[jira] [Assigned] (CLOUDSTACK-4622) [IP Reservation][If a VM from guest network is added to network tier of VPC then IP reservation allows the CIDR to be a superset of Network CIDR for that VPC tier

Thu, 24 Aug 2017 00:27:42 -0700 

     [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-4622?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Saksham Srivastava reassigned CLOUDSTACK-4622:
----------------------------------------------

    Assignee:     (was: Saksham Srivastava)

> [IP Reservation][If a VM from guest network is added to network tier of VPC 
> then IP reservation allows the CIDR to be a superset of Network CIDR  for 
> that VPC tier
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-4622
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4622
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Network Controller
>    Affects Versions: 4.2.0
>            Reporter: Abhinav Roy
>            Priority: Critical
>             Fix For: Future
>
>         Attachments: CS-4622.zip
>
>
> Steps :
> ===================
> 1. Deploy a CS 4.2 advanced networking setup
> 2. Create a Guest network , gn1 and deploy a VM, vm1 on that network.
> 3. Create a VPC Tier, tier1 with CIDR as 10.1.2.1/24 and deploy a vm , v1t1 
> on that tier.
> 4. Go to Instances -> vm1 -> nics -> Add Network to VM    and add tier1 
> network to vm1.
> 5. Now, go to tier1 and do IP reservation with CIDR as 10.1.2.1/23
> Expected behaviour :
> =================
> The IP reservation should fail as the CIDR 10.1.2.1/23 is not a subset of the 
> network CIDR which is 10.1.2.1/24
> Observed behaviour :
> ================
> The IP reservation goes through , here is a snippet from management server 
> logs
> 2013-09-06 12:13:27,760 DEBUG [cloud.async.AsyncJobManagerImpl] 
> (catalina-exec-13:null) submit async job-39 = [ 
> 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ], details: AsyncJobVO {id:39, userId: 
> 2, accountId: 2, sessionKey: null, instanceType: None, instanceId: null, cmd: 
> org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd, 
> cmdOriginator: null, cmdInfo: 
> {"id":"674355e5-8c3b-44a2-b47d-d198548ccea7","response":"json","sessionkey":"moOLxaFrqNc50wz6SDh6v413RnA\u003d","cmdEventType":"NETWORK.UPDATE","ctxUserId":"2","name":"TIER-1","guestvmcidr":"10.1.2.0/23","displaytext":"TIER-1","httpmethod":"GET","_":"1378450020843","ctxAccountId":"2","ctxStartEventId":"134"},
>  cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0, 
> processStatus: 0, resultCode: 0, result: null, initMsid: 280320865129348, 
> completeMsid: null, lastUpdated: null, lastPolled: null, created: null}
> 2013-09-06 12:13:27,761 DEBUG [cloud.api.ApiServlet] (catalina-exec-13:null) 
> ===END===  10.144.7.25 -- GET  
> command=updateNetwork&response=json&sessionkey=moOLxaFrqNc50wz6SDh6v413RnA%3D&id=674355e5-8c3b-44a2-b47d-d198548ccea7&name=TIER-1&displaytext=TIER-1&guestvmcidr=10.1.2.0%2F23&_=1378450020843
> 2013-09-06 12:13:27,763 DEBUG [cloud.async.AsyncJobManagerImpl] 
> (Job-Executor-53:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Executing 
> org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd for job-39 = 
> [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]
> 2013-09-06 12:13:27,771 DEBUG [cloud.async.AsyncJobManagerImpl] 
> (Job-Executor-53:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Sync 
> job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ] execution on object 
> network.205
> 2013-09-06 12:13:27,778 DEBUG [cloud.async.AsyncJobManagerImpl] 
> (Job-Executor-53:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) job 
> org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd for job-39 = 
> [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ] was queued, processing the queue.
> 2013-09-06 12:13:27,782 DEBUG [cloud.async.AsyncJobManagerImpl] 
> (Job-Executor-53:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Executing 
> sync queue item: SyncQueueItemVO {id:15, queueId: 1, contentType: AsyncJob, 
> contentId: 39, lastProcessMsid: 280320865129348, lastprocessNumber: 7, 
> lastProcessTime: Fri Sep 06 12:13:27 IST 2013, created: Fri Sep 06 12:13:27 
> IST 2013}
> 2013-09-06 12:13:27,783 DEBUG [cloud.async.AsyncJobManagerImpl] 
> (Job-Executor-53:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Schedule 
> queued job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]
> 2013-09-06 12:13:27,786 DEBUG [cloud.async.SyncQueueManagerImpl] 
> (Job-Executor-53:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) There is 
> a pending process in sync queue(id: 1)
> 2013-09-06 12:13:27,788 DEBUG [cloud.async.AsyncJobManagerImpl] 
> (Job-Executor-54:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Executing 
> org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd for job-39 = 
> [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]
> 2013-09-06 12:13:27,809 INFO  [cloud.network.NetworkServiceImpl] 
> (Job-Executor-54:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) The start 
> IP of the specified guest vm cidr is: 10.1.2.1 and end IP is: 10.1.3.254
> 2013-09-06 12:13:27,809 INFO  [cloud.network.NetworkServiceImpl] 
> (Job-Executor-54:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) The 
> specified guest vm cidr has 510 IPs
> 2013-09-06 12:13:27,811 INFO  [cloud.network.NetworkServiceImpl] 
> (Job-Executor-54:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) IP 
> Reservation has been applied. The new CIDR for Guests Vms is 10.1.2.0/23
> 2013-09-06 12:13:27,843 DEBUG [cloud.async.AsyncJobManagerImpl] 
> (Job-Executor-54:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Complete 
> async job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ], jobStatus: 1, 
> resultCode: 0, result: 
> org.apache.cloudstack.api.response.NetworkResponse@3f57d929
> 2013-09-06 12:13:27,851 DEBUG [cloud.async.SyncQueueManagerImpl] 
> (Job-Executor-54:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Sync 
> queue (1) is currently empty
> 2013-09-06 12:13:27,851 DEBUG [cloud.async.AsyncJobManagerImpl] 
> (Job-Executor-54:job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]) Done 
> executing org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd for 
> job-39 = [ 4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e ]
> Here is a snippet from api logs :
> 2013-09-06 12:13:27,761 INFO  [cloud.api.ApiServer] (catalina-exec-13:null) 
> (userId=2 accountId=2 sessionId=DA08FA8E57384D44EDBD0EB02D547164) 10.144.7.25 
> -- GET 
> command=updateNetwork&response=json&sessionkey=moOLxaFrqNc50wz6SDh6v413RnA%3D&id=674355e5-8c3b-44a2-b47d-d198548ccea7&name=TIER-1&displaytext=TIER-1&guestvmcidr=10.1.2.0%2F23&_=1378450020843
>  200 { "updatenetworkresponse" : 
> {"jobid":"4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e"} }
> 2013-09-06 12:13:30,804 INFO  [cloud.api.ApiServer] (catalina-exec-20:null) 
> (userId=2 accountId=2 sessionId=DA08FA8E57384D44EDBD0EB02D547164) 10.144.7.25 
> -- GET 
> command=queryAsyncJobResult&jobId=4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e&response=json&sessionkey=moOLxaFrqNc50wz6SDh6v413RnA%3D&_=1378450023951
>  200 { "queryasyncjobresultresponse" : 
> {"accountid":"0add9fc0-15ef-11e3-9b03-fef34996d384","userid":"0addcf54-15ef-11e3-9b03-fef34996d384","cmd":"org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd","jobstatus":1,"jobprocstatus":0,"jobresultcode":0,"jobresulttype":"object","jobresult":{"network":{"id":"674355e5-8c3b-44a2-b47d-d198548ccea7","name":"TIER-1","displaytext":"TIER-1","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.1.2.1","netmask":"255.255.255.0","cidr":"10.1.2.0/23","networkcidr":"10.1.2.0/24","zoneid":"b53dc749-1576-495a-91b8-49db37aecf15","zonename":"Zone-1","networkofferingid":"6c52357c-3013-4d9e-a035-910bd5eb59ab","networkofferingname":"DefaultIsolatedNetworkOfferingForVpcNetworks","networkofferingdisplaytext":"Offering
>  for Isolated Vpc networks with Source Nat service 
> enabled","networkofferingconservemode":false,"networkofferingavailability":"Optional","issystem":false,"state":"Implemented","related":"674355e5-8c3b-44a2-b47d-d198548ccea7","broadcasturi":"vlan://726","dns1":"10.103.128.15","type":"Isolated","vlan":"726","acltype":"Account","account":"admin","domainid":"e3b3104c-15ee-11e3-9b03-fef34996d384","domain":"ROOT","service":[{"name":"Vpn","capability":[{"name":"VpnTypes","value":"s2svpn","canchooseservicecapability":false},{"name":"SupportedVpnTypes","value":"pptp,l2tp,ipsec","canchooseservicecapability":false}]},{"name":"PortForwarding"},{"name":"Dns","capability":[{"name":"AllowDnsSuffixModification","value":"true","canchooseservicecapability":false}]},{"name":"Dhcp","capability":[{"name":"DhcpAccrossMultipleSubnets","value":"true","canchooseservicecapability":false}]},{"name":"NetworkACL","capability":[{"name":"SupportedProtocols","value":"tcp,udp,icmp","canchooseservicecapability":false}]},{"name":"StaticNat"},{"name":"UserData"},{"name":"SourceNat","capability":[{"name":"RedundantRouter","value":"false","canchooseservicecapability":false},{"name":"SupportedSourceNatTypes","value":"peraccount","canchooseservicecapability":false}]},{"name":"Lb","capability":[{"name":"SupportedLBIsolation","value":"dedicated","canchooseservicecapability":false},{"name":"SupportedStickinessMethods","value":"[{\"methodname\":\"LbCookie\",\"paramlist\":[{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\":\"
>  
> \"},{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\"
>  
> \"},{\"paramname\":\"nocache\",\"required\":false,\"isflag\":true,\"description\":\"
>  
> \"},{\"paramname\":\"indirect\",\"required\":false,\"isflag\":true,\"description\":\"
>  
> \"},{\"paramname\":\"postonly\",\"required\":false,\"isflag\":true,\"description\":\"
>  
> \"},{\"paramname\":\"domain\",\"required\":false,\"isflag\":false,\"description\":\"
>  \"}],\"description\":\"This is loadbalancer cookie based stickiness 
> method.\"},{\"methodname\":\"AppCookie\",\"paramlist\":[{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\":\"
>  
> \"},{\"paramname\":\"length\",\"required\":false,\"isflag\":false,\"description\":\"
>  
> \"},{\"paramname\":\"holdtime\",\"required\":false,\"isflag\":false,\"description\":\"
>  
> \"},{\"paramname\":\"request-learn\",\"required\":false,\"isflag\":true,\"description\":\"
>  
> \"},{\"paramname\":\"prefix\",\"required\":false,\"isflag\":true,\"description\":\"
>  
> \"},{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\"
>  \"}],\"description\":\"This is App session based sticky method. Define 
> session stickiness on an existing application cookie. It can be used only for 
> a specific http 
> traffic\"},{\"methodname\":\"SourceBased\",\"paramlist\":[{\"paramname\":\"tablesize\",\"required\":false,\"isflag\":false,\"description\":\"
>  
> \"},{\"paramname\":\"expire\",\"required\":false,\"isflag\":false,\"description\":\"
>  \"}],\"description\":\"This is source based Stickiness method, it can be 
> used for any type of 
> protocol.\"}]","canchooseservicecapability":false},{"name":"SupportedProtocols","value":"tcp,
>  
> udp","canchooseservicecapability":false},{"name":"LbSchemes","value":"Public","canchooseservicecapability":false},{"name":"SupportedLbAlgorithms","value":"roundrobin,leastconn,source","canchooseservicecapability":false}]}],"networkdomain":"cs2cloud.internal","physicalnetworkid":"a0368cfe-3d15-4d18-afee-906bd5a998c6","restartrequired":false,"specifyipranges":false,"vpcid":"8a647441-3d3f-49ff-95b9-e4f20a57bdbc","canusefordeploy":true,"ispersistent":false,"tags":[],"displaynetwork":true}},"created":"2013-09-06T12:13:27+0530","jobid":"4562cb4d-54d5-4b7e-90bd-e3d2c679ab5e"}
>  }
> NOTE :
> =============================
> This problem is seen only in this particular scenario. I executed some other 
> tests around this and the issue was not seen,
> i)  Add the VM to another guest network and do IP reservation on that network 
> with CIDR as a subset of network CIDR .
> ii) Add a VM from VPC tier to a guest network and do IP reservation on that 
> network with CIDR as a subset of network CIDR.
> ii) Add a VM from VPC tier to another VPC tier and do IP reservation on that 
> tier with CIDR as a subset of network CIDR.
> Attaching management server logs and api logs



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to