Guest IP Reservation

Thu, 30 Oct 2014 11:58:27 -0700 

Just trying to clear something up before I submit a bug report:

When using IP reservation in an isolated network it looks like the virtual
router is getting the wrong netmask.

For example:
- Network CIDR: 10.1.1.0/24
- Guest CIDR: 10.1.1.0/25
- Reserved IP Range: 10.1.1.127-10.1.1.254
- Virtual Router IP: 10.1.1.1

With this configuration, the Virtual Router gets get following
netmask/routing:

eth0      Link encap:Ethernet  HWaddr 02:00:55:eb:00:03
          inet addr:10.1.1.1  Bcast:10.1.1.127  Mask:255.255.255.128

Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
0.0.0.0         162.223.12.129  0.0.0.0         UG    0      0        0 eth2
10.1.1.0        0.0.0.0         255.255.255.128 U     0      0        0 eth0
162.223.12.128  0.0.0.0         255.255.255.128 U     0      0        0 eth2
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1

This means that any server or VM configured in the reserved IP range cannot
ping the VR or use it for routing.  They also will not be able to contact
VMs deployed by CloudStack because there is no routing available, and the
CloudStack VMs inherit the /25 netmask from the VR.

To resolve this I think the following changes would be required:

Right now it seems that the /etc/init.d/postinit script configures the VR
interfaces using the details in '/var/cache/cloud/cmdline':

# cat /var/cache/cloud/cmdline
template=domP name=r-236-VM eth2ip=162.223.12.140 eth2mask=255.255.255.128
gateway=162.223.12.129 eth0ip=10.1.1.1 eth0mask=255.255.255.128 domain=
cs2dv.tqcloud.net cidrsize=25 dhcprange=10.1.1.1 eth1ip=169.254.2.4
eth1mask=255.255.0.0 type=router disable_rp_filter=true dns1=8.8.8.8
dns2=8.8.4.4 useextdns=true

I believe whatever is generating the data in '/var/cache/cloud/cmdline'
should be changed.  It should pull the 'eth0mask' from the 'Network CIDR'
instead of the 'Guest CIDR'.  This will allow for routing and communication
between CloudStack VMs, and hosts on the reserved portion of the network.

The remaining issue is ensuring the VR doesn't issue IPs from the reserved
range.  I don't think this is a problem anyway since CloudStack seems to
manually set up the static DHCP reservations (with /etc/dhcphosts.txt), but
the following change could still be made:

- Instead of using the VR IP in the dhcp-range (ex:
dhcp-range=10.1.1.1,static), it could be set as the inverse of the reserved
network (ex: dhcp-range=10.1.1.2,10.1.1.126,255.255.255.0,infinite).  I
believe the dhcp-range is also pulled from '/var/cache/cloud/cmdline'.


Am I misunderstanding how this feature is supposed to work, or should I go
ahead and create a bug report for this?


Thank You,

Logan Barfield
Tranquil Hosting

Reply via email to