When add public vlan range, you can dedicate it to the specific account so no one else can use it. Once the range is created, all its ips are marked as Allocated and assigned to account's guest network right away (we used to apply them on the backend in 2.2.x; in 3.0 applying happens when the first network rule - firewall/pf/staticNat - is created for the IP).
Public ip address belonging to account specific vlan, can never be allocated to another account. The ip can exist in 2 states: Free/Allocated. Allocated is the original state, Free is the state ip can get when corresponding guest network is removed, and all ip addresses are being unassigned from the guest network. When ip address is Free, it can go to Allocated state again when associateIpAddress command is executed for the Account (owner of the vlan).
API - createVlanIpRange. Use the API with account/domainId parameters
Whenever we create an account specific Vlan range, we immediately associate it with Account's Guest Isolated network (the network should have SourceNat service enabled)
- if doesn't exist - error out
- if exists, use it for the network creation
All ips are marked as allocated right away. If there is no source nat ip address for the account yet, one of the IPs is marked as a source nat.
API - disassociateIpAddress.
You can't disassociate single IP address from the account vlan using disassociateIpAddress command. The Ips can be released in 2 following cases:
API - deleteNetwork
All Public ip addresses belonging to Account specific vlan and assigned to the guest network, are marked as Free. They can be allocated later using associateIpAddress API.
API - associateIpAddress.
When associate ip address command is called for the account, we do search for the ip to allocate in following order:
API - deleteVlanIpRange
When executed against account specific vlan, following conditions should be met for all ips belonging to the vlan:
Only after all ips from the vlan meet the conditions specified above, the Vlan range can be removed.