<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Mar 10, 2015 at 10:38 PM, Gabriel Bezerra <span dir="ltr"><<a href="mailto:gabrielb@lsd.ufcg.edu.br" target="_blank">gabrielb@lsd.ufcg.edu.br</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Em 10.03.2015 14:34, Gabriel Bezerra escreveu:<div><div><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Em 10.03.2015 14:24, Carl Baldwin escreveu:<br>
Neutron currently does not enforce the uniqueness, or non-overlap, of<br>
subnet cidrs within the address scope for a single tenant. For<br>
example, if a tenant chooses to use <a href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a> on more than one<br>
subnet, he or she is free to do so. Problems will arise when trying<br>
to connect a router between these subnets but that is left up to the<br>
tenant to work out.<br>
<br>
In the current IPAM rework, we had decided to allow this overlap in<br>
the reference implementation for backward compatibility. However,<br>
we've hit a snag. It would be convenient to use the subnet cidr as<br>
the handle with which to refer to a previously allocated subnet when<br>
talking to IPAM. If overlap is allowed, this is not possible and we<br>
need to come up with another identifier such as Neutron's subnet_id or<br>
another unique IPAM specific ID. It could be a burden on an external<br>
IPAM system -- which does not allow overlap -- to work with a<br>
completely separate identifier for a subnet.<br>
<br>
I do not know of anyone using this capability (or mis-feature) of<br>
Neutron. I would hope that tenants are aware of the issues with<br>
trying to route between subnets with overlapping address spaces and<br>
would avoid it. Is this potential overlap something that we should<br>
really be worried about? Could we just add the assumption that<br>
subnets do not overlap within a tenant's scope?<br>
<br>
An important thing to note is that this topic is different than<br>
allowing overlap of cidrs between tenants. Neutron will continue to<br>
allow overlap of addresses between tenants and support the isolation<br>
of these address spaces. The IPAM rework will support this.<br>
<br>
Carl Baldwin<br>
<br>
<br>
I'd vote for allowing against such restriction, but throwing an error<br>
in case of creating a router between the subnets.<br>
</blockquote>
<br></div></div>
Fixing my previous e-mail:<br>
I'd vote against such restriction, but throwing an error in case of creating a router between the subnets that overlap.</blockquote><div>+1 to Gabriel's suggestion. Multiple routers and multiple subnets with overlapping IPs is a perfectly valid scenario and is used in some blueprints; for instance PLUMgrid plugin supports it. Throwing an error for overlapping IPs on Router interfaces seems like the right approach. </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
I can imagine a tenant running multiple instances of an application,<br>
each one with its own network that uses the same address range, to<br>
minimize configuration differences between them.<br>
<br>
<br>
______________________________<u></u>______________________________<u></u>______________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.<u></u>openstack.org?subject:<u></u>unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack-dev</a><br>
</blockquote>
<br>
______________________________<u></u>______________________________<u></u>______________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.<u></u>openstack.org?subject:<u></u>unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack-dev</a><br>
</div></div></blockquote></div><br></div></div>