to choose the network in the account which
>>>>>>can acquire the IP's
>>>>>>
>>>>>>3.       When a network that has a dedicated IP range is deleted, the
>>>>>>mapping
>>>>>>between the account that owned the network and IP range persists.
>>>>>>This implies that the admin sees that the range is associated to
>>>>>>the account. But the IP's from this range can be acquired by any
>>>>>>other account
>>>>>>
>>>>>>Proposed change  - The IP range should no longer be owned by the
>>>>>>account
>>>>[Manan] Agree with the proposed change
>>>>>>
>>>>>>4.       When an account is deleted the IP ranges dedicated to that
>>>>>>account get
>>>>>>deleted
>>>>>>
>>>>>>Proposed change - The range should be released back to the free
>>>>>>pool instead
>>>>
>>>>[Manan] Agree with the proposed change. I am assuming if there are
>>>>any public Ips that are in use (Loadbalancing, Port Forwarding,
>>>>Static-NAT,
>>>>etc) then they will remain as is.
>>>>
>>>>>>
>>>>>>5.       I see a potential starving scenario where a certain account
>>>>>>that has
>>>>>>dedicated range uses up all the IP's from the free pool as well
>>>>>>
>>>>>>Proposed change  - Impose a configurable limit like say, at least
>>>>>>one range should always belong to the free pool
>>>>[Manan] Agree with the proposed change
>>>>>>
>>>>>>6.       Even if a range is dedicated to an account, any network that
>>>>>>belongs to
>>>>>>this account including the one that has acquired the IP's can
>>>>>>acquire more IP's from the free pool. This is because when we
>>>>>>dedicate an IP range to an account, one of the networks of that
>>>>>>account acquires all the IP's.
>>>>>>
>>>>>>Proposed change - During dedication we just mark this range of IP's
>>>>>>as dedicated. And only when the user acquires an IP for a
>>>>>>particular network we allow the network to choose from the
>>>>>>dedicated range. If this change is implemented we will not run into i=
ssue
>#2.
>>>>>>
>>>>>>Please provide your feedback. I will publish an FS keeping in line
>>>>>>with the requirements we decide upon.
>>>>>>
>>>>>>
>>>>>>
>>>>>>Thank you,
>>>>>>
>>>>>>Likitha
>>>>>>
>>>>>>
>>>>>>
>>>>>>-----Original Message-----
>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>Sent: Friday, January 18, 2013 5:11 PM
>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>dev@incubator.apache.org
>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>>VLANs per Tenant
>>>>>>
>>>>>>
>>>>>>
>>>>>>In CloudStack we can already reserve the public IP range to an
>>>>>>account but not release it back to the free pool, so how about we
>>>>>>divide this requirement into 2 parts - 1) Dedicate Public IP range
>>>>>>2) Dedicate Guest VLAN's per tenant.
>>>>>>
>>>>>>
>>>>>>
>>>>>>Since Part 1 has already implemented, we need to only add the
>>>>>>enhancement 'Add releasing these IP Address range to the free
>>>>>>pool'. I will create an enhancement ticket to track this?
>>>>>>
>>>>>>As for Part 2, I will soon publish an FS based on the requirements.
>>>>>>
>>>>>>
>>>>>>
>>>>>>Any concerns?
>>>>>>
>>>>>>
>>>>>>
>>>>>>Thank you,
>>>>>>
>>>>>>Likitha
>>>>>>
>>>>>>
>>>>>>
>>>>>>>-----Original Message-----
>>>>>>
>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>
>>>>>>>Sent: Thursday, January 17, 2013 3:55 PM
>>>>>>
>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>
>>>>>>>dev@incubator.apache.org
>>>>>>
>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>and
>>>>>>
>>>>>>>VLANs per Tenant
>>>>>>
>>>>>>>
>>>>>>
>>>>>>>Yes, before reserving the public ip range we do verify if the
>>>>>>
>>>>>>>account/domain is exceeding the limit.
>>>>>>
>>>>>>>
>>>>>>
>>>>>>>Thank You,
>>>>>>
>>>>>>>Likitha
>>>>>>
>>>>>>>
>>>>>>
>>>>>>>>-----Original Message-----
>>>>>>
>>>>>>>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>>>>>
>>>>>>>>Sent: Thursday, January 17, 2013 3:50 PM
>>>>>>
>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>
>>>>>>>>dev@incubator.apache.org
>>>>>>
>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>and
>>>>>>
>>>>>>>>VLANs per Tenant
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>Hi Likitha,
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>Currently we can reserve the public IP range to an account. I
>>>>>>>>would
>>>>>>
>>>>>>>>assume we are cross checking the account/domain limit for the max
>>>>>>>>no
>>>>>>
>>>>>>>>of Public IP addresses  while reserving the Public IP to an account=
?
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>Please clarify.
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>Thanks,
>>>>>>
>>>>>>>>Sailaja.M
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>-----Original Message-----
>>>>>>
>>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>
>>>>>>>>Sent: Thursday, January 10, 2013 7:43 PM
>>>>>>
>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>
>>>>>>>>dev@incubator.apache.org
>>>>>>
>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>and
>>>>>>
>>>>>>>>VLANs per Tenant
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>For CreateVlanIpRange API call, we can set the account parameter
>>>>>>>>to
>>>>>>
>>>>>>>>specify the VLAN owner. If specified, the Public IP's get
>>>>>>>>allocated to
>>>>>>
>>>>>>>>the account and the VLAN get dedicated to it. Could you please
>>>>>>>>clarify
>>>>>>
>>>>>>>>what the difference between this and the mentioned requirement is?
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>But I couldn't figure out a way to release back the VLAN and the
>>>>>>
>>>>>>>>allocated IP's to the free pool. I achieved it by deleting the
>>>>>>>>VLAN-IP
>>>>>>
>>>>>>>>range and then adding it back to the system account. Is there a
>>>>>>>>better
>>>>>>
>>>>>>>>way to do it or do we need to implement this?
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>Thank you,
>>>>>>
>>>>>>>>Likitha
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>>-----Original Message-----
>>>>>>
>>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>>
>>>>>>>>>Sent: Friday, January 04, 2013 10:11 PM
>>>>>>
>>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>>
>>>>>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>>and
>>>>>>
>>>>>>>>>VLANs per Tenant
>>>>>>
>>>>>>>>>
>>>>>>
>>>>>>>>>Thanks Tamas for bringing up additional requirements. I have
>>>>>>>>>updated
>>>>>>
>>>>>>>>>the requirements document.
>>>>>>
>>>>>>>>>
>>>>>>
>>>>>>>>>Regards,
>>>>>>
>>>>>>>>>Manan Shah
>>>>>>
>>>>>>>>>
>>>>>>
>>>>>>>>>
>>>>>>
>>>>>>>>>
>>>>>>
>>>>>>>>>
>>>>>>
>>>>>>>>>On 1/4/13 6:32 AM, "Tamas Monos"
>>>>>><tamasm@veber.co.uk<mailto:tamasm@veber.co.uk>> wrote:
>>>>>>
>>>>>>>>>
>>>>>>
>>>>>>>>>>+1
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>Additional to the requirements:
>>>>>>
>>>>>>>>>>- Usage must reflect if these are assigned to an Account so the
>>>>>>
>>>>>>>>>>admin can see how many IP is allocated to the account.
>>>>>>
>>>>>>>>>>- On allocation it needs to check whether the required range is
>>>>>>
>>>>>>>>>>available (not in use) and conforms with the account limits
>>>>>>>>>>(cannot
>>>>>>
>>>>>>>>>>allocate more IPs than maximum IPs per account).
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>Regards
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>Tamas Monos                                               DDI
>>>>>>
>>>>>>>>>>+44(0)2034687012
>>>>>>
>>>>>>>>>>Chief Technical                                             Offic=
e
>>>>>>
>>>>>>>>>>+44(0)2034687000
>>>>>>
>>>>>>>>>>Veber: The Hosting Specialists               Fax         +44(0)87=
1
>>>>>>>>>>522
>>>>>>
>>>>>>>>>>7057
>>>>>>
>>>>>>>>>>http://www.veber.co.uk
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>Follow us on Twitter:
>>>>>>www.twitter.com/veberhost<http://www.twitter.com/veberhost> Follow
>>>>>>us on
>>>>>>Facebook:
>>>>>>
>>>>>>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberhost>
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>-----Original Message-----
>>>>>>
>>>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>>
>>>>>>>>>>Sent: 22 December 2012 01:03
>>>>>>
>>>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>>
>>>>>>>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>>
>>>>>>>>>>VLANs per Tenant
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>Hi,
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>I would like to propose a new feature for dedicating IP
>>>>>>>>>>Addresses
>>>>>>
>>>>>>>>>>and VLANs per Tenant. I have created a JIRA ticket and provided
>>>>>>>>>>the
>>>>>>
>>>>>>>>>>requirements at the following location.  Please provide
>>>>>>>>>>feedback on
>>>>>>
>>>>>>>>>>the requirements.
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>JIRA Ticket:
>>>>>>>>>>https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>>>>
>>>>>>>>>>Requirements:
>>>>>>
>>>>>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicate
>>>>>>>>>>d+R
>>>>>>>>>>es
>>>>>>
>>>>>>>>>>o
>>>>>>
>>>>>>>>>>u
>>>>>>
>>>>>>>>>>r
>>>>>>
>>>>>>>>>>ces
>>>>>>
>>>>>>>>>>+
>>>>>>
>>>>>>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>Regards,
>>>>>>
>>>>>>>>>>Manan Shah
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>
>>>
>>