You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Steve Searles <st...@zimcom.net> on 2013/08/01 20:43:35 UTC
Shared Network Issue HELP?!
Hello everyone, I am new to Cloudstack and have it deployed in our lab currently so go easy :) I have everything working as expected with the advanced network zone, vmware support, and multiple vlan isolation working properly. I have a few questions I would like to ask here about networking options inside Cloudstack that I was unable to acertain from the documentation. Hopefully one of you guys can steer me in the right direction.
MY LAB SETUP
Cloudstack 4.1.0 (Compiled from Source w/vmware support)
Zone1- Advanced –
MGMT(untagged): 172.29.16.0/21
STORAGE(untagged): 172.29.16.0/21
GUEST(VLAN 601): 172.29.24.0/21
PUBLIC(VLAN 602): x.x.x.x/24
Currently I create an account and can add a guest network, the virtual router deploys properly assigns the necessary vlan for the isolated network the guest IP is assigned and a public ip is assigned from the public IP pool as expected this works properly (Awesome). Deploying a VPC under a user account functions properly as well (Very Cool). What I am looking for is a configuration that I guess be best described as a shared isolated network? Where an instance is provisioned and assigned an rfc1918 address from a large guest pool much like I have currently setup with the “Default Shared Network”. And a user can request an IP be assigned from the public pool and create pat/nat translations and firewall rules just as on the isolated network I tested. This is for a multi-tennent setup where each user does not need to create their own guest network and vlan isolation between accounts is not necessary thus no need to burn a vlan and a vrouter for every customer account. Based on what I am seeing this functionality seems to already be present. If I provision and instance on the Default Shared Network (VLAN601) in my setup, the machine is assigned the proper RFC1918 address from the pool but when I try to allocate a public ip from the network tab I receive the allocation error below. Should this functionality even work? The problem seems obvious but I don’t see where I can make the owners match even using cloudmokey.
2013-08-01 13:12:32,000 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-21:job-269) Access to Acct[4-zimcom] granted to Acct[4-zimcom] by DomainChecker_EnhancerByCloudStack_dd56169d
2013-08-01 13:12:32,020 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-21:job-269) Access to Ip[209.212.252.6-1] granted to Acct[4-zimcom] by DomainChecker_EnhancerByCloudStack_dd56169d
2013-08-01 13:12:32,031 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-21:job-269) Access to Ntwk[204|Guest|7] granted to Acct[4-zimcom] by DomainChecker_EnhancerByCloudStack_dd56169d
2013-08-01 13:12:32,042 ERROR [cloud.async.AsyncJobManagerImpl] (Job-Executor-21:job-269) Unexpected exception while executing org.apache.cloudstack.api.command.user.address.AssociateIPAddrCmd
com.cloud.exception.InvalidParameterValueException: The owner of the network is not the same as owner of the IP
at com.cloud.network.NetworkManagerImpl.associateIPToGuestNetwork(NetworkManagerImpl.java:744)
at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
at com.cloud.network.NetworkServiceImpl.associateIPToNetwork(NetworkServiceImpl.java:2852)
at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
at org.apache.cloudstack.api.command.user.address.AssociateIPAddrCmd.execute(AssociateIPAddrC
I also created a second zone with basic networking but I did not see a way to accomplish this with that setup either as it looks like the machine is directly assigned a public address and access control is handled via SG’s with ingress and egress filtering.
Can anyone help me out?
Thanks in Advance.
Steve Searles
http://www.zimcom.net
Phone. (513)231-9500
Fax. (513)624-3909
Toll Free. (888)624-3910
Re: Shared Network Issue HELP?!
Posted by Steve Searles <st...@zimcom.net>.
After posting this I thought about it more and answered my own question. I see this type of setup being a management nightmare, e.g. rouge dhcp servers or anything else a user would attempt without the proper vlan/pvlan segmentation on the guest network in place it would be a hot mess. Thanks Guys!
Steve Searles
Zimcom Internet Solutions, Inc.
http://www.zimcom.net
Phone. (513)231-9500
Fax. (513)624-3909
Toll Free. (888)624-3910
On Aug 1, 2013, at 2:43 PM, Steve Searles <st...@zimcom.net>
wrote:
>
> Hello everyone, I am new to Cloudstack and have it deployed in our lab currently so go easy :) I have everything working as expected with the advanced network zone, vmware support, and multiple vlan isolation working properly. I have a few questions I would like to ask here about networking options inside Cloudstack that I was unable to acertain from the documentation. Hopefully one of you guys can steer me in the right direction.
>
> MY LAB SETUP
> Cloudstack 4.1.0 (Compiled from Source w/vmware support)
> Zone1- Advanced –
> MGMT(untagged): 172.29.16.0/21
> STORAGE(untagged): 172.29.16.0/21
> GUEST(VLAN 601): 172.29.24.0/21
> PUBLIC(VLAN 602): x.x.x.x/24
>
> Currently I create an account and can add a guest network, the virtual router deploys properly assigns the necessary vlan for the isolated network the guest IP is assigned and a public ip is assigned from the public IP pool as expected this works properly (Awesome). Deploying a VPC under a user account functions properly as well (Very Cool). What I am looking for is a configuration that I guess be best described as a shared isolated network? Where an instance is provisioned and assigned an rfc1918 address from a large guest pool much like I have currently setup with the “Default Shared Network”. And a user can request an IP be assigned from the public pool and create pat/nat translations and firewall rules just as on the isolated network I tested. This is for a multi-tennent setup where each user does not need to create their own guest network and vlan isolation between accounts is not necessary thus no need to burn a vlan and a vrouter for every customer account. Based on what I am seeing this functionality seems to already be present. If I provision and instance on the Default Shared Network (VLAN601) in my setup, the machine is assigned the proper RFC1918 address from the pool but when I try to allocate a public ip from the network tab I receive the allocation error below. Should this functionality even work? The problem seems obvious but I don’t see where I can make the owners match even using cloudmokey.
>
> 2013-08-01 13:12:32,000 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-21:job-269) Access to Acct[4-zimcom] granted to Acct[4-zimcom] by DomainChecker_EnhancerByCloudStack_dd56169d
> 2013-08-01 13:12:32,020 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-21:job-269) Access to Ip[209.212.252.6-1] granted to Acct[4-zimcom] by DomainChecker_EnhancerByCloudStack_dd56169d
> 2013-08-01 13:12:32,031 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-21:job-269) Access to Ntwk[204|Guest|7] granted to Acct[4-zimcom] by DomainChecker_EnhancerByCloudStack_dd56169d
> 2013-08-01 13:12:32,042 ERROR [cloud.async.AsyncJobManagerImpl] (Job-Executor-21:job-269) Unexpected exception while executing org.apache.cloudstack.api.command.user.address.AssociateIPAddrCmd
> com.cloud.exception.InvalidParameterValueException: The owner of the network is not the same as owner of the IP
> at com.cloud.network.NetworkManagerImpl.associateIPToGuestNetwork(NetworkManagerImpl.java:744)
> at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
> at com.cloud.network.NetworkServiceImpl.associateIPToNetwork(NetworkServiceImpl.java:2852)
> at com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125)
> at org.apache.cloudstack.api.command.user.address.AssociateIPAddrCmd.execute(AssociateIPAddrC
>
>
>
>
>
> I also created a second zone with basic networking but I did not see a way to accomplish this with that setup either as it looks like the machine is directly assigned a public address and access control is handled via SG’s with ingress and egress filtering.
>
> Can anyone help me out?
> Thanks in Advance.
>
> Steve Searles
> http://www.zimcom.net
> Phone. (513)231-9500
> Fax. (513)624-3909
> Toll Free. (888)624-3910
>