The feature describes about the adding multiple IP address per NIC.
The current guest VM have default one guest network interface and this interface get primary IP address which is acquired from the cloudstack DHCP server on boot time.
If user needs another IP address for the guest VM NIC, currently there is no provision from the cloudstack.
Using this feature users can request the cloudstack for additional IP address for the guest VM NIC.
https://issues.apache.org/jira/browse/CLOUDSTACK-24
Here is the workflow we envision -
User requests a VM
As part of this, he requests one or more isolated networks
User optionally could add more networks for the VM
User "acquires guest IPs" (new feature)
Specifies the VM NIC to which he want additional IP address
Optionally specifies the ip address (or we automatically assign from the CIDR)
Out of band (manual) he ifconfigs the acquired guest IP on a (VM,NIC)
User can "acquire IP" (public ip) like he does today
Associate the public IP with the guest IP (CS does the NAT)
"release" public IP, if acquired
"release" guest IP, if acquired (cannot release if still mapped to a public IP)
The workflow is similar for shared net
User can request the CS for additional secondary IP addresses for the guest VM NIC.
User can request the CS for secondary IP using the API/UI, CS will reserves the IP address from the VM guest network.
User has to manually configure this IP address on the guest VM network interface. Cloudstack only reserves the IP address for the guest VM NIC.
The acquired secondary guest IPs can be NATable using firewall.
As part of this feature the role of CS is below.
Note: User can specify the IP address from the guest subnet if not CS picks the IP from the guest subnet.
2. Cloudstack will not configures the IP for VM.
3. User need to provide to which NIC, the IP should be associated.
The seconary IPs can be configured to map port fowarding, static NAT, load balancing and ELB services.
addIpToNic: add an IP address to nic from the guest subnet.
removeIpFromNic: removes the ip address reserved for the nic
listNics: lists the user vm nic details, this API response contains secondary ip addresses of the nic also.
API Name |
API parameters |
API response |
is it available for normal user |
---|---|---|---|
addIpToNic |
nicid |
id |
y |
removeIpFromNic |
id |
true/false |
y |
listNics |
virtualmachineid |
id |
y |
*parameters in bold are required
A new table* nic_secondary_ips* is created to store the nic and ip address configuration.
nic_secondary_ips:
id |
uuid |
nicid |
ip4_address |
ip6_address |
account_id |
domain_id |
created |
vmId |
networkId |
---|---|---|---|---|---|---|---|---|---|
|
|
|
|
|
|
|
|
|
|
Table Name |
New column1 |
values |
default value |
column description |
---|---|---|---|---|
nics |
secondary_ip |
0 - No secondary ips |
0 |
To identify secondary ips are set or not |
user_ip_address |
vm_ipaddr |
ipv4 ipadress |
|
vm ip addr to map static nat |
Currently there is only one (primary) IP address per NIC so PF Static NAT APIs are taking the VM id as argument to configure the rules on the private IP.
With this feature we are going to have more than one IP address per NIC so the PF, Static NAT APIs are added an extra optional parameter 'vmguestip' address to
indicate the NAT to be configured on the primary ip or secondary IP.
If vmguestip address is passed
-CS configures the NAT to that private IP
if not passedd
-CS configures to the VM primary IP address.
The current security groups rules are configured with the VM primary ip address. So we need to update the these rules with the secondary IP addresses.
*1. *Anti-spoofing rules need to be updated, when secondary IP is associate/dissociate to NIC.
2. When secondary IP associate/dissociate to NIC, the related security group rule based on account/security group need to be resent to reflect the IP change in this security group.
On upgrade the existing tables nics, user_ip_addres tables are updated with above new coloums.
New changes:
Page to requesting additional IP address for the guest VM is shown in the guest VM NIC details page.
In this page user fills ip address (optional) and clicks button for requesting association of IP for the NIC.
This page also lists the previously configured IP address for this NIC.
Secondary IP address can also removed (deassociated) from this page.
Changes to existing pages:
PF, and static nat currently showing only the VM to select. For this feature the pages should show VM to select and drop down with primary and secondary ip addresses, default is primary ip.
1. Updating Load balancing configuration for this (MIPN) feature.
2. Nic Secondary IP address meta data info
In a shared network, how does a user know what is used up and what is not? So, he could go through a sequence of steps only to get an error message back that it is not possible (and keep
doing this until success). One possibility is telling him what is available - it may not be a big deal to reveal the used/unused IPs in isolated network (although it would be hard to show from a large CIDR what is used/available), but we wont even be able to tell him what is used/unused in a shared network
Task1: Isolated networks - 2 days 1/18/2013
Implemented basic configuration of MIPN (Multiple IP address per NIC) using APIs for isoated networks
Task2: Isolated networks - 2 days
Update PF, Static NAT and LB for the Isolated networks.
Task3: VPC networks - 1 day
Implement the MIPN feature for VPC networks.
Task4: Shared networks - 2 days
Implement the MIPN feature for the shared networks using the APIs.
Task5: Shared networks - 3 to 4 days
Update the security group rules for the secondary IPs.
Task6: Advanced shared networks - 2 days
Implement the MIPN, security groups changes for Advanced shared networks.
Task7: Upgrade 1/2 day
Adding db changes for upgrade.
Taks8: Hypervisors - 2 days 2/7/2013
Support for KVM and VmWare Hypervisors
Task9: Estimation I don't have idea
Writing the marvin test cases for build.
2 Comments
Simon Waterhouse
For the removal of a secondary IP address from a NIC don't you need to specify both NIC Id and which IP address to remove?
Jayapal
For removing it is sufficient to specify the id of secondary ip address entry in the DB.