You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cloudstack.apache.org by Steve Searles <st...@zimcom.net> on 2013/08/01 20:43:35 UTC

Shared Network Issue HELP?!

Hello everyone,  I am new to Cloudstack and have it deployed in our lab currently so go easy :)  I have everything working as expected with the advanced network zone, vmware support,  and multiple vlan isolation working properly.  I have a few questions I would like to ask here about networking options inside Cloudstack that I was unable to acertain from the documentation. Hopefully one of you guys can steer me in the right direction.

MY LAB SETUP
Cloudstack 4.1.0 (Compiled from Source w/vmware support)
Zone1- Advanced –
            MGMT(untagged): 172.29.16.0/21
            STORAGE(untagged): 172.29.16.0/21
            GUEST(VLAN 601): 172.29.24.0/21
            PUBLIC(VLAN 602): x.x.x.x/24

Currently I create an account and can add a guest network, the virtual router deploys properly assigns the necessary vlan for the isolated network  the guest IP is assigned and a public ip is assigned from the public IP pool as expected this works properly (Awesome).  Deploying a VPC under a user account functions properly as well (Very Cool).  What I am looking for is a configuration that I guess be best described as a shared isolated network? Where an instance is provisioned and assigned an rfc1918 address from a large guest pool much like I have currently setup with the “Default Shared Network”. And a user can request an IP be assigned from the public pool and create pat/nat translations and firewall rules just as on the isolated network I tested.  This is for a multi-tennent setup where each user does not need to create their own guest network and vlan isolation between accounts is not necessary thus no need to burn a vlan and a vrouter for every customer account.  Based on what I am seeing this functionality seems to already be present.  If I provision and instance on the Default Shared Network (VLAN601) in my setup, the machine is assigned the proper RFC1918 address from the pool but when I try to allocate a public ip from the network tab I receive the allocation error below.  Should this functionality even work? The problem seems obvious but I don’t see where I can make the owners match even using cloudmokey.

2013-08-01 13:12:32,000 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-21:job-269) Access to Acct[4-zimcom] granted to Acct[4-zimcom] by DomainChecker_EnhancerByCloudStack_dd56169d
2013-08-01 13:12:32,020 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-21:job-269) Access to Ip[209.212.252.6-1] granted to Acct[4-zimcom] by DomainChecker_EnhancerByCloudStack_dd56169d
2013-08-01 13:12:32,031 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-21:job-269) Access to Ntwk[204|Guest|7] granted to Acct[4-zimcom] by DomainChecker_EnhancerByCloudStack_dd56169d
2013-08-01 13:12:32,042 ERROR [cloud.async.AsyncJobManagerImpl] (Job-Executor-21:job-269) Unexpected exception while executing org.apache.cloudstack.api.command.user.address.AssociateIPAddrCmd
com.cloud.exception.InvalidParameterValueException: The owner of the network is not the same as owner of the IP
            at com.cloud.network.NetworkManagerImpl.associateIPToGuestNetwork(NetworkManagerImpl.java:744)
            at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
            at com.cloud.network.NetworkServiceImpl.associateIPToNetwork(NetworkServiceImpl.java:2852)
            at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
            at org.apache.cloudstack.api.command.user.address.AssociateIPAddrCmd.execute(AssociateIPAddrC





 I also created a second zone with basic networking but I did not see a way to accomplish this with that setup either as it looks like the machine is directly assigned a public address and access control is handled via SG’s with ingress and egress filtering.

Can anyone help me out?
Thanks in Advance.

Steve Searles
http://www.zimcom.net
Phone. (513)231-9500
Fax. (513)624-3909
Toll Free. (888)624-3910

Re: Shared Network Issue HELP?!

Posted by Steve Searles <st...@zimcom.net>.

After posting this I thought about it more and answered my own question.  I see this type of setup being a management nightmare, e.g. rouge dhcp servers or anything else a user would attempt without the proper vlan/pvlan segmentation on the guest network in place it would be a hot mess.   Thanks Guys! 

Steve Searles
Zimcom Internet Solutions, Inc.
http://www.zimcom.net
Phone. (513)231-9500
Fax. (513)624-3909
Toll Free. (888)624-3910

On Aug 1, 2013, at 2:43 PM, Steve Searles <st...@zimcom.net>
 wrote:

> 
> Hello everyone,  I am new to Cloudstack and have it deployed in our lab currently so go easy :)  I have everything working as expected with the advanced network zone, vmware support,  and multiple vlan isolation working properly.  I have a few questions I would like to ask here about networking options inside Cloudstack that I was unable to acertain from the documentation. Hopefully one of you guys can steer me in the right direction.
> 
> MY LAB SETUP
> Cloudstack 4.1.0 (Compiled from Source w/vmware support)
> Zone1- Advanced –
>            MGMT(untagged): 172.29.16.0/21
>            STORAGE(untagged): 172.29.16.0/21
>            GUEST(VLAN 601): 172.29.24.0/21
>            PUBLIC(VLAN 602): x.x.x.x/24
> 
> Currently I create an account and can add a guest network, the virtual router deploys properly assigns the necessary vlan for the isolated network  the guest IP is assigned and a public ip is assigned from the public IP pool as expected this works properly (Awesome).  Deploying a VPC under a user account functions properly as well (Very Cool).  What I am looking for is a configuration that I guess be best described as a shared isolated network? Where an instance is provisioned and assigned an rfc1918 address from a large guest pool much like I have currently setup with the “Default Shared Network”. And a user can request an IP be assigned from the public pool and create pat/nat translations and firewall rules just as on the isolated network I tested.  This is for a multi-tennent setup where each user does not need to create their own guest network and vlan isolation between accounts is not necessary thus no need to burn a vlan and a vrouter for every customer account.  Based on what I am seeing this functionality seems to already be present.  If I provision and instance on the Default Shared Network (VLAN601) in my setup, the machine is assigned the proper RFC1918 address from the pool but when I try to allocate a public ip from the network tab I receive the allocation error below.  Should this functionality even work? The problem seems obvious but I don’t see where I can make the owners match even using cloudmokey.
> 
> 2013-08-01 13:12:32,000 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-21:job-269) Access to Acct[4-zimcom] granted to Acct[4-zimcom] by DomainChecker_EnhancerByCloudStack_dd56169d
> 2013-08-01 13:12:32,020 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-21:job-269) Access to Ip[209.212.252.6-1] granted to Acct[4-zimcom] by DomainChecker_EnhancerByCloudStack_dd56169d
> 2013-08-01 13:12:32,031 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-21:job-269) Access to Ntwk[204|Guest|7] granted to Acct[4-zimcom] by DomainChecker_EnhancerByCloudStack_dd56169d
> 2013-08-01 13:12:32,042 ERROR [cloud.async.AsyncJobManagerImpl] (Job-Executor-21:job-269) Unexpected exception while executing org.apache.cloudstack.api.command.user.address.AssociateIPAddrCmd
> com.cloud.exception.InvalidParameterValueException: The owner of the network is not the same as owner of the IP
>            at com.cloud.network.NetworkManagerImpl.associateIPToGuestNetwork(NetworkManagerImpl.java:744)
>            at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
>            at com.cloud.network.NetworkServiceImpl.associateIPToNetwork(NetworkServiceImpl.java:2852)
>            at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
>            at org.apache.cloudstack.api.command.user.address.AssociateIPAddrCmd.execute(AssociateIPAddrC
> 
> 
> 
> 
> 
> I also created a second zone with basic networking but I did not see a way to accomplish this with that setup either as it looks like the machine is directly assigned a public address and access control is handled via SG’s with ingress and egress filtering.
> 
> Can anyone help me out?
> Thanks in Advance.
> 
> Steve Searles
> http://www.zimcom.net
> Phone. (513)231-9500
> Fax. (513)624-3909
> Toll Free. (888)624-3910
>