First draft of the FS can be found here - https://cwiki.apache.org/confluence/display/CLOUDSTACK/FS-+Dedicate+Public+IP+Addresses+per+tenant . Comments/Suggestions?
Thank you, Likitha >-----Original Message----- >From: Manan Shah >Sent: Friday, February 22, 2013 12:08 PM >To: Likitha Shetty; cloudstack-us...@incubator.apache.org; cloudstack- >d...@incubator.apache.org >Cc: Manan Shah >Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and VLANs per >Tenant > >Thanks Likitha for your prompt response. I will wait for the FS. > >Regards, >Manan Shah > > > > >On 2/21/13 10:30 PM, "Likitha Shetty" <likitha.she...@citrix.com> wrote: > >>Yes Manan, with the 1st solution the dedication should be applicable >>for both Isolated and VPC networks. >>I will capture all that is being discussed here in the FS (yet to >>publish). >> >>Thank you, >>Likitha >> >>>-----Original Message----- >>>From: Manan Shah >>>Sent: Friday, February 22, 2013 11:55 AM >>>To: Manan Shah; Likitha Shetty; cloudstack-us...@incubator.apache.org; >>>cloudstack-dev@incubator.apache.org >>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and >>>VLANs per Tenant >>> >>>Hi Likitha, >>> >>>One additional question. When an admin assigns a Public IP Address >>>range to an account and if that account creates a VPC, I am assuming >>>they will still get the Public IP Address from this reserved IP range. >>>Can you please confirm that this reserved Public IP Address would work >>>for both Isolated Networks as well as VPC? >>> >>>Regards, >>>Manan Shah >>> >>> >>> >>> >>>On 2/21/13 9:57 PM, "Manan Shah" <manan.s...@citrix.com> wrote: >>> >>>>Hi Likitha, >>>> >>>>I agree with you that the 1st solution seems like a better approach. >>>> >>>>Regards, >>>>Manan Shah >>>> >>>> >>>> >>>> >>>>On 2/21/13 9:39 PM, "Likitha Shetty" <likitha.she...@citrix.com> wrote: >>>> >>>>>Hi Manan, >>>>> >>>>>Thanks for the feedback. Please find my answers inline. >>>>> >>>>>Thank you, >>>>>Likitha >>>>> >>>>>>-----Original Message----- >>>>>>From: Manan Shah >>>>>>Sent: Friday, February 22, 2013 10:28 AM >>>>>>To: Likitha Shetty; cloudstack-us...@incubator.apache.org; >>>>>>cloudstack- d...@incubator.apache.org >>>>>>Cc: Manan Shah >>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP Addresses and >>>>>>VLANs per Tenant >>>>>> >>>>>>Hi Likitha, >>>>>> >>>>>>Comments in-line belowŠ. Also, please let us know once the FS is >>>>>>updated. >>>>>> >>>>>>Regards, >>>>>>Manan Shah >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>On 2/19/13 8:59 PM, "Likitha Shetty" <likitha.she...@citrix.com> >>>>>>wrote: >>>>>> >>>>>>>CCing Manan to comment on the requirements. >>>>>>> >>>>>>>>-----Original Message----- >>>>>>>>From: Likitha Shetty [mailto:likitha.she...@citrix.com] >>>>>>>>Sent: Friday, February 15, 2013 7:09 PM >>>>>>>>To: cloudstack-us...@incubator.apache.org; cloudstack- >>>>>>>>d...@incubator.apache.org >>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses >>>>>>>>and VLANs per Tenant >>>>>>>> >>>>>>>>Hi All, >>>>>>>> >>>>>>>>This is with respect to Part 1 of the feature 'Dedicate Public IP >>>>>>>>range' >>>>>>>>which is >>>>>>>>already implemented in CS. >>>>>>>>Following is the observation wrt what is the current CS >>>>>>>>implementation and the proposed changes to the same, >>>>>>>> >>>>>>>>1. A public VLAN-IP range can only be associated to an account >>>>>>>>during the >>>>>>>>creation of the range >>>>>>>>Proposed change - Admin should be allowed to dedicate a range >>>>>>>>even after it has been created and also allowed to change the >>>>>>>>owner >>>>>>[Manan] Agreed with the functionality. >>>>>>>> >>>>>>>>2. If an admin associates an IP range to an account, all the >>>>>>>>IP's >>>>>>>>of that range >>>>>>>>get acquired by a single isolated network in that account >>>>>> >>>>>>[Manan] Why do you think this is the right functionality. What if >>>>>>the admin wants to allocate a public IP range to a account and >>>>>>wants to allow the tenant to create as many networks as they want >>>>>>and use this public IP range. >>>>>[Likitha] Manan, I agree. I don't think this is the right behavior. >>>>>So the following is what currently happens in CS, If an admin >>>>>associates an IP range to an account, all the IP's of that range get >>>>>acquired by a single isolated network in that account 1. If there >>>>>are no isolated guest networks, a new network is created and all the >>>>>IP's from the range are dedicated to the new network 2. If there is >>>>>1 isolated guest network, all the IP's from the range are dedicated >>>>>to the existing network 3. If there are more than 1 isolated guest >>>>>network CS throws an error >>>>> >>>>>There are 2 possible changes we can introduce to resolve this, 1. >>>>>During dedication we just mark this range of IP's as dedicated. And >>>>>when the user acquires an IP for a particular network we allow the >>>>>network to choose from the dedicated range. >>>>>2. During dedication when an account is chosen, the user also has >>>>>the option to choose one of the network in the account which can >>>>>acquire the IP's I prefer the 1st solution because with the 2nd >>>>>solution, one of the networks of the tenant will acquire all the IP's. >>>>>Thoughts? >>>>>> >>>>>>>> >>>>>>>>a. If there are no isolated guest networks, a new network is >>>>>>>>created and all >>>>>>>>the IP's from the range are dedicated to the new network >>>>>>>> >>>>>>>>b. If there is 1 isolated guest network, all the IP's from the >>>>>>>>range are >>>>>>>>dedicated to the existing network >>>>>>>> >>>>>>>>c. If there are more than 1 isolated guest network CS throws >>>>>>>>an >>>>>>>>error >>>>>>>> >>>>>>>> Proposed change - When an account is chosen, the >>>>>>>>user also has the option to choose the network in the account >>>>>>>>which can acquire the IP's >>>>>>>> >>>>>>>>3. When a network that has a dedicated IP range is deleted, >>>>>>>>the >>>>>>>>mapping >>>>>>>>between the account that owned the network and IP range persists. >>>>>>>>This implies that the admin sees that the range is associated to >>>>>>>>the account. But the IP's from this range can be acquired by any >>>>>>>>other account >>>>>>>> >>>>>>>>Proposed change - The IP range should no longer be owned by the >>>>>>>>account >>>>>>[Manan] Agree with the proposed change >>>>>>>> >>>>>>>>4. When an account is deleted the IP ranges dedicated to that >>>>>>>>account get >>>>>>>>deleted >>>>>>>> >>>>>>>>Proposed change - The range should be released back to the free >>>>>>>>pool instead >>>>>> >>>>>>[Manan] Agree with the proposed change. I am assuming if there are >>>>>>any public Ips that are in use (Loadbalancing, Port Forwarding, >>>>>>Static-NAT, >>>>>>etc) then they will remain as is. >>>>>> >>>>>>>> >>>>>>>>5. I see a potential starving scenario where a certain account >>>>>>>>that has >>>>>>>>dedicated range uses up all the IP's from the free pool as well >>>>>>>> >>>>>>>>Proposed change - Impose a configurable limit like say, at least >>>>>>>>one range should always belong to the free pool >>>>>>[Manan] Agree with the proposed change >>>>>>>> >>>>>>>>6. Even if a range is dedicated to an account, any network >>>>>>>>that >>>>>>>>belongs to >>>>>>>>this account including the one that has acquired the IP's can >>>>>>>>acquire more IP's from the free pool. This is because when we >>>>>>>>dedicate an IP range to an account, one of the networks of that >>>>>>>>account acquires all the IP's. >>>>>>>> >>>>>>>>Proposed change - During dedication we just mark this range of >>>>>>>>IP's as dedicated. And only when the user acquires an IP for a >>>>>>>>particular network we allow the network to choose from the >>>>>>>>dedicated range. If this change is implemented we will not run >>>>>>>>into issue >>>#2. >>>>>>>> >>>>>>>>Please provide your feedback. I will publish an FS keeping in >>>>>>>>line with the requirements we decide upon. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>Thank you, >>>>>>>> >>>>>>>>Likitha >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>-----Original Message----- >>>>>>>>From: Likitha Shetty [mailto:likitha.she...@citrix.com] >>>>>>>>Sent: Friday, January 18, 2013 5:11 PM >>>>>>>>To: cloudstack-us...@incubator.apache.org; cloudstack- >>>>>>>>d...@incubator.apache.org >>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses >>>>>>>>and VLANs per Tenant >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>In CloudStack we can already reserve the public IP range to an >>>>>>>>account but not release it back to the free pool, so how about we >>>>>>>>divide this requirement into 2 parts - 1) Dedicate Public IP >>>>>>>>range >>>>>>>>2) Dedicate Guest VLAN's per tenant. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>Since Part 1 has already implemented, we need to only add the >>>>>>>>enhancement 'Add releasing these IP Address range to the free >>>>>>>>pool'. I will create an enhancement ticket to track this? >>>>>>>> >>>>>>>>As for Part 2, I will soon publish an FS based on the requirements. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>Any concerns? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>Thank you, >>>>>>>> >>>>>>>>Likitha >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>-----Original Message----- >>>>>>>> >>>>>>>>>From: Likitha Shetty [mailto:likitha.she...@citrix.com] >>>>>>>> >>>>>>>>>Sent: Thursday, January 17, 2013 3:55 PM >>>>>>>> >>>>>>>>>To: cloudstack-us...@incubator.apache.org; cloudstack- >>>>>>>> >>>>>>>>>d...@incubator.apache.org >>>>>>>> >>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses >>>>>>>>>and >>>>>>>> >>>>>>>>>VLANs per Tenant >>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>>>Yes, before reserving the public ip range we do verify if the >>>>>>>> >>>>>>>>>account/domain is exceeding the limit. >>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>>>Thank You, >>>>>>>> >>>>>>>>>Likitha >>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>>>>-----Original Message----- >>>>>>>> >>>>>>>>>>From: Sailaja Mada [mailto:sailaja.m...@citrix.com] >>>>>>>> >>>>>>>>>>Sent: Thursday, January 17, 2013 3:50 PM >>>>>>>> >>>>>>>>>>To: cloudstack-us...@incubator.apache.org; cloudstack- >>>>>>>> >>>>>>>>>>d...@incubator.apache.org >>>>>>>> >>>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses >>>>>>>>>>and >>>>>>>> >>>>>>>>>>VLANs per Tenant >>>>>>>> >>>>>>>>>> >>>>>>>> >>>>>>>>>>Hi Likitha, >>>>>>>> >>>>>>>>>> >>>>>>>> >>>>>>>>>>Currently we can reserve the public IP range to an account. I >>>>>>>>>>would >>>>>>>> >>>>>>>>>>assume we are cross checking the account/domain limit for the >>>>>>>>>>max no >>>>>>>> >>>>>>>>>>of Public IP addresses while reserving the Public IP to an >>>>>>>>>>account? >>>>>>>> >>>>>>>>>> >>>>>>>> >>>>>>>>>>Please clarify. >>>>>>>> >>>>>>>>>> >>>>>>>> >>>>>>>>>>Thanks, >>>>>>>> >>>>>>>>>>Sailaja.M >>>>>>>> >>>>>>>>>> >>>>>>>> >>>>>>>>>>-----Original Message----- >>>>>>>> >>>>>>>>>>From: Likitha Shetty [mailto:likitha.she...@citrix.com] >>>>>>>> >>>>>>>>>>Sent: Thursday, January 10, 2013 7:43 PM >>>>>>>> >>>>>>>>>>To: cloudstack-us...@incubator.apache.org; cloudstack- >>>>>>>> >>>>>>>>>>d...@incubator.apache.org >>>>>>>> >>>>>>>>>>Subject: RE: [DISCUSS] Dedicated Resources: Public IP Addresses >>>>>>>>>>and >>>>>>>> >>>>>>>>>>VLANs per Tenant >>>>>>>> >>>>>>>>>> >>>>>>>> >>>>>>>>>>For CreateVlanIpRange API call, we can set the account >>>>>>>>>>parameter to >>>>>>>> >>>>>>>>>>specify the VLAN owner. If specified, the Public IP's get >>>>>>>>>>allocated to >>>>>>>> >>>>>>>>>>the account and the VLAN get dedicated to it. Could you please >>>>>>>>>>clarify >>>>>>>> >>>>>>>>>>what the difference between this and the mentioned requirement is? >>>>>>>> >>>>>>>>>> >>>>>>>> >>>>>>>>>>But I couldn't figure out a way to release back the VLAN and >>>>>>>>>>the >>>>>>>> >>>>>>>>>>allocated IP's to the free pool. I achieved it by deleting the >>>>>>>>>>VLAN-IP >>>>>>>> >>>>>>>>>>range and then adding it back to the system account. Is there a >>>>>>>>>>better >>>>>>>> >>>>>>>>>>way to do it or do we need to implement this? >>>>>>>> >>>>>>>>>> >>>>>>>> >>>>>>>>>>Thank you, >>>>>>>> >>>>>>>>>>Likitha >>>>>>>> >>>>>>>>>> >>>>>>>> >>>>>>>>>>>-----Original Message----- >>>>>>>> >>>>>>>>>>>From: Manan Shah [mailto:manan.s...@citrix.com] >>>>>>>> >>>>>>>>>>>Sent: Friday, January 04, 2013 10:11 PM >>>>>>>> >>>>>>>>>>>To: cloudstack-us...@incubator.apache.org >>>>>>>> >>>>>>>>>>>Subject: Re: [DISCUSS] Dedicated Resources: Public IP >>>>>>>>>>>Addresses and >>>>>>>> >>>>>>>>>>>VLANs per Tenant >>>>>>>> >>>>>>>>>>> >>>>>>>> >>>>>>>>>>>Thanks Tamas for bringing up additional requirements. I have >>>>>>>>>>>updated >>>>>>>> >>>>>>>>>>>the requirements document. >>>>>>>> >>>>>>>>>>> >>>>>>>> >>>>>>>>>>>Regards, >>>>>>>> >>>>>>>>>>>Manan Shah >>>>>>>> >>>>>>>>>>> >>>>>>>> >>>>>>>>>>> >>>>>>>> >>>>>>>>>>> >>>>>>>> >>>>>>>>>>> >>>>>>>> >>>>>>>>>>>On 1/4/13 6:32 AM, "Tamas Monos" >>>>>>>><tam...@veber.co.uk<mailto:tam...@veber.co.uk>> wrote: >>>>>>>> >>>>>>>>>>> >>>>>>>> >>>>>>>>>>>>+1 >>>>>>>> >>>>>>>>>>>> >>>>>>>> >>>>>>>>>>>>Additional to the requirements: >>>>>>>> >>>>>>>>>>>>- Usage must reflect if these are assigned to an Account so >>>>>>>>>>>>the >>>>>>>> >>>>>>>>>>>>admin can see how many IP is allocated to the account. >>>>>>>> >>>>>>>>>>>>- On allocation it needs to check whether the required range >>>>>>>>>>>>is >>>>>>>> >>>>>>>>>>>>available (not in use) and conforms with the account limits >>>>>>>>>>>>(cannot >>>>>>>> >>>>>>>>>>>>allocate more IPs than maximum IPs per account). >>>>>>>> >>>>>>>>>>>> >>>>>>>> >>>>>>>>>>>>Regards >>>>>>>> >>>>>>>>>>>> >>>>>>>> >>>>>>>>>>>>Tamas Monos DDI >>>>>>>> >>>>>>>>>>>>+44(0)2034687012 >>>>>>>> >>>>>>>>>>>>Chief Technical >>>>>>>>>>>>Office >>>>>>>> >>>>>>>>>>>>+44(0)2034687000 >>>>>>>> >>>>>>>>>>>>Veber: The Hosting Specialists Fax >>>>>>>>>>>>+44(0)871 >>>>>>>>>>>>522 >>>>>>>> >>>>>>>>>>>>7057 >>>>>>>> >>>>>>>>>>>>http://www.veber.co.uk >>>>>>>> >>>>>>>>>>>> >>>>>>>> >>>>>>>>>>>>Follow us on Twitter: >>>>>>>>www.twitter.com/veberhost<http://www.twitter.com/veberhost> >>>>>>>>Follow us on >>>>>>>>Facebook: >>>>>>>> >>>>>>>>>>>>www.facebook.com/veberhost<http://www.facebook.com/veberho >st> >>>>>>>> >>>>>>>>>>>> >>>>>>>> >>>>>>>>>>>> >>>>>>>> >>>>>>>>>>>>-----Original Message----- >>>>>>>> >>>>>>>>>>>>From: Manan Shah [mailto:manan.s...@citrix.com] >>>>>>>> >>>>>>>>>>>>Sent: 22 December 2012 01:03 >>>>>>>> >>>>>>>>>>>>To: cloudstack-us...@incubator.apache.org >>>>>>>> >>>>>>>>>>>>Subject: [DISCUSS] Dedicated Resources: Public IP Addresses >>>>>>>>>>>>and >>>>>>>> >>>>>>>>>>>>VLANs per Tenant >>>>>>>> >>>>>>>>>>>> >>>>>>>> >>>>>>>>>>>>Hi, >>>>>>>> >>>>>>>>>>>> >>>>>>>> >>>>>>>>>>>>I would like to propose a new feature for dedicating IP >>>>>>>>>>>>Addresses >>>>>>>> >>>>>>>>>>>>and VLANs per Tenant. I have created a JIRA ticket and >>>>>>>>>>>>provided the >>>>>>>> >>>>>>>>>>>>requirements at the following location. Please provide >>>>>>>>>>>>feedback on >>>>>>>> >>>>>>>>>>>>the requirements. >>>>>>>> >>>>>>>>>>>> >>>>>>>> >>>>>>>>>>>>JIRA Ticket: >>>>>>>>>>>>https://issues.apache.org/jira/browse/CLOUDSTACK-704 >>>>>>>> >>>>>>>>>>>>Requirements: >>>>>>>> >>>>>>>>>>>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dedica >>>>>>>>>>>>te >>>>>>>>>>>>d+R >>>>>>>>>>>>es >>>>>>>> >>>>>>>>>>>>o >>>>>>>> >>>>>>>>>>>>u >>>>>>>> >>>>>>>>>>>>r >>>>>>>> >>>>>>>>>>>>ces >>>>>>>> >>>>>>>>>>>>+ >>>>>>>> >>>>>>>>>>>>-+Public+IP+Addresses+and+VLANs+per+Tenant >>>>>>>> >>>>>>>>>>>> >>>>>>>> >>>>>>>>>>>>Regards, >>>>>>>> >>>>>>>>>>>>Manan Shah >>>>>>>> >>>>>>>>>>>> >>>>>>>> >>>>>>>>>>>> >>>>>>>> >>>>>>>>>>>> >>>>>>>> >>>>>>> >>>>> >>>> >>
