[jira] [Created] (CLOUDSTACK-4622) [IP Reservation][If a VM from guest network is added to network tier of VPC then IP reservation allows the CIDR to be a superset of Network CIDR for that VPC tier

Fri, 06 Sep 2013 00:05:53 -0700 

Abhinav Roy created CLOUDSTACK-4622:
---------------------------------------

             Summary: [IP Reservation][If a VM from guest network is added to 
network tier of VPC then IP reservation allows the CIDR to be a superset of 
Network CIDR  for that VPC tier
                 Key: CLOUDSTACK-4622
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4622
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Network Controller
    Affects Versions: 4.2.0
            Reporter: Abhinav Roy
            Assignee: Saksham Srivastava
             Fix For: 4.2.1


Steps :
===================
1. Deploy a CS 4.2 advanced networking setup
2. Create a Guest network , gn1 and deploy a VM, vm1 on that network.
3. Create a VPC Tier, tier1 with CIDR as 10.1.2.1/24 and deploy a vm , v1t1 on 
that tier.
4. Go to Instances -> vm1 -> nics -> Add Network to VM    and add tier1 network 
to vm1.
5. Now, go to tier1 and do IP reservation with CIDR as 10.1.2.1/23


Expected behaviour :
=================
The IP reservation should fail as the CIDR 10.1.2.1/23 is not a subset of the 
network CIDR which is 10.1.2.1/24


Observed behaviour :
================
The IP reservation goes through , here is a snippet from management server logs

2013-09-06 12:13:27,760 DEBUG [cloud.async.AsyncJobManagerImpl] 
(catalina-exec-13:null) submit async job-39 = [ 
4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ], details: AsyncJobVO {id:39, userId: 2, 
accountId: 2, sessionKey: null, instanceType: None, instanceId: null, cmd: 
org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd, cmdOriginator: 
null, cmdInfo: 
{"id":"674355e5-8c3b-44a2-b47d-d198548ccea7","response":"json","sessionkey":"moOLxaFrqNc50wz6SDh6v413RnA\u003d","cmdEventType":"NETWORK.UPDATE","ctxUserId":"2","name":"TIER-1","guestvmcidr":"10.1.2.0/23","displaytext":"TIER-1","httpmethod":"GET","_":"1378450020843","ctxAccountId":"2","ctxStartEventId":"134"},
 cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0, 
processStatus: 0, resultCode: 0, result: null, initMsid: 280320865129348, 
completeMsid: null, lastUpdated: null, lastPolled: null, created: null}
2013-09-06 12:13:27,761 DEBUG [cloud.api.ApiServlet] (catalina-exec-13:null) 
===END===  10.144.7.25 -- GET  
command=updateNetwork&response=json&sessionkey=moOLxaFrqNc50wz6SDh6v413RnA%3D&id=674355e5-8c3b-44a2-b47d-d198548ccea7&name=TIER-1&displaytext=TIER-1&guestvmcidr=10.1.2.0%2F23&_=1378450020843
2013-09-06 12:13:27,763 DEBUG [cloud.async.AsyncJobManagerImpl] 
(Job-Executor-53:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Executing 
org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd for job-39 = [ 
4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]
2013-09-06 12:13:27,771 DEBUG [cloud.async.AsyncJobManagerImpl] 
(Job-Executor-53:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Sync job-39 
= [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ] execution on object network.205
2013-09-06 12:13:27,778 DEBUG [cloud.async.AsyncJobManagerImpl] 
(Job-Executor-53:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) job 
org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd for job-39 = [ 
4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ] was queued, processing the queue.
2013-09-06 12:13:27,782 DEBUG [cloud.async.AsyncJobManagerImpl] 
(Job-Executor-53:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Executing 
sync queue item: SyncQueueItemVO {id:15, queueId: 1, contentType: AsyncJob, 
contentId: 39, lastProcessMsid: 280320865129348, lastprocessNumber: 7, 
lastProcessTime: Fri Sep 06 12:13:27 IST 2013, created: Fri Sep 06 12:13:27 IST 
2013}
2013-09-06 12:13:27,783 DEBUG [cloud.async.AsyncJobManagerImpl] 
(Job-Executor-53:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Schedule 
queued job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]
2013-09-06 12:13:27,786 DEBUG [cloud.async.SyncQueueManagerImpl] 
(Job-Executor-53:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) There is a 
pending process in sync queue(id: 1)
2013-09-06 12:13:27,788 DEBUG [cloud.async.AsyncJobManagerImpl] 
(Job-Executor-54:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Executing 
org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd for job-39 = [ 
4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]
2013-09-06 12:13:27,809 INFO  [cloud.network.NetworkServiceImpl] 
(Job-Executor-54:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) The start 
IP of the specified guest vm cidr is: 10.1.2.1 and end IP is: 10.1.3.254
2013-09-06 12:13:27,809 INFO  [cloud.network.NetworkServiceImpl] 
(Job-Executor-54:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) The 
specified guest vm cidr has 510 IPs
2013-09-06 12:13:27,811 INFO  [cloud.network.NetworkServiceImpl] 
(Job-Executor-54:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) IP 
Reservation has been applied. The new CIDR for Guests Vms is 10.1.2.0/23
2013-09-06 12:13:27,843 DEBUG [cloud.async.AsyncJobManagerImpl] 
(Job-Executor-54:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Complete 
async job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ], jobStatus: 1, 
resultCode: 0, result: 
org.apache.cloudstack.api.response.NetworkResponse@3f57d929
2013-09-06 12:13:27,851 DEBUG [cloud.async.SyncQueueManagerImpl] 
(Job-Executor-54:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Sync queue 
(1) is currently empty
2013-09-06 12:13:27,851 DEBUG [cloud.async.AsyncJobManagerImpl] 
(Job-Executor-54:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Done 
executing org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd for 
job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]




Here is a snippet from api logs :

2013-09-06 12:13:27,761 INFO  [cloud.api.ApiServer] (catalina-exec-13:null) 
(userId=2 accountId=2 sessionId=DA08FA8E57384D44EDBD0EB02D547164) 10.144.7.25 
-- GET 
command=updateNetwork&response=json&sessionkey=moOLxaFrqNc50wz6SDh6v413RnA%3D&id=674355e5-8c3b-44a2-b47d-d198548ccea7&name=TIER-1&displaytext=TIER-1&guestvmcidr=10.1.2.0%2F23&_=1378450020843
 200 { "updatenetworkresponse" : 
{"jobid":"4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e"} }
2013-09-06 12:13:30,804 INFO  [cloud.api.ApiServer] (catalina-exec-20:null) 
(userId=2 accountId=2 sessionId=DA08FA8E57384D44EDBD0EB02D547164) 10.144.7.25 
-- GET 
command=queryAsyncJobResult&jobId=4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e&response=json&sessionkey=moOLxaFrqNc50wz6SDh6v413RnA%3D&_=1378450023951
 200 { "queryasyncjobresultresponse" : 
{"accountid":"0add9fc0-15ef-11e3-9b03-fef34996d384","userid":"0addcf54-15ef-11e3-9b03-fef34996d384","cmd":"org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd","jobstatus":1,"jobprocstatus":0,"jobresultcode":0,"jobresulttype":"object","jobresult":{"network":{"id":"674355e5-8c3b-44a2-b47d-d198548ccea7","name":"TIER-1","displaytext":"TIER-1","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.1.2.1","netmask":"255.255.255.0","cidr":"10.1.2.0/23","networkcidr":"10.1.2.0/24","zoneid":"b53dc749-1576-495a-91b8-49db37aecf15","zonename":"Zone-1","networkofferingid":"6c52357c-3013-4d9e-a035-910bd5eb59ab","networkofferingname":"DefaultIsolatedNetworkOfferingForVpcNetworks","networkofferingdisplaytext":"Offering
 for Isolated Vpc networks with Source Nat service 
enabled","networkofferingconservemode":false,"networkofferingavailability":"Optional","issystem":false,"state":"Implemented","related":"674355e5-8c3b-44a2-b47d-d198548ccea7","broadcasturi":"vlan://726","dns1":"10.103.128.15","type":"Isolated","vlan":"726","acltype":"Account","account":"admin","domainid":"e3b3104c-15ee-11e3-9b03-fef34996d384","domain":"ROOT","service":[{"name":"Vpn","capability":[{"name":"VpnTypes","value":"s2svpn","canchooseservicecapability":false},{"name":"SupportedVpnTypes","value":"pptp,l2tp,ipsec","canchooseservicecapability":false}]},{"name":"PortForwarding"},{"name":"Dns","capability":[{"name":"AllowDnsSuffixModification","value":"true","canchooseservicecapability":false}]},{"name":"Dhcp","capability":[{"name":"DhcpAccrossMultipleSubnets","value":"true","canchooseservicecapability":false}]},{"name":"NetworkACL","capability":[{"name":"SupportedProtocols","value":"tcp,udp,icmp","canchooseservicecapability":false}]},{"name":"StaticNat"},{"name":"UserData"},{"name":"SourceNat","capability":[{"name":"RedundantRouter","value":"false","canchooseservicecapability":false},{"name":"SupportedSourceNatTypes","value":"peraccount","canchooseservicecapability":false}]},{"name":"Lb","capability":[{"name":"SupportedLBIsolation","value":"dedicated","canchooseservicecapability":false},{"name":"SupportedStickinessMethods","value":"[{\"methodname\":\"LbCookie\",\"paramlist\":[{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\":\"
 
\"},{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\"
 
\"},{\"paramname\":\"nocache\",\"required\":false,\"isflag\":true,\"description\":\"
 
\"},{\"paramname\":\"indirect\",\"required\":false,\"isflag\":true,\"description\":\"
 
\"},{\"paramname\":\"postonly\",\"required\":false,\"isflag\":true,\"description\":\"
 
\"},{\"paramname\":\"domain\",\"required\":false,\"isflag\":false,\"description\":\"
 \"}],\"description\":\"This is loadbalancer cookie based stickiness 
method.\"},{\"methodname\":\"AppCookie\",\"paramlist\":[{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\":\"
 
\"},{\"paramname\":\"length\",\"required\":false,\"isflag\":false,\"description\":\"
 
\"},{\"paramname\":\"holdtime\",\"required\":false,\"isflag\":false,\"description\":\"
 
\"},{\"paramname\":\"request-learn\",\"required\":false,\"isflag\":true,\"description\":\"
 
\"},{\"paramname\":\"prefix\",\"required\":false,\"isflag\":true,\"description\":\"
 
\"},{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\"
 \"}],\"description\":\"This is App session based sticky method. Define session 
stickiness on an existing application cookie. It can be used only for a 
specific http 
traffic\"},{\"methodname\":\"SourceBased\",\"paramlist\":[{\"paramname\":\"tablesize\",\"required\":false,\"isflag\":false,\"description\":\"
 
\"},{\"paramname\":\"expire\",\"required\":false,\"isflag\":false,\"description\":\"
 \"}],\"description\":\"This is source based Stickiness method, it can be used 
for any type of 
protocol.\"}]","canchooseservicecapability":false},{"name":"SupportedProtocols","value":"tcp,
 
udp","canchooseservicecapability":false},{"name":"LbSchemes","value":"Public","canchooseservicecapability":false},{"name":"SupportedLbAlgorithms","value":"roundrobin,leastconn,source","canchooseservicecapability":false}]}],"networkdomain":"cs2cloud.internal","physicalnetworkid":"a0368cfe-3d15-4d18-afee-906bd5a998c6","restartrequired":false,"specifyipranges":false,"vpcid":"8a647441-3d3f-49ff-95b9-e4f20a57bdbc","canusefordeploy":true,"ispersistent":false,"tags":[],"displaynetwork":true}},"created":"2013-09-06T12:13:27+0530","jobid":"4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e"}
 }



NOTE :
=============================
This problem is seen only in this particular scenario. I executed some other 
tests around this and the issue was not seen,

i)  Add the VM to another guest network and do IP reservation on that network 
with CIDR as a subset of network CIDR .
ii) Add a VM from VPC tier to a guest network and do IP reservation on that 
network with CIDR as a subset of network CIDR.
ii) Add a VM from VPC tier to another VPC tier and do IP reservation on that 
tier with CIDR as a subset of network CIDR.


Attaching management server logs and api logs

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to