Hello,
In Basic Networking IP address acquisition is not a manual process but
CS it self give IP's for instances. Problems is that if you configure IP
address pool in zone, user can add all this IP addresses to one instance
without informing CS.
Example:
IP address pool (10.11.11.1 - 10.11.11.10)
1.) Create instance. (CS will give to instance IP 10.11.11.2)
2.) In instance manually add IP's (create alias) from same subnet
(10.11.11.3, 10.11.11.4, *without* adding secondary IP's in CS).
3.) In CloudStack you can see that instance use only one IP
(10.11.11.2), but in reality it use whole IP pool.
4.) Deploy other instance, to which CS will give IP, which you manually
added before to instance nr. 1 (for example, 10.11.11.3).
Instance nr. 1:
In CS use only one public IP (10.11.11.2), but in reality have
configured 10 IP's.
Instance nr. 2:
In CS have one IP (10.11.11.3), but network didn't work, because
Instance Nr. 1 have IP which should be added to instance Nr. 2 and CS
didn't know about that.
On 2015.07.06. 07:45, Sanjeev N wrote:
What do you mean by IP address is acquired? In Basic Networking we don't
have IP address acquisition concept. Also alias IPs you are manually
configuring on deployed vms should not be overlapped with the Guest IP
address range provided in that zone.
On Fri, Jul 3, 2015 at 7:51 PM, Mārtiņš Jakubovičs <[email protected]>
wrote:
Hello,
I test right now infrastructure with base network setup. I faced issue, if
I deploy instance, I am able manually add more public IP's. For example, I
deploy VM, though DHCP I acquire IP, and I can manually add alias IP
addresses without problems and CloudStack still think that I use only one
IP. If IP address is acquired and other user boot VM can be situation when
new VM can't get public IP. Am I doing something wrong or is this kind of
security "hole" in Basic Networking?
Thanks.
