[jira] [Commented] (CLOUDSTACK-5535) Do not allow addNetwork to create NIC across VPC tiers and Isolated Networks

Thu, 09 Jan 2014 13:33:03 -0800 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-5535?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13867094#comment-13867094
 ] 

Marcus Sorensen commented on CLOUDSTACK-5535:
---------------------------------------------

I'm not sure about that, as VPC was in development at the same time we 
developed this (4.0) it's hard to say. I can say I was unaware that the deploy 
code was updated at some point to disallow multiple tiers.

It just breaks primary scenarios that prompted us to contribute it to 
cloudstack in the first place, and one of the primary reasons we contribute to 
cloudstack, frankly, is to help us ensure compatibility going forward. Anything 
we have that isn't in the community version has to be maintained and re-patched 
by us everytime cloudstack changes.

I'm not sure how this breaks ACLs. If I add a VM to two networks, it's 
explicitly because I want that. If we add in VM 3 into tier 1 and VM 4 into 
tier 2, they still cannot talk to each other, ACLs are respected as any VM *on* 
the network can only talk to VMs *on the same network*.  Adding a VM to a 
network is not breaking ACLs, it's allowing flexibility to the admin to design 
their network how they choose.

> Do not allow addNetwork to create NIC across VPC tiers and Isolated Networks 
> -----------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-5535
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5535
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: API, Management Server
>    Affects Versions: 4.3.0
>            Reporter: Saksham Srivastava
>            Assignee: Saksham Srivastava
>            Priority: Critical
>             Fix For: 4.3.0
>
>
> addNetworkToVM allows adding any network to VM.
> Ideally a VM running in isolated Guest Network should not be able to add a 
> VPC tier.
> A VM running in VPC tier should not be allowed to add another tier
> A VM running in VPC tier should not be allowed to add another isolated guest 
> network.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to