KVM: Out of subnet 'secondary' IPs for Virtual Machines (Anycast/floating IPs)
Hi, Use-case: I have a SG enabled shared network where a VM establishes a BGP session with the upstream router. Over this BGP session the VM announces a /32 (IPv4) and/or /128 (IPv6) address and the router now installs this route. I do the same (with the same IPs) on a few different VMs and this way I can have a Anycast/Floating IP which is being routed to those VMs. Problem: Security Group filtering prohibits this as the 'ipset' on the hypervisor checks all the packets originating from the VM and drops all packets not matching the ipset. Name: i-79-1328-VM Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 248 References: 5 Number of entries: 1 Members: 62.221.XXX.11 I want to add /32 and /128 addresses to this subnet so that the SG does not filter away this traffic. They could be added as a secondary IP to the VM, but this is not allowed by the API as the secondary IPs you want to add should always come from the subnet configured for that network. I do not want to turn off security grouping as this poses other potential issues. Solutions I see: - Add global/account/domain setting which allows arbitrary secondary IPs - Add per-network setting which allows arbitrary secondary IPs - Pre-define subnets which Anycast/Floating IPs can be picked from per network Any ideas or suggestions? Wido
Re: KVM: Out of subnet 'secondary' IPs for Virtual Machines (Anycast/floating IPs)
Wido, As an operator, would I sell a floating ip with a number of instances it can be applied to? just checking on your envisioned business case, not implying an answer here/yet. On Mon, Jan 17, 2022 at 2:37 PM Wido den Hollander wrote: > Hi, > > Use-case: I have a SG enabled shared network where a VM establishes a > BGP session with the upstream router. > > Over this BGP session the VM announces a /32 (IPv4) and/or /128 (IPv6) > address and the router now installs this route. > > I do the same (with the same IPs) on a few different VMs and this way I > can have a Anycast/Floating IP which is being routed to those VMs. > > Problem: Security Group filtering prohibits this as the 'ipset' on the > hypervisor checks all the packets originating from the VM and drops all > packets not matching the ipset. > > Name: i-79-1328-VM > Type: hash:ip > Revision: 4 > Header: family inet hashsize 1024 maxelem 65536 > Size in memory: 248 > References: 5 > Number of entries: 1 > Members: > 62.221.XXX.11 > > I want to add /32 and /128 addresses to this subnet so that the SG does > not filter away this traffic. > > They could be added as a secondary IP to the VM, but this is not allowed > by the API as the secondary IPs you want to add should always come from > the subnet configured for that network. > > I do not want to turn off security grouping as this poses other > potential issues. > > Solutions I see: > > - Add global/account/domain setting which allows arbitrary secondary IPs > - Add per-network setting which allows arbitrary secondary IPs > - Pre-define subnets which Anycast/Floating IPs can be picked from per > network > > Any ideas or suggestions? > > Wido > -- Daan
GSoC22
Hi everyone, GSoC 22 has been announced and the timeline is now available. Last year we had great success with our students having them all completed their assignments and I hope this year comes with even better results. From Feb 7th organizations can start submitting their applications for the program and I think now it’s good time to start preparing. If nobody objects, I’d like to step up and coordinate our GSoC involvement this year. I’ll help with info and support for students and mentors if they need to, also will be responsible to report back to you results and make sure we take the most of the program. Please checkout the timeline here: https://developers.google.com/open-source/gsoc/timeline Also have a look at the general information at: https://summerofcode.withgoogle.com To submit your idea please create a GitHub issue at the official ACS project with label “gsoc22”, we’ll later review and work with the ASF guys to make this list available for applications. You will also need to register as a mentor. To become a mentor you don’t need to be committer or PMC, you need to have an idea and the will to support and guide a student developing it. Registering is also easy, please send an email to private@ and ask to be recognized as such, I can’t think of a reason for someone to be dropped by this, it’s more or less anti-flooding mech. I believe individuals that have mentored already does not need to apply again, will get back to you if it turns otherwise. The idea: * Aim at low hanging fruits – we have a limited time for completing this project and most of the time it will be somebody just starting his career so think of something achievable * Spend some time defining it good and appealing, after all it needs to catch an eye of an applicant The tech: * Avoid domain specific tech – expecting a student to be aware of specific technology or product integration in Cloudstack is not really realistic, or pick something that can be easily understand fast * Stick to common tech – think of a task related to particular framework we use, or enchasing a common functionality this way it will sound more familiar to people and it will pick more eyes, eventually candidates Changes this year: https://opensource.googleblog.com/2021/11/expanding-google-summer-of-code-in-2022.html TL;DR: There’s three new changes this year, some of which can be taken into consideration: 1. Eligibility: the only requirement now is to be above 18, you don’t need to prove you’re student now. This will open up the door for more candidates 2. Projects come with different sizes – we can now submit large and mid size projects, please indicate this in the github item * Mid - ~175hrs until August * Large - ~350hrs until November 1. Increased Flexibility – projects can be now 12 or 22 weeks, despite having strict deadline like last year (end of August), looks like it can be extended to 22week now. Please directly add your project idea, and of course if you have questions I’ll be available to help. Thanks, Bobby.
Re: GSoC22
Thanks for sharing this Boris. I will be applying to Gsoc 2022 for CloudStack as a mentee this year. It's likely a bit early to ask but if there are any suggestions in regards to creating a top notch proposal, please feel free to share them as well. Best, Daman Arora. Blog: https://daemonsets.github.io GitHub: https://github.com/Damans227 On Mon., Jan. 17, 2022, 9:40 a.m. Boris Stoyanov, < boris.stoya...@shapeblue.com> wrote: > Hi everyone, > > GSoC 22 has been announced and the timeline is now available. Last year we > had great success with our students having them all completed their > assignments and I hope this year comes with even better results. From Feb > 7th organizations can start submitting their applications for the program > and I think now it’s good time to start preparing. If nobody objects, I’d > like to step up and coordinate our GSoC involvement this year. I’ll help > with info and support for students and mentors if they need to, also will > be responsible to report back to you results and make sure we take the most > of the program. > > Please checkout the timeline here: > https://developers.google.com/open-source/gsoc/timeline > > Also have a look at the general information at: > https://summerofcode.withgoogle.com > > To submit your idea please create a GitHub issue at the official ACS > project with label “gsoc22”, we’ll later review and work with the ASF guys > to make this list available for applications. You will also need to > register as a mentor. To become a mentor you don’t need to be committer or > PMC, you need to have an idea and the will to support and guide a student > developing it. Registering is also easy, please send an email to private@ > and ask to be recognized as such, I can’t think of a reason for someone to > be dropped by this, it’s more or less anti-flooding mech. I believe > individuals that have mentored already does not need to apply again, will > get back to you if it turns otherwise. > > The idea: > > * Aim at low hanging fruits – we have a limited time for completing > this project and most of the time it will be somebody just starting his > career so think of something achievable > * Spend some time defining it good and appealing, after all it needs > to catch an eye of an applicant > > The tech: > > * Avoid domain specific tech – expecting a student to be aware of > specific technology or product integration in Cloudstack is not really > realistic, or pick something that can be easily understand fast > * Stick to common tech – think of a task related to particular > framework we use, or enchasing a common functionality this way it will > sound more familiar to people and it will pick more eyes, eventually > candidates > > Changes this year: > > > https://opensource.googleblog.com/2021/11/expanding-google-summer-of-code-in-2022.html > > > > TL;DR: > > There’s three new changes this year, some of which can be taken into > consideration: > > > > 1. Eligibility: the only requirement now is to be above 18, you don’t > need to prove you’re student now. This will open up the door for more > candidates > 2. Projects come with different sizes – we can now submit large and mid > size projects, please indicate this in the github item > > * Mid - ~175hrs until August > * Large - ~350hrs until November > > 1. Increased Flexibility – projects can be now 12 or 22 weeks, despite > having strict deadline like last year (end of August), looks like it can be > extended to 22week now. > > > > Please directly add your project idea, and of course if you have questions > I’ll be available to help. > > > > Thanks, > > Bobby. > > > >
Re: GSoC22
Hi Daman, You’ve probably seen already the ‘Student Guide’, but if you haven’t please have a read. https://google.github.io/gsocguides/student/ Try understanding the particular project expectations before applying, come back to the mentor with some relative questions and be proactive, these are just some points to lead you to a top-notch proposal. Boris. From: Daman Arora Date: Monday, 17 January 2022, 16:48 To: dev@cloudstack.apache.org Cc: us...@cloudstack.apache.org Subject: Re: GSoC22 Thanks for sharing this Boris. I will be applying to Gsoc 2022 for CloudStack as a mentee this year. It's likely a bit early to ask but if there are any suggestions in regards to creating a top notch proposal, please feel free to share them as well. Best, Daman Arora. Blog: https://daemonsets.github.io GitHub: https://github.com/Damans227 On Mon., Jan. 17, 2022, 9:40 a.m. Boris Stoyanov, < boris.stoya...@shapeblue.com> wrote: > Hi everyone, > > GSoC 22 has been announced and the timeline is now available. Last year we > had great success with our students having them all completed their > assignments and I hope this year comes with even better results. From Feb > 7th organizations can start submitting their applications for the program > and I think now it’s good time to start preparing. If nobody objects, I’d > like to step up and coordinate our GSoC involvement this year. I’ll help > with info and support for students and mentors if they need to, also will > be responsible to report back to you results and make sure we take the most > of the program. > > Please checkout the timeline here: > https://developers.google.com/open-source/gsoc/timeline > > Also have a look at the general information at: > https://summerofcode.withgoogle.com > > To submit your idea please create a GitHub issue at the official ACS > project with label “gsoc22”, we’ll later review and work with the ASF guys > to make this list available for applications. You will also need to > register as a mentor. To become a mentor you don’t need to be committer or > PMC, you need to have an idea and the will to support and guide a student > developing it. Registering is also easy, please send an email to private@ > and ask to be recognized as such, I can’t think of a reason for someone to > be dropped by this, it’s more or less anti-flooding mech. I believe > individuals that have mentored already does not need to apply again, will > get back to you if it turns otherwise. > > The idea: > > * Aim at low hanging fruits – we have a limited time for completing > this project and most of the time it will be somebody just starting his > career so think of something achievable > * Spend some time defining it good and appealing, after all it needs > to catch an eye of an applicant > > The tech: > > * Avoid domain specific tech – expecting a student to be aware of > specific technology or product integration in Cloudstack is not really > realistic, or pick something that can be easily understand fast > * Stick to common tech – think of a task related to particular > framework we use, or enchasing a common functionality this way it will > sound more familiar to people and it will pick more eyes, eventually > candidates > > Changes this year: > > > https://opensource.googleblog.com/2021/11/expanding-google-summer-of-code-in-2022.html > > > > TL;DR: > > There’s three new changes this year, some of which can be taken into > consideration: > > > > 1. Eligibility: the only requirement now is to be above 18, you don’t > need to prove you’re student now. This will open up the door for more > candidates > 2. Projects come with different sizes – we can now submit large and mid > size projects, please indicate this in the github item > > * Mid - ~175hrs until August > * Large - ~350hrs until November > > 1. Increased Flexibility – projects can be now 12 or 22 weeks, despite > having strict deadline like last year (end of August), looks like it can be > extended to 22week now. > > > > Please directly add your project idea, and of course if you have questions > I’ll be available to help. > > > > Thanks, > > Bobby. > > > >
Re: GSoC22
Yup, I am aware of the Student Guide and also the CloudStack HackerBook ( https://github.com/shapeblue/hackerbook), I will revisit both of them while I wait for the project proposals to be posted. Thank you for replying and cheers! Regards, Daman Arora, Blog: https://daemonsets.github.io GitHub: https://github.com/Damans227 On Mon, Jan 17, 2022 at 10:18 AM Boris Stoyanov < boris.stoya...@shapeblue.com> wrote: > Hi Daman, > > You’ve probably seen already the ‘Student Guide’, but if you haven’t > please have a read. > > https://google.github.io/gsocguides/student/ > > Try understanding the particular project expectations before applying, > come back to the mentor with some relative questions and be proactive, > these are just some points to lead you to a top-notch proposal. > > Boris. > > From: Daman Arora > Date: Monday, 17 January 2022, 16:48 > To: dev@cloudstack.apache.org > Cc: us...@cloudstack.apache.org > Subject: Re: GSoC22 > Thanks for sharing this Boris. > > I will be applying to Gsoc 2022 for CloudStack as a mentee this year. It's > likely a bit early to ask but if there are any suggestions in regards to > creating a top notch proposal, please feel free to share them as well. > > Best, > Daman Arora. > Blog: https://daemonsets.github.io > GitHub: https://github.com/Damans227 > > > > > On Mon., Jan. 17, 2022, 9:40 a.m. Boris Stoyanov, < > boris.stoya...@shapeblue.com> wrote: > > > Hi everyone, > > > > GSoC 22 has been announced and the timeline is now available. Last year > we > > had great success with our students having them all completed their > > assignments and I hope this year comes with even better results. From Feb > > 7th organizations can start submitting their applications for the program > > and I think now it’s good time to start preparing. If nobody objects, I’d > > like to step up and coordinate our GSoC involvement this year. I’ll help > > with info and support for students and mentors if they need to, also will > > be responsible to report back to you results and make sure we take the > most > > of the program. > > > > Please checkout the timeline here: > > https://developers.google.com/open-source/gsoc/timeline > > > > Also have a look at the general information at: > > https://summerofcode.withgoogle.com > > > > To submit your idea please create a GitHub issue at the official ACS > > project with label “gsoc22”, we’ll later review and work with the ASF > guys > > to make this list available for applications. You will also need to > > register as a mentor. To become a mentor you don’t need to be committer > or > > PMC, you need to have an idea and the will to support and guide a student > > developing it. Registering is also easy, please send an email to private@ > > and ask to be recognized as such, I can’t think of a reason for someone > to > > be dropped by this, it’s more or less anti-flooding mech. I believe > > individuals that have mentored already does not need to apply again, will > > get back to you if it turns otherwise. > > > > The idea: > > > > * Aim at low hanging fruits – we have a limited time for completing > > this project and most of the time it will be somebody just starting his > > career so think of something achievable > > * Spend some time defining it good and appealing, after all it needs > > to catch an eye of an applicant > > > > The tech: > > > > * Avoid domain specific tech – expecting a student to be aware of > > specific technology or product integration in Cloudstack is not really > > realistic, or pick something that can be easily understand fast > > * Stick to common tech – think of a task related to particular > > framework we use, or enchasing a common functionality this way it will > > sound more familiar to people and it will pick more eyes, eventually > > candidates > > > > Changes this year: > > > > > > > https://opensource.googleblog.com/2021/11/expanding-google-summer-of-code-in-2022.html > > > > > > > > TL;DR: > > > > There’s three new changes this year, some of which can be taken into > > consideration: > > > > > > > > 1. Eligibility: the only requirement now is to be above 18, you don’t > > need to prove you’re student now. This will open up the door for more > > candidates > > 2. Projects come with different sizes – we can now submit large and > mid > > size projects, please indicate this in the github item > > > > * Mid - ~175hrs until August > > * Large - ~350hrs until November > > > > 1. Increased Flexibility – projects can be now 12 or 22 weeks, despite > > having strict deadline like last year (end of August), looks like it can > be > > extended to 22week now. > > > > > > > > Please directly add your project idea, and of course if you have > questions > > I’ll be available to help. > > > > > > > > Thanks, > > > > Bobby. > > > > > > > > > > > >
ACS 4.16/4.15 with Netscaler VPX 13 issues
Hello Folks, I'am trying to add Netscaler vpx device to my 4.16 Acs mgmt server i have set all the entries like asked, but it saying me that credentials are not corrects : Add Netscaler device (Netscaler) Failed to log in to Netscaler device at a.b.c;d due to Invalid username or password Does somebody use Netscaler with ACS 4.16 ? I tried too on acs 4.15 and i have same error Is VPX version 13 is valid ? The credentials are well working from a browser Regards, Benoit
Re: KVM: Out of subnet 'secondary' IPs for Virtual Machines (Anycast/floating IPs)
Hi Wido, CloudStack allows users to add multiple IP ranges to a shared network. All these IPs share the same vlan. I hope it helps you. The problem is, a secondary IP can only be assigned to a VM. I think we can add a flag like `floating` to secondary IP . If the flag is true, it can be assigned to multiple VMs (belonging to same owner) as secondary IP. -Wei On Mon, 17 Jan 2022 at 14:37, Wido den Hollander wrote: > Hi, > > Use-case: I have a SG enabled shared network where a VM establishes a > BGP session with the upstream router. > > Over this BGP session the VM announces a /32 (IPv4) and/or /128 (IPv6) > address and the router now installs this route. > > I do the same (with the same IPs) on a few different VMs and this way I > can have a Anycast/Floating IP which is being routed to those VMs. > > Problem: Security Group filtering prohibits this as the 'ipset' on the > hypervisor checks all the packets originating from the VM and drops all > packets not matching the ipset. > > Name: i-79-1328-VM > Type: hash:ip > Revision: 4 > Header: family inet hashsize 1024 maxelem 65536 > Size in memory: 248 > References: 5 > Number of entries: 1 > Members: > 62.221.XXX.11 > > I want to add /32 and /128 addresses to this subnet so that the SG does > not filter away this traffic. > > They could be added as a secondary IP to the VM, but this is not allowed > by the API as the secondary IPs you want to add should always come from > the subnet configured for that network. > > I do not want to turn off security grouping as this poses other > potential issues. > > Solutions I see: > > - Add global/account/domain setting which allows arbitrary secondary IPs > - Add per-network setting which allows arbitrary secondary IPs > - Pre-define subnets which Anycast/Floating IPs can be picked from per > network > > Any ideas or suggestions? > > Wido >
Re: ACS 4.16/4.15 with Netscaler VPX 13 issues
I have this error in mgmt logs server :
2022-01-17 16:37:07,698 DEBUG [c.c.a.ApiServlet]
(qtp1850777594-337:ctx-deeb85b2 ctx-09e01ead) (logid:3930828f) ===END===
192.168.4.31 -- GET
physicalnetworkid=81ab1674-8acb-49bc-9e02-1323e3cd2e3f&username=nsroot&networkdevicetype=NetscalerVPXLoadBalancer&gslbprovider=false&url=https:%2F%2F10.20.2.225%3Fpublicinterface%3D1%2F1%26privateinterface%3D1%2F1%26lbdevicededicated%3Dtrue&id=aaf152ef-f8bd-4071-bfdb-75c6df1a17c5&command=addNetscalerLoadBalancer&response=json
2022-01-17 16:37:07,759 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(API-Job-Executor-24:ctx-5b0b91f8 job-156) (logid:249190c0) Complete async
job-156, jobStatus: FAILED, resultCode: 530, result:
org.apache.cloudstack.api.response.ExceptionResponse/null/{"uuidList":[],"errorcode":"530","errortext":"Failed
to verify device type specified when matching with actuall device type due
to Netscalar device type specified does not match with the actuall device
type."}
Le lun. 17 janv. 2022 à 16:25, benoit lair a écrit :
> Hello Folks,
>
> I'am trying to add Netscaler vpx device to my 4.16 Acs mgmt server
> i have set all the entries like asked, but it saying me that credentials
> are not corrects :
>
> Add Netscaler device
> (Netscaler) Failed to log in to Netscaler device at a.b.c;d due to Invalid
> username or password
>
> Does somebody use Netscaler with ACS 4.16 ?
> I tried too on acs 4.15 and i have same error
>
> Is VPX version 13 is valid ?
>
> The credentials are well working from a browser
>
> Regards, Benoit
>
Re: KVM: Out of subnet 'secondary' IPs for Virtual Machines (Anycast/floating IPs)
Op 17-01-2022 om 15:07 schreef Daan Hoogland: Wido, As an operator, would I sell a floating ip with a number of instances it can be applied to? For example you would sell a /32 and /128 address (or a larger subnet) which a client can announce from their VMs. It does require that the upstream routers (outside CloudStack) have BGP peers configured on their side which allows the VM to announce that they have a route for that address. Regardless of how many CloudStack environments you have each one of them could announce that /32 or /128 which would then route traffic to the closest VM in the network. Let's say you would announce 8.8.8.8/32 or 2001:4860:4860::/128 from multiple VPS to create a highly available DNS server as an example. Wido just checking on your envisioned business case, not implying an answer here/yet. On Mon, Jan 17, 2022 at 2:37 PM Wido den Hollander wrote: Hi, Use-case: I have a SG enabled shared network where a VM establishes a BGP session with the upstream router. Over this BGP session the VM announces a /32 (IPv4) and/or /128 (IPv6) address and the router now installs this route. I do the same (with the same IPs) on a few different VMs and this way I can have a Anycast/Floating IP which is being routed to those VMs. Problem: Security Group filtering prohibits this as the 'ipset' on the hypervisor checks all the packets originating from the VM and drops all packets not matching the ipset. Name: i-79-1328-VM Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 248 References: 5 Number of entries: 1 Members: 62.221.XXX.11 I want to add /32 and /128 addresses to this subnet so that the SG does not filter away this traffic. They could be added as a secondary IP to the VM, but this is not allowed by the API as the secondary IPs you want to add should always come from the subnet configured for that network. I do not want to turn off security grouping as this poses other potential issues. Solutions I see: - Add global/account/domain setting which allows arbitrary secondary IPs - Add per-network setting which allows arbitrary secondary IPs - Pre-define subnets which Anycast/Floating IPs can be picked from per network Any ideas or suggestions? Wido
[GitHub] [cloudstack-terraform-provider] harikrishna-patnala merged pull request #30: Fix ip address deletion during "terraform destory" command
harikrishna-patnala merged pull request #30: URL: https://github.com/apache/cloudstack-terraform-provider/pull/30 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
