Restrict the private network cidr input

Registered by LIU Yulong on 2014-11-20

The private network creatation did not restrict network cidr. The aim of this blueprint is to let cloud administrator can restrict user private network address cidr input.

Motivation
========
Reproduce the error:
1.In admin dashboard networks panel Create a network, check "External Network"
2.Create Subnet, set Network Address "55.115.44.0/24"

3.In project dashboard networks panel Create a network, check "Create Subnet"
 set Network Address "55.115.44.0/24", same as 2. This step can be done successfully.
4.Create Router
5.Two ways to get the exception:
A:
(1).Set the gateway connected to the 1. created public_network. This can be done.
(2).Add interface connected to the 3. created public_network. This can not be done:
Error: Failed to add_interface: Bad router request: Cidr 55.115.44.0/24 of subnet 2958a69d-9a05-483f-a8a0-25f23157cc06 overlaps with cidr 55.115.44.0/24 of subnet a0f4cabb-d708-4907-9083-e92d29ffba0d
B:
(1).Add interface connected to the 3. created public_network. This can be done.
(2).Set the gateway connected to the 1. created public_network. Error:
Error: Failed to set gateway Bad router request: Cidr 55.115.44.0/24 of subnet a0f4cabb-d708-4907-9083-e92d29ffba0d overlaps with cidr 55.115.44.0/24 of subnet 2958a69d-9a05-483f-a8a0-25f23157cc06

It seems that neutron can not overlap ips between private network and public network.
So horizon need to restrict the private network cidr. There is a principle called: never trust user input.

Blueprint information

Status:
Complete
Approver:
Rob Cresswell
Priority:
Low
Drafter:
LIU Yulong
Direction:
Approved
Assignee:
LIU Yulong
Definition:
Approved
Series goal:
Accepted for 10.0.0-newton
Implementation:
Implemented
Milestone target:
milestone icon newton-3
Started by
LIU Yulong on 2014-11-26
Completed by
Rob Cresswell on 2016-08-19

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/restrict-private-network-input,n,z

Addressed by: https://review.openstack.org/135877
    Restrict user private network cidr input

[2015-01-22 LIU Yulong] - Add some configure like: NETWORK_RANGE: {public: {v4: [x.x.x.x/xx,], v6:[yyyy/xx]}, private: {v4: [x.x.x.x/xx,], v6:[yyyy/xx]}}

Gerrit topic: https://review.openstack.org/#q,topic:bp/add,n,z

[MRunge, 2016-03-01] isn't that scenario already covered by neutron? http://docs.openstack.org/admin-guide-cloud/networking_config-agents.html

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.