If you want CS not to allocate these IPs to any other vm, you can mark Allocated field in user_ip_address table for all the IPs you want to assign to guest vms manually.
On Mon, Jul 6, 2015 at 12:17 PM, Mārtiņš Jakubovičs <[email protected]> wrote: > Hello, > > In Basic Networking IP address acquisition is not a manual process but CS > it self give IP's for instances. Problems is that if you configure IP > address pool in zone, user can add all this IP addresses to one instance > without informing CS. > > Example: > IP address pool (10.11.11.1 - 10.11.11.10) > 1.) Create instance. (CS will give to instance IP 10.11.11.2) > 2.) In instance manually add IP's (create alias) from same subnet > (10.11.11.3, 10.11.11.4, *without* adding secondary IP's in CS). > 3.) In CloudStack you can see that instance use only one IP (10.11.11.2), > but in reality it use whole IP pool. > 4.) Deploy other instance, to which CS will give IP, which you manually > added before to instance nr. 1 (for example, 10.11.11.3). > > Instance nr. 1: > In CS use only one public IP (10.11.11.2), but in reality have configured > 10 IP's. > > Instance nr. 2: > In CS have one IP (10.11.11.3), but network didn't work, because Instance > Nr. 1 have IP which should be added to instance Nr. 2 and CS didn't know > about that. > > > On 2015.07.06. 07:45, Sanjeev N wrote: > >> What do you mean by IP address is acquired? In Basic Networking we don't >> have IP address acquisition concept. Also alias IPs you are manually >> configuring on deployed vms should not be overlapped with the Guest IP >> address range provided in that zone. >> >> On Fri, Jul 3, 2015 at 7:51 PM, Mārtiņš Jakubovičs <[email protected]> >> wrote: >> >> Hello, >>> >>> I test right now infrastructure with base network setup. I faced issue, >>> if >>> I deploy instance, I am able manually add more public IP's. For example, >>> I >>> deploy VM, though DHCP I acquire IP, and I can manually add alias IP >>> addresses without problems and CloudStack still think that I use only one >>> IP. If IP address is acquired and other user boot VM can be situation >>> when >>> new VM can't get public IP. Am I doing something wrong or is this kind of >>> security "hole" in Basic Networking? >>> >>> Thanks. >>> >>> >
