You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Rene Moser <ma...@renemoser.net> on 2017/01/16 15:26:31 UTC
Dedicated IP range for SSVM/CPVM
Hi
We would like to make a change proposal for SSVM/CPVM.
Currently, the SSVM/CPVM get an IP from the "default" pool of
vlaniprange which is the from the account "system"
"vlaniprange": [
{
"account": "system",
"domain": "ROOT",
"endip": "10.101.0.250",
"forvirtualnetwork": true,
"gateway": "10.101.0.1",
"netmask": "255.255.255.0",
"startip": "10.101.0.11",
...
},
"systemvm": [
{
"activeviewersessions": 0,
"gateway": "10.101.0.1",
"hypervisor": "VMware",
"id": "d9a8abe5-b1e0-47d6-8f39-01b48ff1e0fa",
"name": "v-5877-VM",
"privatenetmask": "255.255.255.0",
"publicip": "10.101.0.113",
"publicnetmask": "255.255.255.0",
"state": "Running",
...
},
For security considerations we would like to define a dedicated IP range
for SSVM/CPVM, which, preferably, should not have any relation to the
default pool range.
The default pool range should be used for userVMs only. To indicate the
use I propolse 2 new flags, which only considered for "account=system"
and indicate if the range can be used for userVMs or/and systemVMs.
For backwards compatibility this would be the default
"foruservms": true,
"forsystemvms": true,
to have a separate range for UserVMs/SystemVMs, it would look like
"vlaniprange": [
{
"account": "system",
"domain": "ROOT",
"foruservms": true,
"forsystemvms": false,
"endip": "192.160.123.250",
"forvirtualnetwork": true,
"gateway": "192.160.123.1",
"netmask": "255.255.255.0",
"startip": "192.160.123.11",
...
},
"vlaniprange": [
{
"account": "system",
"domain": "ROOT",
"foruservms": false,
"forsystemvms": true,
"endip": "10.101.0.250",
"forvirtualnetwork": true,
"gateway": "10.101.0.1",
"netmask": "255.255.255.0",
"startip": "10.101.0.11",
...
},
Does anyone has see any conflicts with this proposal?
Regards
Ren�
Re: Dedicated IP range for SSVM/CPVM
Posted by Rene Moser <ma...@renemoser.net>.
https://issues.apache.org/jira/browse/CLOUDSTACK-9750
Re: Dedicated IP range for SSVM/CPVM
Posted by Rene Moser <ma...@renemoser.net>.
https://issues.apache.org/jira/browse/CLOUDSTACK-9750
Re: Dedicated IP range for SSVM/CPVM
Posted by Rene Moser <ma...@renemoser.net>.
Hi
Ok, wrong wording here, not userVM of course but the public IPs for
isolated networks. But you got the idea :)
Great I am not the one guy with this use case. Filing a feature request
in JIRA. Thanks to all for your inputs!
Regards
Ren�
RE: Dedicated IP range for SSVM/CPVM
Posted by Paul Angus <pa...@shapeblue.com>.
I have come across a few people with effectively this use case over the years. My thoughts have always been that it would good to be able to reserve IPs or ranges for SSVM & CPVM in the same way that we can reserve IPs or ranges for an account or domain...
Kind regards,
Paul Angus
paul.angus@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
-----Original Message-----
From: Erik Weber [mailto:terbolous@gmail.com]
Sent: 17 January 2017 08:27
To: dev@cloudstack.apache.org
Subject: Re: Dedicated IP range for SSVM/CPVM
Hi Nitin,
There are legit reasons for separating VR public pool from SSVM and CPVM.
For instance if you run a private cloud and don't want to have your cpvm/ssvm publically available, but still want to have the VRs accessible
Erik
tir. 17. jan. 2017 kl. 05.37 skrev Nitin Kumar Maharana <
nitinkumar.maharana@accelerite.com>:
> Hi Rene,
>
>
>
> The default pool, which means are you mentioning the public IP range?
>
>
>
> If it is a public IP range, user VMs won’t be consuming any IP from there.
>
> Only system VMs(CPVM/SSVM/VR) will be consuming. VRs will be providing
> public access to the user VMs.
>
>
>
>
>
> Thanks,
>
> Nitin
>
> > On 16-Jan-2017, at 8:56 PM, Rene Moser <ma...@renemoser.net> wrote:
>
> >
>
> > Hi
>
> >
>
> > We would like to make a change proposal for SSVM/CPVM.
>
> >
>
> > Currently, the SSVM/CPVM get an IP from the "default" pool of
>
> > vlaniprange which is the from the account "system"
>
> >
>
> >
>
> > "vlaniprange": [
>
> > {
>
> > "account": "system",
>
> > "domain": "ROOT",
>
> > "endip": "10.101.0.250",
>
> > "forvirtualnetwork": true,
>
> > "gateway": "10.101.0.1",
>
> > "netmask": "255.255.255.0",
>
> > "startip": "10.101.0.11",
>
> > ...
>
> >
>
> > },
>
> >
>
> >
>
> > "systemvm": [
>
> > {
>
> > "activeviewersessions": 0,
>
> > "gateway": "10.101.0.1",
>
> > "hypervisor": "VMware",
>
> > "id": "d9a8abe5-b1e0-47d6-8f39-01b48ff1e0fa",
>
> > "name": "v-5877-VM",
>
> > "privatenetmask": "255.255.255.0",
>
> > "publicip": "10.101.0.113",
>
> > "publicnetmask": "255.255.255.0",
>
> > "state": "Running",
>
> > ...
>
> > },
>
> >
>
> >
>
> > For security considerations we would like to define a dedicated IP
> > range
>
> > for SSVM/CPVM, which, preferably, should not have any relation to
> > the
>
> > default pool range.
>
> >
>
> > The default pool range should be used for userVMs only. To indicate
> > the
>
> > use I propolse 2 new flags, which only considered for "account=system"
>
> > and indicate if the range can be used for userVMs or/and systemVMs.
>
> >
>
> > For backwards compatibility this would be the default
>
> >
>
> > "foruservms": true,
>
> > "forsystemvms": true,
>
> >
>
> >
>
> > to have a separate range for UserVMs/SystemVMs, it would look like
>
> >
>
> >
>
> > "vlaniprange": [
>
> > {
>
> > "account": "system",
>
> > "domain": "ROOT",
>
> > "foruservms": true,
>
> > "forsystemvms": false,
>
> > "endip": "192.160.123.250",
>
> > "forvirtualnetwork": true,
>
> > "gateway": "192.160.123.1",
>
> > "netmask": "255.255.255.0",
>
> > "startip": "192.160.123.11",
>
> > ...
>
> >
>
> > },
>
> >
>
> > "vlaniprange": [
>
> > {
>
> > "account": "system",
>
> > "domain": "ROOT",
>
> > "foruservms": false,
>
> > "forsystemvms": true,
>
> > "endip": "10.101.0.250",
>
> > "forvirtualnetwork": true,
>
> > "gateway": "10.101.0.1",
>
> > "netmask": "255.255.255.0",
>
> > "startip": "10.101.0.11",
>
> > ...
>
> >
>
> > },
>
> >
>
> >
>
> > Does anyone has see any conflicts with this proposal?
>
> >
>
> > Regards
>
> > René
>
> >
>
>
>
>
>
>
>
>
>
> DISCLAIMER
>
> ==========
>
> This e-mail may contain privileged and confidential information which
> is the property of Accelerite, a Persistent Systems business. It is
> intended only for the use of the individual or entity to which it is
> addressed. If you are not the intended recipient, you are not
> authorized to read, retain, copy, print, distribute or use this
> message. If you have received this communication in error, please
> notify the sender and delete all copies of this message. Accelerite, a
> Persistent Systems business does not accept any liability for virus infected mails.
>
>
Re: Dedicated IP range for SSVM/CPVM
Posted by Erik Weber <te...@gmail.com>.
Hi Nitin,
There are legit reasons for separating VR public pool from SSVM and CPVM.
For instance if you run a private cloud and don't want to have your
cpvm/ssvm publically available, but still want to have the VRs accessible
Erik
tir. 17. jan. 2017 kl. 05.37 skrev Nitin Kumar Maharana <
nitinkumar.maharana@accelerite.com>:
> Hi Rene,
>
>
>
> The default pool, which means are you mentioning the public IP range?
>
>
>
> If it is a public IP range, user VMs won’t be consuming any IP from there.
>
> Only system VMs(CPVM/SSVM/VR) will be consuming. VRs will be providing
> public access to the user VMs.
>
>
>
>
>
> Thanks,
>
> Nitin
>
> > On 16-Jan-2017, at 8:56 PM, Rene Moser <ma...@renemoser.net> wrote:
>
> >
>
> > Hi
>
> >
>
> > We would like to make a change proposal for SSVM/CPVM.
>
> >
>
> > Currently, the SSVM/CPVM get an IP from the "default" pool of
>
> > vlaniprange which is the from the account "system"
>
> >
>
> >
>
> > "vlaniprange": [
>
> > {
>
> > "account": "system",
>
> > "domain": "ROOT",
>
> > "endip": "10.101.0.250",
>
> > "forvirtualnetwork": true,
>
> > "gateway": "10.101.0.1",
>
> > "netmask": "255.255.255.0",
>
> > "startip": "10.101.0.11",
>
> > ...
>
> >
>
> > },
>
> >
>
> >
>
> > "systemvm": [
>
> > {
>
> > "activeviewersessions": 0,
>
> > "gateway": "10.101.0.1",
>
> > "hypervisor": "VMware",
>
> > "id": "d9a8abe5-b1e0-47d6-8f39-01b48ff1e0fa",
>
> > "name": "v-5877-VM",
>
> > "privatenetmask": "255.255.255.0",
>
> > "publicip": "10.101.0.113",
>
> > "publicnetmask": "255.255.255.0",
>
> > "state": "Running",
>
> > ...
>
> > },
>
> >
>
> >
>
> > For security considerations we would like to define a dedicated IP range
>
> > for SSVM/CPVM, which, preferably, should not have any relation to the
>
> > default pool range.
>
> >
>
> > The default pool range should be used for userVMs only. To indicate the
>
> > use I propolse 2 new flags, which only considered for "account=system"
>
> > and indicate if the range can be used for userVMs or/and systemVMs.
>
> >
>
> > For backwards compatibility this would be the default
>
> >
>
> > "foruservms": true,
>
> > "forsystemvms": true,
>
> >
>
> >
>
> > to have a separate range for UserVMs/SystemVMs, it would look like
>
> >
>
> >
>
> > "vlaniprange": [
>
> > {
>
> > "account": "system",
>
> > "domain": "ROOT",
>
> > "foruservms": true,
>
> > "forsystemvms": false,
>
> > "endip": "192.160.123.250",
>
> > "forvirtualnetwork": true,
>
> > "gateway": "192.160.123.1",
>
> > "netmask": "255.255.255.0",
>
> > "startip": "192.160.123.11",
>
> > ...
>
> >
>
> > },
>
> >
>
> > "vlaniprange": [
>
> > {
>
> > "account": "system",
>
> > "domain": "ROOT",
>
> > "foruservms": false,
>
> > "forsystemvms": true,
>
> > "endip": "10.101.0.250",
>
> > "forvirtualnetwork": true,
>
> > "gateway": "10.101.0.1",
>
> > "netmask": "255.255.255.0",
>
> > "startip": "10.101.0.11",
>
> > ...
>
> >
>
> > },
>
> >
>
> >
>
> > Does anyone has see any conflicts with this proposal?
>
> >
>
> > Regards
>
> > René
>
> >
>
>
>
>
>
>
>
>
>
> DISCLAIMER
>
> ==========
>
> This e-mail may contain privileged and confidential information which is
> the property of Accelerite, a Persistent Systems business. It is intended
> only for the use of the individual or entity to which it is addressed. If
> you are not the intended recipient, you are not authorized to read, retain,
> copy, print, distribute or use this message. If you have received this
> communication in error, please notify the sender and delete all copies of
> this message. Accelerite, a Persistent Systems business does not accept any
> liability for virus infected mails.
>
>
Re: Dedicated IP range for SSVM/CPVM
Posted by Rene Moser <ma...@renemoser.net>.
Hi
On 01/17/2017 05:37 AM, Nitin Kumar Maharana wrote:
> Hi Rene,
>
> The default pool, which means are you mentioning the public IP range?
>
> If it is a public IP range, user VMs won\u2019t be consuming any IP from there.
> Only system VMs(CPVM/SSVM/VR) will be consuming. VRs will be providing public access to the user VMs.
I referred the public IP assignment for the isolated networks for static
NATs and port forwarding to the VMs L2.
This assignment is going to use the "default" system IP range pool if no
dedicated pool is assigned to the account/project.
And the SSVM/CPVM also get an IP from this pool.
Regards
Ren�
Re: Dedicated IP range for SSVM/CPVM
Posted by Rene Moser <ma...@renemoser.net>.
Hi Will
On 01/17/2017 06:13 AM, Will Stevens wrote:
> Rene, this is probably not going to solve your problem, but I use this
> trick for other use cases. You can setup more than one range. ACS seems
> to always exhaust one range before moving on to the next range. If it is a
> new install, then you can do a range with only 2 IPs in it and make it
> first. Since the first two IPs which will be provisioned when ACS is setup
> is the SSVM and CPVM, they will automatically take the two IPs from that
> special range.
>
> I am pretty sure I have tested this. Later when other IPs have been used
> from the other range, if you destroy the SSVM or CPVM, they will come back
> up on one of the two IPs that they were on before because they will be free
> again and they will be used first again. If your system is really active,
> then you will be in a race condition while the SSVM and CPVM get bounced to
> get the same IPs back.
>
> Anyway, I figured I would mention it because it may be a workaround you can
> make use of. I do this in dev/staging environments which need real public
> IPs, but I don't need the SSVM and CPVM to have real public IPs. This lets
> me preserve two real public IPs by using private IPs for that first range
> for the SSVM and CPVM.
Thanks for the hint, ;).Bbut it is an existing production setup, so it
won't help in my case.
Ren�
Re: Dedicated IP range for SSVM/CPVM
Posted by Wei ZHOU <us...@gmail.com>.
I agree with Will's suggestion.
-Wei
2017-01-17 6:13 GMT+01:00 Will Stevens <ws...@cloudops.com>:
> Rene, this is probably not going to solve your problem, but I use this
> trick for other use cases. You can setup more than one range. ACS seems
> to always exhaust one range before moving on to the next range. If it is a
> new install, then you can do a range with only 2 IPs in it and make it
> first. Since the first two IPs which will be provisioned when ACS is setup
> is the SSVM and CPVM, they will automatically take the two IPs from that
> special range.
>
> I am pretty sure I have tested this. Later when other IPs have been used
> from the other range, if you destroy the SSVM or CPVM, they will come back
> up on one of the two IPs that they were on before because they will be free
> again and they will be used first again. If your system is really active,
> then you will be in a race condition while the SSVM and CPVM get bounced to
> get the same IPs back.
>
> Anyway, I figured I would mention it because it may be a workaround you can
> make use of. I do this in dev/staging environments which need real public
> IPs, but I don't need the SSVM and CPVM to have real public IPs. This lets
> me preserve two real public IPs by using private IPs for that first range
> for the SSVM and CPVM.
>
> Cheers,
>
> *Will STEVENS*
> Lead Developer
>
> <https://goo.gl/NYZ8KK>
>
> On Mon, Jan 16, 2017 at 11:37 PM, Nitin Kumar Maharana <
> nitinkumar.maharana@accelerite.com> wrote:
>
> > Hi Rene,
> >
> > The default pool, which means are you mentioning the public IP range?
> >
> > If it is a public IP range, user VMs won’t be consuming any IP from
> there.
> > Only system VMs(CPVM/SSVM/VR) will be consuming. VRs will be providing
> > public access to the user VMs.
> >
> >
> > Thanks,
> > Nitin
> > > On 16-Jan-2017, at 8:56 PM, Rene Moser <ma...@renemoser.net> wrote:
> > >
> > > Hi
> > >
> > > We would like to make a change proposal for SSVM/CPVM.
> > >
> > > Currently, the SSVM/CPVM get an IP from the "default" pool of
> > > vlaniprange which is the from the account "system"
> > >
> > >
> > > "vlaniprange": [
> > > {
> > > "account": "system",
> > > "domain": "ROOT",
> > > "endip": "10.101.0.250",
> > > "forvirtualnetwork": true,
> > > "gateway": "10.101.0.1",
> > > "netmask": "255.255.255.0",
> > > "startip": "10.101.0.11",
> > > ...
> > >
> > > },
> > >
> > >
> > > "systemvm": [
> > > {
> > > "activeviewersessions": 0,
> > > "gateway": "10.101.0.1",
> > > "hypervisor": "VMware",
> > > "id": "d9a8abe5-b1e0-47d6-8f39-01b48ff1e0fa",
> > > "name": "v-5877-VM",
> > > "privatenetmask": "255.255.255.0",
> > > "publicip": "10.101.0.113",
> > > "publicnetmask": "255.255.255.0",
> > > "state": "Running",
> > > ...
> > > },
> > >
> > >
> > > For security considerations we would like to define a dedicated IP
> range
> > > for SSVM/CPVM, which, preferably, should not have any relation to the
> > > default pool range.
> > >
> > > The default pool range should be used for userVMs only. To indicate the
> > > use I propolse 2 new flags, which only considered for "account=system"
> > > and indicate if the range can be used for userVMs or/and systemVMs.
> > >
> > > For backwards compatibility this would be the default
> > >
> > > "foruservms": true,
> > > "forsystemvms": true,
> > >
> > >
> > > to have a separate range for UserVMs/SystemVMs, it would look like
> > >
> > >
> > > "vlaniprange": [
> > > {
> > > "account": "system",
> > > "domain": "ROOT",
> > > "foruservms": true,
> > > "forsystemvms": false,
> > > "endip": "192.160.123.250",
> > > "forvirtualnetwork": true,
> > > "gateway": "192.160.123.1",
> > > "netmask": "255.255.255.0",
> > > "startip": "192.160.123.11",
> > > ...
> > >
> > > },
> > >
> > > "vlaniprange": [
> > > {
> > > "account": "system",
> > > "domain": "ROOT",
> > > "foruservms": false,
> > > "forsystemvms": true,
> > > "endip": "10.101.0.250",
> > > "forvirtualnetwork": true,
> > > "gateway": "10.101.0.1",
> > > "netmask": "255.255.255.0",
> > > "startip": "10.101.0.11",
> > > ...
> > >
> > > },
> > >
> > >
> > > Does anyone has see any conflicts with this proposal?
> > >
> > > Regards
> > > René
> > >
> >
> >
> >
> >
> > DISCLAIMER
> > ==========
> > This e-mail may contain privileged and confidential information which is
> > the property of Accelerite, a Persistent Systems business. It is intended
> > only for the use of the individual or entity to which it is addressed. If
> > you are not the intended recipient, you are not authorized to read,
> retain,
> > copy, print, distribute or use this message. If you have received this
> > communication in error, please notify the sender and delete all copies of
> > this message. Accelerite, a Persistent Systems business does not accept
> any
> > liability for virus infected mails.
> >
>
Re: Dedicated IP range for SSVM/CPVM
Posted by Rene Moser <ma...@renemoser.net>.
Hi Will
On 01/17/2017 06:13 AM, Will Stevens wrote:
> Rene, this is probably not going to solve your problem, but I use this
> trick for other use cases. You can setup more than one range. ACS seems
> to always exhaust one range before moving on to the next range. If it is a
> new install, then you can do a range with only 2 IPs in it and make it
> first. Since the first two IPs which will be provisioned when ACS is setup
> is the SSVM and CPVM, they will automatically take the two IPs from that
> special range.
>
> I am pretty sure I have tested this. Later when other IPs have been used
> from the other range, if you destroy the SSVM or CPVM, they will come back
> up on one of the two IPs that they were on before because they will be free
> again and they will be used first again. If your system is really active,
> then you will be in a race condition while the SSVM and CPVM get bounced to
> get the same IPs back.
>
> Anyway, I figured I would mention it because it may be a workaround you can
> make use of. I do this in dev/staging environments which need real public
> IPs, but I don't need the SSVM and CPVM to have real public IPs. This lets
> me preserve two real public IPs by using private IPs for that first range
> for the SSVM and CPVM.
Thanks for the hint, ;).Bbut it is an existing production setup, so it
won't help in my case.
Ren�
Re: Dedicated IP range for SSVM/CPVM
Posted by Will Stevens <ws...@cloudops.com>.
Rene, this is probably not going to solve your problem, but I use this
trick for other use cases. You can setup more than one range. ACS seems
to always exhaust one range before moving on to the next range. If it is a
new install, then you can do a range with only 2 IPs in it and make it
first. Since the first two IPs which will be provisioned when ACS is setup
is the SSVM and CPVM, they will automatically take the two IPs from that
special range.
I am pretty sure I have tested this. Later when other IPs have been used
from the other range, if you destroy the SSVM or CPVM, they will come back
up on one of the two IPs that they were on before because they will be free
again and they will be used first again. If your system is really active,
then you will be in a race condition while the SSVM and CPVM get bounced to
get the same IPs back.
Anyway, I figured I would mention it because it may be a workaround you can
make use of. I do this in dev/staging environments which need real public
IPs, but I don't need the SSVM and CPVM to have real public IPs. This lets
me preserve two real public IPs by using private IPs for that first range
for the SSVM and CPVM.
Cheers,
*Will STEVENS*
Lead Developer
<https://goo.gl/NYZ8KK>
On Mon, Jan 16, 2017 at 11:37 PM, Nitin Kumar Maharana <
nitinkumar.maharana@accelerite.com> wrote:
> Hi Rene,
>
> The default pool, which means are you mentioning the public IP range?
>
> If it is a public IP range, user VMs won’t be consuming any IP from there.
> Only system VMs(CPVM/SSVM/VR) will be consuming. VRs will be providing
> public access to the user VMs.
>
>
> Thanks,
> Nitin
> > On 16-Jan-2017, at 8:56 PM, Rene Moser <ma...@renemoser.net> wrote:
> >
> > Hi
> >
> > We would like to make a change proposal for SSVM/CPVM.
> >
> > Currently, the SSVM/CPVM get an IP from the "default" pool of
> > vlaniprange which is the from the account "system"
> >
> >
> > "vlaniprange": [
> > {
> > "account": "system",
> > "domain": "ROOT",
> > "endip": "10.101.0.250",
> > "forvirtualnetwork": true,
> > "gateway": "10.101.0.1",
> > "netmask": "255.255.255.0",
> > "startip": "10.101.0.11",
> > ...
> >
> > },
> >
> >
> > "systemvm": [
> > {
> > "activeviewersessions": 0,
> > "gateway": "10.101.0.1",
> > "hypervisor": "VMware",
> > "id": "d9a8abe5-b1e0-47d6-8f39-01b48ff1e0fa",
> > "name": "v-5877-VM",
> > "privatenetmask": "255.255.255.0",
> > "publicip": "10.101.0.113",
> > "publicnetmask": "255.255.255.0",
> > "state": "Running",
> > ...
> > },
> >
> >
> > For security considerations we would like to define a dedicated IP range
> > for SSVM/CPVM, which, preferably, should not have any relation to the
> > default pool range.
> >
> > The default pool range should be used for userVMs only. To indicate the
> > use I propolse 2 new flags, which only considered for "account=system"
> > and indicate if the range can be used for userVMs or/and systemVMs.
> >
> > For backwards compatibility this would be the default
> >
> > "foruservms": true,
> > "forsystemvms": true,
> >
> >
> > to have a separate range for UserVMs/SystemVMs, it would look like
> >
> >
> > "vlaniprange": [
> > {
> > "account": "system",
> > "domain": "ROOT",
> > "foruservms": true,
> > "forsystemvms": false,
> > "endip": "192.160.123.250",
> > "forvirtualnetwork": true,
> > "gateway": "192.160.123.1",
> > "netmask": "255.255.255.0",
> > "startip": "192.160.123.11",
> > ...
> >
> > },
> >
> > "vlaniprange": [
> > {
> > "account": "system",
> > "domain": "ROOT",
> > "foruservms": false,
> > "forsystemvms": true,
> > "endip": "10.101.0.250",
> > "forvirtualnetwork": true,
> > "gateway": "10.101.0.1",
> > "netmask": "255.255.255.0",
> > "startip": "10.101.0.11",
> > ...
> >
> > },
> >
> >
> > Does anyone has see any conflicts with this proposal?
> >
> > Regards
> > René
> >
>
>
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is
> the property of Accelerite, a Persistent Systems business. It is intended
> only for the use of the individual or entity to which it is addressed. If
> you are not the intended recipient, you are not authorized to read, retain,
> copy, print, distribute or use this message. If you have received this
> communication in error, please notify the sender and delete all copies of
> this message. Accelerite, a Persistent Systems business does not accept any
> liability for virus infected mails.
>
Re: Dedicated IP range for SSVM/CPVM
Posted by Will Stevens <ws...@cloudops.com>.
Rene, this is probably not going to solve your problem, but I use this
trick for other use cases. You can setup more than one range. ACS seems
to always exhaust one range before moving on to the next range. If it is a
new install, then you can do a range with only 2 IPs in it and make it
first. Since the first two IPs which will be provisioned when ACS is setup
is the SSVM and CPVM, they will automatically take the two IPs from that
special range.
I am pretty sure I have tested this. Later when other IPs have been used
from the other range, if you destroy the SSVM or CPVM, they will come back
up on one of the two IPs that they were on before because they will be free
again and they will be used first again. If your system is really active,
then you will be in a race condition while the SSVM and CPVM get bounced to
get the same IPs back.
Anyway, I figured I would mention it because it may be a workaround you can
make use of. I do this in dev/staging environments which need real public
IPs, but I don't need the SSVM and CPVM to have real public IPs. This lets
me preserve two real public IPs by using private IPs for that first range
for the SSVM and CPVM.
Cheers,
*Will STEVENS*
Lead Developer
<https://goo.gl/NYZ8KK>
On Mon, Jan 16, 2017 at 11:37 PM, Nitin Kumar Maharana <
nitinkumar.maharana@accelerite.com> wrote:
> Hi Rene,
>
> The default pool, which means are you mentioning the public IP range?
>
> If it is a public IP range, user VMs won’t be consuming any IP from there.
> Only system VMs(CPVM/SSVM/VR) will be consuming. VRs will be providing
> public access to the user VMs.
>
>
> Thanks,
> Nitin
> > On 16-Jan-2017, at 8:56 PM, Rene Moser <ma...@renemoser.net> wrote:
> >
> > Hi
> >
> > We would like to make a change proposal for SSVM/CPVM.
> >
> > Currently, the SSVM/CPVM get an IP from the "default" pool of
> > vlaniprange which is the from the account "system"
> >
> >
> > "vlaniprange": [
> > {
> > "account": "system",
> > "domain": "ROOT",
> > "endip": "10.101.0.250",
> > "forvirtualnetwork": true,
> > "gateway": "10.101.0.1",
> > "netmask": "255.255.255.0",
> > "startip": "10.101.0.11",
> > ...
> >
> > },
> >
> >
> > "systemvm": [
> > {
> > "activeviewersessions": 0,
> > "gateway": "10.101.0.1",
> > "hypervisor": "VMware",
> > "id": "d9a8abe5-b1e0-47d6-8f39-01b48ff1e0fa",
> > "name": "v-5877-VM",
> > "privatenetmask": "255.255.255.0",
> > "publicip": "10.101.0.113",
> > "publicnetmask": "255.255.255.0",
> > "state": "Running",
> > ...
> > },
> >
> >
> > For security considerations we would like to define a dedicated IP range
> > for SSVM/CPVM, which, preferably, should not have any relation to the
> > default pool range.
> >
> > The default pool range should be used for userVMs only. To indicate the
> > use I propolse 2 new flags, which only considered for "account=system"
> > and indicate if the range can be used for userVMs or/and systemVMs.
> >
> > For backwards compatibility this would be the default
> >
> > "foruservms": true,
> > "forsystemvms": true,
> >
> >
> > to have a separate range for UserVMs/SystemVMs, it would look like
> >
> >
> > "vlaniprange": [
> > {
> > "account": "system",
> > "domain": "ROOT",
> > "foruservms": true,
> > "forsystemvms": false,
> > "endip": "192.160.123.250",
> > "forvirtualnetwork": true,
> > "gateway": "192.160.123.1",
> > "netmask": "255.255.255.0",
> > "startip": "192.160.123.11",
> > ...
> >
> > },
> >
> > "vlaniprange": [
> > {
> > "account": "system",
> > "domain": "ROOT",
> > "foruservms": false,
> > "forsystemvms": true,
> > "endip": "10.101.0.250",
> > "forvirtualnetwork": true,
> > "gateway": "10.101.0.1",
> > "netmask": "255.255.255.0",
> > "startip": "10.101.0.11",
> > ...
> >
> > },
> >
> >
> > Does anyone has see any conflicts with this proposal?
> >
> > Regards
> > René
> >
>
>
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is
> the property of Accelerite, a Persistent Systems business. It is intended
> only for the use of the individual or entity to which it is addressed. If
> you are not the intended recipient, you are not authorized to read, retain,
> copy, print, distribute or use this message. If you have received this
> communication in error, please notify the sender and delete all copies of
> this message. Accelerite, a Persistent Systems business does not accept any
> liability for virus infected mails.
>
Re: Dedicated IP range for SSVM/CPVM
Posted by Nitin Kumar Maharana <ni...@accelerite.com>.
Hi Rene,
The default pool, which means are you mentioning the public IP range?
If it is a public IP range, user VMs won’t be consuming any IP from there.
Only system VMs(CPVM/SSVM/VR) will be consuming. VRs will be providing public access to the user VMs.
Thanks,
Nitin
> On 16-Jan-2017, at 8:56 PM, Rene Moser <ma...@renemoser.net> wrote:
>
> Hi
>
> We would like to make a change proposal for SSVM/CPVM.
>
> Currently, the SSVM/CPVM get an IP from the "default" pool of
> vlaniprange which is the from the account "system"
>
>
> "vlaniprange": [
> {
> "account": "system",
> "domain": "ROOT",
> "endip": "10.101.0.250",
> "forvirtualnetwork": true,
> "gateway": "10.101.0.1",
> "netmask": "255.255.255.0",
> "startip": "10.101.0.11",
> ...
>
> },
>
>
> "systemvm": [
> {
> "activeviewersessions": 0,
> "gateway": "10.101.0.1",
> "hypervisor": "VMware",
> "id": "d9a8abe5-b1e0-47d6-8f39-01b48ff1e0fa",
> "name": "v-5877-VM",
> "privatenetmask": "255.255.255.0",
> "publicip": "10.101.0.113",
> "publicnetmask": "255.255.255.0",
> "state": "Running",
> ...
> },
>
>
> For security considerations we would like to define a dedicated IP range
> for SSVM/CPVM, which, preferably, should not have any relation to the
> default pool range.
>
> The default pool range should be used for userVMs only. To indicate the
> use I propolse 2 new flags, which only considered for "account=system"
> and indicate if the range can be used for userVMs or/and systemVMs.
>
> For backwards compatibility this would be the default
>
> "foruservms": true,
> "forsystemvms": true,
>
>
> to have a separate range for UserVMs/SystemVMs, it would look like
>
>
> "vlaniprange": [
> {
> "account": "system",
> "domain": "ROOT",
> "foruservms": true,
> "forsystemvms": false,
> "endip": "192.160.123.250",
> "forvirtualnetwork": true,
> "gateway": "192.160.123.1",
> "netmask": "255.255.255.0",
> "startip": "192.160.123.11",
> ...
>
> },
>
> "vlaniprange": [
> {
> "account": "system",
> "domain": "ROOT",
> "foruservms": false,
> "forsystemvms": true,
> "endip": "10.101.0.250",
> "forvirtualnetwork": true,
> "gateway": "10.101.0.1",
> "netmask": "255.255.255.0",
> "startip": "10.101.0.11",
> ...
>
> },
>
>
> Does anyone has see any conflicts with this proposal?
>
> Regards
> René
>
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
Re: Dedicated IP range for SSVM/CPVM
Posted by Nitin Kumar Maharana <ni...@accelerite.com>.
Hi Rene,
The default pool, which means are you mentioning the public IP range?
If it is a public IP range, user VMs won’t be consuming any IP from there.
Only system VMs(CPVM/SSVM/VR) will be consuming. VRs will be providing public access to the user VMs.
Thanks,
Nitin
> On 16-Jan-2017, at 8:56 PM, Rene Moser <ma...@renemoser.net> wrote:
>
> Hi
>
> We would like to make a change proposal for SSVM/CPVM.
>
> Currently, the SSVM/CPVM get an IP from the "default" pool of
> vlaniprange which is the from the account "system"
>
>
> "vlaniprange": [
> {
> "account": "system",
> "domain": "ROOT",
> "endip": "10.101.0.250",
> "forvirtualnetwork": true,
> "gateway": "10.101.0.1",
> "netmask": "255.255.255.0",
> "startip": "10.101.0.11",
> ...
>
> },
>
>
> "systemvm": [
> {
> "activeviewersessions": 0,
> "gateway": "10.101.0.1",
> "hypervisor": "VMware",
> "id": "d9a8abe5-b1e0-47d6-8f39-01b48ff1e0fa",
> "name": "v-5877-VM",
> "privatenetmask": "255.255.255.0",
> "publicip": "10.101.0.113",
> "publicnetmask": "255.255.255.0",
> "state": "Running",
> ...
> },
>
>
> For security considerations we would like to define a dedicated IP range
> for SSVM/CPVM, which, preferably, should not have any relation to the
> default pool range.
>
> The default pool range should be used for userVMs only. To indicate the
> use I propolse 2 new flags, which only considered for "account=system"
> and indicate if the range can be used for userVMs or/and systemVMs.
>
> For backwards compatibility this would be the default
>
> "foruservms": true,
> "forsystemvms": true,
>
>
> to have a separate range for UserVMs/SystemVMs, it would look like
>
>
> "vlaniprange": [
> {
> "account": "system",
> "domain": "ROOT",
> "foruservms": true,
> "forsystemvms": false,
> "endip": "192.160.123.250",
> "forvirtualnetwork": true,
> "gateway": "192.160.123.1",
> "netmask": "255.255.255.0",
> "startip": "192.160.123.11",
> ...
>
> },
>
> "vlaniprange": [
> {
> "account": "system",
> "domain": "ROOT",
> "foruservms": false,
> "forsystemvms": true,
> "endip": "10.101.0.250",
> "forvirtualnetwork": true,
> "gateway": "10.101.0.1",
> "netmask": "255.255.255.0",
> "startip": "10.101.0.11",
> ...
>
> },
>
>
> Does anyone has see any conflicts with this proposal?
>
> Regards
> René
>
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.