[
https://issues.apache.org/jira/browse/CLOUDSTACK-6485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15103328#comment-15103328
]
ASF subversion and git services commented on CLOUDSTACK-6485:
-------------------------------------------------------------
Commit 317c28a7e5d8161bc3e8755dece3f965b7e74662 in cloudstack's branch
refs/heads/4.7 from [~remibergsma]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=317c28a ]
Merge pull request #1299 from remibergsma/CLOUDSTACK-6485
CLOUDSTACK-6485 prevent ip asignment of private gw ifacePrevent ipaddress
asignment of gateway to gateway-interface on vpc router by setting vpcid to
null in network. This was fixed in 4.4 by
1f209ff226a24979cf3a43ce0c02e05c84dd4dc2, reimplemented for 4.7
* pr/1299:
CLOUDSTACK-6485 prevent ip asignment of private gw iface
Signed-off-by: Remi Bergsma <git...@remi.nl>
> [vpc] new private gateway network is registered wrong in network table
> ----------------------------------------------------------------------
>
> Key: CLOUDSTACK-6485
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6485
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Virtual Router
> Affects Versions: 4.2.1, 4.3.0, 4.4.0, 4.3.1
> Reporter: Anton Opgenoort
> Assignee: Daan Hoogland
>
> When creating a private gateway for a VPC router on a network not yet known
> to Cloudstack, Cloudstack ‘documents’ this network in the networks table.
> For normal guest networks, which should be associated with a single VPC,
> Cloudstack includes the VPC_ID in the database. The VPC_ID field is used to
> provision all networks and nics on a VPC router when it is created. Since
> this table is all about network provisioning it makes sense to ‘document’ the
> network cidr and gateway present in that nework. For guest tiers this usually
> is the VPC router itself, so the interface IP’s on a VPC router are the
> gateway IP’s found in the networks table.
> Unfortunately the VPC_ID is also recorded for the private gateway network
> when it is first created. So the first VPC to be plugged on the private
> gateway network also has that same network associated as a guest network
> tier, instead of just a private gateway network.
> This by itself will not quickly become a problem, because private gateways
> are first plugged on a running vpc router which is not likely to be recreated
> any time soon after that.
> But as soon as this first ever VPC router on the private gateway network is
> recreated due to a destroy of the VPC Router, all associated networks are
> looked up in the networks table.
> Because the private gateway network is ‘documented’ with the actual upstream
> gateway used by the VPC router defintion, the VPC router provisions a NIC on
> the private gateway network using the IP address of the actual upstream
> gateway creating an IP conflict on the private gateway network, effectively
> breaking down the upstream gateway functionality for all attached private
> gateways of other vpc's.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
