After posting this I thought about it more and answered my own question. I see this type of setup being a management nightmare, e.g. rouge dhcp servers or anything else a user would attempt without the proper vlan/pvlan segmentation on the guest network in place it would be a hot mess. Thanks Guys!
Steve Searles Zimcom Internet Solutions, Inc. http://www.zimcom.net Phone. (513)231-9500 Fax. (513)624-3909 Toll Free. (888)624-3910 On Aug 1, 2013, at 2:43 PM, Steve Searles <st...@zimcom.net> wrote: > > Hello everyone, I am new to Cloudstack and have it deployed in our lab > currently so go easy :) I have everything working as expected with the > advanced network zone, vmware support, and multiple vlan isolation working > properly. I have a few questions I would like to ask here about networking > options inside Cloudstack that I was unable to acertain from the > documentation. Hopefully one of you guys can steer me in the right direction. > > MY LAB SETUP > Cloudstack 4.1.0 (Compiled from Source w/vmware support) > Zone1- Advanced – > MGMT(untagged): 172.29.16.0/21 > STORAGE(untagged): 172.29.16.0/21 > GUEST(VLAN 601): 172.29.24.0/21 > PUBLIC(VLAN 602): x.x.x.x/24 > > Currently I create an account and can add a guest network, the virtual router > deploys properly assigns the necessary vlan for the isolated network the > guest IP is assigned and a public ip is assigned from the public IP pool as > expected this works properly (Awesome). Deploying a VPC under a user account > functions properly as well (Very Cool). What I am looking for is a > configuration that I guess be best described as a shared isolated network? > Where an instance is provisioned and assigned an rfc1918 address from a large > guest pool much like I have currently setup with the “Default Shared > Network”. And a user can request an IP be assigned from the public pool and > create pat/nat translations and firewall rules just as on the isolated > network I tested. This is for a multi-tennent setup where each user does not > need to create their own guest network and vlan isolation between accounts is > not necessary thus no need to burn a vlan and a vrouter for every customer > account. Based on what I am seeing this functionality seems to already be > present. If I provision and instance on the Default Shared Network (VLAN601) > in my setup, the machine is assigned the proper RFC1918 address from the pool > but when I try to allocate a public ip from the network tab I receive the > allocation error below. Should this functionality even work? The problem > seems obvious but I don’t see where I can make the owners match even using > cloudmokey. > > 2013-08-01 13:12:32,000 DEBUG [cloud.user.AccountManagerImpl] > (Job-Executor-21:job-269) Access to Acct[4-zimcom] granted to Acct[4-zimcom] > by DomainChecker_EnhancerByCloudStack_dd56169d > 2013-08-01 13:12:32,020 DEBUG [cloud.user.AccountManagerImpl] > (Job-Executor-21:job-269) Access to Ip[209.212.252.6-1] granted to > Acct[4-zimcom] by DomainChecker_EnhancerByCloudStack_dd56169d > 2013-08-01 13:12:32,031 DEBUG [cloud.user.AccountManagerImpl] > (Job-Executor-21:job-269) Access to Ntwk[204|Guest|7] granted to > Acct[4-zimcom] by DomainChecker_EnhancerByCloudStack_dd56169d > 2013-08-01 13:12:32,042 ERROR [cloud.async.AsyncJobManagerImpl] > (Job-Executor-21:job-269) Unexpected exception while executing > org.apache.cloudstack.api.command.user.address.AssociateIPAddrCmd > com.cloud.exception.InvalidParameterValueException: The owner of the network > is not the same as owner of the IP > at > com.cloud.network.NetworkManagerImpl.associateIPToGuestNetwork(NetworkManagerImpl.java:744) > at > com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125) > at > com.cloud.network.NetworkServiceImpl.associateIPToNetwork(NetworkServiceImpl.java:2852) > at > com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125) > at > org.apache.cloudstack.api.command.user.address.AssociateIPAddrCmd.execute(AssociateIPAddrC > > > > > > I also created a second zone with basic networking but I did not see a way to > accomplish this with that setup either as it looks like the machine is > directly assigned a public address and access control is handled via SG’s > with ingress and egress filtering. > > Can anyone help me out? > Thanks in Advance. > > Steve Searles > http://www.zimcom.net > Phone. (513)231-9500 > Fax. (513)624-3909 > Toll Free. (888)624-3910 >