You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Manan Shah <ma...@citrix.com> on 2012/12/22 02:03:17 UTC
[DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per
Tenant
Hi,
I would like to propose a new feature for dedicating IP Addresses and
VLANs per Tenant. I have created a JIRA ticket and provided the
requirements at the following location. Please provide feedback on the
requirements.
JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
Requirements:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Resources+
-+Public+IP+Addresses+and+VLANs+per+Tenant
Regards,
Manan Shah
RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Likitha Shetty <li...@citrix.com>.
First draft of the FS can be found here - https://cwiki.apache.org/confluence/display/CLOUDSTACK/FS-+Dedicate+Public+IP+Addresses+per+tenant .
Comments/Suggestions?
Thank you,
Likitha
>-----Original Message-----
>From: Manan Shah
>Sent: Friday, February 22, 2013 12:08 PM
>To: Likitha Shetty; cloudstack-users@incubator.apache.org; cloudstack-
>dev@incubator.apache.org
>Cc: Manan Shah
>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per
>Tenant
>
>Thanks Likitha for your prompt response. I will wait for the FS.
>
>Regards,
>Manan Shah
>
>
>
>
>On 2/21/13 10:30 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>
>>Yes Manan, with the 1st solution the dedication should be applicable
>>for both Isolated and VPC networks.
>>I will capture all that is being discussed here in the FS (yet to
>>publish).
>>
>>Thank you,
>>Likitha
>>
>>>-----Original Message-----
>>>From: Manan Shah
>>>Sent: Friday, February 22, 2013 11:55 AM
>>>To: Manan Shah; Likitha Shetty; cloudstack-users@incubator.apache.org;
>>>cloudstack-dev@incubator.apache.org
>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>VLANs per Tenant
>>>
>>>Hi Likitha,
>>>
>>>One additional question. When an admin assigns a Public IP Address
>>>range to an account and if that account creates a VPC, I am assuming
>>>they will still get the Public IP Address from this reserved IP range.
>>>Can you please confirm that this reserved Public IP Address would work
>>>for both Isolated Networks as well as VPC?
>>>
>>>Regards,
>>>Manan Shah
>>>
>>>
>>>
>>>
>>>On 2/21/13 9:57 PM, "Manan Shah" <ma...@citrix.com> wrote:
>>>
>>>>Hi Likitha,
>>>>
>>>>I agree with you that the 1st solution seems like a better approach.
>>>>
>>>>Regards,
>>>>Manan Shah
>>>>
>>>>
>>>>
>>>>
>>>>On 2/21/13 9:39 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>>>>
>>>>>Hi Manan,
>>>>>
>>>>>Thanks for the feedback. Please find my answers inline.
>>>>>
>>>>>Thank you,
>>>>>Likitha
>>>>>
>>>>>>-----Original Message-----
>>>>>>From: Manan Shah
>>>>>>Sent: Friday, February 22, 2013 10:28 AM
>>>>>>To: Likitha Shetty; cloudstack-users@incubator.apache.org;
>>>>>>cloudstack- dev@incubator.apache.org
>>>>>>Cc: Manan Shah
>>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>>VLANs per Tenant
>>>>>>
>>>>>>Hi Likitha,
>>>>>>
>>>>>>Comments in-line belowŠ. Also, please let us know once the FS is
>>>>>>updated.
>>>>>>
>>>>>>Regards,
>>>>>>Manan Shah
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>On 2/19/13 8:59 PM, "Likitha Shetty" <li...@citrix.com>
>>>>>>wrote:
>>>>>>
>>>>>>>CCing Manan to comment on the requirements.
>>>>>>>
>>>>>>>>-----Original Message-----
>>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>>Sent: Friday, February 15, 2013 7:09 PM
>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>>dev@incubator.apache.org
>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>and VLANs per Tenant
>>>>>>>>
>>>>>>>>Hi All,
>>>>>>>>
>>>>>>>>This is with respect to Part 1 of the feature 'Dedicate Public IP
>>>>>>>>range'
>>>>>>>>which is
>>>>>>>>already implemented in CS.
>>>>>>>>Following is the observation wrt what is the current CS
>>>>>>>>implementation and the proposed changes to the same,
>>>>>>>>
>>>>>>>>1. A public VLAN-IP range can only be associated to an account
>>>>>>>>during the
>>>>>>>>creation of the range
>>>>>>>>Proposed change - Admin should be allowed to dedicate a range
>>>>>>>>even after it has been created and also allowed to change the
>>>>>>>>owner
>>>>>>[Manan] Agreed with the functionality.
>>>>>>>>
>>>>>>>>2. If an admin associates an IP range to an account, all the
>>>>>>>>IP's
>>>>>>>>of that range
>>>>>>>>get acquired by a single isolated network in that account
>>>>>>
>>>>>>[Manan] Why do you think this is the right functionality. What if
>>>>>>the admin wants to allocate a public IP range to a account and
>>>>>>wants to allow the tenant to create as many networks as they want
>>>>>>and use this public IP range.
>>>>>[Likitha] Manan, I agree. I don't think this is the right behavior.
>>>>>So the following is what currently happens in CS, If an admin
>>>>>associates an IP range to an account, all the IP's of that range get
>>>>>acquired by a single isolated network in that account 1. If there
>>>>>are no isolated guest networks, a new network is created and all the
>>>>>IP's from the range are dedicated to the new network 2. If there is
>>>>>1 isolated guest network, all the IP's from the range are dedicated
>>>>>to the existing network 3. If there are more than 1 isolated guest
>>>>>network CS throws an error
>>>>>
>>>>>There are 2 possible changes we can introduce to resolve this, 1.
>>>>>During dedication we just mark this range of IP's as dedicated. And
>>>>>when the user acquires an IP for a particular network we allow the
>>>>>network to choose from the dedicated range.
>>>>>2. During dedication when an account is chosen, the user also has
>>>>>the option to choose one of the network in the account which can
>>>>>acquire the IP's I prefer the 1st solution because with the 2nd
>>>>>solution, one of the networks of the tenant will acquire all the IP's.
>>>>>Thoughts?
>>>>>>
>>>>>>>>
>>>>>>>>a. If there are no isolated guest networks, a new network is
>>>>>>>>created and all
>>>>>>>>the IP's from the range are dedicated to the new network
>>>>>>>>
>>>>>>>>b. If there is 1 isolated guest network, all the IP's from the
>>>>>>>>range are
>>>>>>>>dedicated to the existing network
>>>>>>>>
>>>>>>>>c. If there are more than 1 isolated guest network CS throws
>>>>>>>>an
>>>>>>>>error
>>>>>>>>
>>>>>>>> Proposed change - When an account is chosen, the
>>>>>>>>user also has the option to choose the network in the account
>>>>>>>>which can acquire the IP's
>>>>>>>>
>>>>>>>>3. When a network that has a dedicated IP range is deleted,
>>>>>>>>the
>>>>>>>>mapping
>>>>>>>>between the account that owned the network and IP range persists.
>>>>>>>>This implies that the admin sees that the range is associated to
>>>>>>>>the account. But the IP's from this range can be acquired by any
>>>>>>>>other account
>>>>>>>>
>>>>>>>>Proposed change - The IP range should no longer be owned by the
>>>>>>>>account
>>>>>>[Manan] Agree with the proposed change
>>>>>>>>
>>>>>>>>4. When an account is deleted the IP ranges dedicated to that
>>>>>>>>account get
>>>>>>>>deleted
>>>>>>>>
>>>>>>>>Proposed change - The range should be released back to the free
>>>>>>>>pool instead
>>>>>>
>>>>>>[Manan] Agree with the proposed change. I am assuming if there are
>>>>>>any public Ips that are in use (Loadbalancing, Port Forwarding,
>>>>>>Static-NAT,
>>>>>>etc) then they will remain as is.
>>>>>>
>>>>>>>>
>>>>>>>>5. I see a potential starving scenario where a certain account
>>>>>>>>that has
>>>>>>>>dedicated range uses up all the IP's from the free pool as well
>>>>>>>>
>>>>>>>>Proposed change - Impose a configurable limit like say, at least
>>>>>>>>one range should always belong to the free pool
>>>>>>[Manan] Agree with the proposed change
>>>>>>>>
>>>>>>>>6. Even if a range is dedicated to an account, any network
>>>>>>>>that
>>>>>>>>belongs to
>>>>>>>>this account including the one that has acquired the IP's can
>>>>>>>>acquire more IP's from the free pool. This is because when we
>>>>>>>>dedicate an IP range to an account, one of the networks of that
>>>>>>>>account acquires all the IP's.
>>>>>>>>
>>>>>>>>Proposed change - During dedication we just mark this range of
>>>>>>>>IP's as dedicated. And only when the user acquires an IP for a
>>>>>>>>particular network we allow the network to choose from the
>>>>>>>>dedicated range. If this change is implemented we will not run
>>>>>>>>into issue
>>>#2.
>>>>>>>>
>>>>>>>>Please provide your feedback. I will publish an FS keeping in
>>>>>>>>line with the requirements we decide upon.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>Thank you,
>>>>>>>>
>>>>>>>>Likitha
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>-----Original Message-----
>>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>>Sent: Friday, January 18, 2013 5:11 PM
>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>>dev@incubator.apache.org
>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>and VLANs per Tenant
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>In CloudStack we can already reserve the public IP range to an
>>>>>>>>account but not release it back to the free pool, so how about we
>>>>>>>>divide this requirement into 2 parts - 1) Dedicate Public IP
>>>>>>>>range
>>>>>>>>2) Dedicate Guest VLAN's per tenant.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>Since Part 1 has already implemented, we need to only add the
>>>>>>>>enhancement 'Add releasing these IP Address range to the free
>>>>>>>>pool'. I will create an enhancement ticket to track this?
>>>>>>>>
>>>>>>>>As for Part 2, I will soon publish an FS based on the requirements.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>Any concerns?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>Thank you,
>>>>>>>>
>>>>>>>>Likitha
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>-----Original Message-----
>>>>>>>>
>>>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>>
>>>>>>>>>Sent: Thursday, January 17, 2013 3:55 PM
>>>>>>>>
>>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>>
>>>>>>>>>dev@incubator.apache.org
>>>>>>>>
>>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>>and
>>>>>>>>
>>>>>>>>>VLANs per Tenant
>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>>Yes, before reserving the public ip range we do verify if the
>>>>>>>>
>>>>>>>>>account/domain is exceeding the limit.
>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>>Thank You,
>>>>>>>>
>>>>>>>>>Likitha
>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>>>-----Original Message-----
>>>>>>>>
>>>>>>>>>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>>>>>>>
>>>>>>>>>>Sent: Thursday, January 17, 2013 3:50 PM
>>>>>>>>
>>>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>>
>>>>>>>>>>dev@incubator.apache.org
>>>>>>>>
>>>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>>>and
>>>>>>>>
>>>>>>>>>>VLANs per Tenant
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>Hi Likitha,
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>Currently we can reserve the public IP range to an account. I
>>>>>>>>>>would
>>>>>>>>
>>>>>>>>>>assume we are cross checking the account/domain limit for the
>>>>>>>>>>max no
>>>>>>>>
>>>>>>>>>>of Public IP addresses while reserving the Public IP to an
>>>>>>>>>>account?
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>Please clarify.
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>Thanks,
>>>>>>>>
>>>>>>>>>>Sailaja.M
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>-----Original Message-----
>>>>>>>>
>>>>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>>
>>>>>>>>>>Sent: Thursday, January 10, 2013 7:43 PM
>>>>>>>>
>>>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>>
>>>>>>>>>>dev@incubator.apache.org
>>>>>>>>
>>>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>>>and
>>>>>>>>
>>>>>>>>>>VLANs per Tenant
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>For CreateVlanIpRange API call, we can set the account
>>>>>>>>>>parameter to
>>>>>>>>
>>>>>>>>>>specify the VLAN owner. If specified, the Public IP's get
>>>>>>>>>>allocated to
>>>>>>>>
>>>>>>>>>>the account and the VLAN get dedicated to it. Could you please
>>>>>>>>>>clarify
>>>>>>>>
>>>>>>>>>>what the difference between this and the mentioned requirement is?
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>But I couldn't figure out a way to release back the VLAN and
>>>>>>>>>>the
>>>>>>>>
>>>>>>>>>>allocated IP's to the free pool. I achieved it by deleting the
>>>>>>>>>>VLAN-IP
>>>>>>>>
>>>>>>>>>>range and then adding it back to the system account. Is there a
>>>>>>>>>>better
>>>>>>>>
>>>>>>>>>>way to do it or do we need to implement this?
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>Thank you,
>>>>>>>>
>>>>>>>>>>Likitha
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>-----Original Message-----
>>>>>>>>
>>>>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>>>>
>>>>>>>>>>>Sent: Friday, January 04, 2013 10:11 PM
>>>>>>>>
>>>>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>>>>
>>>>>>>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP
>>>>>>>>>>>Addresses and
>>>>>>>>
>>>>>>>>>>>VLANs per Tenant
>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>Thanks Tamas for bringing up additional requirements. I have
>>>>>>>>>>>updated
>>>>>>>>
>>>>>>>>>>>the requirements document.
>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>Regards,
>>>>>>>>
>>>>>>>>>>>Manan Shah
>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>On 1/4/13 6:32 AM, "Tamas Monos"
>>>>>>>><ta...@veber.co.uk>> wrote:
>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>+1
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>Additional to the requirements:
>>>>>>>>
>>>>>>>>>>>>- Usage must reflect if these are assigned to an Account so
>>>>>>>>>>>>the
>>>>>>>>
>>>>>>>>>>>>admin can see how many IP is allocated to the account.
>>>>>>>>
>>>>>>>>>>>>- On allocation it needs to check whether the required range
>>>>>>>>>>>>is
>>>>>>>>
>>>>>>>>>>>>available (not in use) and conforms with the account limits
>>>>>>>>>>>>(cannot
>>>>>>>>
>>>>>>>>>>>>allocate more IPs than maximum IPs per account).
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>Regards
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>Tamas Monos DDI
>>>>>>>>
>>>>>>>>>>>>+44(0)2034687012
>>>>>>>>
>>>>>>>>>>>>Chief Technical
>>>>>>>>>>>>Office
>>>>>>>>
>>>>>>>>>>>>+44(0)2034687000
>>>>>>>>
>>>>>>>>>>>>Veber: The Hosting Specialists Fax
>>>>>>>>>>>>+44(0)871
>>>>>>>>>>>>522
>>>>>>>>
>>>>>>>>>>>>7057
>>>>>>>>
>>>>>>>>>>>>http://www.veber.co.uk
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>Follow us on Twitter:
>>>>>>>>www.twitter.com/veberhost<http://www.twitter.com/veberhost>
>>>>>>>>Follow us on
>>>>>>>>Facebook:
>>>>>>>>
>>>>>>>>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberho
>st>
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>-----Original Message-----
>>>>>>>>
>>>>>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>>>>
>>>>>>>>>>>>Sent: 22 December 2012 01:03
>>>>>>>>
>>>>>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>>>>
>>>>>>>>>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>>>>>and
>>>>>>>>
>>>>>>>>>>>>VLANs per Tenant
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>Hi,
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>I would like to propose a new feature for dedicating IP
>>>>>>>>>>>>Addresses
>>>>>>>>
>>>>>>>>>>>>and VLANs per Tenant. I have created a JIRA ticket and
>>>>>>>>>>>>provided the
>>>>>>>>
>>>>>>>>>>>>requirements at the following location. Please provide
>>>>>>>>>>>>feedback on
>>>>>>>>
>>>>>>>>>>>>the requirements.
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>JIRA Ticket:
>>>>>>>>>>>>https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>>>>>>
>>>>>>>>>>>>Requirements:
>>>>>>>>
>>>>>>>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedica
>>>>>>>>>>>>te
>>>>>>>>>>>>d+R
>>>>>>>>>>>>es
>>>>>>>>
>>>>>>>>>>>>o
>>>>>>>>
>>>>>>>>>>>>u
>>>>>>>>
>>>>>>>>>>>>r
>>>>>>>>
>>>>>>>>>>>>ces
>>>>>>>>
>>>>>>>>>>>>+
>>>>>>>>
>>>>>>>>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>Regards,
>>>>>>>>
>>>>>>>>>>>>Manan Shah
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>
>>>>
>>
RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Likitha Shetty <li...@citrix.com>.
First draft of the FS can be found here - https://cwiki.apache.org/confluence/display/CLOUDSTACK/FS-+Dedicate+Public+IP+Addresses+per+tenant .
Comments/Suggestions?
Thank you,
Likitha
>-----Original Message-----
>From: Manan Shah
>Sent: Friday, February 22, 2013 12:08 PM
>To: Likitha Shetty; cloudstack-users@incubator.apache.org; cloudstack-
>dev@incubator.apache.org
>Cc: Manan Shah
>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per
>Tenant
>
>Thanks Likitha for your prompt response. I will wait for the FS.
>
>Regards,
>Manan Shah
>
>
>
>
>On 2/21/13 10:30 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>
>>Yes Manan, with the 1st solution the dedication should be applicable
>>for both Isolated and VPC networks.
>>I will capture all that is being discussed here in the FS (yet to
>>publish).
>>
>>Thank you,
>>Likitha
>>
>>>-----Original Message-----
>>>From: Manan Shah
>>>Sent: Friday, February 22, 2013 11:55 AM
>>>To: Manan Shah; Likitha Shetty; cloudstack-users@incubator.apache.org;
>>>cloudstack-dev@incubator.apache.org
>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>VLANs per Tenant
>>>
>>>Hi Likitha,
>>>
>>>One additional question. When an admin assigns a Public IP Address
>>>range to an account and if that account creates a VPC, I am assuming
>>>they will still get the Public IP Address from this reserved IP range.
>>>Can you please confirm that this reserved Public IP Address would work
>>>for both Isolated Networks as well as VPC?
>>>
>>>Regards,
>>>Manan Shah
>>>
>>>
>>>
>>>
>>>On 2/21/13 9:57 PM, "Manan Shah" <ma...@citrix.com> wrote:
>>>
>>>>Hi Likitha,
>>>>
>>>>I agree with you that the 1st solution seems like a better approach.
>>>>
>>>>Regards,
>>>>Manan Shah
>>>>
>>>>
>>>>
>>>>
>>>>On 2/21/13 9:39 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>>>>
>>>>>Hi Manan,
>>>>>
>>>>>Thanks for the feedback. Please find my answers inline.
>>>>>
>>>>>Thank you,
>>>>>Likitha
>>>>>
>>>>>>-----Original Message-----
>>>>>>From: Manan Shah
>>>>>>Sent: Friday, February 22, 2013 10:28 AM
>>>>>>To: Likitha Shetty; cloudstack-users@incubator.apache.org;
>>>>>>cloudstack- dev@incubator.apache.org
>>>>>>Cc: Manan Shah
>>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>>VLANs per Tenant
>>>>>>
>>>>>>Hi Likitha,
>>>>>>
>>>>>>Comments in-line belowŠ. Also, please let us know once the FS is
>>>>>>updated.
>>>>>>
>>>>>>Regards,
>>>>>>Manan Shah
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>On 2/19/13 8:59 PM, "Likitha Shetty" <li...@citrix.com>
>>>>>>wrote:
>>>>>>
>>>>>>>CCing Manan to comment on the requirements.
>>>>>>>
>>>>>>>>-----Original Message-----
>>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>>Sent: Friday, February 15, 2013 7:09 PM
>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>>dev@incubator.apache.org
>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>and VLANs per Tenant
>>>>>>>>
>>>>>>>>Hi All,
>>>>>>>>
>>>>>>>>This is with respect to Part 1 of the feature 'Dedicate Public IP
>>>>>>>>range'
>>>>>>>>which is
>>>>>>>>already implemented in CS.
>>>>>>>>Following is the observation wrt what is the current CS
>>>>>>>>implementation and the proposed changes to the same,
>>>>>>>>
>>>>>>>>1. A public VLAN-IP range can only be associated to an account
>>>>>>>>during the
>>>>>>>>creation of the range
>>>>>>>>Proposed change - Admin should be allowed to dedicate a range
>>>>>>>>even after it has been created and also allowed to change the
>>>>>>>>owner
>>>>>>[Manan] Agreed with the functionality.
>>>>>>>>
>>>>>>>>2. If an admin associates an IP range to an account, all the
>>>>>>>>IP's
>>>>>>>>of that range
>>>>>>>>get acquired by a single isolated network in that account
>>>>>>
>>>>>>[Manan] Why do you think this is the right functionality. What if
>>>>>>the admin wants to allocate a public IP range to a account and
>>>>>>wants to allow the tenant to create as many networks as they want
>>>>>>and use this public IP range.
>>>>>[Likitha] Manan, I agree. I don't think this is the right behavior.
>>>>>So the following is what currently happens in CS, If an admin
>>>>>associates an IP range to an account, all the IP's of that range get
>>>>>acquired by a single isolated network in that account 1. If there
>>>>>are no isolated guest networks, a new network is created and all the
>>>>>IP's from the range are dedicated to the new network 2. If there is
>>>>>1 isolated guest network, all the IP's from the range are dedicated
>>>>>to the existing network 3. If there are more than 1 isolated guest
>>>>>network CS throws an error
>>>>>
>>>>>There are 2 possible changes we can introduce to resolve this, 1.
>>>>>During dedication we just mark this range of IP's as dedicated. And
>>>>>when the user acquires an IP for a particular network we allow the
>>>>>network to choose from the dedicated range.
>>>>>2. During dedication when an account is chosen, the user also has
>>>>>the option to choose one of the network in the account which can
>>>>>acquire the IP's I prefer the 1st solution because with the 2nd
>>>>>solution, one of the networks of the tenant will acquire all the IP's.
>>>>>Thoughts?
>>>>>>
>>>>>>>>
>>>>>>>>a. If there are no isolated guest networks, a new network is
>>>>>>>>created and all
>>>>>>>>the IP's from the range are dedicated to the new network
>>>>>>>>
>>>>>>>>b. If there is 1 isolated guest network, all the IP's from the
>>>>>>>>range are
>>>>>>>>dedicated to the existing network
>>>>>>>>
>>>>>>>>c. If there are more than 1 isolated guest network CS throws
>>>>>>>>an
>>>>>>>>error
>>>>>>>>
>>>>>>>> Proposed change - When an account is chosen, the
>>>>>>>>user also has the option to choose the network in the account
>>>>>>>>which can acquire the IP's
>>>>>>>>
>>>>>>>>3. When a network that has a dedicated IP range is deleted,
>>>>>>>>the
>>>>>>>>mapping
>>>>>>>>between the account that owned the network and IP range persists.
>>>>>>>>This implies that the admin sees that the range is associated to
>>>>>>>>the account. But the IP's from this range can be acquired by any
>>>>>>>>other account
>>>>>>>>
>>>>>>>>Proposed change - The IP range should no longer be owned by the
>>>>>>>>account
>>>>>>[Manan] Agree with the proposed change
>>>>>>>>
>>>>>>>>4. When an account is deleted the IP ranges dedicated to that
>>>>>>>>account get
>>>>>>>>deleted
>>>>>>>>
>>>>>>>>Proposed change - The range should be released back to the free
>>>>>>>>pool instead
>>>>>>
>>>>>>[Manan] Agree with the proposed change. I am assuming if there are
>>>>>>any public Ips that are in use (Loadbalancing, Port Forwarding,
>>>>>>Static-NAT,
>>>>>>etc) then they will remain as is.
>>>>>>
>>>>>>>>
>>>>>>>>5. I see a potential starving scenario where a certain account
>>>>>>>>that has
>>>>>>>>dedicated range uses up all the IP's from the free pool as well
>>>>>>>>
>>>>>>>>Proposed change - Impose a configurable limit like say, at least
>>>>>>>>one range should always belong to the free pool
>>>>>>[Manan] Agree with the proposed change
>>>>>>>>
>>>>>>>>6. Even if a range is dedicated to an account, any network
>>>>>>>>that
>>>>>>>>belongs to
>>>>>>>>this account including the one that has acquired the IP's can
>>>>>>>>acquire more IP's from the free pool. This is because when we
>>>>>>>>dedicate an IP range to an account, one of the networks of that
>>>>>>>>account acquires all the IP's.
>>>>>>>>
>>>>>>>>Proposed change - During dedication we just mark this range of
>>>>>>>>IP's as dedicated. And only when the user acquires an IP for a
>>>>>>>>particular network we allow the network to choose from the
>>>>>>>>dedicated range. If this change is implemented we will not run
>>>>>>>>into issue
>>>#2.
>>>>>>>>
>>>>>>>>Please provide your feedback. I will publish an FS keeping in
>>>>>>>>line with the requirements we decide upon.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>Thank you,
>>>>>>>>
>>>>>>>>Likitha
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>-----Original Message-----
>>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>>Sent: Friday, January 18, 2013 5:11 PM
>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>>dev@incubator.apache.org
>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>and VLANs per Tenant
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>In CloudStack we can already reserve the public IP range to an
>>>>>>>>account but not release it back to the free pool, so how about we
>>>>>>>>divide this requirement into 2 parts - 1) Dedicate Public IP
>>>>>>>>range
>>>>>>>>2) Dedicate Guest VLAN's per tenant.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>Since Part 1 has already implemented, we need to only add the
>>>>>>>>enhancement 'Add releasing these IP Address range to the free
>>>>>>>>pool'. I will create an enhancement ticket to track this?
>>>>>>>>
>>>>>>>>As for Part 2, I will soon publish an FS based on the requirements.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>Any concerns?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>Thank you,
>>>>>>>>
>>>>>>>>Likitha
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>-----Original Message-----
>>>>>>>>
>>>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>>
>>>>>>>>>Sent: Thursday, January 17, 2013 3:55 PM
>>>>>>>>
>>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>>
>>>>>>>>>dev@incubator.apache.org
>>>>>>>>
>>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>>and
>>>>>>>>
>>>>>>>>>VLANs per Tenant
>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>>Yes, before reserving the public ip range we do verify if the
>>>>>>>>
>>>>>>>>>account/domain is exceeding the limit.
>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>>Thank You,
>>>>>>>>
>>>>>>>>>Likitha
>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>>>-----Original Message-----
>>>>>>>>
>>>>>>>>>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>>>>>>>
>>>>>>>>>>Sent: Thursday, January 17, 2013 3:50 PM
>>>>>>>>
>>>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>>
>>>>>>>>>>dev@incubator.apache.org
>>>>>>>>
>>>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>>>and
>>>>>>>>
>>>>>>>>>>VLANs per Tenant
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>Hi Likitha,
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>Currently we can reserve the public IP range to an account. I
>>>>>>>>>>would
>>>>>>>>
>>>>>>>>>>assume we are cross checking the account/domain limit for the
>>>>>>>>>>max no
>>>>>>>>
>>>>>>>>>>of Public IP addresses while reserving the Public IP to an
>>>>>>>>>>account?
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>Please clarify.
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>Thanks,
>>>>>>>>
>>>>>>>>>>Sailaja.M
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>-----Original Message-----
>>>>>>>>
>>>>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>>
>>>>>>>>>>Sent: Thursday, January 10, 2013 7:43 PM
>>>>>>>>
>>>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>>
>>>>>>>>>>dev@incubator.apache.org
>>>>>>>>
>>>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>>>and
>>>>>>>>
>>>>>>>>>>VLANs per Tenant
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>For CreateVlanIpRange API call, we can set the account
>>>>>>>>>>parameter to
>>>>>>>>
>>>>>>>>>>specify the VLAN owner. If specified, the Public IP's get
>>>>>>>>>>allocated to
>>>>>>>>
>>>>>>>>>>the account and the VLAN get dedicated to it. Could you please
>>>>>>>>>>clarify
>>>>>>>>
>>>>>>>>>>what the difference between this and the mentioned requirement is?
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>But I couldn't figure out a way to release back the VLAN and
>>>>>>>>>>the
>>>>>>>>
>>>>>>>>>>allocated IP's to the free pool. I achieved it by deleting the
>>>>>>>>>>VLAN-IP
>>>>>>>>
>>>>>>>>>>range and then adding it back to the system account. Is there a
>>>>>>>>>>better
>>>>>>>>
>>>>>>>>>>way to do it or do we need to implement this?
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>Thank you,
>>>>>>>>
>>>>>>>>>>Likitha
>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>-----Original Message-----
>>>>>>>>
>>>>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>>>>
>>>>>>>>>>>Sent: Friday, January 04, 2013 10:11 PM
>>>>>>>>
>>>>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>>>>
>>>>>>>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP
>>>>>>>>>>>Addresses and
>>>>>>>>
>>>>>>>>>>>VLANs per Tenant
>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>Thanks Tamas for bringing up additional requirements. I have
>>>>>>>>>>>updated
>>>>>>>>
>>>>>>>>>>>the requirements document.
>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>Regards,
>>>>>>>>
>>>>>>>>>>>Manan Shah
>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>On 1/4/13 6:32 AM, "Tamas Monos"
>>>>>>>><ta...@veber.co.uk>> wrote:
>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>+1
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>Additional to the requirements:
>>>>>>>>
>>>>>>>>>>>>- Usage must reflect if these are assigned to an Account so
>>>>>>>>>>>>the
>>>>>>>>
>>>>>>>>>>>>admin can see how many IP is allocated to the account.
>>>>>>>>
>>>>>>>>>>>>- On allocation it needs to check whether the required range
>>>>>>>>>>>>is
>>>>>>>>
>>>>>>>>>>>>available (not in use) and conforms with the account limits
>>>>>>>>>>>>(cannot
>>>>>>>>
>>>>>>>>>>>>allocate more IPs than maximum IPs per account).
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>Regards
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>Tamas Monos DDI
>>>>>>>>
>>>>>>>>>>>>+44(0)2034687012
>>>>>>>>
>>>>>>>>>>>>Chief Technical
>>>>>>>>>>>>Office
>>>>>>>>
>>>>>>>>>>>>+44(0)2034687000
>>>>>>>>
>>>>>>>>>>>>Veber: The Hosting Specialists Fax
>>>>>>>>>>>>+44(0)871
>>>>>>>>>>>>522
>>>>>>>>
>>>>>>>>>>>>7057
>>>>>>>>
>>>>>>>>>>>>http://www.veber.co.uk
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>Follow us on Twitter:
>>>>>>>>www.twitter.com/veberhost<http://www.twitter.com/veberhost>
>>>>>>>>Follow us on
>>>>>>>>Facebook:
>>>>>>>>
>>>>>>>>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberho
>st>
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>-----Original Message-----
>>>>>>>>
>>>>>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>>>>
>>>>>>>>>>>>Sent: 22 December 2012 01:03
>>>>>>>>
>>>>>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>>>>
>>>>>>>>>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>>>>>and
>>>>>>>>
>>>>>>>>>>>>VLANs per Tenant
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>Hi,
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>I would like to propose a new feature for dedicating IP
>>>>>>>>>>>>Addresses
>>>>>>>>
>>>>>>>>>>>>and VLANs per Tenant. I have created a JIRA ticket and
>>>>>>>>>>>>provided the
>>>>>>>>
>>>>>>>>>>>>requirements at the following location. Please provide
>>>>>>>>>>>>feedback on
>>>>>>>>
>>>>>>>>>>>>the requirements.
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>JIRA Ticket:
>>>>>>>>>>>>https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>>>>>>
>>>>>>>>>>>>Requirements:
>>>>>>>>
>>>>>>>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedica
>>>>>>>>>>>>te
>>>>>>>>>>>>d+R
>>>>>>>>>>>>es
>>>>>>>>
>>>>>>>>>>>>o
>>>>>>>>
>>>>>>>>>>>>u
>>>>>>>>
>>>>>>>>>>>>r
>>>>>>>>
>>>>>>>>>>>>ces
>>>>>>>>
>>>>>>>>>>>>+
>>>>>>>>
>>>>>>>>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>Regards,
>>>>>>>>
>>>>>>>>>>>>Manan Shah
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>
>>>>
>>
Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Manan Shah <ma...@citrix.com>.
Thanks Likitha for your prompt response. I will wait for the FS.
Regards,
Manan Shah
On 2/21/13 10:30 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>Yes Manan, with the 1st solution the dedication should be applicable for
>both Isolated and VPC networks.
>I will capture all that is being discussed here in the FS (yet to
>publish).
>
>Thank you,
>Likitha
>
>>-----Original Message-----
>>From: Manan Shah
>>Sent: Friday, February 22, 2013 11:55 AM
>>To: Manan Shah; Likitha Shetty; cloudstack-users@incubator.apache.org;
>>cloudstack-dev@incubator.apache.org
>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>VLANs per
>>Tenant
>>
>>Hi Likitha,
>>
>>One additional question. When an admin assigns a Public IP Address range
>>to an
>>account and if that account creates a VPC, I am assuming they will still
>>get the
>>Public IP Address from this reserved IP range. Can you please confirm
>>that this
>>reserved Public IP Address would work for both Isolated Networks as well
>>as
>>VPC?
>>
>>Regards,
>>Manan Shah
>>
>>
>>
>>
>>On 2/21/13 9:57 PM, "Manan Shah" <ma...@citrix.com> wrote:
>>
>>>Hi Likitha,
>>>
>>>I agree with you that the 1st solution seems like a better approach.
>>>
>>>Regards,
>>>Manan Shah
>>>
>>>
>>>
>>>
>>>On 2/21/13 9:39 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>>>
>>>>Hi Manan,
>>>>
>>>>Thanks for the feedback. Please find my answers inline.
>>>>
>>>>Thank you,
>>>>Likitha
>>>>
>>>>>-----Original Message-----
>>>>>From: Manan Shah
>>>>>Sent: Friday, February 22, 2013 10:28 AM
>>>>>To: Likitha Shetty; cloudstack-users@incubator.apache.org;
>>>>>cloudstack- dev@incubator.apache.org
>>>>>Cc: Manan Shah
>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>VLANs per Tenant
>>>>>
>>>>>Hi Likitha,
>>>>>
>>>>>Comments in-line belowŠ. Also, please let us know once the FS is
>>>>>updated.
>>>>>
>>>>>Regards,
>>>>>Manan Shah
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>On 2/19/13 8:59 PM, "Likitha Shetty" <li...@citrix.com>
>>>>>wrote:
>>>>>
>>>>>>CCing Manan to comment on the requirements.
>>>>>>
>>>>>>>-----Original Message-----
>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>Sent: Friday, February 15, 2013 7:09 PM
>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>dev@incubator.apache.org
>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>>>VLANs per Tenant
>>>>>>>
>>>>>>>Hi All,
>>>>>>>
>>>>>>>This is with respect to Part 1 of the feature 'Dedicate Public IP
>>>>>>>range'
>>>>>>>which is
>>>>>>>already implemented in CS.
>>>>>>>Following is the observation wrt what is the current CS
>>>>>>>implementation and the proposed changes to the same,
>>>>>>>
>>>>>>>1. A public VLAN-IP range can only be associated to an account
>>>>>>>during the
>>>>>>>creation of the range
>>>>>>>Proposed change - Admin should be allowed to dedicate a range even
>>>>>>>after it has been created and also allowed to change the owner
>>>>>[Manan] Agreed with the functionality.
>>>>>>>
>>>>>>>2. If an admin associates an IP range to an account, all the
>>>>>>>IP's
>>>>>>>of that range
>>>>>>>get acquired by a single isolated network in that account
>>>>>
>>>>>[Manan] Why do you think this is the right functionality. What if the
>>>>>admin wants to allocate a public IP range to a account and wants to
>>>>>allow the tenant to create as many networks as they want and use this
>>>>>public IP range.
>>>>[Likitha] Manan, I agree. I don't think this is the right behavior. So
>>>>the following is what currently happens in CS, If an admin associates
>>>>an IP range to an account, all the IP's of that range get acquired by
>>>>a single isolated network in that account 1. If there are no isolated
>>>>guest networks, a new network is created and all the IP's from the
>>>>range are dedicated to the new network 2. If there is 1 isolated guest
>>>>network, all the IP's from the range are dedicated to the existing
>>>>network 3. If there are more than 1 isolated guest network CS throws
>>>>an error
>>>>
>>>>There are 2 possible changes we can introduce to resolve this, 1.
>>>>During dedication we just mark this range of IP's as dedicated. And
>>>>when the user acquires an IP for a particular network we allow the
>>>>network to choose from the dedicated range.
>>>>2. During dedication when an account is chosen, the user also has the
>>>>option to choose one of the network in the account which can acquire
>>>>the IP's I prefer the 1st solution because with the 2nd solution, one
>>>>of the networks of the tenant will acquire all the IP's.
>>>>Thoughts?
>>>>>
>>>>>>>
>>>>>>>a. If there are no isolated guest networks, a new network is
>>>>>>>created and all
>>>>>>>the IP's from the range are dedicated to the new network
>>>>>>>
>>>>>>>b. If there is 1 isolated guest network, all the IP's from the
>>>>>>>range are
>>>>>>>dedicated to the existing network
>>>>>>>
>>>>>>>c. If there are more than 1 isolated guest network CS throws
>>>>>>>an
>>>>>>>error
>>>>>>>
>>>>>>> Proposed change - When an account is chosen, the
>>>>>>>user also has the option to choose the network in the account which
>>>>>>>can acquire the IP's
>>>>>>>
>>>>>>>3. When a network that has a dedicated IP range is deleted,
>>>>>>>the
>>>>>>>mapping
>>>>>>>between the account that owned the network and IP range persists.
>>>>>>>This implies that the admin sees that the range is associated to
>>>>>>>the account. But the IP's from this range can be acquired by any
>>>>>>>other account
>>>>>>>
>>>>>>>Proposed change - The IP range should no longer be owned by the
>>>>>>>account
>>>>>[Manan] Agree with the proposed change
>>>>>>>
>>>>>>>4. When an account is deleted the IP ranges dedicated to that
>>>>>>>account get
>>>>>>>deleted
>>>>>>>
>>>>>>>Proposed change - The range should be released back to the free
>>>>>>>pool instead
>>>>>
>>>>>[Manan] Agree with the proposed change. I am assuming if there are
>>>>>any public Ips that are in use (Loadbalancing, Port Forwarding,
>>>>>Static-NAT,
>>>>>etc) then they will remain as is.
>>>>>
>>>>>>>
>>>>>>>5. I see a potential starving scenario where a certain account
>>>>>>>that has
>>>>>>>dedicated range uses up all the IP's from the free pool as well
>>>>>>>
>>>>>>>Proposed change - Impose a configurable limit like say, at least
>>>>>>>one range should always belong to the free pool
>>>>>[Manan] Agree with the proposed change
>>>>>>>
>>>>>>>6. Even if a range is dedicated to an account, any network
>>>>>>>that
>>>>>>>belongs to
>>>>>>>this account including the one that has acquired the IP's can
>>>>>>>acquire more IP's from the free pool. This is because when we
>>>>>>>dedicate an IP range to an account, one of the networks of that
>>>>>>>account acquires all the IP's.
>>>>>>>
>>>>>>>Proposed change - During dedication we just mark this range of IP's
>>>>>>>as dedicated. And only when the user acquires an IP for a
>>>>>>>particular network we allow the network to choose from the
>>>>>>>dedicated range. If this change is implemented we will not run into
>>>>>>>issue
>>#2.
>>>>>>>
>>>>>>>Please provide your feedback. I will publish an FS keeping in line
>>>>>>>with the requirements we decide upon.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>Thank you,
>>>>>>>
>>>>>>>Likitha
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>-----Original Message-----
>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>Sent: Friday, January 18, 2013 5:11 PM
>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>dev@incubator.apache.org
>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>>>VLANs per Tenant
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>In CloudStack we can already reserve the public IP range to an
>>>>>>>account but not release it back to the free pool, so how about we
>>>>>>>divide this requirement into 2 parts - 1) Dedicate Public IP range
>>>>>>>2) Dedicate Guest VLAN's per tenant.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>Since Part 1 has already implemented, we need to only add the
>>>>>>>enhancement 'Add releasing these IP Address range to the free
>>>>>>>pool'. I will create an enhancement ticket to track this?
>>>>>>>
>>>>>>>As for Part 2, I will soon publish an FS based on the requirements.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>Any concerns?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>Thank you,
>>>>>>>
>>>>>>>Likitha
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>-----Original Message-----
>>>>>>>
>>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>
>>>>>>>>Sent: Thursday, January 17, 2013 3:55 PM
>>>>>>>
>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>
>>>>>>>>dev@incubator.apache.org
>>>>>>>
>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>and
>>>>>>>
>>>>>>>>VLANs per Tenant
>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>>Yes, before reserving the public ip range we do verify if the
>>>>>>>
>>>>>>>>account/domain is exceeding the limit.
>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>>Thank You,
>>>>>>>
>>>>>>>>Likitha
>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>>>-----Original Message-----
>>>>>>>
>>>>>>>>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>>>>>>
>>>>>>>>>Sent: Thursday, January 17, 2013 3:50 PM
>>>>>>>
>>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>
>>>>>>>>>dev@incubator.apache.org
>>>>>>>
>>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>>and
>>>>>>>
>>>>>>>>>VLANs per Tenant
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>Hi Likitha,
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>Currently we can reserve the public IP range to an account. I
>>>>>>>>>would
>>>>>>>
>>>>>>>>>assume we are cross checking the account/domain limit for the max
>>>>>>>>>no
>>>>>>>
>>>>>>>>>of Public IP addresses while reserving the Public IP to an
>>>>>>>>>account?
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>Please clarify.
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>Thanks,
>>>>>>>
>>>>>>>>>Sailaja.M
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>-----Original Message-----
>>>>>>>
>>>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>
>>>>>>>>>Sent: Thursday, January 10, 2013 7:43 PM
>>>>>>>
>>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>
>>>>>>>>>dev@incubator.apache.org
>>>>>>>
>>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>>and
>>>>>>>
>>>>>>>>>VLANs per Tenant
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>For CreateVlanIpRange API call, we can set the account parameter
>>>>>>>>>to
>>>>>>>
>>>>>>>>>specify the VLAN owner. If specified, the Public IP's get
>>>>>>>>>allocated to
>>>>>>>
>>>>>>>>>the account and the VLAN get dedicated to it. Could you please
>>>>>>>>>clarify
>>>>>>>
>>>>>>>>>what the difference between this and the mentioned requirement is?
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>But I couldn't figure out a way to release back the VLAN and the
>>>>>>>
>>>>>>>>>allocated IP's to the free pool. I achieved it by deleting the
>>>>>>>>>VLAN-IP
>>>>>>>
>>>>>>>>>range and then adding it back to the system account. Is there a
>>>>>>>>>better
>>>>>>>
>>>>>>>>>way to do it or do we need to implement this?
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>Thank you,
>>>>>>>
>>>>>>>>>Likitha
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>>-----Original Message-----
>>>>>>>
>>>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>>>
>>>>>>>>>>Sent: Friday, January 04, 2013 10:11 PM
>>>>>>>
>>>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>>>
>>>>>>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>>>and
>>>>>>>
>>>>>>>>>>VLANs per Tenant
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>Thanks Tamas for bringing up additional requirements. I have
>>>>>>>>>>updated
>>>>>>>
>>>>>>>>>>the requirements document.
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>Regards,
>>>>>>>
>>>>>>>>>>Manan Shah
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>On 1/4/13 6:32 AM, "Tamas Monos"
>>>>>>><ta...@veber.co.uk>> wrote:
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>+1
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>Additional to the requirements:
>>>>>>>
>>>>>>>>>>>- Usage must reflect if these are assigned to an Account so the
>>>>>>>
>>>>>>>>>>>admin can see how many IP is allocated to the account.
>>>>>>>
>>>>>>>>>>>- On allocation it needs to check whether the required range is
>>>>>>>
>>>>>>>>>>>available (not in use) and conforms with the account limits
>>>>>>>>>>>(cannot
>>>>>>>
>>>>>>>>>>>allocate more IPs than maximum IPs per account).
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>Regards
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>Tamas Monos DDI
>>>>>>>
>>>>>>>>>>>+44(0)2034687012
>>>>>>>
>>>>>>>>>>>Chief Technical
>>>>>>>>>>>Office
>>>>>>>
>>>>>>>>>>>+44(0)2034687000
>>>>>>>
>>>>>>>>>>>Veber: The Hosting Specialists Fax
>>>>>>>>>>>+44(0)871
>>>>>>>>>>>522
>>>>>>>
>>>>>>>>>>>7057
>>>>>>>
>>>>>>>>>>>http://www.veber.co.uk
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>Follow us on Twitter:
>>>>>>>www.twitter.com/veberhost<http://www.twitter.com/veberhost> Follow
>>>>>>>us on
>>>>>>>Facebook:
>>>>>>>
>>>>>>>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberhost>
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>-----Original Message-----
>>>>>>>
>>>>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>>>
>>>>>>>>>>>Sent: 22 December 2012 01:03
>>>>>>>
>>>>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>>>
>>>>>>>>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>>>
>>>>>>>>>>>VLANs per Tenant
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>Hi,
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>I would like to propose a new feature for dedicating IP
>>>>>>>>>>>Addresses
>>>>>>>
>>>>>>>>>>>and VLANs per Tenant. I have created a JIRA ticket and provided
>>>>>>>>>>>the
>>>>>>>
>>>>>>>>>>>requirements at the following location. Please provide
>>>>>>>>>>>feedback on
>>>>>>>
>>>>>>>>>>>the requirements.
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>JIRA Ticket:
>>>>>>>>>>>https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>>>>>
>>>>>>>>>>>Requirements:
>>>>>>>
>>>>>>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicate
>>>>>>>>>>>d+R
>>>>>>>>>>>es
>>>>>>>
>>>>>>>>>>>o
>>>>>>>
>>>>>>>>>>>u
>>>>>>>
>>>>>>>>>>>r
>>>>>>>
>>>>>>>>>>>ces
>>>>>>>
>>>>>>>>>>>+
>>>>>>>
>>>>>>>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>Regards,
>>>>>>>
>>>>>>>>>>>Manan Shah
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>
>>>>
>>>
>
Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Manan Shah <ma...@citrix.com>.
Thanks Likitha for your prompt response. I will wait for the FS.
Regards,
Manan Shah
On 2/21/13 10:30 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>Yes Manan, with the 1st solution the dedication should be applicable for
>both Isolated and VPC networks.
>I will capture all that is being discussed here in the FS (yet to
>publish).
>
>Thank you,
>Likitha
>
>>-----Original Message-----
>>From: Manan Shah
>>Sent: Friday, February 22, 2013 11:55 AM
>>To: Manan Shah; Likitha Shetty; cloudstack-users@incubator.apache.org;
>>cloudstack-dev@incubator.apache.org
>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>VLANs per
>>Tenant
>>
>>Hi Likitha,
>>
>>One additional question. When an admin assigns a Public IP Address range
>>to an
>>account and if that account creates a VPC, I am assuming they will still
>>get the
>>Public IP Address from this reserved IP range. Can you please confirm
>>that this
>>reserved Public IP Address would work for both Isolated Networks as well
>>as
>>VPC?
>>
>>Regards,
>>Manan Shah
>>
>>
>>
>>
>>On 2/21/13 9:57 PM, "Manan Shah" <ma...@citrix.com> wrote:
>>
>>>Hi Likitha,
>>>
>>>I agree with you that the 1st solution seems like a better approach.
>>>
>>>Regards,
>>>Manan Shah
>>>
>>>
>>>
>>>
>>>On 2/21/13 9:39 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>>>
>>>>Hi Manan,
>>>>
>>>>Thanks for the feedback. Please find my answers inline.
>>>>
>>>>Thank you,
>>>>Likitha
>>>>
>>>>>-----Original Message-----
>>>>>From: Manan Shah
>>>>>Sent: Friday, February 22, 2013 10:28 AM
>>>>>To: Likitha Shetty; cloudstack-users@incubator.apache.org;
>>>>>cloudstack- dev@incubator.apache.org
>>>>>Cc: Manan Shah
>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>VLANs per Tenant
>>>>>
>>>>>Hi Likitha,
>>>>>
>>>>>Comments in-line belowŠ. Also, please let us know once the FS is
>>>>>updated.
>>>>>
>>>>>Regards,
>>>>>Manan Shah
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>On 2/19/13 8:59 PM, "Likitha Shetty" <li...@citrix.com>
>>>>>wrote:
>>>>>
>>>>>>CCing Manan to comment on the requirements.
>>>>>>
>>>>>>>-----Original Message-----
>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>Sent: Friday, February 15, 2013 7:09 PM
>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>dev@incubator.apache.org
>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>>>VLANs per Tenant
>>>>>>>
>>>>>>>Hi All,
>>>>>>>
>>>>>>>This is with respect to Part 1 of the feature 'Dedicate Public IP
>>>>>>>range'
>>>>>>>which is
>>>>>>>already implemented in CS.
>>>>>>>Following is the observation wrt what is the current CS
>>>>>>>implementation and the proposed changes to the same,
>>>>>>>
>>>>>>>1. A public VLAN-IP range can only be associated to an account
>>>>>>>during the
>>>>>>>creation of the range
>>>>>>>Proposed change - Admin should be allowed to dedicate a range even
>>>>>>>after it has been created and also allowed to change the owner
>>>>>[Manan] Agreed with the functionality.
>>>>>>>
>>>>>>>2. If an admin associates an IP range to an account, all the
>>>>>>>IP's
>>>>>>>of that range
>>>>>>>get acquired by a single isolated network in that account
>>>>>
>>>>>[Manan] Why do you think this is the right functionality. What if the
>>>>>admin wants to allocate a public IP range to a account and wants to
>>>>>allow the tenant to create as many networks as they want and use this
>>>>>public IP range.
>>>>[Likitha] Manan, I agree. I don't think this is the right behavior. So
>>>>the following is what currently happens in CS, If an admin associates
>>>>an IP range to an account, all the IP's of that range get acquired by
>>>>a single isolated network in that account 1. If there are no isolated
>>>>guest networks, a new network is created and all the IP's from the
>>>>range are dedicated to the new network 2. If there is 1 isolated guest
>>>>network, all the IP's from the range are dedicated to the existing
>>>>network 3. If there are more than 1 isolated guest network CS throws
>>>>an error
>>>>
>>>>There are 2 possible changes we can introduce to resolve this, 1.
>>>>During dedication we just mark this range of IP's as dedicated. And
>>>>when the user acquires an IP for a particular network we allow the
>>>>network to choose from the dedicated range.
>>>>2. During dedication when an account is chosen, the user also has the
>>>>option to choose one of the network in the account which can acquire
>>>>the IP's I prefer the 1st solution because with the 2nd solution, one
>>>>of the networks of the tenant will acquire all the IP's.
>>>>Thoughts?
>>>>>
>>>>>>>
>>>>>>>a. If there are no isolated guest networks, a new network is
>>>>>>>created and all
>>>>>>>the IP's from the range are dedicated to the new network
>>>>>>>
>>>>>>>b. If there is 1 isolated guest network, all the IP's from the
>>>>>>>range are
>>>>>>>dedicated to the existing network
>>>>>>>
>>>>>>>c. If there are more than 1 isolated guest network CS throws
>>>>>>>an
>>>>>>>error
>>>>>>>
>>>>>>> Proposed change - When an account is chosen, the
>>>>>>>user also has the option to choose the network in the account which
>>>>>>>can acquire the IP's
>>>>>>>
>>>>>>>3. When a network that has a dedicated IP range is deleted,
>>>>>>>the
>>>>>>>mapping
>>>>>>>between the account that owned the network and IP range persists.
>>>>>>>This implies that the admin sees that the range is associated to
>>>>>>>the account. But the IP's from this range can be acquired by any
>>>>>>>other account
>>>>>>>
>>>>>>>Proposed change - The IP range should no longer be owned by the
>>>>>>>account
>>>>>[Manan] Agree with the proposed change
>>>>>>>
>>>>>>>4. When an account is deleted the IP ranges dedicated to that
>>>>>>>account get
>>>>>>>deleted
>>>>>>>
>>>>>>>Proposed change - The range should be released back to the free
>>>>>>>pool instead
>>>>>
>>>>>[Manan] Agree with the proposed change. I am assuming if there are
>>>>>any public Ips that are in use (Loadbalancing, Port Forwarding,
>>>>>Static-NAT,
>>>>>etc) then they will remain as is.
>>>>>
>>>>>>>
>>>>>>>5. I see a potential starving scenario where a certain account
>>>>>>>that has
>>>>>>>dedicated range uses up all the IP's from the free pool as well
>>>>>>>
>>>>>>>Proposed change - Impose a configurable limit like say, at least
>>>>>>>one range should always belong to the free pool
>>>>>[Manan] Agree with the proposed change
>>>>>>>
>>>>>>>6. Even if a range is dedicated to an account, any network
>>>>>>>that
>>>>>>>belongs to
>>>>>>>this account including the one that has acquired the IP's can
>>>>>>>acquire more IP's from the free pool. This is because when we
>>>>>>>dedicate an IP range to an account, one of the networks of that
>>>>>>>account acquires all the IP's.
>>>>>>>
>>>>>>>Proposed change - During dedication we just mark this range of IP's
>>>>>>>as dedicated. And only when the user acquires an IP for a
>>>>>>>particular network we allow the network to choose from the
>>>>>>>dedicated range. If this change is implemented we will not run into
>>>>>>>issue
>>#2.
>>>>>>>
>>>>>>>Please provide your feedback. I will publish an FS keeping in line
>>>>>>>with the requirements we decide upon.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>Thank you,
>>>>>>>
>>>>>>>Likitha
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>-----Original Message-----
>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>Sent: Friday, January 18, 2013 5:11 PM
>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>dev@incubator.apache.org
>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>>>VLANs per Tenant
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>In CloudStack we can already reserve the public IP range to an
>>>>>>>account but not release it back to the free pool, so how about we
>>>>>>>divide this requirement into 2 parts - 1) Dedicate Public IP range
>>>>>>>2) Dedicate Guest VLAN's per tenant.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>Since Part 1 has already implemented, we need to only add the
>>>>>>>enhancement 'Add releasing these IP Address range to the free
>>>>>>>pool'. I will create an enhancement ticket to track this?
>>>>>>>
>>>>>>>As for Part 2, I will soon publish an FS based on the requirements.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>Any concerns?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>Thank you,
>>>>>>>
>>>>>>>Likitha
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>-----Original Message-----
>>>>>>>
>>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>
>>>>>>>>Sent: Thursday, January 17, 2013 3:55 PM
>>>>>>>
>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>
>>>>>>>>dev@incubator.apache.org
>>>>>>>
>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>and
>>>>>>>
>>>>>>>>VLANs per Tenant
>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>>Yes, before reserving the public ip range we do verify if the
>>>>>>>
>>>>>>>>account/domain is exceeding the limit.
>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>>Thank You,
>>>>>>>
>>>>>>>>Likitha
>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>>>-----Original Message-----
>>>>>>>
>>>>>>>>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>>>>>>
>>>>>>>>>Sent: Thursday, January 17, 2013 3:50 PM
>>>>>>>
>>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>
>>>>>>>>>dev@incubator.apache.org
>>>>>>>
>>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>>and
>>>>>>>
>>>>>>>>>VLANs per Tenant
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>Hi Likitha,
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>Currently we can reserve the public IP range to an account. I
>>>>>>>>>would
>>>>>>>
>>>>>>>>>assume we are cross checking the account/domain limit for the max
>>>>>>>>>no
>>>>>>>
>>>>>>>>>of Public IP addresses while reserving the Public IP to an
>>>>>>>>>account?
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>Please clarify.
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>Thanks,
>>>>>>>
>>>>>>>>>Sailaja.M
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>-----Original Message-----
>>>>>>>
>>>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>>
>>>>>>>>>Sent: Thursday, January 10, 2013 7:43 PM
>>>>>>>
>>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>>
>>>>>>>>>dev@incubator.apache.org
>>>>>>>
>>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>>and
>>>>>>>
>>>>>>>>>VLANs per Tenant
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>For CreateVlanIpRange API call, we can set the account parameter
>>>>>>>>>to
>>>>>>>
>>>>>>>>>specify the VLAN owner. If specified, the Public IP's get
>>>>>>>>>allocated to
>>>>>>>
>>>>>>>>>the account and the VLAN get dedicated to it. Could you please
>>>>>>>>>clarify
>>>>>>>
>>>>>>>>>what the difference between this and the mentioned requirement is?
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>But I couldn't figure out a way to release back the VLAN and the
>>>>>>>
>>>>>>>>>allocated IP's to the free pool. I achieved it by deleting the
>>>>>>>>>VLAN-IP
>>>>>>>
>>>>>>>>>range and then adding it back to the system account. Is there a
>>>>>>>>>better
>>>>>>>
>>>>>>>>>way to do it or do we need to implement this?
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>Thank you,
>>>>>>>
>>>>>>>>>Likitha
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>>-----Original Message-----
>>>>>>>
>>>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>>>
>>>>>>>>>>Sent: Friday, January 04, 2013 10:11 PM
>>>>>>>
>>>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>>>
>>>>>>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>>>and
>>>>>>>
>>>>>>>>>>VLANs per Tenant
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>Thanks Tamas for bringing up additional requirements. I have
>>>>>>>>>>updated
>>>>>>>
>>>>>>>>>>the requirements document.
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>Regards,
>>>>>>>
>>>>>>>>>>Manan Shah
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>On 1/4/13 6:32 AM, "Tamas Monos"
>>>>>>><ta...@veber.co.uk>> wrote:
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>+1
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>Additional to the requirements:
>>>>>>>
>>>>>>>>>>>- Usage must reflect if these are assigned to an Account so the
>>>>>>>
>>>>>>>>>>>admin can see how many IP is allocated to the account.
>>>>>>>
>>>>>>>>>>>- On allocation it needs to check whether the required range is
>>>>>>>
>>>>>>>>>>>available (not in use) and conforms with the account limits
>>>>>>>>>>>(cannot
>>>>>>>
>>>>>>>>>>>allocate more IPs than maximum IPs per account).
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>Regards
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>Tamas Monos DDI
>>>>>>>
>>>>>>>>>>>+44(0)2034687012
>>>>>>>
>>>>>>>>>>>Chief Technical
>>>>>>>>>>>Office
>>>>>>>
>>>>>>>>>>>+44(0)2034687000
>>>>>>>
>>>>>>>>>>>Veber: The Hosting Specialists Fax
>>>>>>>>>>>+44(0)871
>>>>>>>>>>>522
>>>>>>>
>>>>>>>>>>>7057
>>>>>>>
>>>>>>>>>>>http://www.veber.co.uk
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>Follow us on Twitter:
>>>>>>>www.twitter.com/veberhost<http://www.twitter.com/veberhost> Follow
>>>>>>>us on
>>>>>>>Facebook:
>>>>>>>
>>>>>>>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberhost>
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>-----Original Message-----
>>>>>>>
>>>>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>>>
>>>>>>>>>>>Sent: 22 December 2012 01:03
>>>>>>>
>>>>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>>>
>>>>>>>>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>>>
>>>>>>>>>>>VLANs per Tenant
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>Hi,
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>I would like to propose a new feature for dedicating IP
>>>>>>>>>>>Addresses
>>>>>>>
>>>>>>>>>>>and VLANs per Tenant. I have created a JIRA ticket and provided
>>>>>>>>>>>the
>>>>>>>
>>>>>>>>>>>requirements at the following location. Please provide
>>>>>>>>>>>feedback on
>>>>>>>
>>>>>>>>>>>the requirements.
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>JIRA Ticket:
>>>>>>>>>>>https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>>>>>
>>>>>>>>>>>Requirements:
>>>>>>>
>>>>>>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicate
>>>>>>>>>>>d+R
>>>>>>>>>>>es
>>>>>>>
>>>>>>>>>>>o
>>>>>>>
>>>>>>>>>>>u
>>>>>>>
>>>>>>>>>>>r
>>>>>>>
>>>>>>>>>>>ces
>>>>>>>
>>>>>>>>>>>+
>>>>>>>
>>>>>>>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>Regards,
>>>>>>>
>>>>>>>>>>>Manan Shah
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>
>>>>
>>>
>
RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Likitha Shetty <li...@citrix.com>.
Yes Manan, with the 1st solution the dedication should be applicable for both Isolated and VPC networks.
I will capture all that is being discussed here in the FS (yet to publish).
Thank you,
Likitha
>-----Original Message-----
>From: Manan Shah
>Sent: Friday, February 22, 2013 11:55 AM
>To: Manan Shah; Likitha Shetty; cloudstack-users@incubator.apache.org;
>cloudstack-dev@incubator.apache.org
>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per
>Tenant
>
>Hi Likitha,
>
>One additional question. When an admin assigns a Public IP Address range to an
>account and if that account creates a VPC, I am assuming they will still get the
>Public IP Address from this reserved IP range. Can you please confirm that this
>reserved Public IP Address would work for both Isolated Networks as well as
>VPC?
>
>Regards,
>Manan Shah
>
>
>
>
>On 2/21/13 9:57 PM, "Manan Shah" <ma...@citrix.com> wrote:
>
>>Hi Likitha,
>>
>>I agree with you that the 1st solution seems like a better approach.
>>
>>Regards,
>>Manan Shah
>>
>>
>>
>>
>>On 2/21/13 9:39 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>>
>>>Hi Manan,
>>>
>>>Thanks for the feedback. Please find my answers inline.
>>>
>>>Thank you,
>>>Likitha
>>>
>>>>-----Original Message-----
>>>>From: Manan Shah
>>>>Sent: Friday, February 22, 2013 10:28 AM
>>>>To: Likitha Shetty; cloudstack-users@incubator.apache.org;
>>>>cloudstack- dev@incubator.apache.org
>>>>Cc: Manan Shah
>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>VLANs per Tenant
>>>>
>>>>Hi Likitha,
>>>>
>>>>Comments in-line belowŠ. Also, please let us know once the FS is
>>>>updated.
>>>>
>>>>Regards,
>>>>Manan Shah
>>>>
>>>>
>>>>
>>>>
>>>>On 2/19/13 8:59 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>>>>
>>>>>CCing Manan to comment on the requirements.
>>>>>
>>>>>>-----Original Message-----
>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>Sent: Friday, February 15, 2013 7:09 PM
>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>dev@incubator.apache.org
>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>>VLANs per Tenant
>>>>>>
>>>>>>Hi All,
>>>>>>
>>>>>>This is with respect to Part 1 of the feature 'Dedicate Public IP
>>>>>>range'
>>>>>>which is
>>>>>>already implemented in CS.
>>>>>>Following is the observation wrt what is the current CS
>>>>>>implementation and the proposed changes to the same,
>>>>>>
>>>>>>1. A public VLAN-IP range can only be associated to an account
>>>>>>during the
>>>>>>creation of the range
>>>>>>Proposed change - Admin should be allowed to dedicate a range even
>>>>>>after it has been created and also allowed to change the owner
>>>>[Manan] Agreed with the functionality.
>>>>>>
>>>>>>2. If an admin associates an IP range to an account, all the
>>>>>>IP's
>>>>>>of that range
>>>>>>get acquired by a single isolated network in that account
>>>>
>>>>[Manan] Why do you think this is the right functionality. What if the
>>>>admin wants to allocate a public IP range to a account and wants to
>>>>allow the tenant to create as many networks as they want and use this
>>>>public IP range.
>>>[Likitha] Manan, I agree. I don't think this is the right behavior. So
>>>the following is what currently happens in CS, If an admin associates
>>>an IP range to an account, all the IP's of that range get acquired by
>>>a single isolated network in that account 1. If there are no isolated
>>>guest networks, a new network is created and all the IP's from the
>>>range are dedicated to the new network 2. If there is 1 isolated guest
>>>network, all the IP's from the range are dedicated to the existing
>>>network 3. If there are more than 1 isolated guest network CS throws
>>>an error
>>>
>>>There are 2 possible changes we can introduce to resolve this, 1.
>>>During dedication we just mark this range of IP's as dedicated. And
>>>when the user acquires an IP for a particular network we allow the
>>>network to choose from the dedicated range.
>>>2. During dedication when an account is chosen, the user also has the
>>>option to choose one of the network in the account which can acquire
>>>the IP's I prefer the 1st solution because with the 2nd solution, one
>>>of the networks of the tenant will acquire all the IP's.
>>>Thoughts?
>>>>
>>>>>>
>>>>>>a. If there are no isolated guest networks, a new network is
>>>>>>created and all
>>>>>>the IP's from the range are dedicated to the new network
>>>>>>
>>>>>>b. If there is 1 isolated guest network, all the IP's from the
>>>>>>range are
>>>>>>dedicated to the existing network
>>>>>>
>>>>>>c. If there are more than 1 isolated guest network CS throws an
>>>>>>error
>>>>>>
>>>>>> Proposed change - When an account is chosen, the
>>>>>>user also has the option to choose the network in the account which
>>>>>>can acquire the IP's
>>>>>>
>>>>>>3. When a network that has a dedicated IP range is deleted, the
>>>>>>mapping
>>>>>>between the account that owned the network and IP range persists.
>>>>>>This implies that the admin sees that the range is associated to
>>>>>>the account. But the IP's from this range can be acquired by any
>>>>>>other account
>>>>>>
>>>>>>Proposed change - The IP range should no longer be owned by the
>>>>>>account
>>>>[Manan] Agree with the proposed change
>>>>>>
>>>>>>4. When an account is deleted the IP ranges dedicated to that
>>>>>>account get
>>>>>>deleted
>>>>>>
>>>>>>Proposed change - The range should be released back to the free
>>>>>>pool instead
>>>>
>>>>[Manan] Agree with the proposed change. I am assuming if there are
>>>>any public Ips that are in use (Loadbalancing, Port Forwarding,
>>>>Static-NAT,
>>>>etc) then they will remain as is.
>>>>
>>>>>>
>>>>>>5. I see a potential starving scenario where a certain account
>>>>>>that has
>>>>>>dedicated range uses up all the IP's from the free pool as well
>>>>>>
>>>>>>Proposed change - Impose a configurable limit like say, at least
>>>>>>one range should always belong to the free pool
>>>>[Manan] Agree with the proposed change
>>>>>>
>>>>>>6. Even if a range is dedicated to an account, any network that
>>>>>>belongs to
>>>>>>this account including the one that has acquired the IP's can
>>>>>>acquire more IP's from the free pool. This is because when we
>>>>>>dedicate an IP range to an account, one of the networks of that
>>>>>>account acquires all the IP's.
>>>>>>
>>>>>>Proposed change - During dedication we just mark this range of IP's
>>>>>>as dedicated. And only when the user acquires an IP for a
>>>>>>particular network we allow the network to choose from the
>>>>>>dedicated range. If this change is implemented we will not run into issue
>#2.
>>>>>>
>>>>>>Please provide your feedback. I will publish an FS keeping in line
>>>>>>with the requirements we decide upon.
>>>>>>
>>>>>>
>>>>>>
>>>>>>Thank you,
>>>>>>
>>>>>>Likitha
>>>>>>
>>>>>>
>>>>>>
>>>>>>-----Original Message-----
>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>Sent: Friday, January 18, 2013 5:11 PM
>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>dev@incubator.apache.org
>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>>VLANs per Tenant
>>>>>>
>>>>>>
>>>>>>
>>>>>>In CloudStack we can already reserve the public IP range to an
>>>>>>account but not release it back to the free pool, so how about we
>>>>>>divide this requirement into 2 parts - 1) Dedicate Public IP range
>>>>>>2) Dedicate Guest VLAN's per tenant.
>>>>>>
>>>>>>
>>>>>>
>>>>>>Since Part 1 has already implemented, we need to only add the
>>>>>>enhancement 'Add releasing these IP Address range to the free
>>>>>>pool'. I will create an enhancement ticket to track this?
>>>>>>
>>>>>>As for Part 2, I will soon publish an FS based on the requirements.
>>>>>>
>>>>>>
>>>>>>
>>>>>>Any concerns?
>>>>>>
>>>>>>
>>>>>>
>>>>>>Thank you,
>>>>>>
>>>>>>Likitha
>>>>>>
>>>>>>
>>>>>>
>>>>>>>-----Original Message-----
>>>>>>
>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>
>>>>>>>Sent: Thursday, January 17, 2013 3:55 PM
>>>>>>
>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>
>>>>>>>dev@incubator.apache.org
>>>>>>
>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>and
>>>>>>
>>>>>>>VLANs per Tenant
>>>>>>
>>>>>>>
>>>>>>
>>>>>>>Yes, before reserving the public ip range we do verify if the
>>>>>>
>>>>>>>account/domain is exceeding the limit.
>>>>>>
>>>>>>>
>>>>>>
>>>>>>>Thank You,
>>>>>>
>>>>>>>Likitha
>>>>>>
>>>>>>>
>>>>>>
>>>>>>>>-----Original Message-----
>>>>>>
>>>>>>>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>>>>>
>>>>>>>>Sent: Thursday, January 17, 2013 3:50 PM
>>>>>>
>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>
>>>>>>>>dev@incubator.apache.org
>>>>>>
>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>and
>>>>>>
>>>>>>>>VLANs per Tenant
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>Hi Likitha,
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>Currently we can reserve the public IP range to an account. I
>>>>>>>>would
>>>>>>
>>>>>>>>assume we are cross checking the account/domain limit for the max
>>>>>>>>no
>>>>>>
>>>>>>>>of Public IP addresses while reserving the Public IP to an account?
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>Please clarify.
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>Thanks,
>>>>>>
>>>>>>>>Sailaja.M
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>-----Original Message-----
>>>>>>
>>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>
>>>>>>>>Sent: Thursday, January 10, 2013 7:43 PM
>>>>>>
>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>
>>>>>>>>dev@incubator.apache.org
>>>>>>
>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>and
>>>>>>
>>>>>>>>VLANs per Tenant
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>For CreateVlanIpRange API call, we can set the account parameter
>>>>>>>>to
>>>>>>
>>>>>>>>specify the VLAN owner. If specified, the Public IP's get
>>>>>>>>allocated to
>>>>>>
>>>>>>>>the account and the VLAN get dedicated to it. Could you please
>>>>>>>>clarify
>>>>>>
>>>>>>>>what the difference between this and the mentioned requirement is?
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>But I couldn't figure out a way to release back the VLAN and the
>>>>>>
>>>>>>>>allocated IP's to the free pool. I achieved it by deleting the
>>>>>>>>VLAN-IP
>>>>>>
>>>>>>>>range and then adding it back to the system account. Is there a
>>>>>>>>better
>>>>>>
>>>>>>>>way to do it or do we need to implement this?
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>Thank you,
>>>>>>
>>>>>>>>Likitha
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>>-----Original Message-----
>>>>>>
>>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>>
>>>>>>>>>Sent: Friday, January 04, 2013 10:11 PM
>>>>>>
>>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>>
>>>>>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>>and
>>>>>>
>>>>>>>>>VLANs per Tenant
>>>>>>
>>>>>>>>>
>>>>>>
>>>>>>>>>Thanks Tamas for bringing up additional requirements. I have
>>>>>>>>>updated
>>>>>>
>>>>>>>>>the requirements document.
>>>>>>
>>>>>>>>>
>>>>>>
>>>>>>>>>Regards,
>>>>>>
>>>>>>>>>Manan Shah
>>>>>>
>>>>>>>>>
>>>>>>
>>>>>>>>>
>>>>>>
>>>>>>>>>
>>>>>>
>>>>>>>>>
>>>>>>
>>>>>>>>>On 1/4/13 6:32 AM, "Tamas Monos"
>>>>>><ta...@veber.co.uk>> wrote:
>>>>>>
>>>>>>>>>
>>>>>>
>>>>>>>>>>+1
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>Additional to the requirements:
>>>>>>
>>>>>>>>>>- Usage must reflect if these are assigned to an Account so the
>>>>>>
>>>>>>>>>>admin can see how many IP is allocated to the account.
>>>>>>
>>>>>>>>>>- On allocation it needs to check whether the required range is
>>>>>>
>>>>>>>>>>available (not in use) and conforms with the account limits
>>>>>>>>>>(cannot
>>>>>>
>>>>>>>>>>allocate more IPs than maximum IPs per account).
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>Regards
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>Tamas Monos DDI
>>>>>>
>>>>>>>>>>+44(0)2034687012
>>>>>>
>>>>>>>>>>Chief Technical Office
>>>>>>
>>>>>>>>>>+44(0)2034687000
>>>>>>
>>>>>>>>>>Veber: The Hosting Specialists Fax +44(0)871
>>>>>>>>>>522
>>>>>>
>>>>>>>>>>7057
>>>>>>
>>>>>>>>>>http://www.veber.co.uk
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>Follow us on Twitter:
>>>>>>www.twitter.com/veberhost<http://www.twitter.com/veberhost> Follow
>>>>>>us on
>>>>>>Facebook:
>>>>>>
>>>>>>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberhost>
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>-----Original Message-----
>>>>>>
>>>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>>
>>>>>>>>>>Sent: 22 December 2012 01:03
>>>>>>
>>>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>>
>>>>>>>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>>
>>>>>>>>>>VLANs per Tenant
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>Hi,
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>I would like to propose a new feature for dedicating IP
>>>>>>>>>>Addresses
>>>>>>
>>>>>>>>>>and VLANs per Tenant. I have created a JIRA ticket and provided
>>>>>>>>>>the
>>>>>>
>>>>>>>>>>requirements at the following location. Please provide
>>>>>>>>>>feedback on
>>>>>>
>>>>>>>>>>the requirements.
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>JIRA Ticket:
>>>>>>>>>>https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>>>>
>>>>>>>>>>Requirements:
>>>>>>
>>>>>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicate
>>>>>>>>>>d+R
>>>>>>>>>>es
>>>>>>
>>>>>>>>>>o
>>>>>>
>>>>>>>>>>u
>>>>>>
>>>>>>>>>>r
>>>>>>
>>>>>>>>>>ces
>>>>>>
>>>>>>>>>>+
>>>>>>
>>>>>>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>Regards,
>>>>>>
>>>>>>>>>>Manan Shah
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>
>>>
>>
RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Likitha Shetty <li...@citrix.com>.
Yes Manan, with the 1st solution the dedication should be applicable for both Isolated and VPC networks.
I will capture all that is being discussed here in the FS (yet to publish).
Thank you,
Likitha
>-----Original Message-----
>From: Manan Shah
>Sent: Friday, February 22, 2013 11:55 AM
>To: Manan Shah; Likitha Shetty; cloudstack-users@incubator.apache.org;
>cloudstack-dev@incubator.apache.org
>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per
>Tenant
>
>Hi Likitha,
>
>One additional question. When an admin assigns a Public IP Address range to an
>account and if that account creates a VPC, I am assuming they will still get the
>Public IP Address from this reserved IP range. Can you please confirm that this
>reserved Public IP Address would work for both Isolated Networks as well as
>VPC?
>
>Regards,
>Manan Shah
>
>
>
>
>On 2/21/13 9:57 PM, "Manan Shah" <ma...@citrix.com> wrote:
>
>>Hi Likitha,
>>
>>I agree with you that the 1st solution seems like a better approach.
>>
>>Regards,
>>Manan Shah
>>
>>
>>
>>
>>On 2/21/13 9:39 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>>
>>>Hi Manan,
>>>
>>>Thanks for the feedback. Please find my answers inline.
>>>
>>>Thank you,
>>>Likitha
>>>
>>>>-----Original Message-----
>>>>From: Manan Shah
>>>>Sent: Friday, February 22, 2013 10:28 AM
>>>>To: Likitha Shetty; cloudstack-users@incubator.apache.org;
>>>>cloudstack- dev@incubator.apache.org
>>>>Cc: Manan Shah
>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>VLANs per Tenant
>>>>
>>>>Hi Likitha,
>>>>
>>>>Comments in-line belowŠ. Also, please let us know once the FS is
>>>>updated.
>>>>
>>>>Regards,
>>>>Manan Shah
>>>>
>>>>
>>>>
>>>>
>>>>On 2/19/13 8:59 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>>>>
>>>>>CCing Manan to comment on the requirements.
>>>>>
>>>>>>-----Original Message-----
>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>Sent: Friday, February 15, 2013 7:09 PM
>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>dev@incubator.apache.org
>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>>VLANs per Tenant
>>>>>>
>>>>>>Hi All,
>>>>>>
>>>>>>This is with respect to Part 1 of the feature 'Dedicate Public IP
>>>>>>range'
>>>>>>which is
>>>>>>already implemented in CS.
>>>>>>Following is the observation wrt what is the current CS
>>>>>>implementation and the proposed changes to the same,
>>>>>>
>>>>>>1. A public VLAN-IP range can only be associated to an account
>>>>>>during the
>>>>>>creation of the range
>>>>>>Proposed change - Admin should be allowed to dedicate a range even
>>>>>>after it has been created and also allowed to change the owner
>>>>[Manan] Agreed with the functionality.
>>>>>>
>>>>>>2. If an admin associates an IP range to an account, all the
>>>>>>IP's
>>>>>>of that range
>>>>>>get acquired by a single isolated network in that account
>>>>
>>>>[Manan] Why do you think this is the right functionality. What if the
>>>>admin wants to allocate a public IP range to a account and wants to
>>>>allow the tenant to create as many networks as they want and use this
>>>>public IP range.
>>>[Likitha] Manan, I agree. I don't think this is the right behavior. So
>>>the following is what currently happens in CS, If an admin associates
>>>an IP range to an account, all the IP's of that range get acquired by
>>>a single isolated network in that account 1. If there are no isolated
>>>guest networks, a new network is created and all the IP's from the
>>>range are dedicated to the new network 2. If there is 1 isolated guest
>>>network, all the IP's from the range are dedicated to the existing
>>>network 3. If there are more than 1 isolated guest network CS throws
>>>an error
>>>
>>>There are 2 possible changes we can introduce to resolve this, 1.
>>>During dedication we just mark this range of IP's as dedicated. And
>>>when the user acquires an IP for a particular network we allow the
>>>network to choose from the dedicated range.
>>>2. During dedication when an account is chosen, the user also has the
>>>option to choose one of the network in the account which can acquire
>>>the IP's I prefer the 1st solution because with the 2nd solution, one
>>>of the networks of the tenant will acquire all the IP's.
>>>Thoughts?
>>>>
>>>>>>
>>>>>>a. If there are no isolated guest networks, a new network is
>>>>>>created and all
>>>>>>the IP's from the range are dedicated to the new network
>>>>>>
>>>>>>b. If there is 1 isolated guest network, all the IP's from the
>>>>>>range are
>>>>>>dedicated to the existing network
>>>>>>
>>>>>>c. If there are more than 1 isolated guest network CS throws an
>>>>>>error
>>>>>>
>>>>>> Proposed change - When an account is chosen, the
>>>>>>user also has the option to choose the network in the account which
>>>>>>can acquire the IP's
>>>>>>
>>>>>>3. When a network that has a dedicated IP range is deleted, the
>>>>>>mapping
>>>>>>between the account that owned the network and IP range persists.
>>>>>>This implies that the admin sees that the range is associated to
>>>>>>the account. But the IP's from this range can be acquired by any
>>>>>>other account
>>>>>>
>>>>>>Proposed change - The IP range should no longer be owned by the
>>>>>>account
>>>>[Manan] Agree with the proposed change
>>>>>>
>>>>>>4. When an account is deleted the IP ranges dedicated to that
>>>>>>account get
>>>>>>deleted
>>>>>>
>>>>>>Proposed change - The range should be released back to the free
>>>>>>pool instead
>>>>
>>>>[Manan] Agree with the proposed change. I am assuming if there are
>>>>any public Ips that are in use (Loadbalancing, Port Forwarding,
>>>>Static-NAT,
>>>>etc) then they will remain as is.
>>>>
>>>>>>
>>>>>>5. I see a potential starving scenario where a certain account
>>>>>>that has
>>>>>>dedicated range uses up all the IP's from the free pool as well
>>>>>>
>>>>>>Proposed change - Impose a configurable limit like say, at least
>>>>>>one range should always belong to the free pool
>>>>[Manan] Agree with the proposed change
>>>>>>
>>>>>>6. Even if a range is dedicated to an account, any network that
>>>>>>belongs to
>>>>>>this account including the one that has acquired the IP's can
>>>>>>acquire more IP's from the free pool. This is because when we
>>>>>>dedicate an IP range to an account, one of the networks of that
>>>>>>account acquires all the IP's.
>>>>>>
>>>>>>Proposed change - During dedication we just mark this range of IP's
>>>>>>as dedicated. And only when the user acquires an IP for a
>>>>>>particular network we allow the network to choose from the
>>>>>>dedicated range. If this change is implemented we will not run into issue
>#2.
>>>>>>
>>>>>>Please provide your feedback. I will publish an FS keeping in line
>>>>>>with the requirements we decide upon.
>>>>>>
>>>>>>
>>>>>>
>>>>>>Thank you,
>>>>>>
>>>>>>Likitha
>>>>>>
>>>>>>
>>>>>>
>>>>>>-----Original Message-----
>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>Sent: Friday, January 18, 2013 5:11 PM
>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>dev@incubator.apache.org
>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>>VLANs per Tenant
>>>>>>
>>>>>>
>>>>>>
>>>>>>In CloudStack we can already reserve the public IP range to an
>>>>>>account but not release it back to the free pool, so how about we
>>>>>>divide this requirement into 2 parts - 1) Dedicate Public IP range
>>>>>>2) Dedicate Guest VLAN's per tenant.
>>>>>>
>>>>>>
>>>>>>
>>>>>>Since Part 1 has already implemented, we need to only add the
>>>>>>enhancement 'Add releasing these IP Address range to the free
>>>>>>pool'. I will create an enhancement ticket to track this?
>>>>>>
>>>>>>As for Part 2, I will soon publish an FS based on the requirements.
>>>>>>
>>>>>>
>>>>>>
>>>>>>Any concerns?
>>>>>>
>>>>>>
>>>>>>
>>>>>>Thank you,
>>>>>>
>>>>>>Likitha
>>>>>>
>>>>>>
>>>>>>
>>>>>>>-----Original Message-----
>>>>>>
>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>
>>>>>>>Sent: Thursday, January 17, 2013 3:55 PM
>>>>>>
>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>
>>>>>>>dev@incubator.apache.org
>>>>>>
>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>and
>>>>>>
>>>>>>>VLANs per Tenant
>>>>>>
>>>>>>>
>>>>>>
>>>>>>>Yes, before reserving the public ip range we do verify if the
>>>>>>
>>>>>>>account/domain is exceeding the limit.
>>>>>>
>>>>>>>
>>>>>>
>>>>>>>Thank You,
>>>>>>
>>>>>>>Likitha
>>>>>>
>>>>>>>
>>>>>>
>>>>>>>>-----Original Message-----
>>>>>>
>>>>>>>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>>>>>
>>>>>>>>Sent: Thursday, January 17, 2013 3:50 PM
>>>>>>
>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>
>>>>>>>>dev@incubator.apache.org
>>>>>>
>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>and
>>>>>>
>>>>>>>>VLANs per Tenant
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>Hi Likitha,
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>Currently we can reserve the public IP range to an account. I
>>>>>>>>would
>>>>>>
>>>>>>>>assume we are cross checking the account/domain limit for the max
>>>>>>>>no
>>>>>>
>>>>>>>>of Public IP addresses while reserving the Public IP to an account?
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>Please clarify.
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>Thanks,
>>>>>>
>>>>>>>>Sailaja.M
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>-----Original Message-----
>>>>>>
>>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>>
>>>>>>>>Sent: Thursday, January 10, 2013 7:43 PM
>>>>>>
>>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>>
>>>>>>>>dev@incubator.apache.org
>>>>>>
>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>and
>>>>>>
>>>>>>>>VLANs per Tenant
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>For CreateVlanIpRange API call, we can set the account parameter
>>>>>>>>to
>>>>>>
>>>>>>>>specify the VLAN owner. If specified, the Public IP's get
>>>>>>>>allocated to
>>>>>>
>>>>>>>>the account and the VLAN get dedicated to it. Could you please
>>>>>>>>clarify
>>>>>>
>>>>>>>>what the difference between this and the mentioned requirement is?
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>But I couldn't figure out a way to release back the VLAN and the
>>>>>>
>>>>>>>>allocated IP's to the free pool. I achieved it by deleting the
>>>>>>>>VLAN-IP
>>>>>>
>>>>>>>>range and then adding it back to the system account. Is there a
>>>>>>>>better
>>>>>>
>>>>>>>>way to do it or do we need to implement this?
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>Thank you,
>>>>>>
>>>>>>>>Likitha
>>>>>>
>>>>>>>>
>>>>>>
>>>>>>>>>-----Original Message-----
>>>>>>
>>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>>
>>>>>>>>>Sent: Friday, January 04, 2013 10:11 PM
>>>>>>
>>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>>
>>>>>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses
>>>>>>>>>and
>>>>>>
>>>>>>>>>VLANs per Tenant
>>>>>>
>>>>>>>>>
>>>>>>
>>>>>>>>>Thanks Tamas for bringing up additional requirements. I have
>>>>>>>>>updated
>>>>>>
>>>>>>>>>the requirements document.
>>>>>>
>>>>>>>>>
>>>>>>
>>>>>>>>>Regards,
>>>>>>
>>>>>>>>>Manan Shah
>>>>>>
>>>>>>>>>
>>>>>>
>>>>>>>>>
>>>>>>
>>>>>>>>>
>>>>>>
>>>>>>>>>
>>>>>>
>>>>>>>>>On 1/4/13 6:32 AM, "Tamas Monos"
>>>>>><ta...@veber.co.uk>> wrote:
>>>>>>
>>>>>>>>>
>>>>>>
>>>>>>>>>>+1
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>Additional to the requirements:
>>>>>>
>>>>>>>>>>- Usage must reflect if these are assigned to an Account so the
>>>>>>
>>>>>>>>>>admin can see how many IP is allocated to the account.
>>>>>>
>>>>>>>>>>- On allocation it needs to check whether the required range is
>>>>>>
>>>>>>>>>>available (not in use) and conforms with the account limits
>>>>>>>>>>(cannot
>>>>>>
>>>>>>>>>>allocate more IPs than maximum IPs per account).
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>Regards
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>Tamas Monos DDI
>>>>>>
>>>>>>>>>>+44(0)2034687012
>>>>>>
>>>>>>>>>>Chief Technical Office
>>>>>>
>>>>>>>>>>+44(0)2034687000
>>>>>>
>>>>>>>>>>Veber: The Hosting Specialists Fax +44(0)871
>>>>>>>>>>522
>>>>>>
>>>>>>>>>>7057
>>>>>>
>>>>>>>>>>http://www.veber.co.uk
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>Follow us on Twitter:
>>>>>>www.twitter.com/veberhost<http://www.twitter.com/veberhost> Follow
>>>>>>us on
>>>>>>Facebook:
>>>>>>
>>>>>>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberhost>
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>-----Original Message-----
>>>>>>
>>>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>>
>>>>>>>>>>Sent: 22 December 2012 01:03
>>>>>>
>>>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>>
>>>>>>>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>>
>>>>>>>>>>VLANs per Tenant
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>Hi,
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>I would like to propose a new feature for dedicating IP
>>>>>>>>>>Addresses
>>>>>>
>>>>>>>>>>and VLANs per Tenant. I have created a JIRA ticket and provided
>>>>>>>>>>the
>>>>>>
>>>>>>>>>>requirements at the following location. Please provide
>>>>>>>>>>feedback on
>>>>>>
>>>>>>>>>>the requirements.
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>JIRA Ticket:
>>>>>>>>>>https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>>>>
>>>>>>>>>>Requirements:
>>>>>>
>>>>>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicate
>>>>>>>>>>d+R
>>>>>>>>>>es
>>>>>>
>>>>>>>>>>o
>>>>>>
>>>>>>>>>>u
>>>>>>
>>>>>>>>>>r
>>>>>>
>>>>>>>>>>ces
>>>>>>
>>>>>>>>>>+
>>>>>>
>>>>>>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>Regards,
>>>>>>
>>>>>>>>>>Manan Shah
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>>>>>>
>>>>>>
>>>>>
>>>
>>
Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Manan Shah <ma...@citrix.com>.
Hi Likitha,
One additional question. When an admin assigns a Public IP Address range
to an account and if that account creates a VPC, I am assuming they will
still get the Public IP Address from this reserved IP range. Can you
please confirm that this reserved Public IP Address would work for both
Isolated Networks as well as VPC?
Regards,
Manan Shah
On 2/21/13 9:57 PM, "Manan Shah" <ma...@citrix.com> wrote:
>Hi Likitha,
>
>I agree with you that the 1st solution seems like a better approach.
>
>Regards,
>Manan Shah
>
>
>
>
>On 2/21/13 9:39 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>
>>Hi Manan,
>>
>>Thanks for the feedback. Please find my answers inline.
>>
>>Thank you,
>>Likitha
>>
>>>-----Original Message-----
>>>From: Manan Shah
>>>Sent: Friday, February 22, 2013 10:28 AM
>>>To: Likitha Shetty; cloudstack-users@incubator.apache.org; cloudstack-
>>>dev@incubator.apache.org
>>>Cc: Manan Shah
>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>VLANs per
>>>Tenant
>>>
>>>Hi Likitha,
>>>
>>>Comments in-line belowŠ. Also, please let us know once the FS is
>>>updated.
>>>
>>>Regards,
>>>Manan Shah
>>>
>>>
>>>
>>>
>>>On 2/19/13 8:59 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>>>
>>>>CCing Manan to comment on the requirements.
>>>>
>>>>>-----Original Message-----
>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>Sent: Friday, February 15, 2013 7:09 PM
>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>dev@incubator.apache.org
>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>VLANs per Tenant
>>>>>
>>>>>Hi All,
>>>>>
>>>>>This is with respect to Part 1 of the feature 'Dedicate Public IP
>>>>>range'
>>>>>which is
>>>>>already implemented in CS.
>>>>>Following is the observation wrt what is the current CS implementation
>>>>>and the proposed changes to the same,
>>>>>
>>>>>1. A public VLAN-IP range can only be associated to an account
>>>>>during the
>>>>>creation of the range
>>>>>Proposed change - Admin should be allowed to dedicate a range even
>>>>>after it has been created and also allowed to change the owner
>>>[Manan] Agreed with the functionality.
>>>>>
>>>>>2. If an admin associates an IP range to an account, all the
>>>>>IP's
>>>>>of that range
>>>>>get acquired by a single isolated network in that account
>>>
>>>[Manan] Why do you think this is the right functionality. What if the
>>>admin wants
>>>to allocate a public IP range to a account and wants to allow the tenant
>>>to create
>>>as many networks as they want and use this public IP range.
>>[Likitha] Manan, I agree. I don't think this is the right behavior. So
>>the following is what currently happens in CS,
>>If an admin associates an IP range to an account, all the IP's of that
>>range get acquired by a single isolated network in that account
>>1. If there are no isolated guest networks, a new network is created and
>>all the IP's from the range are dedicated to the new network
>>2. If there is 1 isolated guest network, all the IP's from the range are
>>dedicated to the existing network
>>3. If there are more than 1 isolated guest network CS throws an error
>>
>>There are 2 possible changes we can introduce to resolve this,
>>1. During dedication we just mark this range of IP's as dedicated. And
>>when the user acquires an IP for a particular network we allow the
>>network to choose from the dedicated range.
>>2. During dedication when an account is chosen, the user also has the
>>option to choose one of the network in the account which can acquire the
>>IP's
>>I prefer the 1st solution because with the 2nd solution, one of the
>>networks of the tenant will acquire all the IP's.
>>Thoughts?
>>>
>>>>>
>>>>>a. If there are no isolated guest networks, a new network is
>>>>>created and all
>>>>>the IP's from the range are dedicated to the new network
>>>>>
>>>>>b. If there is 1 isolated guest network, all the IP's from the
>>>>>range are
>>>>>dedicated to the existing network
>>>>>
>>>>>c. If there are more than 1 isolated guest network CS throws an
>>>>>error
>>>>>
>>>>> Proposed change - When an account is chosen, the user
>>>>>also has the option to choose the network in the account which can
>>>>>acquire the IP's
>>>>>
>>>>>3. When a network that has a dedicated IP range is deleted, the
>>>>>mapping
>>>>>between the account that owned the network and IP range persists. This
>>>>>implies that the admin sees that the range is associated to the
>>>>>account. But the IP's from this range can be acquired by any other
>>>>>account
>>>>>
>>>>>Proposed change - The IP range should no longer be owned by the
>>>>>account
>>>[Manan] Agree with the proposed change
>>>>>
>>>>>4. When an account is deleted the IP ranges dedicated to that
>>>>>account get
>>>>>deleted
>>>>>
>>>>>Proposed change - The range should be released back to the free pool
>>>>>instead
>>>
>>>[Manan] Agree with the proposed change. I am assuming if there are any
>>>public
>>>Ips that are in use (Loadbalancing, Port Forwarding, Static-NAT,
>>>etc) then they will remain as is.
>>>
>>>>>
>>>>>5. I see a potential starving scenario where a certain account
>>>>>that has
>>>>>dedicated range uses up all the IP's from the free pool as well
>>>>>
>>>>>Proposed change - Impose a configurable limit like say, at least one
>>>>>range should always belong to the free pool
>>>[Manan] Agree with the proposed change
>>>>>
>>>>>6. Even if a range is dedicated to an account, any network that
>>>>>belongs to
>>>>>this account including the one that has acquired the IP's can acquire
>>>>>more IP's from the free pool. This is because when we dedicate an IP
>>>>>range to an account, one of the networks of that account acquires all
>>>>>the IP's.
>>>>>
>>>>>Proposed change - During dedication we just mark this range of IP's as
>>>>>dedicated. And only when the user acquires an IP for a particular
>>>>>network we allow the network to choose from the dedicated range. If
>>>>>this change is implemented we will not run into issue #2.
>>>>>
>>>>>Please provide your feedback. I will publish an FS keeping in line
>>>>>with the requirements we decide upon.
>>>>>
>>>>>
>>>>>
>>>>>Thank you,
>>>>>
>>>>>Likitha
>>>>>
>>>>>
>>>>>
>>>>>-----Original Message-----
>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>Sent: Friday, January 18, 2013 5:11 PM
>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>dev@incubator.apache.org
>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>VLANs per Tenant
>>>>>
>>>>>
>>>>>
>>>>>In CloudStack we can already reserve the public IP range to an account
>>>>>but not release it back to the free pool, so how about we divide this
>>>>>requirement into 2 parts - 1) Dedicate Public IP range 2) Dedicate
>>>>>Guest VLAN's per tenant.
>>>>>
>>>>>
>>>>>
>>>>>Since Part 1 has already implemented, we need to only add the
>>>>>enhancement 'Add releasing these IP Address range to the free pool'. I
>>>>>will create an enhancement ticket to track this?
>>>>>
>>>>>As for Part 2, I will soon publish an FS based on the requirements.
>>>>>
>>>>>
>>>>>
>>>>>Any concerns?
>>>>>
>>>>>
>>>>>
>>>>>Thank you,
>>>>>
>>>>>Likitha
>>>>>
>>>>>
>>>>>
>>>>>>-----Original Message-----
>>>>>
>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>
>>>>>>Sent: Thursday, January 17, 2013 3:55 PM
>>>>>
>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>
>>>>>>dev@incubator.apache.org
>>>>>
>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>
>>>>>>VLANs per Tenant
>>>>>
>>>>>>
>>>>>
>>>>>>Yes, before reserving the public ip range we do verify if the
>>>>>
>>>>>>account/domain is exceeding the limit.
>>>>>
>>>>>>
>>>>>
>>>>>>Thank You,
>>>>>
>>>>>>Likitha
>>>>>
>>>>>>
>>>>>
>>>>>>>-----Original Message-----
>>>>>
>>>>>>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>>>>
>>>>>>>Sent: Thursday, January 17, 2013 3:50 PM
>>>>>
>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>
>>>>>>>dev@incubator.apache.org
>>>>>
>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>
>>>>>>>VLANs per Tenant
>>>>>
>>>>>>>
>>>>>
>>>>>>>Hi Likitha,
>>>>>
>>>>>>>
>>>>>
>>>>>>>Currently we can reserve the public IP range to an account. I would
>>>>>
>>>>>>>assume we are cross checking the account/domain limit for the max no
>>>>>
>>>>>>>of Public IP addresses while reserving the Public IP to an account?
>>>>>
>>>>>>>
>>>>>
>>>>>>>Please clarify.
>>>>>
>>>>>>>
>>>>>
>>>>>>>Thanks,
>>>>>
>>>>>>>Sailaja.M
>>>>>
>>>>>>>
>>>>>
>>>>>>>-----Original Message-----
>>>>>
>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>
>>>>>>>Sent: Thursday, January 10, 2013 7:43 PM
>>>>>
>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>
>>>>>>>dev@incubator.apache.org
>>>>>
>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>
>>>>>>>VLANs per Tenant
>>>>>
>>>>>>>
>>>>>
>>>>>>>For CreateVlanIpRange API call, we can set the account parameter to
>>>>>
>>>>>>>specify the VLAN owner. If specified, the Public IP's get allocated
>>>>>>>to
>>>>>
>>>>>>>the account and the VLAN get dedicated to it. Could you please
>>>>>>>clarify
>>>>>
>>>>>>>what the difference between this and the mentioned requirement is?
>>>>>
>>>>>>>
>>>>>
>>>>>>>But I couldn't figure out a way to release back the VLAN and the
>>>>>
>>>>>>>allocated IP's to the free pool. I achieved it by deleting the
>>>>>>>VLAN-IP
>>>>>
>>>>>>>range and then adding it back to the system account. Is there a
>>>>>>>better
>>>>>
>>>>>>>way to do it or do we need to implement this?
>>>>>
>>>>>>>
>>>>>
>>>>>>>Thank you,
>>>>>
>>>>>>>Likitha
>>>>>
>>>>>>>
>>>>>
>>>>>>>>-----Original Message-----
>>>>>
>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>
>>>>>>>>Sent: Friday, January 04, 2013 10:11 PM
>>>>>
>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>
>>>>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>
>>>>>>>>VLANs per Tenant
>>>>>
>>>>>>>>
>>>>>
>>>>>>>>Thanks Tamas for bringing up additional requirements. I have
>>>>>>>>updated
>>>>>
>>>>>>>>the requirements document.
>>>>>
>>>>>>>>
>>>>>
>>>>>>>>Regards,
>>>>>
>>>>>>>>Manan Shah
>>>>>
>>>>>>>>
>>>>>
>>>>>>>>
>>>>>
>>>>>>>>
>>>>>
>>>>>>>>
>>>>>
>>>>>>>>On 1/4/13 6:32 AM, "Tamas Monos"
>>>>><ta...@veber.co.uk>> wrote:
>>>>>
>>>>>>>>
>>>>>
>>>>>>>>>+1
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>Additional to the requirements:
>>>>>
>>>>>>>>>- Usage must reflect if these are assigned to an Account so the
>>>>>
>>>>>>>>>admin can see how many IP is allocated to the account.
>>>>>
>>>>>>>>>- On allocation it needs to check whether the required range is
>>>>>
>>>>>>>>>available (not in use) and conforms with the account limits
>>>>>>>>>(cannot
>>>>>
>>>>>>>>>allocate more IPs than maximum IPs per account).
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>Regards
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>Tamas Monos DDI
>>>>>
>>>>>>>>>+44(0)2034687012
>>>>>
>>>>>>>>>Chief Technical Office
>>>>>
>>>>>>>>>+44(0)2034687000
>>>>>
>>>>>>>>>Veber: The Hosting Specialists Fax +44(0)871
>>>>>>>>>522
>>>>>
>>>>>>>>>7057
>>>>>
>>>>>>>>>http://www.veber.co.uk
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>Follow us on Twitter:
>>>>>www.twitter.com/veberhost<http://www.twitter.com/veberhost> Follow us
>>>>>on
>>>>>Facebook:
>>>>>
>>>>>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberhost>
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>-----Original Message-----
>>>>>
>>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>
>>>>>>>>>Sent: 22 December 2012 01:03
>>>>>
>>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>
>>>>>>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>
>>>>>>>>>VLANs per Tenant
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>Hi,
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>I would like to propose a new feature for dedicating IP Addresses
>>>>>
>>>>>>>>>and VLANs per Tenant. I have created a JIRA ticket and provided
>>>>>>>>>the
>>>>>
>>>>>>>>>requirements at the following location. Please provide feedback
>>>>>>>>>on
>>>>>
>>>>>>>>>the requirements.
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>>>
>>>>>>>>>Requirements:
>>>>>
>>>>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+R
>>>>>>>>>es
>>>>>
>>>>>>>>>o
>>>>>
>>>>>>>>>u
>>>>>
>>>>>>>>>r
>>>>>
>>>>>>>>>ces
>>>>>
>>>>>>>>>+
>>>>>
>>>>>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>Regards,
>>>>>
>>>>>>>>>Manan Shah
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>
>>>>>
>>>>
>>
>
Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Manan Shah <ma...@citrix.com>.
Hi Likitha,
One additional question. When an admin assigns a Public IP Address range
to an account and if that account creates a VPC, I am assuming they will
still get the Public IP Address from this reserved IP range. Can you
please confirm that this reserved Public IP Address would work for both
Isolated Networks as well as VPC?
Regards,
Manan Shah
On 2/21/13 9:57 PM, "Manan Shah" <ma...@citrix.com> wrote:
>Hi Likitha,
>
>I agree with you that the 1st solution seems like a better approach.
>
>Regards,
>Manan Shah
>
>
>
>
>On 2/21/13 9:39 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>
>>Hi Manan,
>>
>>Thanks for the feedback. Please find my answers inline.
>>
>>Thank you,
>>Likitha
>>
>>>-----Original Message-----
>>>From: Manan Shah
>>>Sent: Friday, February 22, 2013 10:28 AM
>>>To: Likitha Shetty; cloudstack-users@incubator.apache.org; cloudstack-
>>>dev@incubator.apache.org
>>>Cc: Manan Shah
>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>VLANs per
>>>Tenant
>>>
>>>Hi Likitha,
>>>
>>>Comments in-line belowŠ. Also, please let us know once the FS is
>>>updated.
>>>
>>>Regards,
>>>Manan Shah
>>>
>>>
>>>
>>>
>>>On 2/19/13 8:59 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>>>
>>>>CCing Manan to comment on the requirements.
>>>>
>>>>>-----Original Message-----
>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>Sent: Friday, February 15, 2013 7:09 PM
>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>dev@incubator.apache.org
>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>VLANs per Tenant
>>>>>
>>>>>Hi All,
>>>>>
>>>>>This is with respect to Part 1 of the feature 'Dedicate Public IP
>>>>>range'
>>>>>which is
>>>>>already implemented in CS.
>>>>>Following is the observation wrt what is the current CS implementation
>>>>>and the proposed changes to the same,
>>>>>
>>>>>1. A public VLAN-IP range can only be associated to an account
>>>>>during the
>>>>>creation of the range
>>>>>Proposed change - Admin should be allowed to dedicate a range even
>>>>>after it has been created and also allowed to change the owner
>>>[Manan] Agreed with the functionality.
>>>>>
>>>>>2. If an admin associates an IP range to an account, all the
>>>>>IP's
>>>>>of that range
>>>>>get acquired by a single isolated network in that account
>>>
>>>[Manan] Why do you think this is the right functionality. What if the
>>>admin wants
>>>to allocate a public IP range to a account and wants to allow the tenant
>>>to create
>>>as many networks as they want and use this public IP range.
>>[Likitha] Manan, I agree. I don't think this is the right behavior. So
>>the following is what currently happens in CS,
>>If an admin associates an IP range to an account, all the IP's of that
>>range get acquired by a single isolated network in that account
>>1. If there are no isolated guest networks, a new network is created and
>>all the IP's from the range are dedicated to the new network
>>2. If there is 1 isolated guest network, all the IP's from the range are
>>dedicated to the existing network
>>3. If there are more than 1 isolated guest network CS throws an error
>>
>>There are 2 possible changes we can introduce to resolve this,
>>1. During dedication we just mark this range of IP's as dedicated. And
>>when the user acquires an IP for a particular network we allow the
>>network to choose from the dedicated range.
>>2. During dedication when an account is chosen, the user also has the
>>option to choose one of the network in the account which can acquire the
>>IP's
>>I prefer the 1st solution because with the 2nd solution, one of the
>>networks of the tenant will acquire all the IP's.
>>Thoughts?
>>>
>>>>>
>>>>>a. If there are no isolated guest networks, a new network is
>>>>>created and all
>>>>>the IP's from the range are dedicated to the new network
>>>>>
>>>>>b. If there is 1 isolated guest network, all the IP's from the
>>>>>range are
>>>>>dedicated to the existing network
>>>>>
>>>>>c. If there are more than 1 isolated guest network CS throws an
>>>>>error
>>>>>
>>>>> Proposed change - When an account is chosen, the user
>>>>>also has the option to choose the network in the account which can
>>>>>acquire the IP's
>>>>>
>>>>>3. When a network that has a dedicated IP range is deleted, the
>>>>>mapping
>>>>>between the account that owned the network and IP range persists. This
>>>>>implies that the admin sees that the range is associated to the
>>>>>account. But the IP's from this range can be acquired by any other
>>>>>account
>>>>>
>>>>>Proposed change - The IP range should no longer be owned by the
>>>>>account
>>>[Manan] Agree with the proposed change
>>>>>
>>>>>4. When an account is deleted the IP ranges dedicated to that
>>>>>account get
>>>>>deleted
>>>>>
>>>>>Proposed change - The range should be released back to the free pool
>>>>>instead
>>>
>>>[Manan] Agree with the proposed change. I am assuming if there are any
>>>public
>>>Ips that are in use (Loadbalancing, Port Forwarding, Static-NAT,
>>>etc) then they will remain as is.
>>>
>>>>>
>>>>>5. I see a potential starving scenario where a certain account
>>>>>that has
>>>>>dedicated range uses up all the IP's from the free pool as well
>>>>>
>>>>>Proposed change - Impose a configurable limit like say, at least one
>>>>>range should always belong to the free pool
>>>[Manan] Agree with the proposed change
>>>>>
>>>>>6. Even if a range is dedicated to an account, any network that
>>>>>belongs to
>>>>>this account including the one that has acquired the IP's can acquire
>>>>>more IP's from the free pool. This is because when we dedicate an IP
>>>>>range to an account, one of the networks of that account acquires all
>>>>>the IP's.
>>>>>
>>>>>Proposed change - During dedication we just mark this range of IP's as
>>>>>dedicated. And only when the user acquires an IP for a particular
>>>>>network we allow the network to choose from the dedicated range. If
>>>>>this change is implemented we will not run into issue #2.
>>>>>
>>>>>Please provide your feedback. I will publish an FS keeping in line
>>>>>with the requirements we decide upon.
>>>>>
>>>>>
>>>>>
>>>>>Thank you,
>>>>>
>>>>>Likitha
>>>>>
>>>>>
>>>>>
>>>>>-----Original Message-----
>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>Sent: Friday, January 18, 2013 5:11 PM
>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>dev@incubator.apache.org
>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>VLANs per Tenant
>>>>>
>>>>>
>>>>>
>>>>>In CloudStack we can already reserve the public IP range to an account
>>>>>but not release it back to the free pool, so how about we divide this
>>>>>requirement into 2 parts - 1) Dedicate Public IP range 2) Dedicate
>>>>>Guest VLAN's per tenant.
>>>>>
>>>>>
>>>>>
>>>>>Since Part 1 has already implemented, we need to only add the
>>>>>enhancement 'Add releasing these IP Address range to the free pool'. I
>>>>>will create an enhancement ticket to track this?
>>>>>
>>>>>As for Part 2, I will soon publish an FS based on the requirements.
>>>>>
>>>>>
>>>>>
>>>>>Any concerns?
>>>>>
>>>>>
>>>>>
>>>>>Thank you,
>>>>>
>>>>>Likitha
>>>>>
>>>>>
>>>>>
>>>>>>-----Original Message-----
>>>>>
>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>
>>>>>>Sent: Thursday, January 17, 2013 3:55 PM
>>>>>
>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>
>>>>>>dev@incubator.apache.org
>>>>>
>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>
>>>>>>VLANs per Tenant
>>>>>
>>>>>>
>>>>>
>>>>>>Yes, before reserving the public ip range we do verify if the
>>>>>
>>>>>>account/domain is exceeding the limit.
>>>>>
>>>>>>
>>>>>
>>>>>>Thank You,
>>>>>
>>>>>>Likitha
>>>>>
>>>>>>
>>>>>
>>>>>>>-----Original Message-----
>>>>>
>>>>>>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>>>>
>>>>>>>Sent: Thursday, January 17, 2013 3:50 PM
>>>>>
>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>
>>>>>>>dev@incubator.apache.org
>>>>>
>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>
>>>>>>>VLANs per Tenant
>>>>>
>>>>>>>
>>>>>
>>>>>>>Hi Likitha,
>>>>>
>>>>>>>
>>>>>
>>>>>>>Currently we can reserve the public IP range to an account. I would
>>>>>
>>>>>>>assume we are cross checking the account/domain limit for the max no
>>>>>
>>>>>>>of Public IP addresses while reserving the Public IP to an account?
>>>>>
>>>>>>>
>>>>>
>>>>>>>Please clarify.
>>>>>
>>>>>>>
>>>>>
>>>>>>>Thanks,
>>>>>
>>>>>>>Sailaja.M
>>>>>
>>>>>>>
>>>>>
>>>>>>>-----Original Message-----
>>>>>
>>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>>
>>>>>>>Sent: Thursday, January 10, 2013 7:43 PM
>>>>>
>>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>>
>>>>>>>dev@incubator.apache.org
>>>>>
>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>
>>>>>>>VLANs per Tenant
>>>>>
>>>>>>>
>>>>>
>>>>>>>For CreateVlanIpRange API call, we can set the account parameter to
>>>>>
>>>>>>>specify the VLAN owner. If specified, the Public IP's get allocated
>>>>>>>to
>>>>>
>>>>>>>the account and the VLAN get dedicated to it. Could you please
>>>>>>>clarify
>>>>>
>>>>>>>what the difference between this and the mentioned requirement is?
>>>>>
>>>>>>>
>>>>>
>>>>>>>But I couldn't figure out a way to release back the VLAN and the
>>>>>
>>>>>>>allocated IP's to the free pool. I achieved it by deleting the
>>>>>>>VLAN-IP
>>>>>
>>>>>>>range and then adding it back to the system account. Is there a
>>>>>>>better
>>>>>
>>>>>>>way to do it or do we need to implement this?
>>>>>
>>>>>>>
>>>>>
>>>>>>>Thank you,
>>>>>
>>>>>>>Likitha
>>>>>
>>>>>>>
>>>>>
>>>>>>>>-----Original Message-----
>>>>>
>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>
>>>>>>>>Sent: Friday, January 04, 2013 10:11 PM
>>>>>
>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>
>>>>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>
>>>>>>>>VLANs per Tenant
>>>>>
>>>>>>>>
>>>>>
>>>>>>>>Thanks Tamas for bringing up additional requirements. I have
>>>>>>>>updated
>>>>>
>>>>>>>>the requirements document.
>>>>>
>>>>>>>>
>>>>>
>>>>>>>>Regards,
>>>>>
>>>>>>>>Manan Shah
>>>>>
>>>>>>>>
>>>>>
>>>>>>>>
>>>>>
>>>>>>>>
>>>>>
>>>>>>>>
>>>>>
>>>>>>>>On 1/4/13 6:32 AM, "Tamas Monos"
>>>>><ta...@veber.co.uk>> wrote:
>>>>>
>>>>>>>>
>>>>>
>>>>>>>>>+1
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>Additional to the requirements:
>>>>>
>>>>>>>>>- Usage must reflect if these are assigned to an Account so the
>>>>>
>>>>>>>>>admin can see how many IP is allocated to the account.
>>>>>
>>>>>>>>>- On allocation it needs to check whether the required range is
>>>>>
>>>>>>>>>available (not in use) and conforms with the account limits
>>>>>>>>>(cannot
>>>>>
>>>>>>>>>allocate more IPs than maximum IPs per account).
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>Regards
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>Tamas Monos DDI
>>>>>
>>>>>>>>>+44(0)2034687012
>>>>>
>>>>>>>>>Chief Technical Office
>>>>>
>>>>>>>>>+44(0)2034687000
>>>>>
>>>>>>>>>Veber: The Hosting Specialists Fax +44(0)871
>>>>>>>>>522
>>>>>
>>>>>>>>>7057
>>>>>
>>>>>>>>>http://www.veber.co.uk
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>Follow us on Twitter:
>>>>>www.twitter.com/veberhost<http://www.twitter.com/veberhost> Follow us
>>>>>on
>>>>>Facebook:
>>>>>
>>>>>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberhost>
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>-----Original Message-----
>>>>>
>>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>>
>>>>>>>>>Sent: 22 December 2012 01:03
>>>>>
>>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>>
>>>>>>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>>
>>>>>>>>>VLANs per Tenant
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>Hi,
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>I would like to propose a new feature for dedicating IP Addresses
>>>>>
>>>>>>>>>and VLANs per Tenant. I have created a JIRA ticket and provided
>>>>>>>>>the
>>>>>
>>>>>>>>>requirements at the following location. Please provide feedback
>>>>>>>>>on
>>>>>
>>>>>>>>>the requirements.
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>>>
>>>>>>>>>Requirements:
>>>>>
>>>>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+R
>>>>>>>>>es
>>>>>
>>>>>>>>>o
>>>>>
>>>>>>>>>u
>>>>>
>>>>>>>>>r
>>>>>
>>>>>>>>>ces
>>>>>
>>>>>>>>>+
>>>>>
>>>>>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>Regards,
>>>>>
>>>>>>>>>Manan Shah
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>
>>>>>
>>>>>>>>>
>>>>>
>>>>
>>
>
Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Manan Shah <ma...@citrix.com>.
Hi Likitha,
I agree with you that the 1st solution seems like a better approach.
Regards,
Manan Shah
On 2/21/13 9:39 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>Hi Manan,
>
>Thanks for the feedback. Please find my answers inline.
>
>Thank you,
>Likitha
>
>>-----Original Message-----
>>From: Manan Shah
>>Sent: Friday, February 22, 2013 10:28 AM
>>To: Likitha Shetty; cloudstack-users@incubator.apache.org; cloudstack-
>>dev@incubator.apache.org
>>Cc: Manan Shah
>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>VLANs per
>>Tenant
>>
>>Hi Likitha,
>>
>>Comments in-line belowŠ. Also, please let us know once the FS is updated.
>>
>>Regards,
>>Manan Shah
>>
>>
>>
>>
>>On 2/19/13 8:59 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>>
>>>CCing Manan to comment on the requirements.
>>>
>>>>-----Original Message-----
>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>Sent: Friday, February 15, 2013 7:09 PM
>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>dev@incubator.apache.org
>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>VLANs per Tenant
>>>>
>>>>Hi All,
>>>>
>>>>This is with respect to Part 1 of the feature 'Dedicate Public IP
>>>>range'
>>>>which is
>>>>already implemented in CS.
>>>>Following is the observation wrt what is the current CS implementation
>>>>and the proposed changes to the same,
>>>>
>>>>1. A public VLAN-IP range can only be associated to an account
>>>>during the
>>>>creation of the range
>>>>Proposed change - Admin should be allowed to dedicate a range even
>>>>after it has been created and also allowed to change the owner
>>[Manan] Agreed with the functionality.
>>>>
>>>>2. If an admin associates an IP range to an account, all the IP's
>>>>of that range
>>>>get acquired by a single isolated network in that account
>>
>>[Manan] Why do you think this is the right functionality. What if the
>>admin wants
>>to allocate a public IP range to a account and wants to allow the tenant
>>to create
>>as many networks as they want and use this public IP range.
>[Likitha] Manan, I agree. I don't think this is the right behavior. So
>the following is what currently happens in CS,
>If an admin associates an IP range to an account, all the IP's of that
>range get acquired by a single isolated network in that account
>1. If there are no isolated guest networks, a new network is created and
>all the IP's from the range are dedicated to the new network
>2. If there is 1 isolated guest network, all the IP's from the range are
>dedicated to the existing network
>3. If there are more than 1 isolated guest network CS throws an error
>
>There are 2 possible changes we can introduce to resolve this,
>1. During dedication we just mark this range of IP's as dedicated. And
>when the user acquires an IP for a particular network we allow the
>network to choose from the dedicated range.
>2. During dedication when an account is chosen, the user also has the
>option to choose one of the network in the account which can acquire the
>IP's
>I prefer the 1st solution because with the 2nd solution, one of the
>networks of the tenant will acquire all the IP's.
>Thoughts?
>>
>>>>
>>>>a. If there are no isolated guest networks, a new network is
>>>>created and all
>>>>the IP's from the range are dedicated to the new network
>>>>
>>>>b. If there is 1 isolated guest network, all the IP's from the
>>>>range are
>>>>dedicated to the existing network
>>>>
>>>>c. If there are more than 1 isolated guest network CS throws an
>>>>error
>>>>
>>>> Proposed change - When an account is chosen, the user
>>>>also has the option to choose the network in the account which can
>>>>acquire the IP's
>>>>
>>>>3. When a network that has a dedicated IP range is deleted, the
>>>>mapping
>>>>between the account that owned the network and IP range persists. This
>>>>implies that the admin sees that the range is associated to the
>>>>account. But the IP's from this range can be acquired by any other
>>>>account
>>>>
>>>>Proposed change - The IP range should no longer be owned by the
>>>>account
>>[Manan] Agree with the proposed change
>>>>
>>>>4. When an account is deleted the IP ranges dedicated to that
>>>>account get
>>>>deleted
>>>>
>>>>Proposed change - The range should be released back to the free pool
>>>>instead
>>
>>[Manan] Agree with the proposed change. I am assuming if there are any
>>public
>>Ips that are in use (Loadbalancing, Port Forwarding, Static-NAT,
>>etc) then they will remain as is.
>>
>>>>
>>>>5. I see a potential starving scenario where a certain account
>>>>that has
>>>>dedicated range uses up all the IP's from the free pool as well
>>>>
>>>>Proposed change - Impose a configurable limit like say, at least one
>>>>range should always belong to the free pool
>>[Manan] Agree with the proposed change
>>>>
>>>>6. Even if a range is dedicated to an account, any network that
>>>>belongs to
>>>>this account including the one that has acquired the IP's can acquire
>>>>more IP's from the free pool. This is because when we dedicate an IP
>>>>range to an account, one of the networks of that account acquires all
>>>>the IP's.
>>>>
>>>>Proposed change - During dedication we just mark this range of IP's as
>>>>dedicated. And only when the user acquires an IP for a particular
>>>>network we allow the network to choose from the dedicated range. If
>>>>this change is implemented we will not run into issue #2.
>>>>
>>>>Please provide your feedback. I will publish an FS keeping in line
>>>>with the requirements we decide upon.
>>>>
>>>>
>>>>
>>>>Thank you,
>>>>
>>>>Likitha
>>>>
>>>>
>>>>
>>>>-----Original Message-----
>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>Sent: Friday, January 18, 2013 5:11 PM
>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>dev@incubator.apache.org
>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>VLANs per Tenant
>>>>
>>>>
>>>>
>>>>In CloudStack we can already reserve the public IP range to an account
>>>>but not release it back to the free pool, so how about we divide this
>>>>requirement into 2 parts - 1) Dedicate Public IP range 2) Dedicate
>>>>Guest VLAN's per tenant.
>>>>
>>>>
>>>>
>>>>Since Part 1 has already implemented, we need to only add the
>>>>enhancement 'Add releasing these IP Address range to the free pool'. I
>>>>will create an enhancement ticket to track this?
>>>>
>>>>As for Part 2, I will soon publish an FS based on the requirements.
>>>>
>>>>
>>>>
>>>>Any concerns?
>>>>
>>>>
>>>>
>>>>Thank you,
>>>>
>>>>Likitha
>>>>
>>>>
>>>>
>>>>>-----Original Message-----
>>>>
>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>
>>>>>Sent: Thursday, January 17, 2013 3:55 PM
>>>>
>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>
>>>>>dev@incubator.apache.org
>>>>
>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>
>>>>>VLANs per Tenant
>>>>
>>>>>
>>>>
>>>>>Yes, before reserving the public ip range we do verify if the
>>>>
>>>>>account/domain is exceeding the limit.
>>>>
>>>>>
>>>>
>>>>>Thank You,
>>>>
>>>>>Likitha
>>>>
>>>>>
>>>>
>>>>>>-----Original Message-----
>>>>
>>>>>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>>>
>>>>>>Sent: Thursday, January 17, 2013 3:50 PM
>>>>
>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>
>>>>>>dev@incubator.apache.org
>>>>
>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>
>>>>>>VLANs per Tenant
>>>>
>>>>>>
>>>>
>>>>>>Hi Likitha,
>>>>
>>>>>>
>>>>
>>>>>>Currently we can reserve the public IP range to an account. I would
>>>>
>>>>>>assume we are cross checking the account/domain limit for the max no
>>>>
>>>>>>of Public IP addresses while reserving the Public IP to an account?
>>>>
>>>>>>
>>>>
>>>>>>Please clarify.
>>>>
>>>>>>
>>>>
>>>>>>Thanks,
>>>>
>>>>>>Sailaja.M
>>>>
>>>>>>
>>>>
>>>>>>-----Original Message-----
>>>>
>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>
>>>>>>Sent: Thursday, January 10, 2013 7:43 PM
>>>>
>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>
>>>>>>dev@incubator.apache.org
>>>>
>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>
>>>>>>VLANs per Tenant
>>>>
>>>>>>
>>>>
>>>>>>For CreateVlanIpRange API call, we can set the account parameter to
>>>>
>>>>>>specify the VLAN owner. If specified, the Public IP's get allocated
>>>>>>to
>>>>
>>>>>>the account and the VLAN get dedicated to it. Could you please
>>>>>>clarify
>>>>
>>>>>>what the difference between this and the mentioned requirement is?
>>>>
>>>>>>
>>>>
>>>>>>But I couldn't figure out a way to release back the VLAN and the
>>>>
>>>>>>allocated IP's to the free pool. I achieved it by deleting the
>>>>>>VLAN-IP
>>>>
>>>>>>range and then adding it back to the system account. Is there a
>>>>>>better
>>>>
>>>>>>way to do it or do we need to implement this?
>>>>
>>>>>>
>>>>
>>>>>>Thank you,
>>>>
>>>>>>Likitha
>>>>
>>>>>>
>>>>
>>>>>>>-----Original Message-----
>>>>
>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>
>>>>>>>Sent: Friday, January 04, 2013 10:11 PM
>>>>
>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>
>>>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>
>>>>>>>VLANs per Tenant
>>>>
>>>>>>>
>>>>
>>>>>>>Thanks Tamas for bringing up additional requirements. I have
>>>>>>>updated
>>>>
>>>>>>>the requirements document.
>>>>
>>>>>>>
>>>>
>>>>>>>Regards,
>>>>
>>>>>>>Manan Shah
>>>>
>>>>>>>
>>>>
>>>>>>>
>>>>
>>>>>>>
>>>>
>>>>>>>
>>>>
>>>>>>>On 1/4/13 6:32 AM, "Tamas Monos"
>>>><ta...@veber.co.uk>> wrote:
>>>>
>>>>>>>
>>>>
>>>>>>>>+1
>>>>
>>>>>>>>
>>>>
>>>>>>>>Additional to the requirements:
>>>>
>>>>>>>>- Usage must reflect if these are assigned to an Account so the
>>>>
>>>>>>>>admin can see how many IP is allocated to the account.
>>>>
>>>>>>>>- On allocation it needs to check whether the required range is
>>>>
>>>>>>>>available (not in use) and conforms with the account limits
>>>>>>>>(cannot
>>>>
>>>>>>>>allocate more IPs than maximum IPs per account).
>>>>
>>>>>>>>
>>>>
>>>>>>>>Regards
>>>>
>>>>>>>>
>>>>
>>>>>>>>Tamas Monos DDI
>>>>
>>>>>>>>+44(0)2034687012
>>>>
>>>>>>>>Chief Technical Office
>>>>
>>>>>>>>+44(0)2034687000
>>>>
>>>>>>>>Veber: The Hosting Specialists Fax +44(0)871
>>>>>>>>522
>>>>
>>>>>>>>7057
>>>>
>>>>>>>>http://www.veber.co.uk
>>>>
>>>>>>>>
>>>>
>>>>>>>>Follow us on Twitter:
>>>>www.twitter.com/veberhost<http://www.twitter.com/veberhost> Follow us
>>>>on
>>>>Facebook:
>>>>
>>>>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberhost>
>>>>
>>>>>>>>
>>>>
>>>>>>>>
>>>>
>>>>>>>>-----Original Message-----
>>>>
>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>
>>>>>>>>Sent: 22 December 2012 01:03
>>>>
>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>
>>>>>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>
>>>>>>>>VLANs per Tenant
>>>>
>>>>>>>>
>>>>
>>>>>>>>Hi,
>>>>
>>>>>>>>
>>>>
>>>>>>>>I would like to propose a new feature for dedicating IP Addresses
>>>>
>>>>>>>>and VLANs per Tenant. I have created a JIRA ticket and provided
>>>>>>>>the
>>>>
>>>>>>>>requirements at the following location. Please provide feedback
>>>>>>>>on
>>>>
>>>>>>>>the requirements.
>>>>
>>>>>>>>
>>>>
>>>>>>>>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>>
>>>>>>>>Requirements:
>>>>
>>>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+R
>>>>>>>>es
>>>>
>>>>>>>>o
>>>>
>>>>>>>>u
>>>>
>>>>>>>>r
>>>>
>>>>>>>>ces
>>>>
>>>>>>>>+
>>>>
>>>>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>>
>>>>>>>>
>>>>
>>>>>>>>Regards,
>>>>
>>>>>>>>Manan Shah
>>>>
>>>>>>>>
>>>>
>>>>>>>>
>>>>
>>>>>>>>
>>>>
>>>
>
Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Manan Shah <ma...@citrix.com>.
Hi Likitha,
I agree with you that the 1st solution seems like a better approach.
Regards,
Manan Shah
On 2/21/13 9:39 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>Hi Manan,
>
>Thanks for the feedback. Please find my answers inline.
>
>Thank you,
>Likitha
>
>>-----Original Message-----
>>From: Manan Shah
>>Sent: Friday, February 22, 2013 10:28 AM
>>To: Likitha Shetty; cloudstack-users@incubator.apache.org; cloudstack-
>>dev@incubator.apache.org
>>Cc: Manan Shah
>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>VLANs per
>>Tenant
>>
>>Hi Likitha,
>>
>>Comments in-line belowŠ. Also, please let us know once the FS is updated.
>>
>>Regards,
>>Manan Shah
>>
>>
>>
>>
>>On 2/19/13 8:59 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>>
>>>CCing Manan to comment on the requirements.
>>>
>>>>-----Original Message-----
>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>Sent: Friday, February 15, 2013 7:09 PM
>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>dev@incubator.apache.org
>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>VLANs per Tenant
>>>>
>>>>Hi All,
>>>>
>>>>This is with respect to Part 1 of the feature 'Dedicate Public IP
>>>>range'
>>>>which is
>>>>already implemented in CS.
>>>>Following is the observation wrt what is the current CS implementation
>>>>and the proposed changes to the same,
>>>>
>>>>1. A public VLAN-IP range can only be associated to an account
>>>>during the
>>>>creation of the range
>>>>Proposed change - Admin should be allowed to dedicate a range even
>>>>after it has been created and also allowed to change the owner
>>[Manan] Agreed with the functionality.
>>>>
>>>>2. If an admin associates an IP range to an account, all the IP's
>>>>of that range
>>>>get acquired by a single isolated network in that account
>>
>>[Manan] Why do you think this is the right functionality. What if the
>>admin wants
>>to allocate a public IP range to a account and wants to allow the tenant
>>to create
>>as many networks as they want and use this public IP range.
>[Likitha] Manan, I agree. I don't think this is the right behavior. So
>the following is what currently happens in CS,
>If an admin associates an IP range to an account, all the IP's of that
>range get acquired by a single isolated network in that account
>1. If there are no isolated guest networks, a new network is created and
>all the IP's from the range are dedicated to the new network
>2. If there is 1 isolated guest network, all the IP's from the range are
>dedicated to the existing network
>3. If there are more than 1 isolated guest network CS throws an error
>
>There are 2 possible changes we can introduce to resolve this,
>1. During dedication we just mark this range of IP's as dedicated. And
>when the user acquires an IP for a particular network we allow the
>network to choose from the dedicated range.
>2. During dedication when an account is chosen, the user also has the
>option to choose one of the network in the account which can acquire the
>IP's
>I prefer the 1st solution because with the 2nd solution, one of the
>networks of the tenant will acquire all the IP's.
>Thoughts?
>>
>>>>
>>>>a. If there are no isolated guest networks, a new network is
>>>>created and all
>>>>the IP's from the range are dedicated to the new network
>>>>
>>>>b. If there is 1 isolated guest network, all the IP's from the
>>>>range are
>>>>dedicated to the existing network
>>>>
>>>>c. If there are more than 1 isolated guest network CS throws an
>>>>error
>>>>
>>>> Proposed change - When an account is chosen, the user
>>>>also has the option to choose the network in the account which can
>>>>acquire the IP's
>>>>
>>>>3. When a network that has a dedicated IP range is deleted, the
>>>>mapping
>>>>between the account that owned the network and IP range persists. This
>>>>implies that the admin sees that the range is associated to the
>>>>account. But the IP's from this range can be acquired by any other
>>>>account
>>>>
>>>>Proposed change - The IP range should no longer be owned by the
>>>>account
>>[Manan] Agree with the proposed change
>>>>
>>>>4. When an account is deleted the IP ranges dedicated to that
>>>>account get
>>>>deleted
>>>>
>>>>Proposed change - The range should be released back to the free pool
>>>>instead
>>
>>[Manan] Agree with the proposed change. I am assuming if there are any
>>public
>>Ips that are in use (Loadbalancing, Port Forwarding, Static-NAT,
>>etc) then they will remain as is.
>>
>>>>
>>>>5. I see a potential starving scenario where a certain account
>>>>that has
>>>>dedicated range uses up all the IP's from the free pool as well
>>>>
>>>>Proposed change - Impose a configurable limit like say, at least one
>>>>range should always belong to the free pool
>>[Manan] Agree with the proposed change
>>>>
>>>>6. Even if a range is dedicated to an account, any network that
>>>>belongs to
>>>>this account including the one that has acquired the IP's can acquire
>>>>more IP's from the free pool. This is because when we dedicate an IP
>>>>range to an account, one of the networks of that account acquires all
>>>>the IP's.
>>>>
>>>>Proposed change - During dedication we just mark this range of IP's as
>>>>dedicated. And only when the user acquires an IP for a particular
>>>>network we allow the network to choose from the dedicated range. If
>>>>this change is implemented we will not run into issue #2.
>>>>
>>>>Please provide your feedback. I will publish an FS keeping in line
>>>>with the requirements we decide upon.
>>>>
>>>>
>>>>
>>>>Thank you,
>>>>
>>>>Likitha
>>>>
>>>>
>>>>
>>>>-----Original Message-----
>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>Sent: Friday, January 18, 2013 5:11 PM
>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>dev@incubator.apache.org
>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>VLANs per Tenant
>>>>
>>>>
>>>>
>>>>In CloudStack we can already reserve the public IP range to an account
>>>>but not release it back to the free pool, so how about we divide this
>>>>requirement into 2 parts - 1) Dedicate Public IP range 2) Dedicate
>>>>Guest VLAN's per tenant.
>>>>
>>>>
>>>>
>>>>Since Part 1 has already implemented, we need to only add the
>>>>enhancement 'Add releasing these IP Address range to the free pool'. I
>>>>will create an enhancement ticket to track this?
>>>>
>>>>As for Part 2, I will soon publish an FS based on the requirements.
>>>>
>>>>
>>>>
>>>>Any concerns?
>>>>
>>>>
>>>>
>>>>Thank you,
>>>>
>>>>Likitha
>>>>
>>>>
>>>>
>>>>>-----Original Message-----
>>>>
>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>
>>>>>Sent: Thursday, January 17, 2013 3:55 PM
>>>>
>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>
>>>>>dev@incubator.apache.org
>>>>
>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>
>>>>>VLANs per Tenant
>>>>
>>>>>
>>>>
>>>>>Yes, before reserving the public ip range we do verify if the
>>>>
>>>>>account/domain is exceeding the limit.
>>>>
>>>>>
>>>>
>>>>>Thank You,
>>>>
>>>>>Likitha
>>>>
>>>>>
>>>>
>>>>>>-----Original Message-----
>>>>
>>>>>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>>>
>>>>>>Sent: Thursday, January 17, 2013 3:50 PM
>>>>
>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>
>>>>>>dev@incubator.apache.org
>>>>
>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>
>>>>>>VLANs per Tenant
>>>>
>>>>>>
>>>>
>>>>>>Hi Likitha,
>>>>
>>>>>>
>>>>
>>>>>>Currently we can reserve the public IP range to an account. I would
>>>>
>>>>>>assume we are cross checking the account/domain limit for the max no
>>>>
>>>>>>of Public IP addresses while reserving the Public IP to an account?
>>>>
>>>>>>
>>>>
>>>>>>Please clarify.
>>>>
>>>>>>
>>>>
>>>>>>Thanks,
>>>>
>>>>>>Sailaja.M
>>>>
>>>>>>
>>>>
>>>>>>-----Original Message-----
>>>>
>>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>>
>>>>>>Sent: Thursday, January 10, 2013 7:43 PM
>>>>
>>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>>
>>>>>>dev@incubator.apache.org
>>>>
>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>
>>>>>>VLANs per Tenant
>>>>
>>>>>>
>>>>
>>>>>>For CreateVlanIpRange API call, we can set the account parameter to
>>>>
>>>>>>specify the VLAN owner. If specified, the Public IP's get allocated
>>>>>>to
>>>>
>>>>>>the account and the VLAN get dedicated to it. Could you please
>>>>>>clarify
>>>>
>>>>>>what the difference between this and the mentioned requirement is?
>>>>
>>>>>>
>>>>
>>>>>>But I couldn't figure out a way to release back the VLAN and the
>>>>
>>>>>>allocated IP's to the free pool. I achieved it by deleting the
>>>>>>VLAN-IP
>>>>
>>>>>>range and then adding it back to the system account. Is there a
>>>>>>better
>>>>
>>>>>>way to do it or do we need to implement this?
>>>>
>>>>>>
>>>>
>>>>>>Thank you,
>>>>
>>>>>>Likitha
>>>>
>>>>>>
>>>>
>>>>>>>-----Original Message-----
>>>>
>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>
>>>>>>>Sent: Friday, January 04, 2013 10:11 PM
>>>>
>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>
>>>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>
>>>>>>>VLANs per Tenant
>>>>
>>>>>>>
>>>>
>>>>>>>Thanks Tamas for bringing up additional requirements. I have
>>>>>>>updated
>>>>
>>>>>>>the requirements document.
>>>>
>>>>>>>
>>>>
>>>>>>>Regards,
>>>>
>>>>>>>Manan Shah
>>>>
>>>>>>>
>>>>
>>>>>>>
>>>>
>>>>>>>
>>>>
>>>>>>>
>>>>
>>>>>>>On 1/4/13 6:32 AM, "Tamas Monos"
>>>><ta...@veber.co.uk>> wrote:
>>>>
>>>>>>>
>>>>
>>>>>>>>+1
>>>>
>>>>>>>>
>>>>
>>>>>>>>Additional to the requirements:
>>>>
>>>>>>>>- Usage must reflect if these are assigned to an Account so the
>>>>
>>>>>>>>admin can see how many IP is allocated to the account.
>>>>
>>>>>>>>- On allocation it needs to check whether the required range is
>>>>
>>>>>>>>available (not in use) and conforms with the account limits
>>>>>>>>(cannot
>>>>
>>>>>>>>allocate more IPs than maximum IPs per account).
>>>>
>>>>>>>>
>>>>
>>>>>>>>Regards
>>>>
>>>>>>>>
>>>>
>>>>>>>>Tamas Monos DDI
>>>>
>>>>>>>>+44(0)2034687012
>>>>
>>>>>>>>Chief Technical Office
>>>>
>>>>>>>>+44(0)2034687000
>>>>
>>>>>>>>Veber: The Hosting Specialists Fax +44(0)871
>>>>>>>>522
>>>>
>>>>>>>>7057
>>>>
>>>>>>>>http://www.veber.co.uk
>>>>
>>>>>>>>
>>>>
>>>>>>>>Follow us on Twitter:
>>>>www.twitter.com/veberhost<http://www.twitter.com/veberhost> Follow us
>>>>on
>>>>Facebook:
>>>>
>>>>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberhost>
>>>>
>>>>>>>>
>>>>
>>>>>>>>
>>>>
>>>>>>>>-----Original Message-----
>>>>
>>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>
>>>>>>>>Sent: 22 December 2012 01:03
>>>>
>>>>>>>>To: cloudstack-users@incubator.apache.org
>>>>
>>>>>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>
>>>>>>>>VLANs per Tenant
>>>>
>>>>>>>>
>>>>
>>>>>>>>Hi,
>>>>
>>>>>>>>
>>>>
>>>>>>>>I would like to propose a new feature for dedicating IP Addresses
>>>>
>>>>>>>>and VLANs per Tenant. I have created a JIRA ticket and provided
>>>>>>>>the
>>>>
>>>>>>>>requirements at the following location. Please provide feedback
>>>>>>>>on
>>>>
>>>>>>>>the requirements.
>>>>
>>>>>>>>
>>>>
>>>>>>>>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>>
>>>>>>>>Requirements:
>>>>
>>>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+R
>>>>>>>>es
>>>>
>>>>>>>>o
>>>>
>>>>>>>>u
>>>>
>>>>>>>>r
>>>>
>>>>>>>>ces
>>>>
>>>>>>>>+
>>>>
>>>>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>>
>>>>>>>>
>>>>
>>>>>>>>Regards,
>>>>
>>>>>>>>Manan Shah
>>>>
>>>>>>>>
>>>>
>>>>>>>>
>>>>
>>>>>>>>
>>>>
>>>
>
RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Likitha Shetty <li...@citrix.com>.
Hi Manan,
Thanks for the feedback. Please find my answers inline.
Thank you,
Likitha
>-----Original Message-----
>From: Manan Shah
>Sent: Friday, February 22, 2013 10:28 AM
>To: Likitha Shetty; cloudstack-users@incubator.apache.org; cloudstack-
>dev@incubator.apache.org
>Cc: Manan Shah
>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per
>Tenant
>
>Hi Likitha,
>
>Comments in-line belowŠ. Also, please let us know once the FS is updated.
>
>Regards,
>Manan Shah
>
>
>
>
>On 2/19/13 8:59 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>
>>CCing Manan to comment on the requirements.
>>
>>>-----Original Message-----
>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>Sent: Friday, February 15, 2013 7:09 PM
>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>dev@incubator.apache.org
>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>VLANs per Tenant
>>>
>>>Hi All,
>>>
>>>This is with respect to Part 1 of the feature 'Dedicate Public IP range'
>>>which is
>>>already implemented in CS.
>>>Following is the observation wrt what is the current CS implementation
>>>and the proposed changes to the same,
>>>
>>>1. A public VLAN-IP range can only be associated to an account
>>>during the
>>>creation of the range
>>>Proposed change - Admin should be allowed to dedicate a range even
>>>after it has been created and also allowed to change the owner
>[Manan] Agreed with the functionality.
>>>
>>>2. If an admin associates an IP range to an account, all the IP's
>>>of that range
>>>get acquired by a single isolated network in that account
>
>[Manan] Why do you think this is the right functionality. What if the admin wants
>to allocate a public IP range to a account and wants to allow the tenant to create
>as many networks as they want and use this public IP range.
[Likitha] Manan, I agree. I don't think this is the right behavior. So the following is what currently happens in CS,
If an admin associates an IP range to an account, all the IP's of that range get acquired by a single isolated network in that account
1. If there are no isolated guest networks, a new network is created and all the IP's from the range are dedicated to the new network
2. If there is 1 isolated guest network, all the IP's from the range are dedicated to the existing network
3. If there are more than 1 isolated guest network CS throws an error
There are 2 possible changes we can introduce to resolve this,
1. During dedication we just mark this range of IP's as dedicated. And when the user acquires an IP for a particular network we allow the network to choose from the dedicated range.
2. During dedication when an account is chosen, the user also has the option to choose one of the network in the account which can acquire the IP's
I prefer the 1st solution because with the 2nd solution, one of the networks of the tenant will acquire all the IP's.
Thoughts?
>
>>>
>>>a. If there are no isolated guest networks, a new network is
>>>created and all
>>>the IP's from the range are dedicated to the new network
>>>
>>>b. If there is 1 isolated guest network, all the IP's from the
>>>range are
>>>dedicated to the existing network
>>>
>>>c. If there are more than 1 isolated guest network CS throws an
>>>error
>>>
>>> Proposed change - When an account is chosen, the user
>>>also has the option to choose the network in the account which can
>>>acquire the IP's
>>>
>>>3. When a network that has a dedicated IP range is deleted, the
>>>mapping
>>>between the account that owned the network and IP range persists. This
>>>implies that the admin sees that the range is associated to the
>>>account. But the IP's from this range can be acquired by any other
>>>account
>>>
>>>Proposed change - The IP range should no longer be owned by the
>>>account
>[Manan] Agree with the proposed change
>>>
>>>4. When an account is deleted the IP ranges dedicated to that
>>>account get
>>>deleted
>>>
>>>Proposed change - The range should be released back to the free pool
>>>instead
>
>[Manan] Agree with the proposed change. I am assuming if there are any public
>Ips that are in use (Loadbalancing, Port Forwarding, Static-NAT,
>etc) then they will remain as is.
>
>>>
>>>5. I see a potential starving scenario where a certain account
>>>that has
>>>dedicated range uses up all the IP's from the free pool as well
>>>
>>>Proposed change - Impose a configurable limit like say, at least one
>>>range should always belong to the free pool
>[Manan] Agree with the proposed change
>>>
>>>6. Even if a range is dedicated to an account, any network that
>>>belongs to
>>>this account including the one that has acquired the IP's can acquire
>>>more IP's from the free pool. This is because when we dedicate an IP
>>>range to an account, one of the networks of that account acquires all
>>>the IP's.
>>>
>>>Proposed change - During dedication we just mark this range of IP's as
>>>dedicated. And only when the user acquires an IP for a particular
>>>network we allow the network to choose from the dedicated range. If
>>>this change is implemented we will not run into issue #2.
>>>
>>>Please provide your feedback. I will publish an FS keeping in line
>>>with the requirements we decide upon.
>>>
>>>
>>>
>>>Thank you,
>>>
>>>Likitha
>>>
>>>
>>>
>>>-----Original Message-----
>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>Sent: Friday, January 18, 2013 5:11 PM
>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>dev@incubator.apache.org
>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>VLANs per Tenant
>>>
>>>
>>>
>>>In CloudStack we can already reserve the public IP range to an account
>>>but not release it back to the free pool, so how about we divide this
>>>requirement into 2 parts - 1) Dedicate Public IP range 2) Dedicate
>>>Guest VLAN's per tenant.
>>>
>>>
>>>
>>>Since Part 1 has already implemented, we need to only add the
>>>enhancement 'Add releasing these IP Address range to the free pool'. I
>>>will create an enhancement ticket to track this?
>>>
>>>As for Part 2, I will soon publish an FS based on the requirements.
>>>
>>>
>>>
>>>Any concerns?
>>>
>>>
>>>
>>>Thank you,
>>>
>>>Likitha
>>>
>>>
>>>
>>>>-----Original Message-----
>>>
>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>
>>>>Sent: Thursday, January 17, 2013 3:55 PM
>>>
>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>
>>>>dev@incubator.apache.org
>>>
>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>
>>>>VLANs per Tenant
>>>
>>>>
>>>
>>>>Yes, before reserving the public ip range we do verify if the
>>>
>>>>account/domain is exceeding the limit.
>>>
>>>>
>>>
>>>>Thank You,
>>>
>>>>Likitha
>>>
>>>>
>>>
>>>>>-----Original Message-----
>>>
>>>>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>>
>>>>>Sent: Thursday, January 17, 2013 3:50 PM
>>>
>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>
>>>>>dev@incubator.apache.org
>>>
>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>
>>>>>VLANs per Tenant
>>>
>>>>>
>>>
>>>>>Hi Likitha,
>>>
>>>>>
>>>
>>>>>Currently we can reserve the public IP range to an account. I would
>>>
>>>>>assume we are cross checking the account/domain limit for the max no
>>>
>>>>>of Public IP addresses while reserving the Public IP to an account?
>>>
>>>>>
>>>
>>>>>Please clarify.
>>>
>>>>>
>>>
>>>>>Thanks,
>>>
>>>>>Sailaja.M
>>>
>>>>>
>>>
>>>>>-----Original Message-----
>>>
>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>
>>>>>Sent: Thursday, January 10, 2013 7:43 PM
>>>
>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>
>>>>>dev@incubator.apache.org
>>>
>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>
>>>>>VLANs per Tenant
>>>
>>>>>
>>>
>>>>>For CreateVlanIpRange API call, we can set the account parameter to
>>>
>>>>>specify the VLAN owner. If specified, the Public IP's get allocated
>>>>>to
>>>
>>>>>the account and the VLAN get dedicated to it. Could you please
>>>>>clarify
>>>
>>>>>what the difference between this and the mentioned requirement is?
>>>
>>>>>
>>>
>>>>>But I couldn't figure out a way to release back the VLAN and the
>>>
>>>>>allocated IP's to the free pool. I achieved it by deleting the
>>>>>VLAN-IP
>>>
>>>>>range and then adding it back to the system account. Is there a
>>>>>better
>>>
>>>>>way to do it or do we need to implement this?
>>>
>>>>>
>>>
>>>>>Thank you,
>>>
>>>>>Likitha
>>>
>>>>>
>>>
>>>>>>-----Original Message-----
>>>
>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>
>>>>>>Sent: Friday, January 04, 2013 10:11 PM
>>>
>>>>>>To: cloudstack-users@incubator.apache.org
>>>
>>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>
>>>>>>VLANs per Tenant
>>>
>>>>>>
>>>
>>>>>>Thanks Tamas for bringing up additional requirements. I have
>>>>>>updated
>>>
>>>>>>the requirements document.
>>>
>>>>>>
>>>
>>>>>>Regards,
>>>
>>>>>>Manan Shah
>>>
>>>>>>
>>>
>>>>>>
>>>
>>>>>>
>>>
>>>>>>
>>>
>>>>>>On 1/4/13 6:32 AM, "Tamas Monos"
>>><ta...@veber.co.uk>> wrote:
>>>
>>>>>>
>>>
>>>>>>>+1
>>>
>>>>>>>
>>>
>>>>>>>Additional to the requirements:
>>>
>>>>>>>- Usage must reflect if these are assigned to an Account so the
>>>
>>>>>>>admin can see how many IP is allocated to the account.
>>>
>>>>>>>- On allocation it needs to check whether the required range is
>>>
>>>>>>>available (not in use) and conforms with the account limits
>>>>>>>(cannot
>>>
>>>>>>>allocate more IPs than maximum IPs per account).
>>>
>>>>>>>
>>>
>>>>>>>Regards
>>>
>>>>>>>
>>>
>>>>>>>Tamas Monos DDI
>>>
>>>>>>>+44(0)2034687012
>>>
>>>>>>>Chief Technical Office
>>>
>>>>>>>+44(0)2034687000
>>>
>>>>>>>Veber: The Hosting Specialists Fax +44(0)871
>>>>>>>522
>>>
>>>>>>>7057
>>>
>>>>>>>http://www.veber.co.uk
>>>
>>>>>>>
>>>
>>>>>>>Follow us on Twitter:
>>>www.twitter.com/veberhost<http://www.twitter.com/veberhost> Follow us
>>>on
>>>Facebook:
>>>
>>>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberhost>
>>>
>>>>>>>
>>>
>>>>>>>
>>>
>>>>>>>-----Original Message-----
>>>
>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>
>>>>>>>Sent: 22 December 2012 01:03
>>>
>>>>>>>To: cloudstack-users@incubator.apache.org
>>>
>>>>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>
>>>>>>>VLANs per Tenant
>>>
>>>>>>>
>>>
>>>>>>>Hi,
>>>
>>>>>>>
>>>
>>>>>>>I would like to propose a new feature for dedicating IP Addresses
>>>
>>>>>>>and VLANs per Tenant. I have created a JIRA ticket and provided
>>>>>>>the
>>>
>>>>>>>requirements at the following location. Please provide feedback
>>>>>>>on
>>>
>>>>>>>the requirements.
>>>
>>>>>>>
>>>
>>>>>>>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>
>>>>>>>Requirements:
>>>
>>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+R
>>>>>>>es
>>>
>>>>>>>o
>>>
>>>>>>>u
>>>
>>>>>>>r
>>>
>>>>>>>ces
>>>
>>>>>>>+
>>>
>>>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>
>>>>>>>
>>>
>>>>>>>Regards,
>>>
>>>>>>>Manan Shah
>>>
>>>>>>>
>>>
>>>>>>>
>>>
>>>>>>>
>>>
>>
RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Likitha Shetty <li...@citrix.com>.
Hi Manan,
Thanks for the feedback. Please find my answers inline.
Thank you,
Likitha
>-----Original Message-----
>From: Manan Shah
>Sent: Friday, February 22, 2013 10:28 AM
>To: Likitha Shetty; cloudstack-users@incubator.apache.org; cloudstack-
>dev@incubator.apache.org
>Cc: Manan Shah
>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per
>Tenant
>
>Hi Likitha,
>
>Comments in-line belowŠ. Also, please let us know once the FS is updated.
>
>Regards,
>Manan Shah
>
>
>
>
>On 2/19/13 8:59 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>
>>CCing Manan to comment on the requirements.
>>
>>>-----Original Message-----
>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>Sent: Friday, February 15, 2013 7:09 PM
>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>dev@incubator.apache.org
>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>VLANs per Tenant
>>>
>>>Hi All,
>>>
>>>This is with respect to Part 1 of the feature 'Dedicate Public IP range'
>>>which is
>>>already implemented in CS.
>>>Following is the observation wrt what is the current CS implementation
>>>and the proposed changes to the same,
>>>
>>>1. A public VLAN-IP range can only be associated to an account
>>>during the
>>>creation of the range
>>>Proposed change - Admin should be allowed to dedicate a range even
>>>after it has been created and also allowed to change the owner
>[Manan] Agreed with the functionality.
>>>
>>>2. If an admin associates an IP range to an account, all the IP's
>>>of that range
>>>get acquired by a single isolated network in that account
>
>[Manan] Why do you think this is the right functionality. What if the admin wants
>to allocate a public IP range to a account and wants to allow the tenant to create
>as many networks as they want and use this public IP range.
[Likitha] Manan, I agree. I don't think this is the right behavior. So the following is what currently happens in CS,
If an admin associates an IP range to an account, all the IP's of that range get acquired by a single isolated network in that account
1. If there are no isolated guest networks, a new network is created and all the IP's from the range are dedicated to the new network
2. If there is 1 isolated guest network, all the IP's from the range are dedicated to the existing network
3. If there are more than 1 isolated guest network CS throws an error
There are 2 possible changes we can introduce to resolve this,
1. During dedication we just mark this range of IP's as dedicated. And when the user acquires an IP for a particular network we allow the network to choose from the dedicated range.
2. During dedication when an account is chosen, the user also has the option to choose one of the network in the account which can acquire the IP's
I prefer the 1st solution because with the 2nd solution, one of the networks of the tenant will acquire all the IP's.
Thoughts?
>
>>>
>>>a. If there are no isolated guest networks, a new network is
>>>created and all
>>>the IP's from the range are dedicated to the new network
>>>
>>>b. If there is 1 isolated guest network, all the IP's from the
>>>range are
>>>dedicated to the existing network
>>>
>>>c. If there are more than 1 isolated guest network CS throws an
>>>error
>>>
>>> Proposed change - When an account is chosen, the user
>>>also has the option to choose the network in the account which can
>>>acquire the IP's
>>>
>>>3. When a network that has a dedicated IP range is deleted, the
>>>mapping
>>>between the account that owned the network and IP range persists. This
>>>implies that the admin sees that the range is associated to the
>>>account. But the IP's from this range can be acquired by any other
>>>account
>>>
>>>Proposed change - The IP range should no longer be owned by the
>>>account
>[Manan] Agree with the proposed change
>>>
>>>4. When an account is deleted the IP ranges dedicated to that
>>>account get
>>>deleted
>>>
>>>Proposed change - The range should be released back to the free pool
>>>instead
>
>[Manan] Agree with the proposed change. I am assuming if there are any public
>Ips that are in use (Loadbalancing, Port Forwarding, Static-NAT,
>etc) then they will remain as is.
>
>>>
>>>5. I see a potential starving scenario where a certain account
>>>that has
>>>dedicated range uses up all the IP's from the free pool as well
>>>
>>>Proposed change - Impose a configurable limit like say, at least one
>>>range should always belong to the free pool
>[Manan] Agree with the proposed change
>>>
>>>6. Even if a range is dedicated to an account, any network that
>>>belongs to
>>>this account including the one that has acquired the IP's can acquire
>>>more IP's from the free pool. This is because when we dedicate an IP
>>>range to an account, one of the networks of that account acquires all
>>>the IP's.
>>>
>>>Proposed change - During dedication we just mark this range of IP's as
>>>dedicated. And only when the user acquires an IP for a particular
>>>network we allow the network to choose from the dedicated range. If
>>>this change is implemented we will not run into issue #2.
>>>
>>>Please provide your feedback. I will publish an FS keeping in line
>>>with the requirements we decide upon.
>>>
>>>
>>>
>>>Thank you,
>>>
>>>Likitha
>>>
>>>
>>>
>>>-----Original Message-----
>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>Sent: Friday, January 18, 2013 5:11 PM
>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>dev@incubator.apache.org
>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>VLANs per Tenant
>>>
>>>
>>>
>>>In CloudStack we can already reserve the public IP range to an account
>>>but not release it back to the free pool, so how about we divide this
>>>requirement into 2 parts - 1) Dedicate Public IP range 2) Dedicate
>>>Guest VLAN's per tenant.
>>>
>>>
>>>
>>>Since Part 1 has already implemented, we need to only add the
>>>enhancement 'Add releasing these IP Address range to the free pool'. I
>>>will create an enhancement ticket to track this?
>>>
>>>As for Part 2, I will soon publish an FS based on the requirements.
>>>
>>>
>>>
>>>Any concerns?
>>>
>>>
>>>
>>>Thank you,
>>>
>>>Likitha
>>>
>>>
>>>
>>>>-----Original Message-----
>>>
>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>
>>>>Sent: Thursday, January 17, 2013 3:55 PM
>>>
>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>
>>>>dev@incubator.apache.org
>>>
>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>
>>>>VLANs per Tenant
>>>
>>>>
>>>
>>>>Yes, before reserving the public ip range we do verify if the
>>>
>>>>account/domain is exceeding the limit.
>>>
>>>>
>>>
>>>>Thank You,
>>>
>>>>Likitha
>>>
>>>>
>>>
>>>>>-----Original Message-----
>>>
>>>>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>>
>>>>>Sent: Thursday, January 17, 2013 3:50 PM
>>>
>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>
>>>>>dev@incubator.apache.org
>>>
>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>
>>>>>VLANs per Tenant
>>>
>>>>>
>>>
>>>>>Hi Likitha,
>>>
>>>>>
>>>
>>>>>Currently we can reserve the public IP range to an account. I would
>>>
>>>>>assume we are cross checking the account/domain limit for the max no
>>>
>>>>>of Public IP addresses while reserving the Public IP to an account?
>>>
>>>>>
>>>
>>>>>Please clarify.
>>>
>>>>>
>>>
>>>>>Thanks,
>>>
>>>>>Sailaja.M
>>>
>>>>>
>>>
>>>>>-----Original Message-----
>>>
>>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>>
>>>>>Sent: Thursday, January 10, 2013 7:43 PM
>>>
>>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>>
>>>>>dev@incubator.apache.org
>>>
>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>
>>>>>VLANs per Tenant
>>>
>>>>>
>>>
>>>>>For CreateVlanIpRange API call, we can set the account parameter to
>>>
>>>>>specify the VLAN owner. If specified, the Public IP's get allocated
>>>>>to
>>>
>>>>>the account and the VLAN get dedicated to it. Could you please
>>>>>clarify
>>>
>>>>>what the difference between this and the mentioned requirement is?
>>>
>>>>>
>>>
>>>>>But I couldn't figure out a way to release back the VLAN and the
>>>
>>>>>allocated IP's to the free pool. I achieved it by deleting the
>>>>>VLAN-IP
>>>
>>>>>range and then adding it back to the system account. Is there a
>>>>>better
>>>
>>>>>way to do it or do we need to implement this?
>>>
>>>>>
>>>
>>>>>Thank you,
>>>
>>>>>Likitha
>>>
>>>>>
>>>
>>>>>>-----Original Message-----
>>>
>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>
>>>>>>Sent: Friday, January 04, 2013 10:11 PM
>>>
>>>>>>To: cloudstack-users@incubator.apache.org
>>>
>>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>
>>>>>>VLANs per Tenant
>>>
>>>>>>
>>>
>>>>>>Thanks Tamas for bringing up additional requirements. I have
>>>>>>updated
>>>
>>>>>>the requirements document.
>>>
>>>>>>
>>>
>>>>>>Regards,
>>>
>>>>>>Manan Shah
>>>
>>>>>>
>>>
>>>>>>
>>>
>>>>>>
>>>
>>>>>>
>>>
>>>>>>On 1/4/13 6:32 AM, "Tamas Monos"
>>><ta...@veber.co.uk>> wrote:
>>>
>>>>>>
>>>
>>>>>>>+1
>>>
>>>>>>>
>>>
>>>>>>>Additional to the requirements:
>>>
>>>>>>>- Usage must reflect if these are assigned to an Account so the
>>>
>>>>>>>admin can see how many IP is allocated to the account.
>>>
>>>>>>>- On allocation it needs to check whether the required range is
>>>
>>>>>>>available (not in use) and conforms with the account limits
>>>>>>>(cannot
>>>
>>>>>>>allocate more IPs than maximum IPs per account).
>>>
>>>>>>>
>>>
>>>>>>>Regards
>>>
>>>>>>>
>>>
>>>>>>>Tamas Monos DDI
>>>
>>>>>>>+44(0)2034687012
>>>
>>>>>>>Chief Technical Office
>>>
>>>>>>>+44(0)2034687000
>>>
>>>>>>>Veber: The Hosting Specialists Fax +44(0)871
>>>>>>>522
>>>
>>>>>>>7057
>>>
>>>>>>>http://www.veber.co.uk
>>>
>>>>>>>
>>>
>>>>>>>Follow us on Twitter:
>>>www.twitter.com/veberhost<http://www.twitter.com/veberhost> Follow us
>>>on
>>>Facebook:
>>>
>>>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberhost>
>>>
>>>>>>>
>>>
>>>>>>>
>>>
>>>>>>>-----Original Message-----
>>>
>>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>
>>>>>>>Sent: 22 December 2012 01:03
>>>
>>>>>>>To: cloudstack-users@incubator.apache.org
>>>
>>>>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>
>>>>>>>VLANs per Tenant
>>>
>>>>>>>
>>>
>>>>>>>Hi,
>>>
>>>>>>>
>>>
>>>>>>>I would like to propose a new feature for dedicating IP Addresses
>>>
>>>>>>>and VLANs per Tenant. I have created a JIRA ticket and provided
>>>>>>>the
>>>
>>>>>>>requirements at the following location. Please provide feedback
>>>>>>>on
>>>
>>>>>>>the requirements.
>>>
>>>>>>>
>>>
>>>>>>>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>
>>>>>>>Requirements:
>>>
>>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+R
>>>>>>>es
>>>
>>>>>>>o
>>>
>>>>>>>u
>>>
>>>>>>>r
>>>
>>>>>>>ces
>>>
>>>>>>>+
>>>
>>>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>
>>>>>>>
>>>
>>>>>>>Regards,
>>>
>>>>>>>Manan Shah
>>>
>>>>>>>
>>>
>>>>>>>
>>>
>>>>>>>
>>>
>>
Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Manan Shah <ma...@citrix.com>.
Hi Likitha,
Comments in-line belowŠ. Also, please let us know once the FS is updated.
Regards,
Manan Shah
On 2/19/13 8:59 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>CCing Manan to comment on the requirements.
>
>>-----Original Message-----
>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>Sent: Friday, February 15, 2013 7:09 PM
>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>dev@incubator.apache.org
>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>VLANs per
>>Tenant
>>
>>Hi All,
>>
>>This is with respect to Part 1 of the feature 'Dedicate Public IP range'
>>which is
>>already implemented in CS.
>>Following is the observation wrt what is the current CS implementation
>>and the
>>proposed changes to the same,
>>
>>1. A public VLAN-IP range can only be associated to an account
>>during the
>>creation of the range
>>Proposed change - Admin should be allowed to dedicate a range even after
>>it
>>has been created and also allowed to change the owner
[Manan] Agreed with the functionality.
>>
>>2. If an admin associates an IP range to an account, all the IP's
>>of that range
>>get acquired by a single isolated network in that account
[Manan] Why do you think this is the right functionality. What if the
admin wants to allocate a public IP range to a account and wants to allow
the tenant to create as many networks as they want and use this public IP
range.
>>
>>a. If there are no isolated guest networks, a new network is
>>created and all
>>the IP's from the range are dedicated to the new network
>>
>>b. If there is 1 isolated guest network, all the IP's from the
>>range are
>>dedicated to the existing network
>>
>>c. If there are more than 1 isolated guest network CS throws an
>>error
>>
>> Proposed change - When an account is chosen, the user
>>also has the
>>option to choose the network in the account which can acquire the IP's
>>
>>3. When a network that has a dedicated IP range is deleted, the
>>mapping
>>between the account that owned the network and IP range persists. This
>>implies
>>that the admin sees that the range is associated to the account. But the
>>IP's from
>>this range can be acquired by any other account
>>
>>Proposed change - The IP range should no longer be owned by the account
[Manan] Agree with the proposed change
>>
>>4. When an account is deleted the IP ranges dedicated to that
>>account get
>>deleted
>>
>>Proposed change - The range should be released back to the free pool
>>instead
[Manan] Agree with the proposed change. I am assuming if there are any
public Ips that are in use (Loadbalancing, Port Forwarding, Static-NAT,
etc) then they will remain as is.
>>
>>5. I see a potential starving scenario where a certain account
>>that has
>>dedicated range uses up all the IP's from the free pool as well
>>
>>Proposed change - Impose a configurable limit like say, at least one
>>range
>>should always belong to the free pool
[Manan] Agree with the proposed change
>>
>>6. Even if a range is dedicated to an account, any network that
>>belongs to
>>this account including the one that has acquired the IP's can acquire
>>more IP's
>>from the free pool. This is because when we dedicate an IP range to an
>>account,
>>one of the networks of that account acquires all the IP's.
>>
>>Proposed change - During dedication we just mark this range of IP's as
>>dedicated. And only when the user acquires an IP for a particular
>>network we
>>allow the network to choose from the dedicated range. If this change is
>>implemented we will not run into issue #2.
>>
>>Please provide your feedback. I will publish an FS keeping in line with
>>the
>>requirements we decide upon.
>>
>>
>>
>>Thank you,
>>
>>Likitha
>>
>>
>>
>>-----Original Message-----
>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>Sent: Friday, January 18, 2013 5:11 PM
>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>dev@incubator.apache.org
>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>VLANs per
>>Tenant
>>
>>
>>
>>In CloudStack we can already reserve the public IP range to an account
>>but not
>>release it back to the free pool, so how about we divide this
>>requirement into 2
>>parts - 1) Dedicate Public IP range 2) Dedicate Guest VLAN's per tenant.
>>
>>
>>
>>Since Part 1 has already implemented, we need to only add the enhancement
>>'Add releasing these IP Address range to the free pool'. I will create an
>>enhancement ticket to track this?
>>
>>As for Part 2, I will soon publish an FS based on the requirements.
>>
>>
>>
>>Any concerns?
>>
>>
>>
>>Thank you,
>>
>>Likitha
>>
>>
>>
>>>-----Original Message-----
>>
>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>
>>>Sent: Thursday, January 17, 2013 3:55 PM
>>
>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>
>>>dev@incubator.apache.org
>>
>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>
>>>VLANs per Tenant
>>
>>>
>>
>>>Yes, before reserving the public ip range we do verify if the
>>
>>>account/domain is exceeding the limit.
>>
>>>
>>
>>>Thank You,
>>
>>>Likitha
>>
>>>
>>
>>>>-----Original Message-----
>>
>>>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>
>>>>Sent: Thursday, January 17, 2013 3:50 PM
>>
>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>
>>>>dev@incubator.apache.org
>>
>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>
>>>>VLANs per Tenant
>>
>>>>
>>
>>>>Hi Likitha,
>>
>>>>
>>
>>>>Currently we can reserve the public IP range to an account. I would
>>
>>>>assume we are cross checking the account/domain limit for the max no
>>
>>>>of Public IP addresses while reserving the Public IP to an account?
>>
>>>>
>>
>>>>Please clarify.
>>
>>>>
>>
>>>>Thanks,
>>
>>>>Sailaja.M
>>
>>>>
>>
>>>>-----Original Message-----
>>
>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>
>>>>Sent: Thursday, January 10, 2013 7:43 PM
>>
>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>
>>>>dev@incubator.apache.org
>>
>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>
>>>>VLANs per Tenant
>>
>>>>
>>
>>>>For CreateVlanIpRange API call, we can set the account parameter to
>>
>>>>specify the VLAN owner. If specified, the Public IP's get allocated to
>>
>>>>the account and the VLAN get dedicated to it. Could you please clarify
>>
>>>>what the difference between this and the mentioned requirement is?
>>
>>>>
>>
>>>>But I couldn't figure out a way to release back the VLAN and the
>>
>>>>allocated IP's to the free pool. I achieved it by deleting the VLAN-IP
>>
>>>>range and then adding it back to the system account. Is there a better
>>
>>>>way to do it or do we need to implement this?
>>
>>>>
>>
>>>>Thank you,
>>
>>>>Likitha
>>
>>>>
>>
>>>>>-----Original Message-----
>>
>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>
>>>>>Sent: Friday, January 04, 2013 10:11 PM
>>
>>>>>To: cloudstack-users@incubator.apache.org
>>
>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>
>>>>>VLANs per Tenant
>>
>>>>>
>>
>>>>>Thanks Tamas for bringing up additional requirements. I have updated
>>
>>>>>the requirements document.
>>
>>>>>
>>
>>>>>Regards,
>>
>>>>>Manan Shah
>>
>>>>>
>>
>>>>>
>>
>>>>>
>>
>>>>>
>>
>>>>>On 1/4/13 6:32 AM, "Tamas Monos"
>><ta...@veber.co.uk>> wrote:
>>
>>>>>
>>
>>>>>>+1
>>
>>>>>>
>>
>>>>>>Additional to the requirements:
>>
>>>>>>- Usage must reflect if these are assigned to an Account so the
>>
>>>>>>admin can see how many IP is allocated to the account.
>>
>>>>>>- On allocation it needs to check whether the required range is
>>
>>>>>>available (not in use) and conforms with the account limits (cannot
>>
>>>>>>allocate more IPs than maximum IPs per account).
>>
>>>>>>
>>
>>>>>>Regards
>>
>>>>>>
>>
>>>>>>Tamas Monos DDI
>>
>>>>>>+44(0)2034687012
>>
>>>>>>Chief Technical Office
>>
>>>>>>+44(0)2034687000
>>
>>>>>>Veber: The Hosting Specialists Fax +44(0)871
>>>>>>522
>>
>>>>>>7057
>>
>>>>>>http://www.veber.co.uk
>>
>>>>>>
>>
>>>>>>Follow us on Twitter:
>>www.twitter.com/veberhost<http://www.twitter.com/veberhost> Follow us on
>>Facebook:
>>
>>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberhost>
>>
>>>>>>
>>
>>>>>>
>>
>>>>>>-----Original Message-----
>>
>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>
>>>>>>Sent: 22 December 2012 01:03
>>
>>>>>>To: cloudstack-users@incubator.apache.org
>>
>>>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>
>>>>>>VLANs per Tenant
>>
>>>>>>
>>
>>>>>>Hi,
>>
>>>>>>
>>
>>>>>>I would like to propose a new feature for dedicating IP Addresses
>>
>>>>>>and VLANs per Tenant. I have created a JIRA ticket and provided the
>>
>>>>>>requirements at the following location. Please provide feedback on
>>
>>>>>>the requirements.
>>
>>>>>>
>>
>>>>>>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>
>>>>>>Requirements:
>>
>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Res
>>
>>>>>>o
>>
>>>>>>u
>>
>>>>>>r
>>
>>>>>>ces
>>
>>>>>>+
>>
>>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>
>>>>>>
>>
>>>>>>Regards,
>>
>>>>>>Manan Shah
>>
>>>>>>
>>
>>>>>>
>>
>>>>>>
>>
>
Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Manan Shah <ma...@citrix.com>.
Hi Likitha,
Comments in-line belowŠ. Also, please let us know once the FS is updated.
Regards,
Manan Shah
On 2/19/13 8:59 PM, "Likitha Shetty" <li...@citrix.com> wrote:
>CCing Manan to comment on the requirements.
>
>>-----Original Message-----
>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>Sent: Friday, February 15, 2013 7:09 PM
>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>dev@incubator.apache.org
>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>VLANs per
>>Tenant
>>
>>Hi All,
>>
>>This is with respect to Part 1 of the feature 'Dedicate Public IP range'
>>which is
>>already implemented in CS.
>>Following is the observation wrt what is the current CS implementation
>>and the
>>proposed changes to the same,
>>
>>1. A public VLAN-IP range can only be associated to an account
>>during the
>>creation of the range
>>Proposed change - Admin should be allowed to dedicate a range even after
>>it
>>has been created and also allowed to change the owner
[Manan] Agreed with the functionality.
>>
>>2. If an admin associates an IP range to an account, all the IP's
>>of that range
>>get acquired by a single isolated network in that account
[Manan] Why do you think this is the right functionality. What if the
admin wants to allocate a public IP range to a account and wants to allow
the tenant to create as many networks as they want and use this public IP
range.
>>
>>a. If there are no isolated guest networks, a new network is
>>created and all
>>the IP's from the range are dedicated to the new network
>>
>>b. If there is 1 isolated guest network, all the IP's from the
>>range are
>>dedicated to the existing network
>>
>>c. If there are more than 1 isolated guest network CS throws an
>>error
>>
>> Proposed change - When an account is chosen, the user
>>also has the
>>option to choose the network in the account which can acquire the IP's
>>
>>3. When a network that has a dedicated IP range is deleted, the
>>mapping
>>between the account that owned the network and IP range persists. This
>>implies
>>that the admin sees that the range is associated to the account. But the
>>IP's from
>>this range can be acquired by any other account
>>
>>Proposed change - The IP range should no longer be owned by the account
[Manan] Agree with the proposed change
>>
>>4. When an account is deleted the IP ranges dedicated to that
>>account get
>>deleted
>>
>>Proposed change - The range should be released back to the free pool
>>instead
[Manan] Agree with the proposed change. I am assuming if there are any
public Ips that are in use (Loadbalancing, Port Forwarding, Static-NAT,
etc) then they will remain as is.
>>
>>5. I see a potential starving scenario where a certain account
>>that has
>>dedicated range uses up all the IP's from the free pool as well
>>
>>Proposed change - Impose a configurable limit like say, at least one
>>range
>>should always belong to the free pool
[Manan] Agree with the proposed change
>>
>>6. Even if a range is dedicated to an account, any network that
>>belongs to
>>this account including the one that has acquired the IP's can acquire
>>more IP's
>>from the free pool. This is because when we dedicate an IP range to an
>>account,
>>one of the networks of that account acquires all the IP's.
>>
>>Proposed change - During dedication we just mark this range of IP's as
>>dedicated. And only when the user acquires an IP for a particular
>>network we
>>allow the network to choose from the dedicated range. If this change is
>>implemented we will not run into issue #2.
>>
>>Please provide your feedback. I will publish an FS keeping in line with
>>the
>>requirements we decide upon.
>>
>>
>>
>>Thank you,
>>
>>Likitha
>>
>>
>>
>>-----Original Message-----
>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>Sent: Friday, January 18, 2013 5:11 PM
>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>dev@incubator.apache.org
>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>VLANs per
>>Tenant
>>
>>
>>
>>In CloudStack we can already reserve the public IP range to an account
>>but not
>>release it back to the free pool, so how about we divide this
>>requirement into 2
>>parts - 1) Dedicate Public IP range 2) Dedicate Guest VLAN's per tenant.
>>
>>
>>
>>Since Part 1 has already implemented, we need to only add the enhancement
>>'Add releasing these IP Address range to the free pool'. I will create an
>>enhancement ticket to track this?
>>
>>As for Part 2, I will soon publish an FS based on the requirements.
>>
>>
>>
>>Any concerns?
>>
>>
>>
>>Thank you,
>>
>>Likitha
>>
>>
>>
>>>-----Original Message-----
>>
>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>
>>>Sent: Thursday, January 17, 2013 3:55 PM
>>
>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>
>>>dev@incubator.apache.org
>>
>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>
>>>VLANs per Tenant
>>
>>>
>>
>>>Yes, before reserving the public ip range we do verify if the
>>
>>>account/domain is exceeding the limit.
>>
>>>
>>
>>>Thank You,
>>
>>>Likitha
>>
>>>
>>
>>>>-----Original Message-----
>>
>>>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>
>>>>Sent: Thursday, January 17, 2013 3:50 PM
>>
>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>
>>>>dev@incubator.apache.org
>>
>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>
>>>>VLANs per Tenant
>>
>>>>
>>
>>>>Hi Likitha,
>>
>>>>
>>
>>>>Currently we can reserve the public IP range to an account. I would
>>
>>>>assume we are cross checking the account/domain limit for the max no
>>
>>>>of Public IP addresses while reserving the Public IP to an account?
>>
>>>>
>>
>>>>Please clarify.
>>
>>>>
>>
>>>>Thanks,
>>
>>>>Sailaja.M
>>
>>>>
>>
>>>>-----Original Message-----
>>
>>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>
>>>>Sent: Thursday, January 10, 2013 7:43 PM
>>
>>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>
>>>>dev@incubator.apache.org
>>
>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>
>>>>VLANs per Tenant
>>
>>>>
>>
>>>>For CreateVlanIpRange API call, we can set the account parameter to
>>
>>>>specify the VLAN owner. If specified, the Public IP's get allocated to
>>
>>>>the account and the VLAN get dedicated to it. Could you please clarify
>>
>>>>what the difference between this and the mentioned requirement is?
>>
>>>>
>>
>>>>But I couldn't figure out a way to release back the VLAN and the
>>
>>>>allocated IP's to the free pool. I achieved it by deleting the VLAN-IP
>>
>>>>range and then adding it back to the system account. Is there a better
>>
>>>>way to do it or do we need to implement this?
>>
>>>>
>>
>>>>Thank you,
>>
>>>>Likitha
>>
>>>>
>>
>>>>>-----Original Message-----
>>
>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>
>>>>>Sent: Friday, January 04, 2013 10:11 PM
>>
>>>>>To: cloudstack-users@incubator.apache.org
>>
>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>
>>>>>VLANs per Tenant
>>
>>>>>
>>
>>>>>Thanks Tamas for bringing up additional requirements. I have updated
>>
>>>>>the requirements document.
>>
>>>>>
>>
>>>>>Regards,
>>
>>>>>Manan Shah
>>
>>>>>
>>
>>>>>
>>
>>>>>
>>
>>>>>
>>
>>>>>On 1/4/13 6:32 AM, "Tamas Monos"
>><ta...@veber.co.uk>> wrote:
>>
>>>>>
>>
>>>>>>+1
>>
>>>>>>
>>
>>>>>>Additional to the requirements:
>>
>>>>>>- Usage must reflect if these are assigned to an Account so the
>>
>>>>>>admin can see how many IP is allocated to the account.
>>
>>>>>>- On allocation it needs to check whether the required range is
>>
>>>>>>available (not in use) and conforms with the account limits (cannot
>>
>>>>>>allocate more IPs than maximum IPs per account).
>>
>>>>>>
>>
>>>>>>Regards
>>
>>>>>>
>>
>>>>>>Tamas Monos DDI
>>
>>>>>>+44(0)2034687012
>>
>>>>>>Chief Technical Office
>>
>>>>>>+44(0)2034687000
>>
>>>>>>Veber: The Hosting Specialists Fax +44(0)871
>>>>>>522
>>
>>>>>>7057
>>
>>>>>>http://www.veber.co.uk
>>
>>>>>>
>>
>>>>>>Follow us on Twitter:
>>www.twitter.com/veberhost<http://www.twitter.com/veberhost> Follow us on
>>Facebook:
>>
>>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberhost>
>>
>>>>>>
>>
>>>>>>
>>
>>>>>>-----Original Message-----
>>
>>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>
>>>>>>Sent: 22 December 2012 01:03
>>
>>>>>>To: cloudstack-users@incubator.apache.org
>>
>>>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>
>>>>>>VLANs per Tenant
>>
>>>>>>
>>
>>>>>>Hi,
>>
>>>>>>
>>
>>>>>>I would like to propose a new feature for dedicating IP Addresses
>>
>>>>>>and VLANs per Tenant. I have created a JIRA ticket and provided the
>>
>>>>>>requirements at the following location. Please provide feedback on
>>
>>>>>>the requirements.
>>
>>>>>>
>>
>>>>>>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>
>>>>>>Requirements:
>>
>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Res
>>
>>>>>>o
>>
>>>>>>u
>>
>>>>>>r
>>
>>>>>>ces
>>
>>>>>>+
>>
>>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>
>>>>>>
>>
>>>>>>Regards,
>>
>>>>>>Manan Shah
>>
>>>>>>
>>
>>>>>>
>>
>>>>>>
>>
>
RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Likitha Shetty <li...@citrix.com>.
CCing Manan to comment on the requirements.
>-----Original Message-----
>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>Sent: Friday, February 15, 2013 7:09 PM
>To: cloudstack-users@incubator.apache.org; cloudstack-
>dev@incubator.apache.org
>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per
>Tenant
>
>Hi All,
>
>This is with respect to Part 1 of the feature 'Dedicate Public IP range' which is
>already implemented in CS.
>Following is the observation wrt what is the current CS implementation and the
>proposed changes to the same,
>
>1. A public VLAN-IP range can only be associated to an account during the
>creation of the range
>Proposed change - Admin should be allowed to dedicate a range even after it
>has been created and also allowed to change the owner
>
>2. If an admin associates an IP range to an account, all the IP's of that range
>get acquired by a single isolated network in that account
>
>a. If there are no isolated guest networks, a new network is created and all
>the IP's from the range are dedicated to the new network
>
>b. If there is 1 isolated guest network, all the IP's from the range are
>dedicated to the existing network
>
>c. If there are more than 1 isolated guest network CS throws an error
>
> Proposed change - When an account is chosen, the user also has the
>option to choose the network in the account which can acquire the IP's
>
>3. When a network that has a dedicated IP range is deleted, the mapping
>between the account that owned the network and IP range persists. This implies
>that the admin sees that the range is associated to the account. But the IP's from
>this range can be acquired by any other account
>
>Proposed change - The IP range should no longer be owned by the account
>
>4. When an account is deleted the IP ranges dedicated to that account get
>deleted
>
>Proposed change - The range should be released back to the free pool instead
>
>5. I see a potential starving scenario where a certain account that has
>dedicated range uses up all the IP's from the free pool as well
>
>Proposed change - Impose a configurable limit like say, at least one range
>should always belong to the free pool
>
>6. Even if a range is dedicated to an account, any network that belongs to
>this account including the one that has acquired the IP's can acquire more IP's
>from the free pool. This is because when we dedicate an IP range to an account,
>one of the networks of that account acquires all the IP's.
>
>Proposed change - During dedication we just mark this range of IP's as
>dedicated. And only when the user acquires an IP for a particular network we
>allow the network to choose from the dedicated range. If this change is
>implemented we will not run into issue #2.
>
>Please provide your feedback. I will publish an FS keeping in line with the
>requirements we decide upon.
>
>
>
>Thank you,
>
>Likitha
>
>
>
>-----Original Message-----
>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>Sent: Friday, January 18, 2013 5:11 PM
>To: cloudstack-users@incubator.apache.org; cloudstack-
>dev@incubator.apache.org
>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per
>Tenant
>
>
>
>In CloudStack we can already reserve the public IP range to an account but not
>release it back to the free pool, so how about we divide this requirement into 2
>parts - 1) Dedicate Public IP range 2) Dedicate Guest VLAN's per tenant.
>
>
>
>Since Part 1 has already implemented, we need to only add the enhancement
>'Add releasing these IP Address range to the free pool'. I will create an
>enhancement ticket to track this?
>
>As for Part 2, I will soon publish an FS based on the requirements.
>
>
>
>Any concerns?
>
>
>
>Thank you,
>
>Likitha
>
>
>
>>-----Original Message-----
>
>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>
>>Sent: Thursday, January 17, 2013 3:55 PM
>
>>To: cloudstack-users@incubator.apache.org; cloudstack-
>
>>dev@incubator.apache.org
>
>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>
>>VLANs per Tenant
>
>>
>
>>Yes, before reserving the public ip range we do verify if the
>
>>account/domain is exceeding the limit.
>
>>
>
>>Thank You,
>
>>Likitha
>
>>
>
>>>-----Original Message-----
>
>>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>
>>>Sent: Thursday, January 17, 2013 3:50 PM
>
>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>
>>>dev@incubator.apache.org
>
>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>
>>>VLANs per Tenant
>
>>>
>
>>>Hi Likitha,
>
>>>
>
>>>Currently we can reserve the public IP range to an account. I would
>
>>>assume we are cross checking the account/domain limit for the max no
>
>>>of Public IP addresses while reserving the Public IP to an account?
>
>>>
>
>>>Please clarify.
>
>>>
>
>>>Thanks,
>
>>>Sailaja.M
>
>>>
>
>>>-----Original Message-----
>
>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>
>>>Sent: Thursday, January 10, 2013 7:43 PM
>
>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>
>>>dev@incubator.apache.org
>
>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>
>>>VLANs per Tenant
>
>>>
>
>>>For CreateVlanIpRange API call, we can set the account parameter to
>
>>>specify the VLAN owner. If specified, the Public IP's get allocated to
>
>>>the account and the VLAN get dedicated to it. Could you please clarify
>
>>>what the difference between this and the mentioned requirement is?
>
>>>
>
>>>But I couldn't figure out a way to release back the VLAN and the
>
>>>allocated IP's to the free pool. I achieved it by deleting the VLAN-IP
>
>>>range and then adding it back to the system account. Is there a better
>
>>>way to do it or do we need to implement this?
>
>>>
>
>>>Thank you,
>
>>>Likitha
>
>>>
>
>>>>-----Original Message-----
>
>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>
>>>>Sent: Friday, January 04, 2013 10:11 PM
>
>>>>To: cloudstack-users@incubator.apache.org
>
>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>
>>>>VLANs per Tenant
>
>>>>
>
>>>>Thanks Tamas for bringing up additional requirements. I have updated
>
>>>>the requirements document.
>
>>>>
>
>>>>Regards,
>
>>>>Manan Shah
>
>>>>
>
>>>>
>
>>>>
>
>>>>
>
>>>>On 1/4/13 6:32 AM, "Tamas Monos"
><ta...@veber.co.uk>> wrote:
>
>>>>
>
>>>>>+1
>
>>>>>
>
>>>>>Additional to the requirements:
>
>>>>>- Usage must reflect if these are assigned to an Account so the
>
>>>>>admin can see how many IP is allocated to the account.
>
>>>>>- On allocation it needs to check whether the required range is
>
>>>>>available (not in use) and conforms with the account limits (cannot
>
>>>>>allocate more IPs than maximum IPs per account).
>
>>>>>
>
>>>>>Regards
>
>>>>>
>
>>>>>Tamas Monos DDI
>
>>>>>+44(0)2034687012
>
>>>>>Chief Technical Office
>
>>>>>+44(0)2034687000
>
>>>>>Veber: The Hosting Specialists Fax +44(0)871 522
>
>>>>>7057
>
>>>>>http://www.veber.co.uk
>
>>>>>
>
>>>>>Follow us on Twitter:
>www.twitter.com/veberhost<http://www.twitter.com/veberhost> Follow us on
>Facebook:
>
>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberhost>
>
>>>>>
>
>>>>>
>
>>>>>-----Original Message-----
>
>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>
>>>>>Sent: 22 December 2012 01:03
>
>>>>>To: cloudstack-users@incubator.apache.org
>
>>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and
>
>>>>>VLANs per Tenant
>
>>>>>
>
>>>>>Hi,
>
>>>>>
>
>>>>>I would like to propose a new feature for dedicating IP Addresses
>
>>>>>and VLANs per Tenant. I have created a JIRA ticket and provided the
>
>>>>>requirements at the following location. Please provide feedback on
>
>>>>>the requirements.
>
>>>>>
>
>>>>>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>
>>>>>Requirements:
>
>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Res
>
>>>>>o
>
>>>>>u
>
>>>>>r
>
>>>>>ces
>
>>>>>+
>
>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>
>>>>>
>
>>>>>Regards,
>
>>>>>Manan Shah
>
>>>>>
>
>>>>>
>
>>>>>
>
RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Likitha Shetty <li...@citrix.com>.
CCing Manan to comment on the requirements.
>-----Original Message-----
>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>Sent: Friday, February 15, 2013 7:09 PM
>To: cloudstack-users@incubator.apache.org; cloudstack-
>dev@incubator.apache.org
>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per
>Tenant
>
>Hi All,
>
>This is with respect to Part 1 of the feature 'Dedicate Public IP range' which is
>already implemented in CS.
>Following is the observation wrt what is the current CS implementation and the
>proposed changes to the same,
>
>1. A public VLAN-IP range can only be associated to an account during the
>creation of the range
>Proposed change - Admin should be allowed to dedicate a range even after it
>has been created and also allowed to change the owner
>
>2. If an admin associates an IP range to an account, all the IP's of that range
>get acquired by a single isolated network in that account
>
>a. If there are no isolated guest networks, a new network is created and all
>the IP's from the range are dedicated to the new network
>
>b. If there is 1 isolated guest network, all the IP's from the range are
>dedicated to the existing network
>
>c. If there are more than 1 isolated guest network CS throws an error
>
> Proposed change - When an account is chosen, the user also has the
>option to choose the network in the account which can acquire the IP's
>
>3. When a network that has a dedicated IP range is deleted, the mapping
>between the account that owned the network and IP range persists. This implies
>that the admin sees that the range is associated to the account. But the IP's from
>this range can be acquired by any other account
>
>Proposed change - The IP range should no longer be owned by the account
>
>4. When an account is deleted the IP ranges dedicated to that account get
>deleted
>
>Proposed change - The range should be released back to the free pool instead
>
>5. I see a potential starving scenario where a certain account that has
>dedicated range uses up all the IP's from the free pool as well
>
>Proposed change - Impose a configurable limit like say, at least one range
>should always belong to the free pool
>
>6. Even if a range is dedicated to an account, any network that belongs to
>this account including the one that has acquired the IP's can acquire more IP's
>from the free pool. This is because when we dedicate an IP range to an account,
>one of the networks of that account acquires all the IP's.
>
>Proposed change - During dedication we just mark this range of IP's as
>dedicated. And only when the user acquires an IP for a particular network we
>allow the network to choose from the dedicated range. If this change is
>implemented we will not run into issue #2.
>
>Please provide your feedback. I will publish an FS keeping in line with the
>requirements we decide upon.
>
>
>
>Thank you,
>
>Likitha
>
>
>
>-----Original Message-----
>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>Sent: Friday, January 18, 2013 5:11 PM
>To: cloudstack-users@incubator.apache.org; cloudstack-
>dev@incubator.apache.org
>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per
>Tenant
>
>
>
>In CloudStack we can already reserve the public IP range to an account but not
>release it back to the free pool, so how about we divide this requirement into 2
>parts - 1) Dedicate Public IP range 2) Dedicate Guest VLAN's per tenant.
>
>
>
>Since Part 1 has already implemented, we need to only add the enhancement
>'Add releasing these IP Address range to the free pool'. I will create an
>enhancement ticket to track this?
>
>As for Part 2, I will soon publish an FS based on the requirements.
>
>
>
>Any concerns?
>
>
>
>Thank you,
>
>Likitha
>
>
>
>>-----Original Message-----
>
>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>
>>Sent: Thursday, January 17, 2013 3:55 PM
>
>>To: cloudstack-users@incubator.apache.org; cloudstack-
>
>>dev@incubator.apache.org
>
>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>
>>VLANs per Tenant
>
>>
>
>>Yes, before reserving the public ip range we do verify if the
>
>>account/domain is exceeding the limit.
>
>>
>
>>Thank You,
>
>>Likitha
>
>>
>
>>>-----Original Message-----
>
>>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>
>>>Sent: Thursday, January 17, 2013 3:50 PM
>
>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>
>>>dev@incubator.apache.org
>
>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>
>>>VLANs per Tenant
>
>>>
>
>>>Hi Likitha,
>
>>>
>
>>>Currently we can reserve the public IP range to an account. I would
>
>>>assume we are cross checking the account/domain limit for the max no
>
>>>of Public IP addresses while reserving the Public IP to an account?
>
>>>
>
>>>Please clarify.
>
>>>
>
>>>Thanks,
>
>>>Sailaja.M
>
>>>
>
>>>-----Original Message-----
>
>>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>
>>>Sent: Thursday, January 10, 2013 7:43 PM
>
>>>To: cloudstack-users@incubator.apache.org; cloudstack-
>
>>>dev@incubator.apache.org
>
>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>
>>>VLANs per Tenant
>
>>>
>
>>>For CreateVlanIpRange API call, we can set the account parameter to
>
>>>specify the VLAN owner. If specified, the Public IP's get allocated to
>
>>>the account and the VLAN get dedicated to it. Could you please clarify
>
>>>what the difference between this and the mentioned requirement is?
>
>>>
>
>>>But I couldn't figure out a way to release back the VLAN and the
>
>>>allocated IP's to the free pool. I achieved it by deleting the VLAN-IP
>
>>>range and then adding it back to the system account. Is there a better
>
>>>way to do it or do we need to implement this?
>
>>>
>
>>>Thank you,
>
>>>Likitha
>
>>>
>
>>>>-----Original Message-----
>
>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>
>>>>Sent: Friday, January 04, 2013 10:11 PM
>
>>>>To: cloudstack-users@incubator.apache.org
>
>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>
>>>>VLANs per Tenant
>
>>>>
>
>>>>Thanks Tamas for bringing up additional requirements. I have updated
>
>>>>the requirements document.
>
>>>>
>
>>>>Regards,
>
>>>>Manan Shah
>
>>>>
>
>>>>
>
>>>>
>
>>>>
>
>>>>On 1/4/13 6:32 AM, "Tamas Monos"
><ta...@veber.co.uk>> wrote:
>
>>>>
>
>>>>>+1
>
>>>>>
>
>>>>>Additional to the requirements:
>
>>>>>- Usage must reflect if these are assigned to an Account so the
>
>>>>>admin can see how many IP is allocated to the account.
>
>>>>>- On allocation it needs to check whether the required range is
>
>>>>>available (not in use) and conforms with the account limits (cannot
>
>>>>>allocate more IPs than maximum IPs per account).
>
>>>>>
>
>>>>>Regards
>
>>>>>
>
>>>>>Tamas Monos DDI
>
>>>>>+44(0)2034687012
>
>>>>>Chief Technical Office
>
>>>>>+44(0)2034687000
>
>>>>>Veber: The Hosting Specialists Fax +44(0)871 522
>
>>>>>7057
>
>>>>>http://www.veber.co.uk
>
>>>>>
>
>>>>>Follow us on Twitter:
>www.twitter.com/veberhost<http://www.twitter.com/veberhost> Follow us on
>Facebook:
>
>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberhost>
>
>>>>>
>
>>>>>
>
>>>>>-----Original Message-----
>
>>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>
>>>>>Sent: 22 December 2012 01:03
>
>>>>>To: cloudstack-users@incubator.apache.org
>
>>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and
>
>>>>>VLANs per Tenant
>
>>>>>
>
>>>>>Hi,
>
>>>>>
>
>>>>>I would like to propose a new feature for dedicating IP Addresses
>
>>>>>and VLANs per Tenant. I have created a JIRA ticket and provided the
>
>>>>>requirements at the following location. Please provide feedback on
>
>>>>>the requirements.
>
>>>>>
>
>>>>>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>
>>>>>Requirements:
>
>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Res
>
>>>>>o
>
>>>>>u
>
>>>>>r
>
>>>>>ces
>
>>>>>+
>
>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>
>>>>>
>
>>>>>Regards,
>
>>>>>Manan Shah
>
>>>>>
>
>>>>>
>
>>>>>
>
RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Likitha Shetty <li...@citrix.com>.
Hi All,
This is with respect to Part 1 of the feature 'Dedicate Public IP range' which is already implemented in CS.
Following is the observation wrt what is the current CS implementation and the proposed changes to the same,
1. A public VLAN-IP range can only be associated to an account during the creation of the range
Proposed change - Admin should be allowed to dedicate a range even after it has been created and also allowed to change the owner
2. If an admin associates an IP range to an account, all the IP's of that range get acquired by a single isolated network in that account
a. If there are no isolated guest networks, a new network is created and all the IP's from the range are dedicated to the new network
b. If there is 1 isolated guest network, all the IP's from the range are dedicated to the existing network
c. If there are more than 1 isolated guest network CS throws an error
Proposed change - When an account is chosen, the user also has the option to choose the network in the account which can acquire the IP's
3. When a network that has a dedicated IP range is deleted, the mapping between the account that owned the network and IP range persists. This implies that the admin sees that the range is associated to the account. But the IP's from this range can be acquired by any other account
Proposed change - The IP range should no longer be owned by the account
4. When an account is deleted the IP ranges dedicated to that account get deleted
Proposed change - The range should be released back to the free pool instead
5. I see a potential starving scenario where a certain account that has dedicated range uses up all the IP's from the free pool as well
Proposed change - Impose a configurable limit like say, at least one range should always belong to the free pool
6. Even if a range is dedicated to an account, any network that belongs to this account including the one that has acquired the IP's can acquire more IP's from the free pool. This is because when we dedicate an IP range to an account, one of the networks of that account acquires all the IP's.
Proposed change - During dedication we just mark this range of IP's as dedicated. And only when the user acquires an IP for a particular network we allow the network to choose from the dedicated range. If this change is implemented we will not run into issue #2.
Please provide your feedback. I will publish an FS keeping in line with the requirements we decide upon.
Thank you,
Likitha
-----Original Message-----
From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
Sent: Friday, January 18, 2013 5:11 PM
To: cloudstack-users@incubator.apache.org; cloudstack-dev@incubator.apache.org
Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per Tenant
In CloudStack we can already reserve the public IP range to an account but not release it back to the free pool, so how about we divide this requirement into 2 parts - 1) Dedicate Public IP range 2) Dedicate Guest VLAN's per tenant.
Since Part 1 has already implemented, we need to only add the enhancement 'Add releasing these IP Address range to the free pool'. I will create an enhancement ticket to track this?
As for Part 2, I will soon publish an FS based on the requirements.
Any concerns?
Thank you,
Likitha
>-----Original Message-----
>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>Sent: Thursday, January 17, 2013 3:55 PM
>To: cloudstack-users@incubator.apache.org; cloudstack-
>dev@incubator.apache.org
>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>VLANs per Tenant
>
>Yes, before reserving the public ip range we do verify if the
>account/domain is exceeding the limit.
>
>Thank You,
>Likitha
>
>>-----Original Message-----
>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>Sent: Thursday, January 17, 2013 3:50 PM
>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>dev@incubator.apache.org
>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>VLANs per Tenant
>>
>>Hi Likitha,
>>
>>Currently we can reserve the public IP range to an account. I would
>>assume we are cross checking the account/domain limit for the max no
>>of Public IP addresses while reserving the Public IP to an account?
>>
>>Please clarify.
>>
>>Thanks,
>>Sailaja.M
>>
>>-----Original Message-----
>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>Sent: Thursday, January 10, 2013 7:43 PM
>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>dev@incubator.apache.org
>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>VLANs per Tenant
>>
>>For CreateVlanIpRange API call, we can set the account parameter to
>>specify the VLAN owner. If specified, the Public IP's get allocated to
>>the account and the VLAN get dedicated to it. Could you please clarify
>>what the difference between this and the mentioned requirement is?
>>
>>But I couldn't figure out a way to release back the VLAN and the
>>allocated IP's to the free pool. I achieved it by deleting the VLAN-IP
>>range and then adding it back to the system account. Is there a better
>>way to do it or do we need to implement this?
>>
>>Thank you,
>>Likitha
>>
>>>-----Original Message-----
>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>Sent: Friday, January 04, 2013 10:11 PM
>>>To: cloudstack-users@incubator.apache.org
>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>VLANs per Tenant
>>>
>>>Thanks Tamas for bringing up additional requirements. I have updated
>>>the requirements document.
>>>
>>>Regards,
>>>Manan Shah
>>>
>>>
>>>
>>>
>>>On 1/4/13 6:32 AM, "Tamas Monos" <ta...@veber.co.uk>> wrote:
>>>
>>>>+1
>>>>
>>>>Additional to the requirements:
>>>>- Usage must reflect if these are assigned to an Account so the
>>>>admin can see how many IP is allocated to the account.
>>>>- On allocation it needs to check whether the required range is
>>>>available (not in use) and conforms with the account limits (cannot
>>>>allocate more IPs than maximum IPs per account).
>>>>
>>>>Regards
>>>>
>>>>Tamas Monos DDI
>>>>+44(0)2034687012
>>>>Chief Technical Office
>>>>+44(0)2034687000
>>>>Veber: The Hosting Specialists Fax +44(0)871 522
>>>>7057
>>>>http://www.veber.co.uk
>>>>
>>>>Follow us on Twitter: www.twitter.com/veberhost<http://www.twitter.com/veberhost> Follow us on Facebook:
>>>>www.facebook.com/veberhost<http://www.facebook.com/veberhost>
>>>>
>>>>
>>>>-----Original Message-----
>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>Sent: 22 December 2012 01:03
>>>>To: cloudstack-users@incubator.apache.org
>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>VLANs per Tenant
>>>>
>>>>Hi,
>>>>
>>>>I would like to propose a new feature for dedicating IP Addresses
>>>>and VLANs per Tenant. I have created a JIRA ticket and provided the
>>>>requirements at the following location. Please provide feedback on
>>>>the requirements.
>>>>
>>>>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>>Requirements:
>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Res
>>>>o
>>>>u
>>>>r
>>>>ces
>>>>+
>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>>
>>>>Regards,
>>>>Manan Shah
>>>>
>>>>
>>>>
RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Likitha Shetty <li...@citrix.com>.
Hi All,
This is with respect to Part 1 of the feature 'Dedicate Public IP range' which is already implemented in CS.
Following is the observation wrt what is the current CS implementation and the proposed changes to the same,
1. A public VLAN-IP range can only be associated to an account during the creation of the range
Proposed change - Admin should be allowed to dedicate a range even after it has been created and also allowed to change the owner
2. If an admin associates an IP range to an account, all the IP's of that range get acquired by a single isolated network in that account
a. If there are no isolated guest networks, a new network is created and all the IP's from the range are dedicated to the new network
b. If there is 1 isolated guest network, all the IP's from the range are dedicated to the existing network
c. If there are more than 1 isolated guest network CS throws an error
Proposed change - When an account is chosen, the user also has the option to choose the network in the account which can acquire the IP's
3. When a network that has a dedicated IP range is deleted, the mapping between the account that owned the network and IP range persists. This implies that the admin sees that the range is associated to the account. But the IP's from this range can be acquired by any other account
Proposed change - The IP range should no longer be owned by the account
4. When an account is deleted the IP ranges dedicated to that account get deleted
Proposed change - The range should be released back to the free pool instead
5. I see a potential starving scenario where a certain account that has dedicated range uses up all the IP's from the free pool as well
Proposed change - Impose a configurable limit like say, at least one range should always belong to the free pool
6. Even if a range is dedicated to an account, any network that belongs to this account including the one that has acquired the IP's can acquire more IP's from the free pool. This is because when we dedicate an IP range to an account, one of the networks of that account acquires all the IP's.
Proposed change - During dedication we just mark this range of IP's as dedicated. And only when the user acquires an IP for a particular network we allow the network to choose from the dedicated range. If this change is implemented we will not run into issue #2.
Please provide your feedback. I will publish an FS keeping in line with the requirements we decide upon.
Thank you,
Likitha
-----Original Message-----
From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
Sent: Friday, January 18, 2013 5:11 PM
To: cloudstack-users@incubator.apache.org; cloudstack-dev@incubator.apache.org
Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per Tenant
In CloudStack we can already reserve the public IP range to an account but not release it back to the free pool, so how about we divide this requirement into 2 parts - 1) Dedicate Public IP range 2) Dedicate Guest VLAN's per tenant.
Since Part 1 has already implemented, we need to only add the enhancement 'Add releasing these IP Address range to the free pool'. I will create an enhancement ticket to track this?
As for Part 2, I will soon publish an FS based on the requirements.
Any concerns?
Thank you,
Likitha
>-----Original Message-----
>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>Sent: Thursday, January 17, 2013 3:55 PM
>To: cloudstack-users@incubator.apache.org; cloudstack-
>dev@incubator.apache.org
>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>VLANs per Tenant
>
>Yes, before reserving the public ip range we do verify if the
>account/domain is exceeding the limit.
>
>Thank You,
>Likitha
>
>>-----Original Message-----
>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>Sent: Thursday, January 17, 2013 3:50 PM
>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>dev@incubator.apache.org
>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>VLANs per Tenant
>>
>>Hi Likitha,
>>
>>Currently we can reserve the public IP range to an account. I would
>>assume we are cross checking the account/domain limit for the max no
>>of Public IP addresses while reserving the Public IP to an account?
>>
>>Please clarify.
>>
>>Thanks,
>>Sailaja.M
>>
>>-----Original Message-----
>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>Sent: Thursday, January 10, 2013 7:43 PM
>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>dev@incubator.apache.org
>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>VLANs per Tenant
>>
>>For CreateVlanIpRange API call, we can set the account parameter to
>>specify the VLAN owner. If specified, the Public IP's get allocated to
>>the account and the VLAN get dedicated to it. Could you please clarify
>>what the difference between this and the mentioned requirement is?
>>
>>But I couldn't figure out a way to release back the VLAN and the
>>allocated IP's to the free pool. I achieved it by deleting the VLAN-IP
>>range and then adding it back to the system account. Is there a better
>>way to do it or do we need to implement this?
>>
>>Thank you,
>>Likitha
>>
>>>-----Original Message-----
>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>Sent: Friday, January 04, 2013 10:11 PM
>>>To: cloudstack-users@incubator.apache.org
>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>VLANs per Tenant
>>>
>>>Thanks Tamas for bringing up additional requirements. I have updated
>>>the requirements document.
>>>
>>>Regards,
>>>Manan Shah
>>>
>>>
>>>
>>>
>>>On 1/4/13 6:32 AM, "Tamas Monos" <ta...@veber.co.uk>> wrote:
>>>
>>>>+1
>>>>
>>>>Additional to the requirements:
>>>>- Usage must reflect if these are assigned to an Account so the
>>>>admin can see how many IP is allocated to the account.
>>>>- On allocation it needs to check whether the required range is
>>>>available (not in use) and conforms with the account limits (cannot
>>>>allocate more IPs than maximum IPs per account).
>>>>
>>>>Regards
>>>>
>>>>Tamas Monos DDI
>>>>+44(0)2034687012
>>>>Chief Technical Office
>>>>+44(0)2034687000
>>>>Veber: The Hosting Specialists Fax +44(0)871 522
>>>>7057
>>>>http://www.veber.co.uk
>>>>
>>>>Follow us on Twitter: www.twitter.com/veberhost<http://www.twitter.com/veberhost> Follow us on Facebook:
>>>>www.facebook.com/veberhost<http://www.facebook.com/veberhost>
>>>>
>>>>
>>>>-----Original Message-----
>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>Sent: 22 December 2012 01:03
>>>>To: cloudstack-users@incubator.apache.org
>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>>VLANs per Tenant
>>>>
>>>>Hi,
>>>>
>>>>I would like to propose a new feature for dedicating IP Addresses
>>>>and VLANs per Tenant. I have created a JIRA ticket and provided the
>>>>requirements at the following location. Please provide feedback on
>>>>the requirements.
>>>>
>>>>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>>Requirements:
>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Res
>>>>o
>>>>u
>>>>r
>>>>ces
>>>>+
>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>>
>>>>Regards,
>>>>Manan Shah
>>>>
>>>>
>>>>
RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Likitha Shetty <li...@citrix.com>.
In CloudStack we can already reserve the public IP range to an account but not release it back to the free pool, so how about we divide this requirement into 2 parts - 1) Dedicate Public IP range 2) Dedicate Guest VLAN's per tenant.
Since Part 1 has already implemented, we need to only add the enhancement 'Add releasing these IP Address range to the free pool'. I will create an enhancement ticket to track this?
As for Part 2, I will soon publish an FS based on the requirements.
Any concerns?
Thank you,
Likitha
>-----Original Message-----
>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>Sent: Thursday, January 17, 2013 3:55 PM
>To: cloudstack-users@incubator.apache.org; cloudstack-
>dev@incubator.apache.org
>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per
>Tenant
>
>Yes, before reserving the public ip range we do verify if the account/domain is
>exceeding the limit.
>
>Thank You,
>Likitha
>
>>-----Original Message-----
>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>Sent: Thursday, January 17, 2013 3:50 PM
>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>dev@incubator.apache.org
>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>VLANs per Tenant
>>
>>Hi Likitha,
>>
>>Currently we can reserve the public IP range to an account. I would
>>assume we are cross checking the account/domain limit for the max no of
>>Public IP addresses while reserving the Public IP to an account?
>>
>>Please clarify.
>>
>>Thanks,
>>Sailaja.M
>>
>>-----Original Message-----
>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>Sent: Thursday, January 10, 2013 7:43 PM
>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>dev@incubator.apache.org
>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>VLANs per Tenant
>>
>>For CreateVlanIpRange API call, we can set the account parameter to
>>specify the VLAN owner. If specified, the Public IP's get allocated to
>>the account and the VLAN get dedicated to it. Could you please clarify
>>what the difference between this and the mentioned requirement is?
>>
>>But I couldn't figure out a way to release back the VLAN and the
>>allocated IP's to the free pool. I achieved it by deleting the VLAN-IP
>>range and then adding it back to the system account. Is there a better
>>way to do it or do we need to implement this?
>>
>>Thank you,
>>Likitha
>>
>>>-----Original Message-----
>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>Sent: Friday, January 04, 2013 10:11 PM
>>>To: cloudstack-users@incubator.apache.org
>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>VLANs per Tenant
>>>
>>>Thanks Tamas for bringing up additional requirements. I have updated
>>>the requirements document.
>>>
>>>Regards,
>>>Manan Shah
>>>
>>>
>>>
>>>
>>>On 1/4/13 6:32 AM, "Tamas Monos" <ta...@veber.co.uk> wrote:
>>>
>>>>+1
>>>>
>>>>Additional to the requirements:
>>>>- Usage must reflect if these are assigned to an Account so the admin
>>>>can see how many IP is allocated to the account.
>>>>- On allocation it needs to check whether the required range is
>>>>available (not in use) and conforms with the account limits (cannot
>>>>allocate more IPs than maximum IPs per account).
>>>>
>>>>Regards
>>>>
>>>>Tamas Monos DDI
>>>>+44(0)2034687012
>>>>Chief Technical Office
>>>>+44(0)2034687000
>>>>Veber: The Hosting Specialists Fax +44(0)871 522
>>>>7057
>>>>http://www.veber.co.uk
>>>>
>>>>Follow us on Twitter: www.twitter.com/veberhost Follow us on Facebook:
>>>>www.facebook.com/veberhost
>>>>
>>>>
>>>>-----Original Message-----
>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>Sent: 22 December 2012 01:03
>>>>To: cloudstack-users@incubator.apache.org
>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
>>>>per Tenant
>>>>
>>>>Hi,
>>>>
>>>>I would like to propose a new feature for dedicating IP Addresses and
>>>>VLANs per Tenant. I have created a JIRA ticket and provided the
>>>>requirements at the following location. Please provide feedback on
>>>>the requirements.
>>>>
>>>>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>>Requirements:
>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Reso
>>>>u
>>>>r
>>>>ces
>>>>+
>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>>
>>>>Regards,
>>>>Manan Shah
>>>>
>>>>
>>>>
RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Likitha Shetty <li...@citrix.com>.
In CloudStack we can already reserve the public IP range to an account but not release it back to the free pool, so how about we divide this requirement into 2 parts - 1) Dedicate Public IP range 2) Dedicate Guest VLAN's per tenant.
Since Part 1 has already implemented, we need to only add the enhancement 'Add releasing these IP Address range to the free pool'. I will create an enhancement ticket to track this?
As for Part 2, I will soon publish an FS based on the requirements.
Any concerns?
Thank you,
Likitha
>-----Original Message-----
>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>Sent: Thursday, January 17, 2013 3:55 PM
>To: cloudstack-users@incubator.apache.org; cloudstack-
>dev@incubator.apache.org
>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per
>Tenant
>
>Yes, before reserving the public ip range we do verify if the account/domain is
>exceeding the limit.
>
>Thank You,
>Likitha
>
>>-----Original Message-----
>>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>>Sent: Thursday, January 17, 2013 3:50 PM
>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>dev@incubator.apache.org
>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>VLANs per Tenant
>>
>>Hi Likitha,
>>
>>Currently we can reserve the public IP range to an account. I would
>>assume we are cross checking the account/domain limit for the max no of
>>Public IP addresses while reserving the Public IP to an account?
>>
>>Please clarify.
>>
>>Thanks,
>>Sailaja.M
>>
>>-----Original Message-----
>>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>>Sent: Thursday, January 10, 2013 7:43 PM
>>To: cloudstack-users@incubator.apache.org; cloudstack-
>>dev@incubator.apache.org
>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>VLANs per Tenant
>>
>>For CreateVlanIpRange API call, we can set the account parameter to
>>specify the VLAN owner. If specified, the Public IP's get allocated to
>>the account and the VLAN get dedicated to it. Could you please clarify
>>what the difference between this and the mentioned requirement is?
>>
>>But I couldn't figure out a way to release back the VLAN and the
>>allocated IP's to the free pool. I achieved it by deleting the VLAN-IP
>>range and then adding it back to the system account. Is there a better
>>way to do it or do we need to implement this?
>>
>>Thank you,
>>Likitha
>>
>>>-----Original Message-----
>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>Sent: Friday, January 04, 2013 10:11 PM
>>>To: cloudstack-users@incubator.apache.org
>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>>VLANs per Tenant
>>>
>>>Thanks Tamas for bringing up additional requirements. I have updated
>>>the requirements document.
>>>
>>>Regards,
>>>Manan Shah
>>>
>>>
>>>
>>>
>>>On 1/4/13 6:32 AM, "Tamas Monos" <ta...@veber.co.uk> wrote:
>>>
>>>>+1
>>>>
>>>>Additional to the requirements:
>>>>- Usage must reflect if these are assigned to an Account so the admin
>>>>can see how many IP is allocated to the account.
>>>>- On allocation it needs to check whether the required range is
>>>>available (not in use) and conforms with the account limits (cannot
>>>>allocate more IPs than maximum IPs per account).
>>>>
>>>>Regards
>>>>
>>>>Tamas Monos DDI
>>>>+44(0)2034687012
>>>>Chief Technical Office
>>>>+44(0)2034687000
>>>>Veber: The Hosting Specialists Fax +44(0)871 522
>>>>7057
>>>>http://www.veber.co.uk
>>>>
>>>>Follow us on Twitter: www.twitter.com/veberhost Follow us on Facebook:
>>>>www.facebook.com/veberhost
>>>>
>>>>
>>>>-----Original Message-----
>>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>>Sent: 22 December 2012 01:03
>>>>To: cloudstack-users@incubator.apache.org
>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
>>>>per Tenant
>>>>
>>>>Hi,
>>>>
>>>>I would like to propose a new feature for dedicating IP Addresses and
>>>>VLANs per Tenant. I have created a JIRA ticket and provided the
>>>>requirements at the following location. Please provide feedback on
>>>>the requirements.
>>>>
>>>>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>>Requirements:
>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Reso
>>>>u
>>>>r
>>>>ces
>>>>+
>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>>
>>>>Regards,
>>>>Manan Shah
>>>>
>>>>
>>>>
RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Likitha Shetty <li...@citrix.com>.
Yes, before reserving the public ip range we do verify if the account/domain is exceeding the limit.
Thank You,
Likitha
>-----Original Message-----
>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>Sent: Thursday, January 17, 2013 3:50 PM
>To: cloudstack-users@incubator.apache.org; cloudstack-
>dev@incubator.apache.org
>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per
>Tenant
>
>Hi Likitha,
>
>Currently we can reserve the public IP range to an account. I would assume we
>are cross checking the account/domain limit for the max no of Public IP
>addresses while reserving the Public IP to an account?
>
>Please clarify.
>
>Thanks,
>Sailaja.M
>
>-----Original Message-----
>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>Sent: Thursday, January 10, 2013 7:43 PM
>To: cloudstack-users@incubator.apache.org; cloudstack-
>dev@incubator.apache.org
>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per
>Tenant
>
>For CreateVlanIpRange API call, we can set the account parameter to specify the
>VLAN owner. If specified, the Public IP's get allocated to the account and the
>VLAN get dedicated to it. Could you please clarify what the difference between
>this and the mentioned requirement is?
>
>But I couldn't figure out a way to release back the VLAN and the allocated IP's to
>the free pool. I achieved it by deleting the VLAN-IP range and then adding it back
>to the system account. Is there a better way to do it or do we need to implement
>this?
>
>Thank you,
>Likitha
>
>>-----Original Message-----
>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>Sent: Friday, January 04, 2013 10:11 PM
>>To: cloudstack-users@incubator.apache.org
>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>VLANs per Tenant
>>
>>Thanks Tamas for bringing up additional requirements. I have updated
>>the requirements document.
>>
>>Regards,
>>Manan Shah
>>
>>
>>
>>
>>On 1/4/13 6:32 AM, "Tamas Monos" <ta...@veber.co.uk> wrote:
>>
>>>+1
>>>
>>>Additional to the requirements:
>>>- Usage must reflect if these are assigned to an Account so the admin
>>>can see how many IP is allocated to the account.
>>>- On allocation it needs to check whether the required range is
>>>available (not in use) and conforms with the account limits (cannot
>>>allocate more IPs than maximum IPs per account).
>>>
>>>Regards
>>>
>>>Tamas Monos DDI
>>>+44(0)2034687012
>>>Chief Technical Office
>>>+44(0)2034687000
>>>Veber: The Hosting Specialists Fax +44(0)871 522
>>>7057
>>>http://www.veber.co.uk
>>>
>>>Follow us on Twitter: www.twitter.com/veberhost Follow us on Facebook:
>>>www.facebook.com/veberhost
>>>
>>>
>>>-----Original Message-----
>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>Sent: 22 December 2012 01:03
>>>To: cloudstack-users@incubator.apache.org
>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
>>>per Tenant
>>>
>>>Hi,
>>>
>>>I would like to propose a new feature for dedicating IP Addresses and
>>>VLANs per Tenant. I have created a JIRA ticket and provided the
>>>requirements at the following location. Please provide feedback on
>>>the requirements.
>>>
>>>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>Requirements:
>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Resou
>>>r
>>>ces
>>>+
>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>
>>>Regards,
>>>Manan Shah
>>>
>>>
>>>
RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Likitha Shetty <li...@citrix.com>.
Yes, before reserving the public ip range we do verify if the account/domain is exceeding the limit.
Thank You,
Likitha
>-----Original Message-----
>From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>Sent: Thursday, January 17, 2013 3:50 PM
>To: cloudstack-users@incubator.apache.org; cloudstack-
>dev@incubator.apache.org
>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per
>Tenant
>
>Hi Likitha,
>
>Currently we can reserve the public IP range to an account. I would assume we
>are cross checking the account/domain limit for the max no of Public IP
>addresses while reserving the Public IP to an account?
>
>Please clarify.
>
>Thanks,
>Sailaja.M
>
>-----Original Message-----
>From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
>Sent: Thursday, January 10, 2013 7:43 PM
>To: cloudstack-users@incubator.apache.org; cloudstack-
>dev@incubator.apache.org
>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per
>Tenant
>
>For CreateVlanIpRange API call, we can set the account parameter to specify the
>VLAN owner. If specified, the Public IP's get allocated to the account and the
>VLAN get dedicated to it. Could you please clarify what the difference between
>this and the mentioned requirement is?
>
>But I couldn't figure out a way to release back the VLAN and the allocated IP's to
>the free pool. I achieved it by deleting the VLAN-IP range and then adding it back
>to the system account. Is there a better way to do it or do we need to implement
>this?
>
>Thank you,
>Likitha
>
>>-----Original Message-----
>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>Sent: Friday, January 04, 2013 10:11 PM
>>To: cloudstack-users@incubator.apache.org
>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>>VLANs per Tenant
>>
>>Thanks Tamas for bringing up additional requirements. I have updated
>>the requirements document.
>>
>>Regards,
>>Manan Shah
>>
>>
>>
>>
>>On 1/4/13 6:32 AM, "Tamas Monos" <ta...@veber.co.uk> wrote:
>>
>>>+1
>>>
>>>Additional to the requirements:
>>>- Usage must reflect if these are assigned to an Account so the admin
>>>can see how many IP is allocated to the account.
>>>- On allocation it needs to check whether the required range is
>>>available (not in use) and conforms with the account limits (cannot
>>>allocate more IPs than maximum IPs per account).
>>>
>>>Regards
>>>
>>>Tamas Monos DDI
>>>+44(0)2034687012
>>>Chief Technical Office
>>>+44(0)2034687000
>>>Veber: The Hosting Specialists Fax +44(0)871 522
>>>7057
>>>http://www.veber.co.uk
>>>
>>>Follow us on Twitter: www.twitter.com/veberhost Follow us on Facebook:
>>>www.facebook.com/veberhost
>>>
>>>
>>>-----Original Message-----
>>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>>Sent: 22 December 2012 01:03
>>>To: cloudstack-users@incubator.apache.org
>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
>>>per Tenant
>>>
>>>Hi,
>>>
>>>I would like to propose a new feature for dedicating IP Addresses and
>>>VLANs per Tenant. I have created a JIRA ticket and provided the
>>>requirements at the following location. Please provide feedback on
>>>the requirements.
>>>
>>>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>>Requirements:
>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Resou
>>>r
>>>ces
>>>+
>>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>>
>>>Regards,
>>>Manan Shah
>>>
>>>
>>>
RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Sailaja Mada <sa...@citrix.com>.
Hi Likitha,
Currently we can reserve the public IP range to an account. I would assume we are cross checking the account/domain limit for the max no of Public IP addresses while reserving the Public IP to an account?
Please clarify.
Thanks,
Sailaja.M
-----Original Message-----
From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
Sent: Thursday, January 10, 2013 7:43 PM
To: cloudstack-users@incubator.apache.org; cloudstack-dev@incubator.apache.org
Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per Tenant
For CreateVlanIpRange API call, we can set the account parameter to specify the VLAN owner. If specified, the Public IP's get allocated to the account and the VLAN get dedicated to it. Could you please clarify what the difference between this and the mentioned requirement is?
But I couldn't figure out a way to release back the VLAN and the allocated IP's to the free pool. I achieved it by deleting the VLAN-IP range and then adding it back to the system account. Is there a better way to do it or do we need to implement this?
Thank you,
Likitha
>-----Original Message-----
>From: Manan Shah [mailto:manan.shah@citrix.com]
>Sent: Friday, January 04, 2013 10:11 PM
>To: cloudstack-users@incubator.apache.org
>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>VLANs per Tenant
>
>Thanks Tamas for bringing up additional requirements. I have updated
>the requirements document.
>
>Regards,
>Manan Shah
>
>
>
>
>On 1/4/13 6:32 AM, "Tamas Monos" <ta...@veber.co.uk> wrote:
>
>>+1
>>
>>Additional to the requirements:
>>- Usage must reflect if these are assigned to an Account so the admin
>>can see how many IP is allocated to the account.
>>- On allocation it needs to check whether the required range is
>>available (not in use) and conforms with the account limits (cannot
>>allocate more IPs than maximum IPs per account).
>>
>>Regards
>>
>>Tamas Monos DDI
>>+44(0)2034687012
>>Chief Technical Office
>>+44(0)2034687000
>>Veber: The Hosting Specialists Fax +44(0)871 522
>>7057
>>http://www.veber.co.uk
>>
>>Follow us on Twitter: www.twitter.com/veberhost Follow us on Facebook:
>>www.facebook.com/veberhost
>>
>>
>>-----Original Message-----
>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>Sent: 22 December 2012 01:03
>>To: cloudstack-users@incubator.apache.org
>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
>>per Tenant
>>
>>Hi,
>>
>>I would like to propose a new feature for dedicating IP Addresses and
>>VLANs per Tenant. I have created a JIRA ticket and provided the
>>requirements at the following location. Please provide feedback on
>>the requirements.
>>
>>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>Requirements:
>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Resou
>>r
>>ces
>>+
>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>
>>Regards,
>>Manan Shah
>>
>>
>>
RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Sailaja Mada <sa...@citrix.com>.
Hi Likitha,
Currently we can reserve the public IP range to an account. I would assume we are cross checking the account/domain limit for the max no of Public IP addresses while reserving the Public IP to an account?
Please clarify.
Thanks,
Sailaja.M
-----Original Message-----
From: Likitha Shetty [mailto:likitha.shetty@citrix.com]
Sent: Thursday, January 10, 2013 7:43 PM
To: cloudstack-users@incubator.apache.org; cloudstack-dev@incubator.apache.org
Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per Tenant
For CreateVlanIpRange API call, we can set the account parameter to specify the VLAN owner. If specified, the Public IP's get allocated to the account and the VLAN get dedicated to it. Could you please clarify what the difference between this and the mentioned requirement is?
But I couldn't figure out a way to release back the VLAN and the allocated IP's to the free pool. I achieved it by deleting the VLAN-IP range and then adding it back to the system account. Is there a better way to do it or do we need to implement this?
Thank you,
Likitha
>-----Original Message-----
>From: Manan Shah [mailto:manan.shah@citrix.com]
>Sent: Friday, January 04, 2013 10:11 PM
>To: cloudstack-users@incubator.apache.org
>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and
>VLANs per Tenant
>
>Thanks Tamas for bringing up additional requirements. I have updated
>the requirements document.
>
>Regards,
>Manan Shah
>
>
>
>
>On 1/4/13 6:32 AM, "Tamas Monos" <ta...@veber.co.uk> wrote:
>
>>+1
>>
>>Additional to the requirements:
>>- Usage must reflect if these are assigned to an Account so the admin
>>can see how many IP is allocated to the account.
>>- On allocation it needs to check whether the required range is
>>available (not in use) and conforms with the account limits (cannot
>>allocate more IPs than maximum IPs per account).
>>
>>Regards
>>
>>Tamas Monos DDI
>>+44(0)2034687012
>>Chief Technical Office
>>+44(0)2034687000
>>Veber: The Hosting Specialists Fax +44(0)871 522
>>7057
>>http://www.veber.co.uk
>>
>>Follow us on Twitter: www.twitter.com/veberhost Follow us on Facebook:
>>www.facebook.com/veberhost
>>
>>
>>-----Original Message-----
>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>Sent: 22 December 2012 01:03
>>To: cloudstack-users@incubator.apache.org
>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
>>per Tenant
>>
>>Hi,
>>
>>I would like to propose a new feature for dedicating IP Addresses and
>>VLANs per Tenant. I have created a JIRA ticket and provided the
>>requirements at the following location. Please provide feedback on
>>the requirements.
>>
>>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>Requirements:
>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Resou
>>r
>>ces
>>+
>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>
>>Regards,
>>Manan Shah
>>
>>
>>
RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Likitha Shetty <li...@citrix.com>.
For CreateVlanIpRange API call, we can set the account parameter to specify the VLAN owner. If specified, the Public IP's get allocated to the account and the VLAN get dedicated to it. Could you please clarify what the difference between this and the mentioned requirement is?
But I couldn't figure out a way to release back the VLAN and the allocated IP's to the free pool. I achieved it by deleting the VLAN-IP range and then adding it back to the system account. Is there a better way to do it or do we need to implement this?
Thank you,
Likitha
>-----Original Message-----
>From: Manan Shah [mailto:manan.shah@citrix.com]
>Sent: Friday, January 04, 2013 10:11 PM
>To: cloudstack-users@incubator.apache.org
>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per
>Tenant
>
>Thanks Tamas for bringing up additional requirements. I have updated the
>requirements document.
>
>Regards,
>Manan Shah
>
>
>
>
>On 1/4/13 6:32 AM, "Tamas Monos" <ta...@veber.co.uk> wrote:
>
>>+1
>>
>>Additional to the requirements:
>>- Usage must reflect if these are assigned to an Account so the admin
>>can see how many IP is allocated to the account.
>>- On allocation it needs to check whether the required range is
>>available (not in use) and conforms with the account limits (cannot
>>allocate more IPs than maximum IPs per account).
>>
>>Regards
>>
>>Tamas Monos DDI
>>+44(0)2034687012
>>Chief Technical Office
>>+44(0)2034687000
>>Veber: The Hosting Specialists Fax +44(0)871 522
>>7057
>>http://www.veber.co.uk
>>
>>Follow us on Twitter: www.twitter.com/veberhost Follow us on Facebook:
>>www.facebook.com/veberhost
>>
>>
>>-----Original Message-----
>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>Sent: 22 December 2012 01:03
>>To: cloudstack-users@incubator.apache.org
>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
>>per Tenant
>>
>>Hi,
>>
>>I would like to propose a new feature for dedicating IP Addresses and
>>VLANs per Tenant. I have created a JIRA ticket and provided the
>>requirements at the following location. Please provide feedback on the
>>requirements.
>>
>>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>Requirements:
>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Resour
>>ces
>>+
>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>
>>Regards,
>>Manan Shah
>>
>>
>>
RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Likitha Shetty <li...@citrix.com>.
For CreateVlanIpRange API call, we can set the account parameter to specify the VLAN owner. If specified, the Public IP's get allocated to the account and the VLAN get dedicated to it. Could you please clarify what the difference between this and the mentioned requirement is?
But I couldn't figure out a way to release back the VLAN and the allocated IP's to the free pool. I achieved it by deleting the VLAN-IP range and then adding it back to the system account. Is there a better way to do it or do we need to implement this?
Thank you,
Likitha
>-----Original Message-----
>From: Manan Shah [mailto:manan.shah@citrix.com]
>Sent: Friday, January 04, 2013 10:11 PM
>To: cloudstack-users@incubator.apache.org
>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per
>Tenant
>
>Thanks Tamas for bringing up additional requirements. I have updated the
>requirements document.
>
>Regards,
>Manan Shah
>
>
>
>
>On 1/4/13 6:32 AM, "Tamas Monos" <ta...@veber.co.uk> wrote:
>
>>+1
>>
>>Additional to the requirements:
>>- Usage must reflect if these are assigned to an Account so the admin
>>can see how many IP is allocated to the account.
>>- On allocation it needs to check whether the required range is
>>available (not in use) and conforms with the account limits (cannot
>>allocate more IPs than maximum IPs per account).
>>
>>Regards
>>
>>Tamas Monos DDI
>>+44(0)2034687012
>>Chief Technical Office
>>+44(0)2034687000
>>Veber: The Hosting Specialists Fax +44(0)871 522
>>7057
>>http://www.veber.co.uk
>>
>>Follow us on Twitter: www.twitter.com/veberhost Follow us on Facebook:
>>www.facebook.com/veberhost
>>
>>
>>-----Original Message-----
>>From: Manan Shah [mailto:manan.shah@citrix.com]
>>Sent: 22 December 2012 01:03
>>To: cloudstack-users@incubator.apache.org
>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
>>per Tenant
>>
>>Hi,
>>
>>I would like to propose a new feature for dedicating IP Addresses and
>>VLANs per Tenant. I have created a JIRA ticket and provided the
>>requirements at the following location. Please provide feedback on the
>>requirements.
>>
>>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>>Requirements:
>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Resour
>>ces
>>+
>>-+Public+IP+Addresses+and+VLANs+per+Tenant
>>
>>Regards,
>>Manan Shah
>>
>>
>>
Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Manan Shah <ma...@citrix.com>.
Thanks Tamas for bringing up additional requirements. I have updated the
requirements document.
Regards,
Manan Shah
On 1/4/13 6:32 AM, "Tamas Monos" <ta...@veber.co.uk> wrote:
>+1
>
>Additional to the requirements:
>- Usage must reflect if these are assigned to an Account so the admin can
>see how many IP is allocated to the account.
>- On allocation it needs to check whether the required range is available
>(not in use) and conforms with the account limits (cannot allocate more
>IPs than maximum IPs per account).
>
>Regards
>
>Tamas Monos DDI
>+44(0)2034687012
>Chief Technical Office
>+44(0)2034687000
>Veber: The Hosting Specialists Fax +44(0)871 522
>7057
>http://www.veber.co.uk
>
>Follow us on Twitter: www.twitter.com/veberhost
>Follow us on Facebook: www.facebook.com/veberhost
>
>
>-----Original Message-----
>From: Manan Shah [mailto:manan.shah@citrix.com]
>Sent: 22 December 2012 01:03
>To: cloudstack-users@incubator.apache.org
>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per
>Tenant
>
>Hi,
>
>I would like to propose a new feature for dedicating IP Addresses and
>VLANs per Tenant. I have created a JIRA ticket and provided the
>requirements at the following location. Please provide feedback on the
>requirements.
>
>JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
>Requirements:
>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Resources
>+
>-+Public+IP+Addresses+and+VLANs+per+Tenant
>
>Regards,
>Manan Shah
>
>
>
RE: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs
per Tenant
Posted by Tamas Monos <ta...@veber.co.uk>.
+1
Additional to the requirements:
- Usage must reflect if these are assigned to an Account so the admin can see how many IP is allocated to the account.
- On allocation it needs to check whether the required range is available (not in use) and conforms with the account limits (cannot allocate more IPs than maximum IPs per account).
Regards
Tamas Monos DDI +44(0)2034687012
Chief Technical Office +44(0)2034687000
Veber: The Hosting Specialists Fax +44(0)871 522 7057
http://www.veber.co.uk
Follow us on Twitter: www.twitter.com/veberhost
Follow us on Facebook: www.facebook.com/veberhost
-----Original Message-----
From: Manan Shah [mailto:manan.shah@citrix.com]
Sent: 22 December 2012 01:03
To: cloudstack-users@incubator.apache.org
Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per Tenant
Hi,
I would like to propose a new feature for dedicating IP Addresses and VLANs per Tenant. I have created a JIRA ticket and provided the requirements at the following location. Please provide feedback on the requirements.
JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-704
Requirements:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicated+Resources+
-+Public+IP+Addresses+and+VLANs+per+Tenant
Regards,
Manan Shah