diff --git a/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java b/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java index a2505fbe638..ccd050704d5 100644 --- a/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java +++ b/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java @@ -2213,7 +2213,7 @@ public class NetworkOrchestrator extends ManagerBase implements NetworkOrchestra // Check if cidr is RFC1918 compliant if the network is Guest Isolated for IPv4 if (cidr != null && ntwkOff.getGuestType() == Network.GuestType.Isolated && ntwkOff.getTrafficType() == TrafficType.Guest) { if (!NetUtils.validateGuestCidr(cidr)) { - throw new InvalidParameterValueException("Virtual Guest Cidr " + cidr + " is not RFC1918 compliant"); + throw new InvalidParameterValueException("Virtual Guest Cidr " + cidr + " is not RFC 1918 or 6598 compliant"); } } diff --git a/utils/src/main/java/com/cloud/utils/net/NetUtils.java b/utils/src/main/java/com/cloud/utils/net/NetUtils.java index 6baaf38f06e..a2f5703f15c 100644 --- a/utils/src/main/java/com/cloud/utils/net/NetUtils.java +++ b/utils/src/main/java/com/cloud/utils/net/NetUtils.java @@ -1147,22 +1147,26 @@ public class NetUtils { // 10.0.0.0 - 10.255.255.255 (10/8 prefix) // 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) // 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) - - final String cidr1 = "10.0.0.0/8"; - final String cidr2 = "172.16.0.0/12"; - final String cidr3 = "192.168.0.0/16"; + // RFC 6598 - The IETF detailed shared address space for use in ISP CGN + // deployments and NAT devices that can handle the same addresses occurring both on inbound and outbound interfaces. + // ARIN returned space to the IANA as needed for this allocation. + // The allocated address block is 100.64.0.0/10 + final String[] allowedNetBlocks = {"10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "100.64.0.0/10"}; if (!isValidCIDR(cidr)) { s_logger.warn("Cidr " + cidr + " is not valid"); return false; } - if (isNetworkAWithinNetworkB(cidr, cidr1) || isNetworkAWithinNetworkB(cidr, cidr2) || isNetworkAWithinNetworkB(cidr, cidr3)) { - return true; - } else { - s_logger.warn("cidr " + cidr + " is not RFC 1918 compliant"); - return false; + for (String block: allowedNetBlocks) { + if (isNetworkAWithinNetworkB(cidr, block)) { + return true; + } } + + // not in allowedNetBlocks - return false + s_logger.warn("cidr " + cidr + " is not RFC 1918 or 6598 compliant"); + return false; } public static boolean verifyInstanceName(final String instanceName) { @@ -1171,7 +1175,6 @@ public class NetUtils { s_logger.warn("Instance name can not contain hyphen, spaces and \"+\" char"); return false; } - return true; } diff --git a/utils/src/test/java/com/cloud/utils/net/NetUtilsTest.java b/utils/src/test/java/com/cloud/utils/net/NetUtilsTest.java index c2e88299bbf..69a30c37f34 100644 --- a/utils/src/test/java/com/cloud/utils/net/NetUtilsTest.java +++ b/utils/src/test/java/com/cloud/utils/net/NetUtilsTest.java @@ -314,9 +314,15 @@ public class NetUtilsTest { @Test public void testValidateGuestCidr() throws Exception { - final String guestCidr = "192.168.1.0/24"; + final String[] validCidrs = {"10.1.1.1/16", "172.16.1.0/16", "192.168.1.0/24", "100.64.1.0/24"}; + final String[] invalidCidrs = {"172.33.1.0/16", "100.128.1.0/10"}; - assertTrue(NetUtils.validateGuestCidr(guestCidr)); + for (String cidr: validCidrs) { + assertTrue(NetUtils.validateGuestCidr(cidr)); + } + for (String cidr: invalidCidrs) { + assertFalse(NetUtils.validateGuestCidr(cidr)); + } } @Test