You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cloudstack.apache.org by Adrian Lewis <ad...@alsiconsulting.co.uk> on 2014/02/12 14:52:30 UTC

Super CIDR on a VPC - Why the limitation?

Hi All,



Just wondering what the purpose of specifying a "super CIDR" for a VPC
actually is? Reasons for it that I can think of (not even sure of they're
correct) are:

1.       Sets the quickmode selectors for IPsec VPNs

2.       Sets up some form of routing sanity checks such as RPF in the VR

3.       Route summarisation between connected VRs

4.       Feature parity with Amazon VPCs & corresponding API?



Reasons against it:

1.       It seems to be stuck once set and can't be changed should a
customer's network evolve (maybe hacking the DB and rebooting the system
VMs?)

2.       You can only specify one CIDR and can't use 0.0.0.0/0.0.0.0 so
there's no way to use combinations of 10.x.x.x/8, 192.168.x.x/16 and
172.16.x.x/12 in the same VPC

3.       Just seems a little pointless (IMHO) to have such a significant
limitation



The limitations seem to be fairly significant versus the gains to be made
so I was wondering if anyone knew the reasoning behind this. At least, why
not have the ability to specify and/or edit multiple super CIDRs for a VPC
(and perhaps have a default for the initial selection to all RFC 1918 IPs)?



Thanks in advance for any insights and apologies for any stupidity - still
setting up and trying to formulate some best practice procedures as I go
along.



Adrian

RE: Super CIDR on a VPC - Why the limitation?

Posted by Adrian Lewis <ad...@alsiconsulting.co.uk>.

Cheers Geoff,

Voted for and following

Hope someone finds this interesting enough to develop. Not a chance of me
doing it unfortunately - no programming skills at all. Lottie Dexter would
be ashamed of me.

-----Original Message-----
From: Geoff Higginbottom [mailto:geoff.higginbottom@shapeblue.com]
Sent: 12 February 2014 14:00
To: users@cloudstack.apache.org
Subject: RE: Super CIDR on a VPC - Why the limitation?

Hi Adrian,

All valid points.  The good news is that this has already been raised but
the bad news is that no one is currently working on it.

https://issues.apache.org/jira/browse/CLOUDSTACK-755

Suggest you add your vote to try and get its profile raised etc

Regards

Geoff Higginbottom

D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581

geoff.higginbottom@shapeblue.com

-----Original Message-----
From: Adrian Lewis [mailto:adrian@alsiconsulting.co.uk]
Sent: 12 February 2014 13:53
To: users@cloudstack.apache.org
Subject: Super CIDR on a VPC - Why the limitation?

Hi All,



Just wondering what the purpose of specifying a "super CIDR" for a VPC
actually is? Reasons for it that I can think of (not even sure of they're
correct) are:

1.       Sets the quickmode selectors for IPsec VPNs

2.       Sets up some form of routing sanity checks such as RPF in the VR

3.       Route summarisation between connected VRs

4.       Feature parity with Amazon VPCs & corresponding API?



Reasons against it:

1.       It seems to be stuck once set and can't be changed should a
customer's network evolve (maybe hacking the DB and rebooting the system
VMs?)

2.       You can only specify one CIDR and can't use 0.0.0.0/0.0.0.0 so
there's no way to use combinations of 10.x.x.x/8, 192.168.x.x/16 and
172.16.x.x/12 in the same VPC

3.       Just seems a little pointless (IMHO) to have such a significant
limitation



The limitations seem to be fairly significant versus the gains to be made
so I was wondering if anyone knew the reasoning behind this. At least, why
not have the ability to specify and/or edit multiple super CIDRs for a VPC
(and perhaps have a default for the initial selection to all RFC 1918
IPs)?



Thanks in advance for any insights and apologies for any stupidity - still
setting up and trying to formulate some best practice procedures as I go
along.



Adrian
Need Enterprise Grade Support for Apache CloudStack?
Our CloudStack Infrastructure
Support<http://shapeblue.com/cloudstack-infrastructure-support/> offers
the best 24/7 SLA for CloudStack Environments.

Apache CloudStack Bootcamp training courses

**NEW!** CloudStack 4.2.1
training<http://shapeblue.com/cloudstack-training/>
18th-19th February 2014, Brazil.
Classroom<http://shapeblue.com/cloudstack-training/>
17th-23rd March 2014, Region A. Instructor led,
On-line<http://shapeblue.com/cloudstack-training/>
24th-28th March 2014, Region B. Instructor led,
On-line<http://shapeblue.com/cloudstack-training/>
16th-20th June 2014, Region A. Instructor led,
On-line<http://shapeblue.com/cloudstack-training/>
23rd-27th June 2014, Region B. Instructor led,
On-line<http://shapeblue.com/cloudstack-training/>

This email and any attachments to it may be confidential and are intended
solely for the use of the individual to whom it is addressed. Any views or
opinions expressed are solely those of the author and do not necessarily
represent those of Shape Blue Ltd or related companies. If you are not the
intended recipient of this email, you must neither take any action based
upon its contents, nor copy or show it to anyone. Please contact the
sender if you believe you have received this email in error. Shape Blue
Ltd is a company incorporated in England & Wales. ShapeBlue Services India
LLP is a company incorporated in India and is operated under license from
Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company
incorporated in Brasil and is operated under license from Shape Blue Ltd.
ShapeBlue is a registered trademark.

RE: Super CIDR on a VPC - Why the limitation?

Posted by Geoff Higginbottom <ge...@shapeblue.com>.

Hi Adrian,

All valid points.  The good news is that this has already been raised but the bad news is that no one is currently working on it.

https://issues.apache.org/jira/browse/CLOUDSTACK-755

Suggest you add your vote to try and get its profile raised etc

Regards

Geoff Higginbottom

D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581

geoff.higginbottom@shapeblue.com

-----Original Message-----
From: Adrian Lewis [mailto:adrian@alsiconsulting.co.uk]
Sent: 12 February 2014 13:53
To: users@cloudstack.apache.org
Subject: Super CIDR on a VPC - Why the limitation?

Hi All,



Just wondering what the purpose of specifying a "super CIDR" for a VPC actually is? Reasons for it that I can think of (not even sure of they're
correct) are:

1.       Sets the quickmode selectors for IPsec VPNs

2.       Sets up some form of routing sanity checks such as RPF in the VR

3.       Route summarisation between connected VRs

4.       Feature parity with Amazon VPCs & corresponding API?



Reasons against it:

1.       It seems to be stuck once set and can't be changed should a
customer's network evolve (maybe hacking the DB and rebooting the system
VMs?)

2.       You can only specify one CIDR and can't use 0.0.0.0/0.0.0.0 so
there's no way to use combinations of 10.x.x.x/8, 192.168.x.x/16 and
172.16.x.x/12 in the same VPC

3.       Just seems a little pointless (IMHO) to have such a significant
limitation



The limitations seem to be fairly significant versus the gains to be made so I was wondering if anyone knew the reasoning behind this. At least, why not have the ability to specify and/or edit multiple super CIDRs for a VPC (and perhaps have a default for the initial selection to all RFC 1918 IPs)?



Thanks in advance for any insights and apologies for any stupidity - still setting up and trying to formulate some best practice procedures as I go along.



Adrian
Need Enterprise Grade Support for Apache CloudStack?
Our CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/> offers the best 24/7 SLA for CloudStack Environments.

Apache CloudStack Bootcamp training courses

**NEW!** CloudStack 4.2.1 training<http://shapeblue.com/cloudstack-training/>
18th-19th February 2014, Brazil. Classroom<http://shapeblue.com/cloudstack-training/>
17th-23rd March 2014, Region A. Instructor led, On-line<http://shapeblue.com/cloudstack-training/>
24th-28th March 2014, Region B. Instructor led, On-line<http://shapeblue.com/cloudstack-training/>
16th-20th June 2014, Region A. Instructor led, On-line<http://shapeblue.com/cloudstack-training/>
23rd-27th June 2014, Region B. Instructor led, On-line<http://shapeblue.com/cloudstack-training/>

This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.