L2 Guest Networks: exclusive VLAN range

[luganofer]

ISSUE TYPE

• Improvement Request

COMPONENT NAME

L2 Guest Network 

CLOUDSTACK VERSION

Cloudstack 4.14 onwards

CONFIGURATION

Enviroment with adcanced networking

OS / ENVIRONMENT

N/A

SUMMARY

Currently, in an advanced network environment, L2 networks can only be specified a VLAN id by a root admin user (which makes a lot of sense).
L2 type networks can be created by users only if they do not specify a VLAN.
All good up to this point.
However the L2 network that a user creates takes a VLAN id from the "VLAN/VNI Range (s)" assigned to guest traffic.
It would be desirable that the L2 networks have a dedicated VLAN range (different than the guest VLAN range) and thus the L2 networks created by the users consume a VLAN id from this range.
In this way, the VLANs assigned to this service could be planned and delimited, and this VLAN range could be pre-configured to physical equipment too, among other advantages.

STEPS TO REPRODUCE

1) A root admin user creates a VLAN range dedicated to L2 networks.
2) A user (with sufficient privileges to create a network) creates an L2 network and it consumes a VLAN id from this range.

EXPECTED RESULTS

The L2 network created by the user consumes a VLAN id from the pre-established and planned range.

ACTUAL RESULTS

The L2 network created by the user takes a VLAN id from the range for guest traffic.

[rohityadavcloud]

@luganofer CloudStack already supports feature to dedicate VLAN range to an account by root admin, have you tried that? (goto zone, phy net...)

[luganofer]

Hello @rhtyd,

Thank you for your response and for always being well-disposed to help the ACS community.
It is true, there is a similar function to dedicate a range of VLANs to accounts or domains.
The function I propose here is very similar to this function, but instead of reserving a range of VLANs to a specific account/domain, a range of VLANs is used or reserved for this "network type" (L2 network) regardless of the account/domain using this network type.
This way this range can be planned to be "presented" in advance to physical equipment, for example, among other use cases.

[weizhouapache]

@luganofer
Do you want to support reserved vlan range for L2 network, in a global setting, zone setting, or physical network (this requires a new column in physical_network_traffic_types, but makes more sense) ?

cc @nvazquez @rohityadavcloud

[weizhouapache]

starting on this feature
(1) add new column vlan_for_l2 to physical_network table.
(2) add/update physical networks with vlan for L2 networks. it contains a vlan id check, and overlap check with vnet and shared networks.
(3) service layer changes: pick up vlan id when create a L2 network, and vlan id is released when remove a L2 network.

@nvazquez any opinions ?

[nvazquez]

@weizhouapache I mostly agree on 2 and 3, but instead of 1 I propose:

• Add a new boolean parameter to the dedicateGuestVlanRange API (something like this):

• Add a column on the op_dc_vnet_alloc to indicate each VLAN on the range is dedicated to an L2 network

[nvazquez]

As discussed offline with @weizhouapache it will still need proper definition, moving it to the next milestone