THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Introduction
When add public vlan range, you can dedicate it to the specific account so no one else can use it. Once the range is created, all its ips are marked as Allocated and assigned to account's guest network right away (we used to apply them on the backend in 2.2.x; in 3.0 applying happens when the first network rule - firewall/pf/staticNat - is created for the IP).
Public IP life cycle
Public ip address belonging to account specific vlan, can never be allocated to another account. The ip can exist in 2 states: Free/Allocated. Allocated is the original state, Free is the state ip can get when corresponding guest network is removed, and all ip addresses are being unassigned from the guest network. When ip address is Free, it can go to Allocated state again when associateIpAddress command is executed for the Account (owner of the vlan).
Use cases:
1) Create Account specific Vlan range
API - createVlanIpRange. Use the API with account/domainId parameters
Whenever we create an account specific Vlan range, we immediately associate it with Account's Guest Isolated network (the network should have SourceNat service enabled)
- if more than one Guest Isolated network exists, error out.
- if no Guest Isolated network exist, try to create one from the network offering with Availability=Required.
- if doesn't exist - error out
- if exists, use it for the network creation
- if one guest network exists, use it
All ips are marked as allocated right away. If there is no source nat ip address for the account yet, one of the IPs is marked as a source nat.
2) Disassociate single ip address from the account specific range - not supported
API - disassociateIpAddress.
You can't disassociate single IP address from the account vlan using disassociateIpAddress command. The Ips can be released in 2 following cases:
- When account's Guest network is removed
- Along with Vlan range deletion
3) Delete Guest network
API - deleteNetwork
All Public ip addresses belonging to Account specific vlan and assigned to the guest network, are marked as Free. They can be allocated later using associateIpAddress API.
4) Associate ip address from the account range
API - associateIpAddress.
When associate ip address command is called for the account, we do search for the ip to allocate in following order:
- check if there are account specific Vlans, and if the range(s) have FREE ip addresses. If so, allocate the IP from account specific range. If there are no account vlans, or no free ips, move to the next step
- check if there are zone wide vlans. If they are, look up for the FREE ip addresses and allocate one of them.
5) deleteVlanRange
API - deleteVlanIpRange
When executed against account specific vlan, following conditions should be met for all ips belonging to the vlan:
- Ip can't have any network rules (PF/LB/VPN/Firewall). Have to cleanup the rules before deleting the vlan range
- Ip can't be static nat enabled. Have to disable static nat first
- Ip can't be source nat. Corresponding guest network should be removed to release the source nat ip address.
Only after all ips from the vlan meet the conditions specified above, the Vlan range can be removed.
Limitations:
- Create account specific vlan fails for the case when account has more than one Guest Isolated network with Source Nat service enabled.
- Can't delete account specific vlan range when it has sourceNat ip address, and associated to non-removed Guest network
Overview
Content Tools
Apps