I'm not necessarily thinking about route advertisement or something that could be disruptive, if someone brought up a VPC with public address space it simply wouldn't work outside of the VPC (although that may be something to consider as well). I was primarily thinking about a situation where the admin could assign someone a VPC with say a /20 of public space (to be further carved into /24 or something on the VPC networks), and then the admin would point the upstream router to the VPC router for that /20 (via SDN or whatever means they're using for the larger orchestration). It doesn't seem like there'd be much work to enable this case outside of disabling the check for RFC 1918, and maybe some auditing to ensure any router scripts aren't expecting private space. Am I wrong?
On Mon, Oct 14, 2013 at 1:35 PM, Chip Childers <chip.child...@sungard.com> wrote: > If allowed, I'd make it disabled by default. Otherwise operators may be > surprised by their user's actions... ;-) > > > On Mon, Oct 14, 2013 at 3:01 PM, Marcus Sorensen <shadow...@gmail.com>wrote: > >> Working from the idea that cloudstack may be deployed as a component of a >> larger infrastructure orchestration effort, is there any reason not to >> allow non-rfc1918 added as the VPC super CIDR? >>
