[jira] [Commented] (CLOUDSTACK-3114) Additional public IP which gets acquried with VNMC provider guest network should not be allowed to release

[Koushik Das (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-3114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13694913#comment-13694913
 ] 

Koushik Das commented on CLOUDSTACK-3114:
-----------------------------------------

Additional public IP is needed due to ASA limitation. This is a workaround and 
eventually when ASA limitation is removed should no longer be required. So I 
don't see much value in fixing this issue.

The ASA limitation needs to be documented and also it needs to be mentioned 
that the additional public IP that gets acquired during implementation of guest 
network should not be released. The admin/operator can identify the additional 
IP used for ASA outside interface by looking at VNMC OR when the network gets 
implemented the IP is the one not marked as source NAT. The latter needs to be 
done before acquiring any further public IPs.
                
> Additional public IP which gets acquried with VNMC provider guest network 
> should not be allowed to release
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-3114
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3114
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Network Controller
>    Affects Versions: 4.2.0
>            Reporter: Sailaja Mada
>            Assignee: Koushik Das
>            Priority: Critical
>             Fix For: 4.2.0
>
>
> Steps:
> 1.Configure Advanced Zone with Nexus, VNMC provider 
> 2. Create guest network with VNMC provider .  
> 3. When guest network with CISCO VNMC is provider, By default an additional 
> public IP gets acquired along with Source NAT which is used for ASA outside 
> IP. This should not be released. This is required as there is a config issue 
> in ASA if source NAT ip is used as ASA outside ip
> This is one of the limitation with ASA firewall. 
> We do not really have any special mark for this additional IP which is 
> acquired while implementing the guest network.  Admin can not differentiate 
> if this is special IP and not to be released.   
> We should hide release IP option/ Block release IP from API/UI  for this 
> additional IP similar to the Source NAT IP.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira