[jira] [Commented] (CLOUDSTACK-4622) [IP Reservation][If a VM from guest network is added to network tier of VPC then IP reservation allows the CIDR to be a superset of Network CIDR for that VPC tier

Wed, 08 Jan 2014 16:37:32 -0800 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-4622?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13866113#comment-13866113
 ] 

Alena Prokharchyk commented on CLOUDSTACK-4622:
-----------------------------------------------

As the patch was wrong, and the current cidr validation is correct (method 
isNetworkAWithinNetworkB), so I'm closing this bug as Invalid.

The problem I've described in my comment (Don't let attach Isolated networks to 
VM belonging to VPC.
Don't let attach VPC network(s) to the vm belonging to Isolated network) is 
already logged as a separate bug:

https://issues.apache.org/jira/browse/CLOUDSTACK-5535

> [IP Reservation][If a VM from guest network is added to network tier of VPC 
> then IP reservation allows the CIDR to be a superset of Network CIDR  for 
> that VPC tier
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-4622
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4622
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Network Controller
>    Affects Versions: 4.2.0
>            Reporter: Abhinav Roy
>            Assignee: Saksham Srivastava
>            Priority: Critical
>             Fix For: 4.3.0
>
>         Attachments: CS-4622.zip
>
>
> Steps :
> ===================
> 1. Deploy a CS 4.2 advanced networking setup
> 2. Create a Guest network , gn1 and deploy a VM, vm1 on that network.
> 3. Create a VPC Tier, tier1 with CIDR as 10.1.2.1/24 and deploy a vm , v1t1 
> on that tier.
> 4. Go to Instances -> vm1 -> nics -> Add Network to VM    and add tier1 
> network to vm1.
> 5. Now, go to tier1 and do IP reservation with CIDR as 10.1.2.1/23
> Expected behaviour :
> =================
> The IP reservation should fail as the CIDR 10.1.2.1/23 is not a subset of the 
> network CIDR which is 10.1.2.1/24
> Observed behaviour :
> ================
> The IP reservation goes through , here is a snippet from management server 
> logs
> 2013-09-06 12:13:27,760 DEBUG [cloud.async.AsyncJobManagerImpl] 
> (catalina-exec-13:null) submit async job-39 = [ 
> 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ], details: AsyncJobVO {id:39, userId: 
> 2, accountId: 2, sessionKey: null, instanceType: None, instanceId: null, cmd: 
> org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd, 
> cmdOriginator: null, cmdInfo: 
> {"id":"674355e5-8c3b-44a2-b47d-d198548ccea7","response":"json","sessionkey":"moOLxaFrqNc50wz6SDh6v413RnA\u003d","cmdEventType":"NETWORK.UPDATE","ctxUserId":"2","name":"TIER-1","guestvmcidr":"10.1.2.0/23","displaytext":"TIER-1","httpmethod":"GET","_":"1378450020843","ctxAccountId":"2","ctxStartEventId":"134"},
>  cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0, 
> processStatus: 0, resultCode: 0, result: null, initMsid: 280320865129348, 
> completeMsid: null, lastUpdated: null, lastPolled: null, created: null}
> 2013-09-06 12:13:27,761 DEBUG [cloud.api.ApiServlet] (catalina-exec-13:null) 
> ===END===  10.144.7.25 -- GET  
> command=updateNetwork&response=json&sessionkey=moOLxaFrqNc50wz6SDh6v413RnA%3D&id=674355e5-8c3b-44a2-b47d-d198548ccea7&name=TIER-1&displaytext=TIER-1&guestvmcidr=10.1.2.0%2F23&_=1378450020843
> 2013-09-06 12:13:27,763 DEBUG [cloud.async.AsyncJobManagerImpl] 
> (Job-Executor-53:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Executing 
> org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd for job-39 = 
> [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]
> 2013-09-06 12:13:27,771 DEBUG [cloud.async.AsyncJobManagerImpl] 
> (Job-Executor-53:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Sync 
> job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ] execution on object 
> network.205
> 2013-09-06 12:13:27,778 DEBUG [cloud.async.AsyncJobManagerImpl] 
> (Job-Executor-53:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) job 
> org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd for job-39 = 
> [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ] was queued, processing the queue.
> 2013-09-06 12:13:27,782 DEBUG [cloud.async.AsyncJobManagerImpl] 
> (Job-Executor-53:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Executing 
> sync queue item: SyncQueueItemVO {id:15, queueId: 1, contentType: AsyncJob, 
> contentId: 39, lastProcessMsid: 280320865129348, lastprocessNumber: 7, 
> lastProcessTime: Fri Sep 06 12:13:27 IST 2013, created: Fri Sep 06 12:13:27 
> IST 2013}
> 2013-09-06 12:13:27,783 DEBUG [cloud.async.AsyncJobManagerImpl] 
> (Job-Executor-53:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Schedule 
> queued job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]
> 2013-09-06 12:13:27,786 DEBUG [cloud.async.SyncQueueManagerImpl] 
> (Job-Executor-53:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) There is 
> a pending process in sync queue(id: 1)
> 2013-09-06 12:13:27,788 DEBUG [cloud.async.AsyncJobManagerImpl] 
> (Job-Executor-54:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Executing 
> org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd for job-39 = 
> [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]
> 2013-09-06 12:13:27,809 INFO  [cloud.network.NetworkServiceImpl] 
> (Job-Executor-54:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) The start 
> IP of the specified guest vm cidr is: 10.1.2.1 and end IP is: 10.1.3.254
> 2013-09-06 12:13:27,809 INFO  [cloud.network.NetworkServiceImpl] 
> (Job-Executor-54:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) The 
> specified guest vm cidr has 510 IPs
> 2013-09-06 12:13:27,811 INFO  [cloud.network.NetworkServiceImpl] 
> (Job-Executor-54:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) IP 
> Reservation has been applied. The new CIDR for Guests Vms is 10.1.2.0/23
> 2013-09-06 12:13:27,843 DEBUG [cloud.async.AsyncJobManagerImpl] 
> (Job-Executor-54:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Complete 
> async job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ], jobStatus: 1, 
> resultCode: 0, result: 
> org.apache.cloudstack.api.response.NetworkResponse@3f57d929
> 2013-09-06 12:13:27,851 DEBUG [cloud.async.SyncQueueManagerImpl] 
> (Job-Executor-54:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Sync 
> queue (1) is currently empty
> 2013-09-06 12:13:27,851 DEBUG [cloud.async.AsyncJobManagerImpl] 
> (Job-Executor-54:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Done 
> executing org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd for 
> job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]
> Here is a snippet from api logs :
> 2013-09-06 12:13:27,761 INFO  [cloud.api.ApiServer] (catalina-exec-13:null) 
> (userId=2 accountId=2 sessionId=DA08FA8E57384D44EDBD0EB02D547164) 10.144.7.25 
> -- GET 
> command=updateNetwork&response=json&sessionkey=moOLxaFrqNc50wz6SDh6v413RnA%3D&id=674355e5-8c3b-44a2-b47d-d198548ccea7&name=TIER-1&displaytext=TIER-1&guestvmcidr=10.1.2.0%2F23&_=1378450020843
>  200 { "updatenetworkresponse" : 
> {"jobid":"4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e"} }
> 2013-09-06 12:13:30,804 INFO  [cloud.api.ApiServer] (catalina-exec-20:null) 
> (userId=2 accountId=2 sessionId=DA08FA8E57384D44EDBD0EB02D547164) 10.144.7.25 
> -- GET 
> command=queryAsyncJobResult&jobId=4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e&response=json&sessionkey=moOLxaFrqNc50wz6SDh6v413RnA%3D&_=1378450023951
>  200 { "queryasyncjobresultresponse" : 
> {"accountid":"0add9fc0-15ef-11e3-9b03-fef34996d384","userid":"0addcf54-15ef-11e3-9b03-fef34996d384","cmd":"org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd","jobstatus":1,"jobprocstatus":0,"jobresultcode":0,"jobresulttype":"object","jobresult":{"network":{"id":"674355e5-8c3b-44a2-b47d-d198548ccea7","name":"TIER-1","displaytext":"TIER-1","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.1.2.1","netmask":"255.255.255.0","cidr":"10.1.2.0/23","networkcidr":"10.1.2.0/24","zoneid":"b53dc749-1576-495a-91b8-49db37aecf15","zonename":"Zone-1","networkofferingid":"6c52357c-3013-4d9e-a035-910bd5eb59ab","networkofferingname":"DefaultIsolatedNetworkOfferingForVpcNetworks","networkofferingdisplaytext":"Offering
>  for Isolated Vpc networks with Source Nat service 
> enabled","networkofferingconservemode":false,"networkofferingavailability":"Optional","issystem":false,"state":"Implemented","related":"674355e5-8c3b-44a2-b47d-d198548ccea7","broadcasturi":"vlan://726","dns1":"10.103.128.15","type":"Isolated","vlan":"726","acltype":"Account","account":"admin","domainid":"e3b3104c-15ee-11e3-9b03-fef34996d384","domain":"ROOT","service":[{"name":"Vpn","capability":[{"name":"VpnTypes","value":"s2svpn","canchooseservicecapability":false},{"name":"SupportedVpnTypes","value":"pptp,l2tp,ipsec","canchooseservicecapability":false}]},{"name":"PortForwarding"},{"name":"Dns","capability":[{"name":"AllowDnsSuffixModification","value":"true","canchooseservicecapability":false}]},{"name":"Dhcp","capability":[{"name":"DhcpAccrossMultipleSubnets","value":"true","canchooseservicecapability":false}]},{"name":"NetworkACL","capability":[{"name":"SupportedProtocols","value":"tcp,udp,icmp","canchooseservicecapability":false}]},{"name":"StaticNat"},{"name":"UserData"},{"name":"SourceNat","capability":[{"name":"RedundantRouter","value":"false","canchooseservicecapability":false},{"name":"SupportedSourceNatTypes","value":"peraccount","canchooseservicecapability":false}]},{"name":"Lb","capability":[{"name":"SupportedLBIsolation","value":"dedicated","canchooseservicecapability":false},{"name":"SupportedStickinessMethods","value":"[{\"methodname\":\"LbCookie\",\"paramlist\":[{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\":\"
>  
> \"},{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\"
>  
> \"},{\"paramname\":\"nocache\",\"required\":false,\"isflag\":true,\"description\":\"
>  
> \"},{\"paramname\":\"indirect\",\"required\":false,\"isflag\":true,\"description\":\"
>  
> \"},{\"paramname\":\"postonly\",\"required\":false,\"isflag\":true,\"description\":\"
>  
> \"},{\"paramname\":\"domain\",\"required\":false,\"isflag\":false,\"description\":\"
>  \"}],\"description\":\"This is loadbalancer cookie based stickiness 
> method.\"},{\"methodname\":\"AppCookie\",\"paramlist\":[{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\":\"
>  
> \"},{\"paramname\":\"length\",\"required\":false,\"isflag\":false,\"description\":\"
>  
> \"},{\"paramname\":\"holdtime\",\"required\":false,\"isflag\":false,\"description\":\"
>  
> \"},{\"paramname\":\"request-learn\",\"required\":false,\"isflag\":true,\"description\":\"
>  
> \"},{\"paramname\":\"prefix\",\"required\":false,\"isflag\":true,\"description\":\"
>  
> \"},{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\"
>  \"}],\"description\":\"This is App session based sticky method. Define 
> session stickiness on an existing application cookie. It can be used only for 
> a specific http 
> traffic\"},{\"methodname\":\"SourceBased\",\"paramlist\":[{\"paramname\":\"tablesize\",\"required\":false,\"isflag\":false,\"description\":\"
>  
> \"},{\"paramname\":\"expire\",\"required\":false,\"isflag\":false,\"description\":\"
>  \"}],\"description\":\"This is source based Stickiness method, it can be 
> used for any type of 
> protocol.\"}]","canchooseservicecapability":false},{"name":"SupportedProtocols","value":"tcp,
>  
> udp","canchooseservicecapability":false},{"name":"LbSchemes","value":"Public","canchooseservicecapability":false},{"name":"SupportedLbAlgorithms","value":"roundrobin,leastconn,source","canchooseservicecapability":false}]}],"networkdomain":"cs2cloud.internal","physicalnetworkid":"a0368cfe-3d15-4d18-afee-906bd5a998c6","restartrequired":false,"specifyipranges":false,"vpcid":"8a647441-3d3f-49ff-95b9-e4f20a57bdbc","canusefordeploy":true,"ispersistent":false,"tags":[],"displaynetwork":true}},"created":"2013-09-06T12:13:27+0530","jobid":"4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e"}
>  }
> NOTE :
> =============================
> This problem is seen only in this particular scenario. I executed some other 
> tests around this and the issue was not seen,
> i)  Add the VM to another guest network and do IP reservation on that network 
> with CIDR as a subset of network CIDR .
> ii) Add a VM from VPC tier to a guest network and do IP reservation on that 
> network with CIDR as a subset of network CIDR.
> ii) Add a VM from VPC tier to another VPC tier and do IP reservation on that 
> tier with CIDR as a subset of network CIDR.
> Attaching management server logs and api logs



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to