You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cloudstack.apache.org by Will Stevens <ws...@cloudops.com> on 2013/04/01 17:22:10 UTC

Re: [DISCUSS] Palo Alto Integration

Thank you for all your help Murali...

So my Provider has been setup with isExternal = true this whole time.
public static final Provider PaloAlto = new Provider("PaloAlto", true);

If I run a debugger and then create a guest network, I see it enter the
'design' function of the ExternalGuestNetworkGuru, but it does not do
anything in there because the config is not null, but the config.getId() =
-1, so it just returns the config (Network object) and doesn't really do
anything.

Apparently the 'implement' method doesn't get called until a VM is
attempted to be launched on the network.

I must be missing something because, every Isolated guest network I create
on my provider is defaulting to the cidr of 10.1.1.0/24.  Even if I have
multiple Isolated networks associated with the same account, they all by
default have that cidr.

If the default behaviour of the ExternalGuestNetworkGuru is to create
non-overlapping guest cidrs, why does it always default to the
10.1.1.0/24cidr when I create a new network?  I can not specify a
gateway or netmask
because it is an external network (as you can see from the included
screenshot).
[image: Inline image 1]

What am I missing here?  Why am I unable to create non-overlapping cidrs
with the ExternalGuestNetworkGuru?

Thanks,

Will


On Fri, Mar 29, 2013 at 1:23 AM, Murali Reddy <Mu...@citrix.com>wrote:

> On 28/03/13 10:59 PM, "Will Stevens" <ws...@cloudops.com> wrote:
>
> >I am trying to implement the non-overlapping cidrs right now and I have
> >some questions.  Does the ExternalGuestNetworkGuru create networks with
> >non-overlapping cidrs by default?  Or do I need to override it's 'design'
> >and 'implement' methods to implement non overlapping cidrs?
>
> Will, yes, it does by default. You can just use
> 'ExternalGuestNetworkGuru'. Just so that you know, there is check
> 'networkIsConfiguredForExternalNetworking' in ExternalGuestNetworkGuru.
> Which basically checks if provider is configured as service provider using
> external physical appliances. So when you declare provider, mark
> 'isExternal' as true in the provider constructor.
>
> >
> >If I have to write my own methods, I think I understand how to
> >override ExternalGuestNetworkGuru and then get it to run by adding it to
> >the components.xml (or nonoss-components.xml) as well as the
> >componentContext.xml.in.
> >
> >If I do not have to actually write the logic for the non-overlapping cidrs
> >(which i am hoping is the case), and the ExternalGuestNetworkGuru actually
> >implements that logic, how would I get the ExternalGuestNetworkGuru into
> >my
> >flow without actually overriding the class?  I understand that the
> >components are loaded through the components.xml stuff, but its not clear
> >how you specify which NetworkGuru should be used in my specific flow.
> >
> >I am basically working from this
> >document<
> https://cwiki.apache.org/CLOUDSTACK/extending-cloudstack-networki
> >ng.html>and
> >the code.  Is there any other resources I should be aware of for
> >extending the CloudStack networking functionality?
> >
> >I have a good start on a Resource, ExternalFirewallElement and an
> >ExternalFirewallService.  I can currently set the Palo Alto as the
> >provider
> >of Firewall, SourceNat, StaticNat and Port Forwarding services.  I can
> >currently Add, List, Configure and Delete my Palo Alto provider.
> >
> >I am getting there, but I still feel like there are gaps in my knowledge
> >when using the CS networking plugin functionality.
>
> Good the hear the progress. Feel free to ask any question.
>
> Thanks,
> Murali
>
> >
> >Thanks,
> >
> >Will
>
>

Re: [DISCUSS] Palo Alto Integration

Posted by Will Stevens <ws...@cloudops.com>.

Thank you for clarifying this.  This was my assumption after spending a
bunch of time stepping through the code.

Will


On Tue, Apr 2, 2013 at 2:42 AM, Murali Reddy <Mu...@citrix.com>wrote:

> The 'Network' has a life cycle associated with it. Network goes from
> 'allocated' state (after the design phase) to 'implemented' (after
> implement phase). Unless a network is implemented it is not ready for use
> in 'isolated network' case. Only after network is implemented, it gets full
> identity. Can you please deploy a Vm into the network and confirm you see
> that non-overlapping CIDR's is allocated? 10.1.1.0/24 you see is the
> default CIDR network gets after design phase which will be replaced once
> network is implemented.
>
> From: Will Stevens <ws...@cloudops.com>>
> Reply-To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <
> dev@cloudstack.apache.org<ma...@cloudstack.apache.org>>
> Date: Tuesday, 2 April 2013 12:33 AM
> To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <
> dev@cloudstack.apache.org<ma...@cloudstack.apache.org>>
> Subject: Re: [DISCUSS] Palo Alto Integration
>
> So I have been stepping through the code and I can confirm that the
> 'design' method of ExternalGuestNetworkGuru is being hit, but it doesn't do
> anything, so it passes off work of creating the network to the 'design'
> method of GuestNetworkGuru which assigns 10.1.1.0/24<http://10.1.1.0/24>
> to the network every time I create a network.
>
> Something I am finding strange is that 'config.getId()' gives -1, so the
> new network that is being created while in the 'design' method of
> ExternalGuestNetworkGuru does not hit the only logic in the function:
>
> NetworkVO config = (NetworkVO) super.design(offering, plan, userSpecified,
> owner);
> if (config == null) {
>     return null;
> } else if
> (_networkModel.networkIsConfiguredForExternalNetworking(plan.getDataCenterId(),
> config.getId())) {
>     /* In order to revert userSpecified network setup */
>     config.setState(State.Allocated);
> }
>
> So the config.setState(State.Allocated) is not getting hit.
>
> There does seem to be some logic for updating the cidr in the 'implement'
> function of ExternalGuestNetworkGuru, but that is not run until a VM is
> added to the network (from what I understand), so that is a bit strange to
> me.
>
> Are the non-overlapping cidrs implemented only when a VM is added to the
> network and the same placeholder cidr is used until then?
>
> Thanks,
>
> Will
>
>
> On Mon, Apr 1, 2013 at 11:22 AM, Will Stevens <wstevens@cloudops.com
> <ma...@cloudops.com>> wrote:
> Thank you for all your help Murali...
>
> So my Provider has been setup with isExternal = true this whole time.
> public static final Provider PaloAlto = new Provider("PaloAlto", true);
>
> If I run a debugger and then create a guest network, I see it enter the
> 'design' function of the ExternalGuestNetworkGuru, but it does not do
> anything in there because the config is not null, but the config.getId() =
> -1, so it just returns the config (Network object) and doesn't really do
> anything.
>
> Apparently the 'implement' method doesn't get called until a VM is
> attempted to be launched on the network.
>
> I must be missing something because, every Isolated guest network I create
> on my provider is defaulting to the cidr of 10.1.1.0/24<http://10.1.1.0/24>.
>  Even if I have multiple Isolated networks associated with the same
> account, they all by default have that cidr.
>
> If the default behaviour of the ExternalGuestNetworkGuru is to create
> non-overlapping guest cidrs, why does it always default to the 10.1.1.0/24
> <http://10.1.1.0/24> cidr when I create a new network?  I can not specify
> a gateway or netmask because it is an external network (as you can see from
> the included screenshot).
> [Inline image 1]
>
> What am I missing here?  Why am I unable to create non-overlapping cidrs
> with the ExternalGuestNetworkGuru?
>
> Thanks,
>
> Will
>
>
> On Fri, Mar 29, 2013 at 1:23 AM, Murali Reddy <Murali.Reddy@citrix.com
> <ma...@citrix.com>> wrote:
> On 28/03/13 10:59 PM, "Will Stevens" <wstevens@cloudops.com<mailto:
> wstevens@cloudops.com>> wrote:
>
> >I am trying to implement the non-overlapping cidrs right now and I have
> >some questions.  Does the ExternalGuestNetworkGuru create networks with
> >non-overlapping cidrs by default?  Or do I need to override it's 'design'
> >and 'implement' methods to implement non overlapping cidrs?
>
> Will, yes, it does by default. You can just use
> 'ExternalGuestNetworkGuru'. Just so that you know, there is check
> 'networkIsConfiguredForExternalNetworking' in ExternalGuestNetworkGuru.
> Which basically checks if provider is configured as service provider using
> external physical appliances. So when you declare provider, mark
> 'isExternal' as true in the provider constructor.
>
> >
> >If I have to write my own methods, I think I understand how to
> >override ExternalGuestNetworkGuru and then get it to run by adding it to
> >the components.xml (or nonoss-components.xml) as well as the
> >componentContext.xml.in<http://componentContext.xml.in>.
> >
> >If I do not have to actually write the logic for the non-overlapping cidrs
> >(which i am hoping is the case), and the ExternalGuestNetworkGuru actually
> >implements that logic, how would I get the ExternalGuestNetworkGuru into
> >my
> >flow without actually overriding the class?  I understand that the
> >components are loaded through the components.xml stuff, but its not clear
> >how you specify which NetworkGuru should be used in my specific flow.
> >
> >I am basically working from this
> >document<
> https://cwiki.apache.org/CLOUDSTACK/extending-cloudstack-networki
> >ng.html>and
> >the code.  Is there any other resources I should be aware of for
> >extending the CloudStack networking functionality?
> >
> >I have a good start on a Resource, ExternalFirewallElement and an
> >ExternalFirewallService.  I can currently set the Palo Alto as the
> >provider
> >of Firewall, SourceNat, StaticNat and Port Forwarding services.  I can
> >currently Add, List, Configure and Delete my Palo Alto provider.
> >
> >I am getting there, but I still feel like there are gaps in my knowledge
> >when using the CS networking plugin functionality.
>
> Good the hear the progress. Feel free to ask any question.
>
> Thanks,
> Murali
>
> >
> >Thanks,
> >
> >Will
>
>
>
>

Re: [DISCUSS] Palo Alto Integration

Posted by Murali Reddy <Mu...@citrix.com>.

The 'Network' has a life cycle associated with it. Network goes from 'allocated' state (after the design phase) to 'implemented' (after implement phase). Unless a network is implemented it is not ready for use in 'isolated network' case. Only after network is implemented, it gets full identity. Can you please deploy a Vm into the network and confirm you see that non-overlapping CIDR's is allocated? 10.1.1.0/24 you see is the default CIDR network gets after design phase which will be replaced once network is implemented.

From: Will Stevens <ws...@cloudops.com>>
Reply-To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <de...@cloudstack.apache.org>>
Date: Tuesday, 2 April 2013 12:33 AM
To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <de...@cloudstack.apache.org>>
Subject: Re: [DISCUSS] Palo Alto Integration

So I have been stepping through the code and I can confirm that the 'design' method of ExternalGuestNetworkGuru is being hit, but it doesn't do anything, so it passes off work of creating the network to the 'design' method of GuestNetworkGuru which assigns 10.1.1.0/24<http://10.1.1.0/24> to the network every time I create a network.

Something I am finding strange is that 'config.getId()' gives -1, so the new network that is being created while in the 'design' method of ExternalGuestNetworkGuru does not hit the only logic in the function:

NetworkVO config = (NetworkVO) super.design(offering, plan, userSpecified, owner);
if (config == null) {
    return null;
} else if (_networkModel.networkIsConfiguredForExternalNetworking(plan.getDataCenterId(), config.getId())) {
    /* In order to revert userSpecified network setup */
    config.setState(State.Allocated);
}

So the config.setState(State.Allocated) is not getting hit.

There does seem to be some logic for updating the cidr in the 'implement' function of ExternalGuestNetworkGuru, but that is not run until a VM is added to the network (from what I understand), so that is a bit strange to me.

Are the non-overlapping cidrs implemented only when a VM is added to the network and the same placeholder cidr is used until then?

Thanks,

Will

On Mon, Apr 1, 2013 at 11:22 AM, Will Stevens <ws...@cloudops.com>> wrote:
Thank you for all your help Murali...

So my Provider has been setup with isExternal = true this whole time.
public static final Provider PaloAlto = new Provider("PaloAlto", true);

If I run a debugger and then create a guest network, I see it enter the 'design' function of the ExternalGuestNetworkGuru, but it does not do anything in there because the config is not null, but the config.getId() = -1, so it just returns the config (Network object) and doesn't really do anything.

Apparently the 'implement' method doesn't get called until a VM is attempted to be launched on the network.

I must be missing something because, every Isolated guest network I create on my provider is defaulting to the cidr of 10.1.1.0/24<http://10.1.1.0/24>.  Even if I have multiple Isolated networks associated with the same account, they all by default have that cidr.

If the default behaviour of the ExternalGuestNetworkGuru is to create non-overlapping guest cidrs, why does it always default to the 10.1.1.0/24<http://10.1.1.0/24> cidr when I create a new network?  I can not specify a gateway or netmask because it is an external network (as you can see from the included screenshot).
[Inline image 1]

What am I missing here?  Why am I unable to create non-overlapping cidrs with the ExternalGuestNetworkGuru?

Thanks,

Will

On Fri, Mar 29, 2013 at 1:23 AM, Murali Reddy <Mu...@citrix.com>> wrote:
On 28/03/13 10:59 PM, "Will Stevens" <ws...@cloudops.com>> wrote:

>I am trying to implement the non-overlapping cidrs right now and I have
>some questions.  Does the ExternalGuestNetworkGuru create networks with
>non-overlapping cidrs by default?  Or do I need to override it's 'design'
>and 'implement' methods to implement non overlapping cidrs?

Will, yes, it does by default. You can just use
'ExternalGuestNetworkGuru'. Just so that you know, there is check
'networkIsConfiguredForExternalNetworking' in ExternalGuestNetworkGuru.
Which basically checks if provider is configured as service provider using
external physical appliances. So when you declare provider, mark
'isExternal' as true in the provider constructor.

>
>If I have to write my own methods, I think I understand how to
>override ExternalGuestNetworkGuru and then get it to run by adding it to
>the components.xml (or nonoss-components.xml) as well as the
>componentContext.xml.in<http://componentContext.xml.in>.
>
>If I do not have to actually write the logic for the non-overlapping cidrs
>(which i am hoping is the case), and the ExternalGuestNetworkGuru actually
>implements that logic, how would I get the ExternalGuestNetworkGuru into
>my
>flow without actually overriding the class?  I understand that the
>components are loaded through the components.xml stuff, but its not clear
>how you specify which NetworkGuru should be used in my specific flow.
>
>I am basically working from this
>document<https://cwiki.apache.org/CLOUDSTACK/extending-cloudstack-networki
>ng.html>and
>the code.  Is there any other resources I should be aware of for
>extending the CloudStack networking functionality?
>
>I have a good start on a Resource, ExternalFirewallElement and an
>ExternalFirewallService.  I can currently set the Palo Alto as the
>provider
>of Firewall, SourceNat, StaticNat and Port Forwarding services.  I can
>currently Add, List, Configure and Delete my Palo Alto provider.
>
>I am getting there, but I still feel like there are gaps in my knowledge
>when using the CS networking plugin functionality.

Good the hear the progress. Feel free to ask any question.

Thanks,
Murali

>
>Thanks,
>
>Will

Re: [DISCUSS] Palo Alto Integration

Posted by Will Stevens <ws...@cloudops.com>.

So I have been stepping through the code and I can confirm that the
'design' method of ExternalGuestNetworkGuru is being hit, but it doesn't do
anything, so it passes off work of creating the network to the 'design'
method of GuestNetworkGuru which assigns 10.1.1.0/24 to the network every
time I create a network.

Something I am finding strange is that 'config.getId()' gives -1, so the
new network that is being created while in the 'design' method of
ExternalGuestNetworkGuru does not hit the only logic in the function:

NetworkVO config = (NetworkVO) super.design(offering, plan, userSpecified,
owner);
if (config == null) {
    return null;
} else if
(_networkModel.networkIsConfiguredForExternalNetworking(plan.getDataCenterId(),
config.getId())) {
    /* In order to revert userSpecified network setup */
    config.setState(State.Allocated);
}

So the config.setState(State.Allocated) is not getting hit.

There does seem to be some logic for updating the cidr in the 'implement'
function of ExternalGuestNetworkGuru, but that is not run until a VM is
added to the network (from what I understand), so that is a bit strange to
me.

Are the non-overlapping cidrs implemented only when a VM is added to the
network and the same placeholder cidr is used until then?

Thanks,

Will


On Mon, Apr 1, 2013 at 11:22 AM, Will Stevens <ws...@cloudops.com> wrote:

> Thank you for all your help Murali...
>
> So my Provider has been setup with isExternal = true this whole time.
> public static final Provider PaloAlto = new Provider("PaloAlto", true);
>
> If I run a debugger and then create a guest network, I see it enter the
> 'design' function of the ExternalGuestNetworkGuru, but it does not do
> anything in there because the config is not null, but the config.getId() =
> -1, so it just returns the config (Network object) and doesn't really do
> anything.
>
> Apparently the 'implement' method doesn't get called until a VM is
> attempted to be launched on the network.
>
> I must be missing something because, every Isolated guest network I create
> on my provider is defaulting to the cidr of 10.1.1.0/24.  Even if I have
> multiple Isolated networks associated with the same account, they all by
> default have that cidr.
>
> If the default behaviour of the ExternalGuestNetworkGuru is to create
> non-overlapping guest cidrs, why does it always default to the 10.1.1.0/24cidr when I create a new network?  I can not specify a gateway or netmask
> because it is an external network (as you can see from the included
> screenshot).
> [image: Inline image 1]
>
> What am I missing here?  Why am I unable to create non-overlapping cidrs
> with the ExternalGuestNetworkGuru?
>
> Thanks,
>
> Will
>
>
> On Fri, Mar 29, 2013 at 1:23 AM, Murali Reddy <Mu...@citrix.com>wrote:
>
>> On 28/03/13 10:59 PM, "Will Stevens" <ws...@cloudops.com> wrote:
>>
>> >I am trying to implement the non-overlapping cidrs right now and I have
>> >some questions.  Does the ExternalGuestNetworkGuru create networks with
>> >non-overlapping cidrs by default?  Or do I need to override it's 'design'
>> >and 'implement' methods to implement non overlapping cidrs?
>>
>> Will, yes, it does by default. You can just use
>> 'ExternalGuestNetworkGuru'. Just so that you know, there is check
>> 'networkIsConfiguredForExternalNetworking' in ExternalGuestNetworkGuru.
>> Which basically checks if provider is configured as service provider using
>> external physical appliances. So when you declare provider, mark
>> 'isExternal' as true in the provider constructor.
>>
>> >
>> >If I have to write my own methods, I think I understand how to
>> >override ExternalGuestNetworkGuru and then get it to run by adding it to
>> >the components.xml (or nonoss-components.xml) as well as the
>> >componentContext.xml.in.
>> >
>> >If I do not have to actually write the logic for the non-overlapping
>> cidrs
>> >(which i am hoping is the case), and the ExternalGuestNetworkGuru
>> actually
>> >implements that logic, how would I get the ExternalGuestNetworkGuru into
>> >my
>> >flow without actually overriding the class?  I understand that the
>> >components are loaded through the components.xml stuff, but its not clear
>> >how you specify which NetworkGuru should be used in my specific flow.
>> >
>> >I am basically working from this
>> >document<
>> https://cwiki.apache.org/CLOUDSTACK/extending-cloudstack-networki
>> >ng.html>and
>> >the code.  Is there any other resources I should be aware of for
>> >extending the CloudStack networking functionality?
>> >
>> >I have a good start on a Resource, ExternalFirewallElement and an
>> >ExternalFirewallService.  I can currently set the Palo Alto as the
>> >provider
>> >of Firewall, SourceNat, StaticNat and Port Forwarding services.  I can
>> >currently Add, List, Configure and Delete my Palo Alto provider.
>> >
>> >I am getting there, but I still feel like there are gaps in my knowledge
>> >when using the CS networking plugin functionality.
>>
>> Good the hear the progress. Feel free to ask any question.
>>
>> Thanks,
>> Murali
>>
>> >
>> >Thanks,
>> >
>> >Will
>>
>>
>