[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-6485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15075934#comment-15075934
 ] 

ASF GitHub Bot commented on CLOUDSTACK-6485:
--------------------------------------------

GitHub user remibergsma opened a pull request:

    https://github.com/apache/cloudstack/pull/1299

    CLOUDSTACK-6485 prevent ip asignment of private gw iface

    Prevent ipaddress asignment of gateway to gateway-interface on vpc router 
by setting vpcid to null in network. This was fixed in 4.4 by 
1f209ff226a24979cf3a43ce0c02e05c84dd4dc2, reimplemented for 4.7

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/remibergsma/cloudstack CLOUDSTACK-6485

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cloudstack/pull/1299.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1299
    
----
commit 2c07ce590d9763033aff2ee895915eefe8a16030
Author: Remi Bergsma <git...@remi.nl>
Date:   2015-12-31T13:20:52Z

    CLOUDSTACK-6485 prevent ip asignment of private gw iface
    
    Prevent ipaddress asignment of gateway to gateway-interface on vpc router 
by setting vpcid to null in network
    
    Was fixed in 4.4 by 1f209ff226a24979cf3a43ce0c02e05c84dd4dc2
    Reimplemented for 4.7

----


> [vpc] new private gateway network is registered wrong in network table
> ----------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-6485
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6485
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Virtual Router
>    Affects Versions: 4.2.1, 4.3.0, 4.4.0, 4.3.1
>            Reporter: Anton Opgenoort
>            Assignee: Daan Hoogland
>
> When creating a private gateway for a VPC router on a network not yet known 
> to Cloudstack, Cloudstack ‘documents’ this network in the networks table.
> For normal guest networks, which should be associated with a single VPC, 
> Cloudstack includes the VPC_ID in the database. The VPC_ID field is used to 
> provision all networks and nics on a VPC router when it is created. Since 
> this table is all about network provisioning it makes sense to ‘document’ the 
> network cidr and gateway present in that nework. For guest tiers this usually 
> is the VPC router itself, so the interface IP’s on a VPC router are the 
> gateway IP’s found in the networks table.
> Unfortunately the VPC_ID is also recorded for the private gateway network 
> when it is first created. So the first VPC to be plugged on the private 
> gateway network also has that same network associated as a guest network 
> tier, instead of just a private gateway network.
> This by itself will not quickly become a problem, because private gateways 
> are first plugged on a running vpc router which is not likely to be recreated 
> any time soon after that.
> But as soon as this first ever VPC router on the private gateway network is 
> recreated due to a destroy of the VPC Router, all associated networks are 
> looked up in the networks table. 
> Because the private gateway network is ‘documented’ with the actual upstream 
> gateway used by the VPC router defintion, the VPC router provisions a NIC on 
> the private gateway network using the IP address of the actual upstream 
> gateway creating an IP conflict on the private gateway network, effectively 
> breaking down the upstream gateway functionality for all attached private 
> gateways of other vpc's.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to