cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Will Stevens <wstev...@cloudops.com>
Subject Re: Dedicated IP range for SSVM/CPVM
Date Tue, 17 Jan 2017 05:13:32 GMT
Rene, this is probably not going to solve your problem, but I use this
trick for other use cases.  You can setup more than one range.  ACS seems
to always exhaust one range before moving on to the next range.  If it is a
new install, then you can do a range with only 2 IPs in it and make it
first.  Since the first two IPs which will be provisioned when ACS is setup
is the SSVM and CPVM, they will automatically take the two IPs from that
special range.

I am pretty sure I have tested this.  Later when other IPs have been used
from the other range, if you destroy the SSVM or CPVM, they will come back
up on one of the two IPs that they were on before because they will be free
again and they will be used first again.  If your system is really active,
then you will be in a race condition while the SSVM and CPVM get bounced to
get the same IPs back.

Anyway, I figured I would mention it because it may be a workaround you can
make use of.  I do this in dev/staging environments which need real public
IPs, but I don't need the SSVM and CPVM to have real public IPs.  This lets
me preserve two real public IPs by using private IPs for that first range
for the SSVM and CPVM.

Cheers,

*Will STEVENS*
Lead Developer

<https://goo.gl/NYZ8KK>

On Mon, Jan 16, 2017 at 11:37 PM, Nitin Kumar Maharana <
nitinkumar.maharana@accelerite.com> wrote:

> Hi Rene,
>
> The default pool, which means are you mentioning the public IP range?
>
> If it is a public IP range, user VMs won’t be consuming any IP from there.
> Only system VMs(CPVM/SSVM/VR) will be consuming. VRs will be providing
> public access to the user VMs.
>
>
> Thanks,
> Nitin
> > On 16-Jan-2017, at 8:56 PM, Rene Moser <mail@renemoser.net> wrote:
> >
> > Hi
> >
> > We would like to make a change proposal for SSVM/CPVM.
> >
> > Currently, the SSVM/CPVM get an IP from the "default" pool of
> > vlaniprange which is the from the account "system"
> >
> >
> >  "vlaniprange": [
> >    {
> >      "account": "system",
> >      "domain": "ROOT",
> >      "endip": "10.101.0.250",
> >      "forvirtualnetwork": true,
> >      "gateway": "10.101.0.1",
> >      "netmask": "255.255.255.0",
> >      "startip": "10.101.0.11",
> >      ...
> >
> >    },
> >
> >
> >  "systemvm": [
> >    {
> >      "activeviewersessions": 0,
> >      "gateway": "10.101.0.1",
> >      "hypervisor": "VMware",
> >      "id": "d9a8abe5-b1e0-47d6-8f39-01b48ff1e0fa",
> >      "name": "v-5877-VM",
> >      "privatenetmask": "255.255.255.0",
> >      "publicip": "10.101.0.113",
> >      "publicnetmask": "255.255.255.0",
> >      "state": "Running",
> >      ...
> >    },
> >
> >
> > For security considerations we would like to define a dedicated IP range
> > for SSVM/CPVM, which, preferably, should not have any relation to the
> > default pool range.
> >
> > The default pool range should be used for userVMs only. To indicate the
> > use I propolse 2 new flags, which only considered for "account=system"
> > and indicate if the range can be used for userVMs or/and systemVMs.
> >
> > For backwards compatibility this would be the default
> >
> > "foruservms": true,
> > "forsystemvms": true,
> >
> >
> > to have a separate range for UserVMs/SystemVMs, it would look like
> >
> >
> >  "vlaniprange": [
> >    {
> >      "account": "system",
> >      "domain": "ROOT",
> >      "foruservms": true,
> >      "forsystemvms": false,
> >      "endip": "192.160.123.250",
> >      "forvirtualnetwork": true,
> >      "gateway": "192.160.123.1",
> >      "netmask": "255.255.255.0",
> >      "startip": "192.160.123.11",
> >      ...
> >
> >    },
> >
> >  "vlaniprange": [
> >    {
> >      "account": "system",
> >      "domain": "ROOT",
> >      "foruservms": false,
> >      "forsystemvms": true,
> >      "endip": "10.101.0.250",
> >      "forvirtualnetwork": true,
> >      "gateway": "10.101.0.1",
> >      "netmask": "255.255.255.0",
> >      "startip": "10.101.0.11",
> >      ...
> >
> >    },
> >
> >
> > Does anyone has see any conflicts with this proposal?
> >
> > Regards
> > René
> >
>
>
>
>
> DISCLAIMER
> ==========
> This e-mail may contain privileged and confidential information which is
> the property of Accelerite, a Persistent Systems business. It is intended
> only for the use of the individual or entity to which it is addressed. If
> you are not the intended recipient, you are not authorized to read, retain,
> copy, print, distribute or use this message. If you have received this
> communication in error, please notify the sender and delete all copies of
> this message. Accelerite, a Persistent Systems business does not accept any
> liability for virus infected mails.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message