Restrict the private network cidr input

Registered by LIU Yulong

The private network creatation did not restrict network cidr. The aim of this blueprint is to let cloud administrator can restrict user private network address cidr input.

Motivation
========
Reproduce the error:
1.In admin dashboard networks panel Create a network, check "External Network"
2.Create Subnet, set Network Address "55.115.44.0/24"

3.In project dashboard networks panel Create a network, check "Create Subnet"
 set Network Address "55.115.44.0/24", same as 2. This step can be done successfully.
4.Create Router
5.Two ways to get the exception:
A:
(1).Set the gateway connected to the 1. created public_network. This can be done.
(2).Add interface connected to the 3. created public_network. This can not be done:
Error: Failed to add_interface: Bad router request: Cidr 55.115.44.0/24 of subnet 2958a69d-9a05-483f-a8a0-25f23157cc06 overlaps with cidr 55.115.44.0/24 of subnet a0f4cabb-d708-4907-9083-e92d29ffba0d
B:
(1).Add interface connected to the 3. created public_network. This can be done.
(2).Set the gateway connected to the 1. created public_network. Error:
Error: Failed to set gateway Bad router request: Cidr 55.115.44.0/24 of subnet a0f4cabb-d708-4907-9083-e92d29ffba0d overlaps with cidr 55.115.44.0/24 of subnet 2958a69d-9a05-483f-a8a0-25f23157cc06

It seems that neutron can not overlap ips between private network and public network.
So horizon need to restrict the private network cidr. There is a principle called: never trust user input.

Blueprint information

Status:
Complete
Approver:
Rob Cresswell
Priority:
Low
Drafter:
LIU Yulong
Direction:
Approved
Assignee:
LIU Yulong
Definition:
Approved
Series goal:
Accepted for 10.0.0-newton
Implementation:
Implemented
Milestone target:
milestone icon newton-3
Started by
LIU Yulong
Completed by
Rob Cresswell

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/restrict-private-network-input,n,z

Addressed by: https://review.openstack.org/135877
    Restrict user private network cidr input

[2015-01-22 LIU Yulong] - Add some configure like: NETWORK_RANGE: {public: {v4: [x.x.x.x/xx,], v6:[yyyy/xx]}, private: {v4: [x.x.x.x/xx,], v6:[yyyy/xx]}}

Gerrit topic: https://review.openstack.org/#q,topic:bp/add,n,z

[MRunge, 2016-03-01] isn't that scenario already covered by neutron? http://docs.openstack.org/admin-guide-cloud/networking_config-agents.html

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.