Thanks Likitha for your prompt response. I will wait for the FS. Regards, Manan Shah
On 2/21/13 10:30 PM, "Likitha Shetty" <likitha.she...@citrix.com> wrote: >Yes Manan, with the 1st solution the dedication should be applicable for >both Isolated and VPC networks. >I will capture all that is being discussed here in the FS (yet to >publish). > >Thank you, >Likitha > >>-----Original Message----- >>From: Manan Shah >>Sent: Friday, February 22, 2013 11:55 AM >>To: Manan Shah; Likitha Shetty; cloudstack-us...@incubator.apache.org; >>cloudstack-dev@incubator.apache.org >>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and >>VLANs per >>Tenant >> >>Hi Likitha, >> >>One additional question. When an admin assigns a Public IP Address range >>to an >>account and if that account creates a VPC, I am assuming they will still >>get the >>Public IP Address from this reserved IP range. Can you please confirm >>that this >>reserved Public IP Address would work for both Isolated Networks as well >>as >>VPC? >> >>Regards, >>Manan Shah >> >> >> >> >>On 2/21/13 9:57 PM, "Manan Shah" <manan.s...@citrix.com> wrote: >> >>>Hi Likitha, >>> >>>I agree with you that the 1st solution seems like a better approach. >>> >>>Regards, >>>Manan Shah >>> >>> >>> >>> >>>On 2/21/13 9:39 PM, "Likitha Shetty" <likitha.she...@citrix.com> wrote: >>> >>>>Hi Manan, >>>> >>>>Thanks for the feedback. Please find my answers inline. >>>> >>>>Thank you, >>>>Likitha >>>> >>>>>-----Original Message----- >>>>>From: Manan Shah >>>>>Sent: Friday, February 22, 2013 10:28 AM >>>>>To: Likitha Shetty; cloudstack-us...@incubator.apache.org; >>>>>cloudstack- d...@incubator.apache.org >>>>>Cc: Manan Shah >>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and >>>>>VLANs per Tenant >>>>> >>>>>Hi Likitha, >>>>> >>>>>Comments in-line belowŠ. Also, please let us know once the FS is >>>>>updated. >>>>> >>>>>Regards, >>>>>Manan Shah >>>>> >>>>> >>>>> >>>>> >>>>>On 2/19/13 8:59 PM, "Likitha Shetty" <likitha.she...@citrix.com> >>>>>wrote: >>>>> >>>>>>CCing Manan to comment on the requirements. >>>>>> >>>>>>>-----Original Message----- >>>>>>>From: Likitha Shetty [mailto:likitha.she...@citrix.com] >>>>>>>Sent: Friday, February 15, 2013 7:09 PM >>>>>>>To: cloudstack-us...@incubator.apache.org; cloudstack- >>>>>>>d...@incubator.apache.org >>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and >>>>>>>VLANs per Tenant >>>>>>> >>>>>>>Hi All, >>>>>>> >>>>>>>This is with respect to Part 1 of the feature 'Dedicate Public IP >>>>>>>range' >>>>>>>which is >>>>>>>already implemented in CS. >>>>>>>Following is the observation wrt what is the current CS >>>>>>>implementation and the proposed changes to the same, >>>>>>> >>>>>>>1. A public VLAN-IP range can only be associated to an account >>>>>>>during the >>>>>>>creation of the range >>>>>>>Proposed change - Admin should be allowed to dedicate a range even >>>>>>>after it has been created and also allowed to change the owner >>>>>[Manan] Agreed with the functionality. >>>>>>> >>>>>>>2. If an admin associates an IP range to an account, all the >>>>>>>IP's >>>>>>>of that range >>>>>>>get acquired by a single isolated network in that account >>>>> >>>>>[Manan] Why do you think this is the right functionality. What if the >>>>>admin wants to allocate a public IP range to a account and wants to >>>>>allow the tenant to create as many networks as they want and use this >>>>>public IP range. >>>>[Likitha] Manan, I agree. I don't think this is the right behavior. So >>>>the following is what currently happens in CS, If an admin associates >>>>an IP range to an account, all the IP's of that range get acquired by >>>>a single isolated network in that account 1. If there are no isolated >>>>guest networks, a new network is created and all the IP's from the >>>>range are dedicated to the new network 2. If there is 1 isolated guest >>>>network, all the IP's from the range are dedicated to the existing >>>>network 3. If there are more than 1 isolated guest network CS throws >>>>an error >>>> >>>>There are 2 possible changes we can introduce to resolve this, 1. >>>>During dedication we just mark this range of IP's as dedicated. And >>>>when the user acquires an IP for a particular network we allow the >>>>network to choose from the dedicated range. >>>>2. During dedication when an account is chosen, the user also has the >>>>option to choose one of the network in the account which can acquire >>>>the IP's I prefer the 1st solution because with the 2nd solution, one >>>>of the networks of the tenant will acquire all the IP's. >>>>Thoughts? >>>>> >>>>>>> >>>>>>>a. If there are no isolated guest networks, a new network is >>>>>>>created and all >>>>>>>the IP's from the range are dedicated to the new network >>>>>>> >>>>>>>b. If there is 1 isolated guest network, all the IP's from the >>>>>>>range are >>>>>>>dedicated to the existing network >>>>>>> >>>>>>>c. If there are more than 1 isolated guest network CS throws >>>>>>>an >>>>>>>error >>>>>>> >>>>>>> Proposed change - When an account is chosen, the >>>>>>>user also has the option to choose the network in the account which >>>>>>>can acquire the IP's >>>>>>> >>>>>>>3. When a network that has a dedicated IP range is deleted, >>>>>>>the >>>>>>>mapping >>>>>>>between the account that owned the network and IP range persists. >>>>>>>This implies that the admin sees that the range is associated to >>>>>>>the account. But the IP's from this range can be acquired by any >>>>>>>other account >>>>>>> >>>>>>>Proposed change - The IP range should no longer be owned by the >>>>>>>account >>>>>[Manan] Agree with the proposed change >>>>>>> >>>>>>>4. When an account is deleted the IP ranges dedicated to that >>>>>>>account get >>>>>>>deleted >>>>>>> >>>>>>>Proposed change - The range should be released back to the free >>>>>>>pool instead >>>>> >>>>>[Manan] Agree with the proposed change. I am assuming if there are >>>>>any public Ips that are in use (Loadbalancing, Port Forwarding, >>>>>Static-NAT, >>>>>etc) then they will remain as is. >>>>> >>>>>>> >>>>>>>5. I see a potential starving scenario where a certain account >>>>>>>that has >>>>>>>dedicated range uses up all the IP's from the free pool as well >>>>>>> >>>>>>>Proposed change - Impose a configurable limit like say, at least >>>>>>>one range should always belong to the free pool >>>>>[Manan] Agree with the proposed change >>>>>>> >>>>>>>6. Even if a range is dedicated to an account, any network >>>>>>>that >>>>>>>belongs to >>>>>>>this account including the one that has acquired the IP's can >>>>>>>acquire more IP's from the free pool. This is because when we >>>>>>>dedicate an IP range to an account, one of the networks of that >>>>>>>account acquires all the IP's. >>>>>>> >>>>>>>Proposed change - During dedication we just mark this range of IP's >>>>>>>as dedicated. And only when the user acquires an IP for a >>>>>>>particular network we allow the network to choose from the >>>>>>>dedicated range. If this change is implemented we will not run into >>>>>>>issue >>#2. >>>>>>> >>>>>>>Please provide your feedback. I will publish an FS keeping in line >>>>>>>with the requirements we decide upon. >>>>>>> >>>>>>> >>>>>>> >>>>>>>Thank you, >>>>>>> >>>>>>>Likitha >>>>>>> >>>>>>> >>>>>>> >>>>>>>-----Original Message----- >>>>>>>From: Likitha Shetty [mailto:likitha.she...@citrix.com] >>>>>>>Sent: Friday, January 18, 2013 5:11 PM >>>>>>>To: cloudstack-us...@incubator.apache.org; cloudstack- >>>>>>>d...@incubator.apache.org >>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses and >>>>>>>VLANs per Tenant >>>>>>> >>>>>>> >>>>>>> >>>>>>>In CloudStack we can already reserve the public IP range to an >>>>>>>account but not release it back to the free pool, so how about we >>>>>>>divide this requirement into 2 parts - 1) Dedicate Public IP range >>>>>>>2) Dedicate Guest VLAN's per tenant. >>>>>>> >>>>>>> >>>>>>> >>>>>>>Since Part 1 has already implemented, we need to only add the >>>>>>>enhancement 'Add releasing these IP Address range to the free >>>>>>>pool'. I will create an enhancement ticket to track this? >>>>>>> >>>>>>>As for Part 2, I will soon publish an FS based on the requirements. >>>>>>> >>>>>>> >>>>>>> >>>>>>>Any concerns? >>>>>>> >>>>>>> >>>>>>> >>>>>>>Thank you, >>>>>>> >>>>>>>Likitha >>>>>>> >>>>>>> >>>>>>> >>>>>>>>-----Original Message----- >>>>>>> >>>>>>>>From: Likitha Shetty [mailto:likitha.she...@citrix.com] >>>>>>> >>>>>>>>Sent: Thursday, January 17, 2013 3:55 PM >>>>>>> >>>>>>>>To: cloudstack-us...@incubator.apache.org; cloudstack- >>>>>>> >>>>>>>>d...@incubator.apache.org >>>>>>> >>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses >>>>>>>>and >>>>>>> >>>>>>>>VLANs per Tenant >>>>>>> >>>>>>>> >>>>>>> >>>>>>>>Yes, before reserving the public ip range we do verify if the >>>>>>> >>>>>>>>account/domain is exceeding the limit. >>>>>>> >>>>>>>> >>>>>>> >>>>>>>>Thank You, >>>>>>> >>>>>>>>Likitha >>>>>>> >>>>>>>> >>>>>>> >>>>>>>>>-----Original Message----- >>>>>>> >>>>>>>>>From: Sailaja Mada [mailto:sailaja.m...@citrix.com] >>>>>>> >>>>>>>>>Sent: Thursday, January 17, 2013 3:50 PM >>>>>>> >>>>>>>>>To: cloudstack-us...@incubator.apache.org; cloudstack- >>>>>>> >>>>>>>>>d...@incubator.apache.org >>>>>>> >>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses >>>>>>>>>and >>>>>>> >>>>>>>>>VLANs per Tenant >>>>>>> >>>>>>>>> >>>>>>> >>>>>>>>>Hi Likitha, >>>>>>> >>>>>>>>> >>>>>>> >>>>>>>>>Currently we can reserve the public IP range to an account. I >>>>>>>>>would >>>>>>> >>>>>>>>>assume we are cross checking the account/domain limit for the max >>>>>>>>>no >>>>>>> >>>>>>>>>of Public IP addresses while reserving the Public IP to an >>>>>>>>>account? >>>>>>> >>>>>>>>> >>>>>>> >>>>>>>>>Please clarify. >>>>>>> >>>>>>>>> >>>>>>> >>>>>>>>>Thanks, >>>>>>> >>>>>>>>>Sailaja.M >>>>>>> >>>>>>>>> >>>>>>> >>>>>>>>>-----Original Message----- >>>>>>> >>>>>>>>>From: Likitha Shetty [mailto:likitha.she...@citrix.com] >>>>>>> >>>>>>>>>Sent: Thursday, January 10, 2013 7:43 PM >>>>>>> >>>>>>>>>To: cloudstack-us...@incubator.apache.org; cloudstack- >>>>>>> >>>>>>>>>d...@incubator.apache.org >>>>>>> >>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses >>>>>>>>>and >>>>>>> >>>>>>>>>VLANs per Tenant >>>>>>> >>>>>>>>> >>>>>>> >>>>>>>>>For CreateVlanIpRange API call, we can set the account parameter >>>>>>>>>to >>>>>>> >>>>>>>>>specify the VLAN owner. If specified, the Public IP's get >>>>>>>>>allocated to >>>>>>> >>>>>>>>>the account and the VLAN get dedicated to it. Could you please >>>>>>>>>clarify >>>>>>> >>>>>>>>>what the difference between this and the mentioned requirement is? >>>>>>> >>>>>>>>> >>>>>>> >>>>>>>>>But I couldn't figure out a way to release back the VLAN and the >>>>>>> >>>>>>>>>allocated IP's to the free pool. I achieved it by deleting the >>>>>>>>>VLAN-IP >>>>>>> >>>>>>>>>range and then adding it back to the system account. Is there a >>>>>>>>>better >>>>>>> >>>>>>>>>way to do it or do we need to implement this? >>>>>>> >>>>>>>>> >>>>>>> >>>>>>>>>Thank you, >>>>>>> >>>>>>>>>Likitha >>>>>>> >>>>>>>>> >>>>>>> >>>>>>>>>>-----Original Message----- >>>>>>> >>>>>>>>>>From: Manan Shah [mailto:manan.s...@citrix.com] >>>>>>> >>>>>>>>>>Sent: Friday, January 04, 2013 10:11 PM >>>>>>> >>>>>>>>>>To: cloudstack-us...@incubator.apache.org >>>>>>> >>>>>>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses >>>>>>>>>>and >>>>>>> >>>>>>>>>>VLANs per Tenant >>>>>>> >>>>>>>>>> >>>>>>> >>>>>>>>>>Thanks Tamas for bringing up additional requirements. I have >>>>>>>>>>updated >>>>>>> >>>>>>>>>>the requirements document. >>>>>>> >>>>>>>>>> >>>>>>> >>>>>>>>>>Regards, >>>>>>> >>>>>>>>>>Manan Shah >>>>>>> >>>>>>>>>> >>>>>>> >>>>>>>>>> >>>>>>> >>>>>>>>>> >>>>>>> >>>>>>>>>> >>>>>>> >>>>>>>>>>On 1/4/13 6:32 AM, "Tamas Monos" >>>>>>><tam...@veber.co.uk<mailto:tam...@veber.co.uk>> wrote: >>>>>>> >>>>>>>>>> >>>>>>> >>>>>>>>>>>+1 >>>>>>> >>>>>>>>>>> >>>>>>> >>>>>>>>>>>Additional to the requirements: >>>>>>> >>>>>>>>>>>- Usage must reflect if these are assigned to an Account so the >>>>>>> >>>>>>>>>>>admin can see how many IP is allocated to the account. >>>>>>> >>>>>>>>>>>- On allocation it needs to check whether the required range is >>>>>>> >>>>>>>>>>>available (not in use) and conforms with the account limits >>>>>>>>>>>(cannot >>>>>>> >>>>>>>>>>>allocate more IPs than maximum IPs per account). >>>>>>> >>>>>>>>>>> >>>>>>> >>>>>>>>>>>Regards >>>>>>> >>>>>>>>>>> >>>>>>> >>>>>>>>>>>Tamas Monos DDI >>>>>>> >>>>>>>>>>>+44(0)2034687012 >>>>>>> >>>>>>>>>>>Chief Technical >>>>>>>>>>>Office >>>>>>> >>>>>>>>>>>+44(0)2034687000 >>>>>>> >>>>>>>>>>>Veber: The Hosting Specialists Fax >>>>>>>>>>>+44(0)871 >>>>>>>>>>>522 >>>>>>> >>>>>>>>>>>7057 >>>>>>> >>>>>>>>>>>http://www.veber.co.uk >>>>>>> >>>>>>>>>>> >>>>>>> >>>>>>>>>>>Follow us on Twitter: >>>>>>>www.twitter.com/veberhost<http://www.twitter.com/veberhost> Follow >>>>>>>us on >>>>>>>Facebook: >>>>>>> >>>>>>>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberhost> >>>>>>> >>>>>>>>>>> >>>>>>> >>>>>>>>>>> >>>>>>> >>>>>>>>>>>-----Original Message----- >>>>>>> >>>>>>>>>>>From: Manan Shah [mailto:manan.s...@citrix.com] >>>>>>> >>>>>>>>>>>Sent: 22 December 2012 01:03 >>>>>>> >>>>>>>>>>>To: cloudstack-us...@incubator.apache.org >>>>>>> >>>>>>>>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses and >>>>>>> >>>>>>>>>>>VLANs per Tenant >>>>>>> >>>>>>>>>>> >>>>>>> >>>>>>>>>>>Hi, >>>>>>> >>>>>>>>>>> >>>>>>> >>>>>>>>>>>I would like to propose a new feature for dedicating IP >>>>>>>>>>>Addresses >>>>>>> >>>>>>>>>>>and VLANs per Tenant. I have created a JIRA ticket and provided >>>>>>>>>>>the >>>>>>> >>>>>>>>>>>requirements at the following location. Please provide >>>>>>>>>>>feedback on >>>>>>> >>>>>>>>>>>the requirements. >>>>>>> >>>>>>>>>>> >>>>>>> >>>>>>>>>>>JIRA Ticket: >>>>>>>>>>>https://issues.apache.org/jira/browse/CLOUDSTACK-704 >>>>>>> >>>>>>>>>>>Requirements: >>>>>>> >>>>>>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedicate >>>>>>>>>>>d+R >>>>>>>>>>>es >>>>>>> >>>>>>>>>>>o >>>>>>> >>>>>>>>>>>u >>>>>>> >>>>>>>>>>>r >>>>>>> >>>>>>>>>>>ces >>>>>>> >>>>>>>>>>>+ >>>>>>> >>>>>>>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant >>>>>>> >>>>>>>>>>> >>>>>>> >>>>>>>>>>>Regards, >>>>>>> >>>>>>>>>>>Manan Shah >>>>>>> >>>>>>>>>>> >>>>>>> >>>>>>>>>>> >>>>>>> >>>>>>>>>>> >>>>>>> >>>>>> >>>> >>> >
