You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Likitha Shetty <li...@citrix.com> on 2013/03/06 17:45:26 UTC
RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
First draft of the FS can be found here - https://cwiki.apache.org/confluence/display/CLOUDSTACK/FS-+Dedicate+Public+IP+Addresses+per+tenant .
Comments/Suggestions?
Thank you,
Likitha
>-----Original Message-----
>From: Manan Shah
>Sent: Friday, February 22, 2013 12:08 PM
>To: Likitha Shetty; cloudstack-users@incubator.apache.org; cloudstack-
>dev@incubator.apache.org
>Cc: Manan Shah
>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per
>Tenant
>
>Thanks Likitha for your prompt response. I will wait for the FS.
>
>Regards,
>Manan Shah
>
>
>
>
>On 2/21/13 10:30 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>
>>Yes Manan, with the 1st solution the dedication should be applicable
>>for both Isolated and VPC networks.
>>I will capture all that is being discussed here in the FS (yet to
>>publish).
>>
>>Thank you,
>>Likitha
>>
>>>-----Original Message-----
>>>From: Manan Shah
>>>Sent: Friday, February 22, 2013 11:55 AM
>>>To: Manan Shah; Likitha Shetty; cloudstack-users@incubator.apache.org;
>>>cloudstack-dev@incubator.apache.org
>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>VLANs per Tenant
>>>
>>>Hi Likitha,
>>>
>>>One additional question. When an admin assigns a Public IP Address
>>>range to an account and if that account creates a VPC, I am assuming
>>>they will still get the Public IP Address from this reserved IP range.
>>>Can you please confirm that this reserved Public IP Address would work
>>>for both Isolated Networks as well as VPC?
>>>
>>>Regards,
>>>Manan Shah
>>>
>>>
>>>
>>>
>>>On 2/21/13 9:57 PM, "Manan Shah" <ma...@citrix.com> wrote:
>>>
>>>>Hi Likitha,
>>>>
>>>>I agree with you that the 1st solution seems like a better approach.
>>>>
>>>>Regards,
>>>>Manan Shah
>>>>
>>>>
>>>>
>>>>
>>>>On 2/21/13 9:39 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>>>>
>>>>>Hi Manan,
>>>>>
>>>>>Thanks for the feedback. Please find my answers inline.
>>>>>
>>>>>Thank you,
>>>>>Likitha
>>>>>
>>>>>>-----Original Message-----
>>>>>>From: Manan Shah
>>>>>>Sent: Friday, February 22, 2013 10:28 AM
>>>>>>To: Likitha Shetty; cloudstack-users@incubator.apache.org;
>>>>>>cloudstack- dev@incubator.apache.org
>>>>>>Cc: Manan Shah
>>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>>VLANs per Tenant
>>>>>>
>>>>>>Hi Likitha,
>>>>>>
>>>>>>Comments in-line belowŠ. Also, please let us know once the FS is
>>>>>>updated.
>>>>>>
>>>>>>Regards,
>>>>>>Manan Shah
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>On 2/19/13 8:59 PM, "Likitha Shetty" <li...@citrix.com>
>>>>>>wrote:
>>>>>>
>>>>>>>CCing Manan to comment on the requirements.
>>>>>>>
>>>>>>>>-----Original Message-----
>>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>>Sent: Friday, February 15, 2013 7:09 PM
>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>>dev@incubator.apache.org
>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>and VLANs per Tenant
>>>>>>>>
>>>>>>>>Hi All,
>>>>>>>>
>>>>>>>>This is with respect to Part 1 of the feature 'Dedicate Public IP
>>>>>>>>range'
>>>>>>>>which is
>>>>>>>>already implemented in CS.
>>>>>>>>Following is the observation wrt what is the current CS
>>>>>>>>implementation and the proposed changes to the same,
>>>>>>>>
>>>>>>>>1. A public VLAN-IP range can only be associated to an account
>>>>>>>>during the
>>>>>>>>creation of the range
>>>>>>>>Proposed change - Admin should be allowed to dedicate a range
>>>>>>>>even after it has been created and also allowed to change the
>>>>>>>>owner
>>>>>>[Manan] Agreed with the functionality.
>>>>>>>>
>>>>>>>>2. If an admin associates an IP range to an account, all the
>>>>>>>>IP's
>>>>>>>>of that range
>>>>>>>>get acquired by a single isolated network in that account
>>>>>>
>>>>>>[Manan] Why do you think this is the right functionality. What if
>>>>>>the admin wants to allocate a public IP range to a account and
>>>>>>wants to allow the tenant to create as many networks as they want
>>>>>>and use this public IP range.
>>>>>[Likitha] Manan, I agree. I don't think this is the right behavior.
>>>>>So the following is what currently happens in CS, If an admin
>>>>>associates an IP range to an account, all the IP's of that range get
>>>>>acquired by a single isolated network in that account 1. If there
>>>>>are no isolated guest networks, a new network is created and all the
>>>>>IP's from the range are dedicated to the new network 2. If there is
>>>>>1 isolated guest network, all the IP's from the range are dedicated
>>>>>to the existing network 3. If there are more than 1 isolated guest
>>>>>network CS throws an error
>>>>>
>>>>>There are 2 possible changes we can introduce to resolve this, 1.
>>>>>During dedication we just mark this range of IP's as dedicated. And
>>>>>when the user acquires an IP for a particular network we allow the
>>>>>network to choose from the dedicated range.
>>>>>2. During dedication when an account is chosen, the user also has
>>>>>the option to choose one of the network in the account which can
>>>>>acquire the IP's I prefer the 1st solution because with the 2nd
>>>>>solution, one of the networks of the tenant will acquire all the IP's.
>>>>>Thoughts?
>>>>>>
>>>>>>>>
>>>>>>>>a. If there are no isolated guest networks, a new network is
>>>>>>>>created and all
>>>>>>>>the IP's from the range are dedicated to the new network
>>>>>>>>
>>>>>>>>b. If there is 1 isolated guest network, all the IP's from the
>>>>>>>>range are
>>>>>>>>dedicated to the existing network
>>>>>>>>
>>>>>>>>c. If there are more than 1 isolated guest network CS throws
>>>>>>>>an
>>>>>>>>error
>>>>>>>>
>>>>>>>> Proposed change - When an account is chosen, the
>>>>>>>>user also has the option to choose the network in the account
>>>>>>>>which can acquire the IP's
>>>>>>>>
>>>>>>>>3. When a network that has a dedicated IP range is deleted,
>>>>>>>>the
>>>>>>>>mapping
>>>>>>>>between the account that owned the network and IP range persists.
>>>>>>>>This implies that the admin sees that the range is associated to
>>>>>>>>the account. But the IP's from this range can be acquired by any
>>>>>>>>other account
>>>>>>>>
>>>>>>>>Proposed change - The IP range should no longer be owned by the
>>>>>>>>account
>>>>>>[Manan] Agree with the proposed change
>>>>>>>>
>>>>>>>>4. When an account is deleted the IP ranges dedicated to that
>>>>>>>>account get
>>>>>>>>deleted
>>>>>>>>
>>>>>>>>Proposed change - The range should be released back to the free
>>>>>>>>pool instead
>>>>>>
>>>>>>[Manan] Agree with the proposed change. I am assuming if there are
>>>>>>any public Ips that are in use (Loadbalancing, Port Forwarding,
>>>>>>Static-NAT,
>>>>>>etc) then they will remain as is.
>>>>>>
>>>>>>>>
>>>>>>>>5. I see a potential starving scenario where a certain account
>>>>>>>>that has
>>>>>>>>dedicated range uses up all the IP's from the free pool as well
>>>>>>>>
>>>>>>>>Proposed change - Impose a configurable limit like say, at least
>>>>>>>>one range should always belong to the free pool
>>>>>>[Manan] Agree with the proposed change
>>>>>>>>
>>>>>>>>6. Even if a range is dedicated to an account, any network
>>>>>>>>that
>>>>>>>>belongs to
>>>>>>>>this account including the one that has acquired the IP's can
>>>>>>>>acquire more IP's from the free pool. This is because when we
>>>>>>>>dedicate an IP range to an account, one of the networks of that
>>>>>>>>account acquires all the IP's.
>>>>>>>>
>>>>>>>>Proposed change - During dedication we just mark this range of
>>>>>>>>IP's as dedicated. And only when the user acquires an IP for a
>>>>>>>>particular network we allow the network to choose from the
>>>>>>>>dedicated range. If this change is implemented we will not run
>>>>>>>>into issue
>>>#2.
>>>>>>>>
>>>>>>>>Please provide your feedback. I will publish an FS keeping in
>>>>>>>>line with the requirements we decide upon.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>Thank you,
>>>>>>>>
>>>>>>>>Likitha
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>-----Original Message-----
>>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>>Sent: Friday, January 18, 2013 5:11 PM
>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>>dev@incubator.apache.org
>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>and VLANs per Tenant
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>In CloudStack we can already reserve the public IP range to an
>>>>>>>>account but not release it back to the free pool, so how about we
>>>>>>>>divide this requirement into 2 parts - 1) Dedicate Public IP
>>>>>>>>range
>>>>>>>>2) Dedicate Guest VLAN's per tenant.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>Since Part 1 has already implemented, we need to only add the
>>>>>>>>enhancement 'Add releasing these IP Address range to the free
>>>>>>>>pool'. I will create an enhancement ticket to track this?
>>>>>>>>
>>>>>>>>As for Part 2, I will soon publish an FS based on the requirements.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>Any concerns?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>Thank you,
>>>>>>>>
>>>>>>>>Likitha
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>-----Original Message-----
>>>>>>>>
>>>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>>
>>>>>>>>>Sent: Thursday, January 17, 2013 3:55 PM
>>>>>>>>
>>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>>
>>>>>>>>>dev@incubator.apache.org
>>>>>>>>
>>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>>and
>>>>>>>>
>>>>>>>>>VLANs per Tenant
>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>>Yes, before reserving the public ip range we do verify if the
>>>>>>>>
>>>>>>>>>account/domain is exceeding the limit.
>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>>Thank You,
>>>>>>>>
>>>>>>>>>Likitha
>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>>>-----Original Message-----
>>>>>>>>
>>>>>>>>>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>>>>>>>
>>>>>>>>>>Sent: Thursday, January 17, 2013 3:50 PM
>>>>>>>>
>>>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>>
>>>>>>>>>>dev@incubator.apache.org
>>>>>>>>
>>>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>>>and
>>>>>>>>
>>>>>>>>>>VLANs per Tenant
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>Hi Likitha,
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>Currently we can reserve the public IP range to an account. I
>>>>>>>>>>would
>>>>>>>>
>>>>>>>>>>assume we are cross checking the account/domain limit for the
>>>>>>>>>>max no
>>>>>>>>
>>>>>>>>>>of Public IP addresses while reserving the Public IP to an
>>>>>>>>>>account?
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>Please clarify.
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>Thanks,
>>>>>>>>
>>>>>>>>>>Sailaja.M
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>-----Original Message-----
>>>>>>>>
>>>>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>>
>>>>>>>>>>Sent: Thursday, January 10, 2013 7:43 PM
>>>>>>>>
>>>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>>
>>>>>>>>>>dev@incubator.apache.org
>>>>>>>>
>>>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>>>and
>>>>>>>>
>>>>>>>>>>VLANs per Tenant
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>For CreateVlanIpRange API call, we can set the account
>>>>>>>>>>parameter to
>>>>>>>>
>>>>>>>>>>specify the VLAN owner. If specified, the Public IP's get
>>>>>>>>>>allocated to
>>>>>>>>
>>>>>>>>>>the account and the VLAN get dedicated to it. Could you please
>>>>>>>>>>clarify
>>>>>>>>
>>>>>>>>>>what the difference between this and the mentioned requirement is?
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>But I couldn't figure out a way to release back the VLAN and
>>>>>>>>>>the
>>>>>>>>
>>>>>>>>>>allocated IP's to the free pool. I achieved it by deleting the
>>>>>>>>>>VLAN-IP
>>>>>>>>
>>>>>>>>>>range and then adding it back to the system account. Is there a
>>>>>>>>>>better
>>>>>>>>
>>>>>>>>>>way to do it or do we need to implement this?
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>Thank you,
>>>>>>>>
>>>>>>>>>>Likitha
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>-----Original Message-----
>>>>>>>>
>>>>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>>>>
>>>>>>>>>>>Sent: Friday, January 04, 2013 10:11 PM
>>>>>>>>
>>>>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>>>>
>>>>>>>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP
>>>>>>>>>>>Addresses and
>>>>>>>>
>>>>>>>>>>>VLANs per Tenant
>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>Thanks Tamas for bringing up additional requirements. I have
>>>>>>>>>>>updated
>>>>>>>>
>>>>>>>>>>>the requirements document.
>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>Regards,
>>>>>>>>
>>>>>>>>>>>Manan Shah
>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>On 1/4/13 6:32 AM, "Tamas Monos"
>>>>>>>><ta...@veber.co.uk>> wrote:
>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>+1
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>Additional to the requirements:
>>>>>>>>
>>>>>>>>>>>>- Usage must reflect if these are assigned to an Account so
>>>>>>>>>>>>the
>>>>>>>>
>>>>>>>>>>>>admin can see how many IP is allocated to the account.
>>>>>>>>
>>>>>>>>>>>>- On allocation it needs to check whether the required range
>>>>>>>>>>>>is
>>>>>>>>
>>>>>>>>>>>>available (not in use) and conforms with the account limits
>>>>>>>>>>>>(cannot
>>>>>>>>
>>>>>>>>>>>>allocate more IPs than maximum IPs per account).
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>Regards
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>Tamas Monos DDI
>>>>>>>>
>>>>>>>>>>>>+44(0)2034687012
>>>>>>>>
>>>>>>>>>>>>Chief Technical
>>>>>>>>>>>>Office
>>>>>>>>
>>>>>>>>>>>>+44(0)2034687000
>>>>>>>>
>>>>>>>>>>>>Veber: The Hosting Specialists Fax
>>>>>>>>>>>>+44(0)871
>>>>>>>>>>>>522
>>>>>>>>
>>>>>>>>>>>>7057
>>>>>>>>
>>>>>>>>>>>>http://www.veber.co.uk
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>Follow us on Twitter:
>>>>>>>>www.twitter.com/veberhost<http://www.twitter.com/veberhost>
>>>>>>>>Follow us on
>>>>>>>>Facebook:
>>>>>>>>
>>>>>>>>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberho
>st>
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>-----Original Message-----
>>>>>>>>
>>>>>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>>>>
>>>>>>>>>>>>Sent: 22 December 2012 01:03
>>>>>>>>
>>>>>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>>>>
>>>>>>>>>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>>>>>and
>>>>>>>>
>>>>>>>>>>>>VLANs per Tenant
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>Hi,
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>I would like to propose a new feature for dedicating IP
>>>>>>>>>>>>Addresses
>>>>>>>>
>>>>>>>>>>>>and VLANs per Tenant. I have created a JIRA ticket and
>>>>>>>>>>>>provided the
>>>>>>>>
>>>>>>>>>>>>requirements at the following location. Please provide
>>>>>>>>>>>>feedback on
>>>>>>>>
>>>>>>>>>>>>the requirements.
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>JIRA Ticket:
>>>>>>>>>>>>https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>>>>>>
>>>>>>>>>>>>Requirements:
>>>>>>>>
>>>>>>>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedica
>>>>>>>>>>>>te
>>>>>>>>>>>>d+R
>>>>>>>>>>>>es
>>>>>>>>
>>>>>>>>>>>>o
>>>>>>>>
>>>>>>>>>>>>u
>>>>>>>>
>>>>>>>>>>>>r
>>>>>>>>
>>>>>>>>>>>>ces
>>>>>>>>
>>>>>>>>>>>>+
>>>>>>>>
>>>>>>>>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>Regards,
>>>>>>>>
>>>>>>>>>>>>Manan Shah
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>
>>>>
>>