Restrict the private network cidr input
The private network creatation did not restrict network cidr. The aim of this blueprint is to let cloud administrator can restrict user private network address cidr input.
Motivation
========
Reproduce the error:
1.In admin dashboard networks panel Create a network, check "External Network"
2.Create Subnet, set Network Address "55.115.44.0/24"
3.In project dashboard networks panel Create a network, check "Create Subnet"
set Network Address "55.115.44.0/24", same as 2. This step can be done successfully.
4.Create Router
5.Two ways to get the exception:
A:
(1).Set the gateway connected to the 1. created public_network. This can be done.
(2).Add interface connected to the 3. created public_network. This can not be done:
Error: Failed to add_interface: Bad router request: Cidr 55.115.44.0/24 of subnet 2958a69d-
B:
(1).Add interface connected to the 3. created public_network. This can be done.
(2).Set the gateway connected to the 1. created public_network. Error:
Error: Failed to set gateway Bad router request: Cidr 55.115.44.0/24 of subnet a0f4cabb-
It seems that neutron can not overlap ips between private network and public network.
So horizon need to restrict the private network cidr. There is a principle called: never trust user input.
Blueprint information
- Status:
- Complete
- Approver:
- Rob Cresswell
- Priority:
- Low
- Drafter:
- LIU Yulong
- Direction:
- Approved
- Assignee:
- LIU Yulong
- Definition:
- Approved
- Series goal:
- Accepted for 10.0.0-newton
- Implementation:
-
Implemented
- Milestone target:
-
newton-3
- Started by
- LIU Yulong
- Completed by
- Rob Cresswell
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Restrict user private network cidr input
[2015-01-22 LIU Yulong] - Add some configure like: NETWORK_RANGE: {public: {v4: [x.x.x.x/xx,], v6:[yyyy/xx]}, private: {v4: [x.x.x.x/xx,], v6:[yyyy/xx]}}
Gerrit topic: https:/
[MRunge, 2016-03-01] isn't that scenario already covered by neutron? http://
