[
https://issues.apache.org/jira/browse/CLOUDSTACK-1043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13560902#comment-13560902
]
Simon Waterhouse commented on CLOUDSTACK-1043:
----------------------------------------------
Anthony,
We should just use standard CloudStack resource quotas to limit how many NICs
and/or IP addresses any given account should be able to create (I need to look
into how these work...)
The NIC is attached to a network when it is created and this action will be
subject to "standard" access control checks. After my default position would be
that in can be attached to any VM (again subject to standard access control).
However, if we want the VPC model in CS to follow the AWS pattern, we should
also be putting restrictions in place so you cannot wire up a VM to span VPCs
or route from a VPC to a non-VPC network. I would welcome some input from the
VPC folk on the list, and if possible some reference to the information model
for CS VPC.
As part of the attachment of a NIC to a VM, the implementation will be
responsible for ensuring the relevant security groups are applied before the
NIC is activated.
Your comment on superfluous virtualmachineid on detach is a good one: I put the
parameter in for consistency with the other CloudStack "detach" methods (e.g.
detachVolume). But we could do without it - I would be interested in opinions
on this...
On detachNic the relevant security group rules will need to be "de-applied"
I missed an API change for "listSecurityGroups" - i.e. add an optional
parameter "nicid" to allow a query for the set of NICs associated with a given
NIC. Other than that I don't think the Security Group Platform API needs to
change, unless I am missing something.
I will update the spec. with clarifications.
Thanks for the feedback.
Simon
> Add AWS Style NIC support
> -------------------------
>
> Key: CLOUDSTACK-1043
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1043
> Project: CloudStack
> Issue Type: New Feature
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Management Server
> Affects Versions: Future
> Reporter: Simon Waterhouse
>
> The issue is to expose a virtual network interface card (NIC) as a standalone
> entity in the CloudStack API that may be explicitly created/deleted and
> attached/detached from a virtual machine. The intention is to follow the
> pattern pioneered by Amazon with their Elastic Network Interface.
> A desgin document may be found at
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/AWS+Style+NIC+support
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
