Bug Reference
CLOUDSTACK-704
Branch
master, 4.2.0
Introduction
Purpose
In CloudStack today, there is no way to dedicate a set of Vlans on a per tenant basis. Admins can only define a range of Vlans during Zone creation and extend this range during zone updation.
This feature is to allow admins to dedicate (reserve) Vlans on a per tenant basis.
S.No. |
Date |
Remarks |
1 |
Jan 24, 2013 |
First draft of the FS |
2 |
April 15, 2013 |
Updated the FS to incorporate the changes introduced by feature 'Non contiguous vlan ranges' |
Feature Specifications
- Dedication of guest Vlan range
- Admim should be allowed dedicate guest vlan ranges to an account
- While dedicating a guest Vlan range
- If the range overlaps with any of the existing dedicated range then extend the existing dedicated range
- Otherwise add it as a new dedicated guest Vlan range
- If the range doesn’t exist in the system then the request should fail
- If any of the vlan in the range is in use by a network that belongs to a different account then the request should fail
- Releasing guest Vlan range
- Admin should be allowed to release a dedicated guest vlan range that is dedicated to an account back to the system pool
- If the range is not dedicated to an account then the request should fail
- Even If one/more of the Vlans belonging to the range is in use by a network the range should be released back to the system pool
- The vlans that are in use should continue to be in use by the network
- List dedicated guest Vlan ranges
- All vlan ranges that are dedicated should be listed
- Deletion of guest Vlan range
- If the range being deleted overlaps with a dedicated range then the request should fail
- Physical network creation
- Guest Vlan range that is specified should be dedicated to the system account by default
- Network implementation
- If the network belongs to an account that has a dedicated range of Vlans then a Vlan from the account's dedicated range should be allocated to the network
- If an account uses up all of its dedicated Vlan’s the next network being created for the account should be assigned a Vlan that belongs to the system pool
- Otherwise, a Vlan should be allocated from the free pool i.e. Vlan range belonging to the zone
- Network creation
- If a Vlan id is specified and if this id belongs to a dedicated Vlan range of an account (not the owner of this network) then the creation should fail
- If a Vlan id is specified and if this id belongs to the system pool but the network owner has a range of dedicated range of vlans then the creation should fail
- Account deletion
- Guest vlan ranges dedicated to the account should be released back to the free pool
Use cases
- Admins would like to reserve a fixed set of VLANs for a tenant. This is for a MSP type of use case
Architecture and Design description
Web Services APIs
New API’s
ApiName |
Request parameters |
dedicateGuestVlanRange |
- vlanrange (vlan range that is to be dedicated, type - string 'startvlan-endvlan', required - true)
- account (account the range will be dedicated to, type - string, required - true)
- domainid (domain Id of the account the rabge is dedicated to, type - uuid, required - true)
- physicalNetworkid (Id of the physical network that contains the range, type-uuid, required-true)
|
listDedicatedGuestVlanRanges |
- id (id of the listed dedicated guest vlan ranges, type - uuid, required - false)
|
releaseDedicatedGuestVlanRange |
- id (id of the vlan range that is to be released, type - uuid, required - true)
|
The above API's are available only to the ROOT Admin
UI flow
TBD
- Under Infrastructure -> Zones -> <zone> -> Physical Network -> Guest -> Details add a row called ‘VLAN Owner’ after VLAN
- The value of this property is – the value of the response element ‘vlanowner’ when ListPhysicalNetworks API is called
- Make this row editable during Physical network updation - With Multiple non-contiguous VLAN this is no longer valid
DB
Add new table called ‘account_vnet_map’
Parameter name |
Description |
id |
primary key |
vnet_range |
dedicated guest vlan range |
account_id |
account the vlan range is dedicated to |
Modify table 'op_dc_vnet_alloc' to add a new column
Parameter name |
Description |
account_vnet_map_id |
id, foreign key to table account_vnet_map |
Global config
use.system.guest.vlans
A new global config use.system.guest.vlans
- To allow root admin to disallow any account from acquiring guest VLANs from the system if the account has dedicated guest VLANs and these dedicated guest VLANs have all been consumed.
- Will be configurable at the account level too.
- Default value is true.
Upgrade
In an upgraded setup, all existing Guest Vlan ranges will have the default account owner as system
Open Issues
- Effects of the new feature 'Multiple non-contiguous VLAN' on this this feature – Updated the FS taking into account the changes introduced by this feature
Usage
No changes