Public CIDR in vpc

[Marcus Sorensen <sh...@gmail.com>]

Working from the idea that cloudstack may be deployed as a component of a
larger infrastructure orchestration effort, is there any reason not to
allow non-rfc1918 added as the VPC super CIDR?

Re: Public CIDR in vpc

[Marcus Sorensen <sh...@gmail.com>]

I'm not necessarily thinking about route advertisement or something
that could be disruptive, if someone brought up a VPC with public
address space it simply wouldn't work outside of the VPC (although
that may be something to consider as well).  I was primarily thinking
about a situation where the admin could assign someone a VPC with say
a /20 of public space (to be further carved into /24 or something on
the VPC networks), and then the admin would point the upstream router
to the VPC router for that /20 (via SDN or whatever means they're
using for the larger orchestration).  It doesn't seem like there'd be
much work to enable this case outside of disabling the check for RFC
1918, and maybe some auditing to ensure any router scripts aren't
expecting private space. Am I wrong?

On Mon, Oct 14, 2013 at 1:35 PM, Chip Childers
<ch...@sungard.com> wrote:
> If allowed, I'd make it disabled by default.  Otherwise operators may be
> surprised by their user's actions...  ;-)
>
>
> On Mon, Oct 14, 2013 at 3:01 PM, Marcus Sorensen <sh...@gmail.com>wrote:
>
>> Working from the idea that cloudstack may be deployed as a component of a
>> larger infrastructure orchestration effort, is there any reason not to
>> allow non-rfc1918 added as the VPC super CIDR?
>>

Re: Public CIDR in vpc

[Chip Childers <ch...@sungard.com>]

If allowed, I'd make it disabled by default.  Otherwise operators may be
surprised by their user's actions...  ;-)


On Mon, Oct 14, 2013 at 3:01 PM, Marcus Sorensen <sh...@gmail.com>wrote:

> Working from the idea that cloudstack may be deployed as a component of a
> larger infrastructure orchestration effort, is there any reason not to
> allow non-rfc1918 added as the VPC super CIDR?
>