apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-02 11:52:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

S2S VPN: CS-15947: Add global config for S2S VPN VPN connection counts limitation

Browse Source 
And subnets limitation for each customer gateway

Conflicts:

	server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
This commit is contained in:
Sheng Yang 2012-08-10 16:11:58 -07:00
parent 302c9048e8
commit 327b4833ce
2 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
server/src/com/cloud/configuration/Config.java
View File

@ -26,6 +26,7 @@ import com.cloud.ha.HighAvailabilityManager;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.network.NetworkManager;
import com.cloud.network.router.VpcVirtualNetworkApplianceManager;
import com.cloud.network.vpn.Site2SiteVpnManager;
import com.cloud.server.ManagementServer;
import com.cloud.storage.StorageManager;
import com.cloud.storage.allocator.StoragePoolAllocator;
@ -109,6 +110,8 @@ public enum Config {
RemoteAccessVpnPskLength("Network", AgentManager.class, Integer.class, "remote.access.vpn.psk.length", "24", "The length of the ipsec preshared key (minimum 8, maximum 256)", null),
RemoteAccessVpnClientIpRange("Network", AgentManager.class, String.class, "remote.access.vpn.client.iprange", "10.1.2.1-10.1.2.8", "The range of ips to be allocated to remote access vpn clients. The first ip in the range is used by the VPN server", null),
RemoteAccessVpnUserLimit("Network", AgentManager.class, String.class, "remote.access.vpn.user.limit", "8", "The maximum number of VPN users that can be created per account", null),
Site2SiteVpnConnectionPerVpnGatewayLimit("Network", ManagementServer.class, Integer.class, "site2site.vpn.vpngateway.connection.limit", "4", "The maximum number of VPN connection per VPN gateway", null),
Site2SiteVpnSubnetsPerCustomerGatewayLimit("Network", ManagementServer.class, Integer.class, "site2site.vpn.customergateway.subnets.limit", "10", "The maximum number of subnets per customer gateway", null),
// Console Proxy
ConsoleProxyCapacityStandby("Console Proxy", AgentManager.class, String.class, "consoleproxy.capacity.standby", "10", "The minimal number of console proxy viewer sessions that system is able to serve immediately(standby capacity)", null),

21
server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
View File

@ -20,6 +20,8 @@ import com.cloud.api.commands.ListVpnCustomerGatewaysCmd;
import com.cloud.api.commands.ListVpnGatewaysCmd;
import com.cloud.api.commands.ResetVpnConnectionCmd;
import com.cloud.api.commands.UpdateVpnCustomerGatewayCmd;
import com.cloud.configuration.Config;
import com.cloud.configuration.dao.ConfigurationDao;
import com.cloud.event.ActionEvent;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
@ -47,7 +49,10 @@ import com.cloud.user.Account;
import com.cloud.user.AccountManager;
import com.cloud.user.UserContext;
import com.cloud.user.dao.AccountDao;
import com.cloud.user.dao.UserStatisticsDao;
import com.cloud.utils.NumbersUtil;
import com.cloud.utils.Ternary;
import com.cloud.utils.component.ComponentLocator;
import com.cloud.utils.component.Inject;
import com.cloud.utils.component.Manager;
import com.cloud.utils.db.DB;
@ -74,10 +79,18 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
@Inject AccountManager _accountMgr;
String _name;
int _connLimit;
int _subnetsLimit;
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
_name = name;
ComponentLocator locator = ComponentLocator.getCurrentLocator();
ConfigurationDao configDao = locator.getDao(ConfigurationDao.class);
Map<String, String> configs = configDao.getConfiguration(params);
_connLimit = NumbersUtil.parseInt(configs.get(Config.Site2SiteVpnConnectionPerVpnGatewayLimit.key()), 4);
_subnetsLimit = NumbersUtil.parseInt(configs.get(Config.Site2SiteVpnSubnetsPerCustomerGatewayLimit.key()), 10);
return true;
}
@ -126,8 +139,11 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
}
protected void checkCustomerGatewayCidrList(String guestCidrList) {
// Remote sub nets cannot overlap themselves
String[] cidrList = guestCidrList.split(",");
if (cidrList.length > _subnetsLimit) {
throw new InvalidParameterValueException("Too many subnets of customer gateway! The limit is " + _subnetsLimit);
}
// Remote sub nets cannot overlap themselves
for (int i = 0; i < cidrList.length - 1; i ++) {
for (int j = i + 1; j < cidrList.length; j ++) {
if (NetUtils.isNetworksOverlap(cidrList[i], cidrList[j])) {
@ -254,6 +270,9 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager {
// We also need to check if the new connection's remote CIDR is overlapped with existed connections
List<Site2SiteVpnConnectionVO> conns = _vpnConnectionDao.listByVpnGatewayId(vpnGatewayId);
if (conns.size() >= _connLimit) {
throw new InvalidParameterValueException("There are too many VPN connections with current VPN gateway! The limit is " + _connLimit);
}
for (Site2SiteVpnConnectionVO vc : conns) {
if (vc == null) {
continue;