apply network acls; acls items to pvt gw; vpc ip association

Conflicts: server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java server/src/com/cloud/network/rules/VirtualNetworkApplianceFactory.java server/src/org/apache/cloudstack/network/topology/BasicNetworkTopology.java
2025-10-26 08:42:29 +01:00 · 2014-07-17 15:22:25 +02:00 · 2014-07-17 15:22:25 +02:00 · b97f2b05c7
commit b97f2b05c7
parent f23ba91ed1
19 changed files with 679 additions and 646 deletions
--- a/plugins/network-elements/ovs/src/com/cloud/network/element/OvsElement.java
+++ b/plugins/network-elements/ovs/src/com/cloud/network/element/OvsElement.java
@ -16,8 +16,6 @@
 // under the License.
 package com.cloud.network.element;
 import com.cloud.host.dao.HostDao;
 import com.cloud.vm.dao.UserVmDao;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
@ -28,13 +26,15 @@ import javax.ejb.Local;
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 import org.apache.cloudstack.network.topology.NetworkTopology;
 import org.apache.cloudstack.network.topology.NetworkTopologyContext;
 import org.apache.log4j.Logger;
 import com.google.gson.Gson;
 import com.cloud.agent.api.StartupCommand;
 import com.cloud.agent.api.StartupOvsCommand;
 import com.cloud.agent.api.to.LoadBalancerTO;
 import com.cloud.dc.DataCenterVO;
 import com.cloud.dc.dao.DataCenterDao;
 import com.cloud.deploy.DeployDestination;
 import com.cloud.exception.ConcurrentOperationException;
 import com.cloud.exception.InsufficientCapacityException;
@ -42,10 +42,12 @@ import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.host.Host;
 import com.cloud.host.HostVO;
 import com.cloud.host.dao.HostDao;
 import com.cloud.network.Network;
 import com.cloud.network.Network.Capability;
 import com.cloud.network.Network.Provider;
 import com.cloud.network.Network.Service;
 import com.cloud.network.NetworkMigrationResponder;
 import com.cloud.network.NetworkModel;
 import com.cloud.network.Networks;
 import com.cloud.network.Networks.BroadcastDomainType;
@ -54,10 +56,8 @@ import com.cloud.network.PublicIpAddress;
 import com.cloud.network.dao.NetworkServiceMapDao;
 import com.cloud.network.lb.LoadBalancingRule;
 import com.cloud.network.lb.LoadBalancingRule.LbStickinessPolicy;
 import com.cloud.network.NetworkMigrationResponder;
 import com.cloud.network.ovs.OvsTunnelManager;
 import com.cloud.network.router.VirtualRouter.Role;
 import com.cloud.network.router.VpcVirtualNetworkApplianceManager;
 import com.cloud.network.rules.LbStickinessMethod;
 import com.cloud.network.rules.LbStickinessMethod.StickinessMethodType;
 import com.cloud.network.rules.LoadBalancerContainer;
@ -74,9 +74,11 @@ import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.vm.DomainRouterVO;
 import com.cloud.vm.NicProfile;
 import com.cloud.vm.ReservationContext;
 import com.cloud.vm.VirtualMachine;
 import com.cloud.vm.VirtualMachineProfile;
 import com.cloud.vm.dao.DomainRouterDao;
-import com.cloud.vm.VirtualMachine;
+import com.cloud.vm.dao.UserVmDao;
 import com.google.gson.Gson;
@Local(value = {NetworkElement.class, ConnectivityProvider.class,
        SourceNatServiceProvider.class, StaticNatServiceProvider.class,
@ -96,11 +98,14 @@ StaticNatServiceProvider, IpDeployer {
    @Inject
    DomainRouterDao _routerDao;
    @Inject
    VpcVirtualNetworkApplianceManager _routerMgr;
    @Inject
    UserVmDao _userVmDao;
    @Inject
    HostDao _hostDao;
    @Inject
    DataCenterDao _dcDao;
    @Inject
    NetworkTopologyContext _networkTopologyContext;
    private static final Logger s_logger = Logger.getLogger(OvsElement.class);
    private static final Map<Service, Map<Capability, String>> capabilities = setCapabilities();
@ -115,7 +120,7 @@ StaticNatServiceProvider, IpDeployer {
        return Provider.Ovs;
    }
-    protected boolean canHandle(Network network, Service service) {
+    protected boolean canHandle(final Network network, final Service service) {
        s_logger.debug("Checking if OvsElement can handle service "
                + service.getName() + " on network " + network.getDisplayText());
        if (network.getBroadcastDomainType() != BroadcastDomainType.Vswitch) {
@ -139,7 +144,7 @@ StaticNatServiceProvider, IpDeployer {
    }
    @Override
-    public boolean configure(String name, Map<String, Object> params)
+    public boolean configure(final String name, final Map<String, Object> params)
            throws ConfigurationException {
        super.configure(name, params);
        _resourceMgr.registerResourceStateAdapter(name, this);
@ -147,8 +152,8 @@ StaticNatServiceProvider, IpDeployer {
    }
    @Override
-    public boolean implement(Network network, NetworkOffering offering,
+    public boolean implement(final Network network, final NetworkOffering offering,
-            DeployDestination dest, ReservationContext context)
+            final DeployDestination dest, final ReservationContext context)
                    throws ConcurrentOperationException, ResourceUnavailableException,
                    InsufficientCapacityException {
        s_logger.debug("entering OvsElement implement function for network "
@ -162,9 +167,9 @@ StaticNatServiceProvider, IpDeployer {
    }
    @Override
-    public boolean prepare(Network network, NicProfile nic,
+    public boolean prepare(final Network network, final NicProfile nic,
-            VirtualMachineProfile vm,
+            final VirtualMachineProfile vm,
-            DeployDestination dest, ReservationContext context)
+            final DeployDestination dest, final ReservationContext context)
                    throws ConcurrentOperationException, ResourceUnavailableException,
                    InsufficientCapacityException {
        if (!canHandle(network, Service.Connectivity)) {
@ -190,9 +195,9 @@ StaticNatServiceProvider, IpDeployer {
    }
    @Override
-    public boolean release(Network network, NicProfile nic,
+    public boolean release(final Network network, final NicProfile nic,
-            VirtualMachineProfile vm,
+            final VirtualMachineProfile vm,
-            ReservationContext context) throws ConcurrentOperationException,
+            final ReservationContext context) throws ConcurrentOperationException,
            ResourceUnavailableException {
        if (!canHandle(network, Service.Connectivity)) {
            return false;
@ -211,8 +216,8 @@ StaticNatServiceProvider, IpDeployer {
    }
    @Override
-    public boolean shutdown(Network network, ReservationContext context,
+    public boolean shutdown(final Network network, final ReservationContext context,
-            boolean cleanup) throws ConcurrentOperationException,
+            final boolean cleanup) throws ConcurrentOperationException,
            ResourceUnavailableException {
        if (!canHandle(network, Service.Connectivity)) {
            return false;
@ -221,7 +226,7 @@ StaticNatServiceProvider, IpDeployer {
    }
    @Override
-    public boolean destroy(Network network, ReservationContext context)
+    public boolean destroy(final Network network, final ReservationContext context)
            throws ConcurrentOperationException, ResourceUnavailableException {
        if (!canHandle(network, Service.Connectivity)) {
            return false;
@ -230,13 +235,13 @@ StaticNatServiceProvider, IpDeployer {
    }
    @Override
-    public boolean isReady(PhysicalNetworkServiceProvider provider) {
+    public boolean isReady(final PhysicalNetworkServiceProvider provider) {
        return true;
    }
    @Override
    public boolean shutdownProviderInstances(
-            PhysicalNetworkServiceProvider provider, ReservationContext context)
+            final PhysicalNetworkServiceProvider provider, final ReservationContext context)
                    throws ConcurrentOperationException, ResourceUnavailableException {
        return true;
    }
@ -247,7 +252,7 @@ StaticNatServiceProvider, IpDeployer {
    }
    @Override
-    public boolean verifyServicesCombination(Set<Service> services) {
+    public boolean verifyServicesCombination(final Set<Service> services) {
        if (!services.contains(Service.Connectivity)) {
            s_logger.warn("Unable to provide services without Connectivity service enabled for this element");
            return false;
@ -392,15 +397,15 @@ StaticNatServiceProvider, IpDeployer {
    }
    @Override
-    public HostVO createHostVOForConnectedAgent(HostVO host,
+    public HostVO createHostVOForConnectedAgent(final HostVO host,
-            StartupCommand[] cmd) {
+            final StartupCommand[] cmd) {
        return null;
    }
    @Override
-    public HostVO createHostVOForDirectConnectAgent(HostVO host,
+    public HostVO createHostVOForDirectConnectAgent(final HostVO host,
-            StartupCommand[] startup, ServerResource resource,
+            final StartupCommand[] startup, final ServerResource resource,
-            Map<String, String> details, List<String> hostTags) {
+            final Map<String, String> details, final List<String> hostTags) {
        if (!(startup[0] instanceof StartupOvsCommand)) {
            return null;
        }
@ -409,8 +414,8 @@ StaticNatServiceProvider, IpDeployer {
    }
    @Override
-    public DeleteHostAnswer deleteHost(HostVO host, boolean isForced,
+    public DeleteHostAnswer deleteHost(final HostVO host, final boolean isForced,
-            boolean isForceDeleteStorage) throws UnableDeleteHostException {
+            final boolean isForceDeleteStorage) throws UnableDeleteHostException {
        if (!(host.getType() == Host.Type.L2Networking)) {
            return null;
        }
@ -418,13 +423,13 @@ StaticNatServiceProvider, IpDeployer {
    }
    @Override
-    public IpDeployer getIpDeployer(Network network) {
+    public IpDeployer getIpDeployer(final Network network) {
        return this;
    }
    @Override
-    public boolean applyIps(Network network,
+    public boolean applyIps(final Network network,
-            List<? extends PublicIpAddress> ipAddress, Set<Service> services)
+            final List<? extends PublicIpAddress> ipAddress, final Set<Service> services)
                    throws ResourceUnavailableException {
        boolean canHandle = true;
        for (Service service : services) {
@ -444,14 +449,17 @@ StaticNatServiceProvider, IpDeployer {
                return true;
            }
-            return _routerMgr.associatePublicIP(network, ipAddress, routers);
+            DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId());
            NetworkTopology networkTopology = _networkTopologyContext.retrieveNetworkTopology(dcVO);
            return networkTopology.associatePublicIP(network, ipAddress, routers);
        } else {
            return false;
        }
    }
    @Override
-    public boolean applyStaticNats(Network network, List<? extends StaticNat> rules)
+    public boolean applyStaticNats(final Network network, final List<? extends StaticNat> rules)
            throws ResourceUnavailableException {
        if (!canHandle(network, Service.StaticNat)) {
            return false;
@ -464,11 +472,14 @@ StaticNatServiceProvider, IpDeployer {
            return true;
        }
-        return _routerMgr.applyStaticNats(network, rules, routers);
+        DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId());
        NetworkTopology networkTopology = _networkTopologyContext.retrieveNetworkTopology(dcVO);
        return networkTopology.applyStaticNats(network, rules, routers);
    }
    @Override
-    public boolean applyPFRules(Network network, List<PortForwardingRule> rules)
+    public boolean applyPFRules(final Network network, final List<PortForwardingRule> rules)
            throws ResourceUnavailableException {
        if (!canHandle(network, Service.PortForwarding)) {
            return false;
@ -481,11 +492,14 @@ StaticNatServiceProvider, IpDeployer {
            return true;
        }
-        return _routerMgr.applyFirewallRules(network, rules, routers);
+        DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId());
        NetworkTopology networkTopology = _networkTopologyContext.retrieveNetworkTopology(dcVO);
        return networkTopology.applyFirewallRules(network, rules, routers);
    }
    @Override
-    public boolean applyLBRules(Network network, List<LoadBalancingRule> rules)
+    public boolean applyLBRules(final Network network, final List<LoadBalancingRule> rules)
            throws ResourceUnavailableException {
        if (canHandle(network, Service.Lb)) {
            if (!canHandleLbRules(rules)) {
@ -501,7 +515,10 @@ StaticNatServiceProvider, IpDeployer {
                return true;
            }
-            if (!_routerMgr.applyLoadBalancingRules(network, rules, routers)) {
+            DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId());
            NetworkTopology networkTopology = _networkTopologyContext.retrieveNetworkTopology(dcVO);
            if (!networkTopology.applyLoadBalancingRules(network, rules, routers)) {
                throw new CloudRuntimeException(
                        "Failed to apply load balancing rules in network "
                                + network.getId());
@ -514,7 +531,7 @@ StaticNatServiceProvider, IpDeployer {
    }
    @Override
-    public boolean validateLBRule(Network network, LoadBalancingRule rule) {
+    public boolean validateLBRule(final Network network, final LoadBalancingRule rule) {
        List<LoadBalancingRule> rules = new ArrayList<LoadBalancingRule>();
        rules.add(rule);
        if (canHandle(network, Service.Lb) && canHandleLbRules(rules)) {
@ -529,13 +546,13 @@ StaticNatServiceProvider, IpDeployer {
    }
    @Override
-    public List<LoadBalancerTO> updateHealthChecks(Network network,
+    public List<LoadBalancerTO> updateHealthChecks(final Network network,
-            List<LoadBalancingRule> lbrules) {
+            final List<LoadBalancingRule> lbrules) {
        // TODO Auto-generated method stub
        return null;
    }
-    private boolean canHandleLbRules(List<LoadBalancingRule> rules) {
+    private boolean canHandleLbRules(final List<LoadBalancingRule> rules) {
        Map<Capability, String> lbCaps = getCapabilities().get(Service.Lb);
        if (!lbCaps.isEmpty()) {
            String schemeCaps = lbCaps.get(Capability.LbSchemes);
@ -553,7 +570,7 @@ StaticNatServiceProvider, IpDeployer {
        return true;
    }
-    public static boolean validateHAProxyLBRule(LoadBalancingRule rule) {
+    public static boolean validateHAProxyLBRule(final LoadBalancingRule rule) {
        String timeEndChar = "dhms";
        for (LbStickinessPolicy stickinessPolicy : rule.getStickinessPolicies()) {
@ -572,10 +589,12 @@ StaticNatServiceProvider, IpDeployer {
                for (Pair<String, String> paramKV : paramsList) {
                    String key = paramKV.first();
                    String value = paramKV.second();
-                    if ("tablesize".equalsIgnoreCase(key))
+                    if ("tablesize".equalsIgnoreCase(key)) {
                        tablesize = value;
-                    if ("expire".equalsIgnoreCase(key))
+                    }
                    if ("expire".equalsIgnoreCase(key)) {
                        expire = value;
                    }
                }
                if ((expire != null)
                        && !containsOnlyNumbers(expire, timeEndChar)) {
@ -601,10 +620,12 @@ StaticNatServiceProvider, IpDeployer {
                for (Pair<String, String> paramKV : paramsList) {
                    String key = paramKV.first();
                    String value = paramKV.second();
-                    if ("length".equalsIgnoreCase(key))
+                    if ("length".equalsIgnoreCase(key)) {
                        length = value;
-                    if ("holdtime".equalsIgnoreCase(key))
+                    }
                    if ("holdtime".equalsIgnoreCase(key)) {
                        holdTime = value;
                    }
                }
                if ((length != null) && (!containsOnlyNumbers(length, null))) {
@ -631,15 +652,18 @@ StaticNatServiceProvider, IpDeployer {
     * like 12 2) time or tablesize like 12h, 34m, 45k, 54m , here last
     * character is non-digit but from known characters .
     */
-    private static boolean containsOnlyNumbers(String str, String endChar) {
+    private static boolean containsOnlyNumbers(final String str, final String endChar) {
-        if (str == null)
+        if (str == null) {
            return false;
        }
        String number = str;
        if (endChar != null) {
            boolean matchedEndChar = false;
            if (str.length() < 2)
            {
                return false; // atleast one numeric and one char. example:
            }
            // 3h
            char strEnd = str.toCharArray()[str.length() - 1];
            for (char c : endChar.toCharArray()) {
@ -649,8 +673,9 @@ StaticNatServiceProvider, IpDeployer {
                    break;
                }
            }
-            if (!matchedEndChar)
+            if (!matchedEndChar) {
                return false;
            }
        }
        try {
            Integer.parseInt(number);
@ -661,7 +686,7 @@ StaticNatServiceProvider, IpDeployer {
    }
    @Override
-    public boolean prepareMigration(NicProfile nic, Network network, VirtualMachineProfile vm, DeployDestination dest, ReservationContext context) {
+    public boolean prepareMigration(final NicProfile nic, final Network network, final VirtualMachineProfile vm, final DeployDestination dest, final ReservationContext context) {
        if (!canHandle(network, Service.Connectivity)) {
            return false;
        }
@ -685,12 +710,12 @@ StaticNatServiceProvider, IpDeployer {
    }
    @Override
-    public void rollbackMigration(NicProfile nic, Network network, VirtualMachineProfile vm, ReservationContext src, ReservationContext dst) {
+    public void rollbackMigration(final NicProfile nic, final Network network, final VirtualMachineProfile vm, final ReservationContext src, final ReservationContext dst) {
        return;
    }
    @Override
-    public void commitMigration(NicProfile nic, Network network, VirtualMachineProfile vm, ReservationContext src, ReservationContext dst) {
+    public void commitMigration(final NicProfile nic, final Network network, final VirtualMachineProfile vm, final ReservationContext src, final ReservationContext dst) {
        return;
    }
 }
--- a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
+++ b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
@ -446,30 +446,33 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc
            DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId());
            NetworkTopology networkTopology = networkTopologyContext.retrieveNetworkTopology(dcVO);
-            return _vpcRouterMgr.associatePublicIP(network, ipAddress, routers);
+            return networkTopology.associatePublicIP(network, ipAddress, routers);
        } else {
            return false;
        }
    }
    @Override
-    public boolean applyNetworkACLs(final Network config, final List<? extends NetworkACLItem> rules) throws ResourceUnavailableException {
+    public boolean applyNetworkACLs(final Network network, final List<? extends NetworkACLItem> rules) throws ResourceUnavailableException {
-        if (canHandle(config, Service.NetworkACL)) {
+        if (canHandle(network, Service.NetworkACL)) {
-            List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(config.getId(), Role.VIRTUAL_ROUTER);
+            List<DomainRouterVO> routers = _routerDao.listByNetworkAndRole(network.getId(), Role.VIRTUAL_ROUTER);
            if (routers == null || routers.isEmpty()) {
                s_logger.debug("Virtual router elemnt doesn't need to apply firewall rules on the backend; virtual " + "router doesn't exist in the network " +
-                        config.getId());
+                        network.getId());
                return true;
            }
            DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId());
            NetworkTopology networkTopology = networkTopologyContext.retrieveNetworkTopology(dcVO);
            try {
-                if (!_vpcRouterMgr.applyNetworkACLs(config, rules, routers, false)) {
+                if (!networkTopology.applyNetworkACLs(network, rules, routers, false)) {
                    return false;
                } else {
                    return true;
                }
            } catch (Exception ex) {
-                s_logger.debug("Failed to apply network acl in network " + config.getId());
+                s_logger.debug("Failed to apply network acl in network " + network.getId());
                return false;
            }
        } else {
@ -500,18 +503,21 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc
    @Override
    public boolean applyACLItemsToPrivateGw(final PrivateGateway gateway, final List<? extends NetworkACLItem> rules) throws ResourceUnavailableException {
-        Network config = _networkDao.findById(gateway.getNetworkId());
+        Network network = _networkDao.findById(gateway.getNetworkId());
        boolean isPrivateGateway = true;
        List<DomainRouterVO> routers = _vpcRouterMgr.getVpcRouters(gateway.getVpcId());
        if (routers == null || routers.isEmpty()) {
            s_logger.debug("Virtual router element doesn't need to apply network acl rules on the backend; virtual " + "router doesn't exist in the network " +
-                    config.getId());
+                    network.getId());
            return true;
        }
-        if (!_vpcRouterMgr.applyNetworkACLs(config, rules, routers, isPrivateGateway)) {
+        DataCenterVO dcVO = _dcDao.findById(network.getDataCenterId());
-            throw new CloudRuntimeException("Failed to apply network acl in network " + config.getId());
+        NetworkTopology networkTopology = networkTopologyContext.retrieveNetworkTopology(dcVO);
        if (!networkTopology.applyNetworkACLs(network, rules, routers, isPrivateGateway)) {
            throw new CloudRuntimeException("Failed to apply network acl in network " + network.getId());
        } else {
            return true;
        }
--- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManager.java
+++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManager.java
@ -25,13 +25,9 @@ import com.cloud.exception.AgentUnavailableException;
 import com.cloud.exception.ConcurrentOperationException;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.Network;
 import com.cloud.network.PublicIpAddress;
 import com.cloud.network.RemoteAccessVpn;
 import com.cloud.network.VirtualNetworkApplianceService;
 import com.cloud.network.VpnUser;
 import com.cloud.network.lb.LoadBalancingRule;
 import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.rules.StaticNat;
 import com.cloud.user.Account;
 import com.cloud.user.User;
 import com.cloud.utils.component.Manager;
@ -53,15 +49,15 @@ public interface VirtualNetworkApplianceManager extends Manager, VirtualNetworkA
    static final String RouterAlertsCheckIntervalCK = "router.alerts.check.interval";
    static final ConfigKey<String> RouterTemplateXen = new ConfigKey<String>(String.class, RouterTemplateXenCK, "Advanced", "SystemVM Template (XenServer)",
-        "Name of the default router template on Xenserver.", true, ConfigKey.Scope.Zone, null);
+            "Name of the default router template on Xenserver.", true, ConfigKey.Scope.Zone, null);
    static final ConfigKey<String> RouterTemplateKvm = new ConfigKey<String>(String.class, RouterTemplateKvmCK, "Advanced", "SystemVM Template (KVM)",
-        "Name of the default router template on KVM.", true, ConfigKey.Scope.Zone, null);
+            "Name of the default router template on KVM.", true, ConfigKey.Scope.Zone, null);
    static final ConfigKey<String> RouterTemplateVmware = new ConfigKey<String>(String.class, RouterTemplateVmwareCK, "Advanced", "SystemVM Template (vSphere)",
-        "Name of the default router template on Vmware.", true, ConfigKey.Scope.Zone, null);
+            "Name of the default router template on Vmware.", true, ConfigKey.Scope.Zone, null);
    static final ConfigKey<String> RouterTemplateHyperV = new ConfigKey<String>(String.class, RouterTemplateHyperVCK, "Advanced", "SystemVM Template (HyperV)",
-        "Name of the default router template on Hyperv.", true, ConfigKey.Scope.Zone, null);
+            "Name of the default router template on Hyperv.", true, ConfigKey.Scope.Zone, null);
    static final ConfigKey<String> RouterTemplateLxc = new ConfigKey<String>(String.class, RouterTemplateLxcCK, "Advanced", "SystemVM Template (LXC)",
-        "Name of the default router template on LXC.", true, ConfigKey.Scope.Zone, null);
+            "Name of the default router template on LXC.", true, ConfigKey.Scope.Zone, null);
    static final ConfigKey<String> SetServiceMonitor = new ConfigKey<String>(String.class, SetServiceMonitorCK, "Advanced", "true",
            "service monitoring in router enable/disable option, default true", true, ConfigKey.Scope.Zone, null);
@ -82,29 +78,10 @@ public interface VirtualNetworkApplianceManager extends Manager, VirtualNetworkA
     */
    boolean sendSshKeysToHost(Long hostId, String pubKey, String prvKey);
    /**
     * save a vm password on the router.
     * @param routers TODO
     *
     */
    boolean savePasswordToRouter(Network network, NicProfile nic, VirtualMachineProfile profile, List<? extends VirtualRouter> routers)
        throws ResourceUnavailableException;
    boolean saveSSHPublicKeyToRouter(Network network, NicProfile nic, VirtualMachineProfile profile, List<? extends VirtualRouter> routers, String sshPublicKey)
        throws ResourceUnavailableException;
    boolean saveUserDataToRouter(Network network, NicProfile nic, VirtualMachineProfile profile, List<? extends VirtualRouter> routers)
        throws ResourceUnavailableException;
    boolean startRemoteAccessVpn(Network network, RemoteAccessVpn vpn, List<? extends VirtualRouter> routers) throws ResourceUnavailableException;
    boolean deleteRemoteAccessVpn(Network network, RemoteAccessVpn vpn, List<? extends VirtualRouter> routers) throws ResourceUnavailableException;
    boolean associatePublicIP(Network network, final List<? extends PublicIpAddress> ipAddress, List<? extends VirtualRouter> routers)
        throws ResourceUnavailableException;
    boolean applyFirewallRules(Network network, final List<? extends FirewallRule> rules, List<? extends VirtualRouter> routers) throws ResourceUnavailableException;
    List<VirtualRouter> getRoutersForNetwork(long networkId);
    String[] applyVpnUsers(Network network, List<? extends VpnUser> users, List<DomainRouterVO> routers) throws ResourceUnavailableException;
@ -113,18 +90,8 @@ public interface VirtualNetworkApplianceManager extends Manager, VirtualNetworkA
    String getDnsBasicZoneUpdate();
    boolean applyStaticNats(Network network, final List<? extends StaticNat> rules, List<? extends VirtualRouter> routers) throws ResourceUnavailableException;
    boolean applyDhcpEntry(Network config, NicProfile nic, VirtualMachineProfile vm, DeployDestination dest, List<DomainRouterVO> routers)
        throws ResourceUnavailableException;
    boolean applyUserData(Network config, NicProfile nic, VirtualMachineProfile vm, DeployDestination dest, List<DomainRouterVO> routers)
        throws ResourceUnavailableException;
    boolean applyLoadBalancingRules(Network network, List<? extends LoadBalancingRule> rules, List<? extends VirtualRouter> routers) throws ResourceUnavailableException;
    boolean configDhcpForSubnet(Network network, NicProfile nic, VirtualMachineProfile uservm, DeployDestination dest, List<DomainRouterVO> routers)
-        throws ResourceUnavailableException;
+            throws ResourceUnavailableException;
    boolean removeDhcpSupportForSubnet(Network network, List<DomainRouterVO> routers) throws ResourceUnavailableException;
--- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@ -214,7 +214,6 @@ import com.cloud.service.ServiceOfferingVO;
 import com.cloud.service.dao.ServiceOfferingDao;
 import com.cloud.storage.GuestOSVO;
 import com.cloud.storage.Storage.ProvisioningType;
 import com.cloud.storage.VMTemplateVO;
 import com.cloud.storage.dao.GuestOSDao;
 import com.cloud.storage.dao.VMTemplateDao;
 import com.cloud.storage.dao.VolumeDao;
@ -500,72 +499,8 @@ Configurable, StateListener<State, VirtualMachine.Event, VirtualMachine> {
    }
    @Override
    public boolean savePasswordToRouter(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final List<? extends VirtualRouter> routers)
            throws ResourceUnavailableException {
        _userVmDao.loadDetails((UserVmVO) profile.getVirtualMachine());
        final VirtualMachineProfile updatedProfile = profile;
        return applyRules(network, routers, "save password entry", false, null, false, new RuleApplier() {
            @Override
            public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
                // for basic zone, send vm data/password information only to the
                // router in the same pod
                final Commands cmds = new Commands(Command.OnError.Stop);
                final NicVO nicVo = _nicDao.findById(nic.getId());
                createPasswordCommand(router, updatedProfile, nicVo, cmds);
                return sendCommandsToRouter(router, cmds);
            }
        });
    }
    @Override
    public boolean saveSSHPublicKeyToRouter(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final List<? extends VirtualRouter> routers,
            final String sshPublicKey) throws ResourceUnavailableException {
        final UserVmVO vm = _userVmDao.findById(profile.getVirtualMachine().getId());
        _userVmDao.loadDetails(vm);
        final VirtualMachineProfile updatedProfile = profile;
        return applyRules(network, routers, "save SSHkey entry", false, null, false, new RuleApplier() {
            @Override
            public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
                // for basic zone, send vm data/password information only to the
                // router in the same pod
                final Commands cmds = new Commands(Command.OnError.Stop);
                final NicVO nicVo = _nicDao.findById(nic.getId());
                final VMTemplateVO template = _templateDao.findByIdIncludingRemoved(updatedProfile.getTemplateId());
                if (template != null && template.getEnablePassword()) {
                    createPasswordCommand(router, updatedProfile, nicVo, cmds);
                }
                createVmDataCommand(router, vm, nicVo, sshPublicKey, cmds);
                return sendCommandsToRouter(router, cmds);
            }
        });
    }
    @Override
    public boolean saveUserDataToRouter(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final List<? extends VirtualRouter> routers)
            throws ResourceUnavailableException {
        final UserVmVO vm = _userVmDao.findById(profile.getVirtualMachine().getId());
        _userVmDao.loadDetails(vm);
        return applyRules(network, routers, "save userdata entry", false, null, false, new RuleApplier() {
            @Override
            public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
                // for basic zone, send vm data/password information only to the
                // router in the same pod
                final Commands cmds = new Commands(Command.OnError.Stop);
                final NicVO nicVo = _nicDao.findById(nic.getId());
                createVmDataCommand(router, vm, nicVo, null, cmds);
                return sendCommandsToRouter(router, cmds);
            }
        });
    }
    @Override
    @ActionEvent(eventType = EventTypes.EVENT_ROUTER_STOP, eventDescription = "stopping router Vm", async = true)
    @Override
    public VirtualRouter stopRouter(final long routerId, final boolean forced) throws ResourceUnavailableException, ConcurrentOperationException {
        final CallContext context = CallContext.current();
        final Account account = context.getCallingAccount();
@ -2478,45 +2413,6 @@ Configurable, StateListener<State, VirtualMachine.Event, VirtualMachine> {
        return false;
    }
    @Override
    public boolean applyDhcpEntry(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest,
            final List<DomainRouterVO> routers) throws ResourceUnavailableException {
        if (s_logger.isTraceEnabled()) {
            s_logger.trace("applyDhcpEntry(" + network.getCidr() + ", " + nic.getMacAddress() + ", " + profile.getUuid() + ", " + dest.getHost() + ", " + routers + ")");
        }
        final UserVmVO vm = _userVmDao.findById(profile.getId());
        _userVmDao.loadDetails(vm);
        final VirtualMachineProfile updatedProfile = profile;
        final boolean isZoneBasic = dest.getDataCenter().getNetworkType() == NetworkType.Basic;
        final Long podId = isZoneBasic ? dest.getPod().getId() : null;
        boolean podLevelException = false;
        // for user vm in Basic zone we should try to re-deploy vm in a diff pod
        // if it fails to deploy in original pod; so throwing exception with Pod
        // scope
        if (isZoneBasic && podId != null && updatedProfile.getVirtualMachine().getType() == VirtualMachine.Type.User && network.getTrafficType() == TrafficType.Guest
                && network.getGuestType() == Network.GuestType.Shared) {
            podLevelException = true;
        }
        return applyRules(network, routers, "dhcp entry", podLevelException, podId, true, new RuleApplier() {
            @Override
            public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
                // for basic zone, send dhcp/dns information to all routers in
                // the basic network only when _dnsBasicZoneUpdates is set to
                // "all" value
                final Commands cmds = new Commands(Command.OnError.Stop);
                if (!(isZoneBasic && router.getPodIdToDeployIn().longValue() != podId.longValue() && _dnsBasicZoneUpdates.equalsIgnoreCase("pod"))) {
                    final NicVO nicVo = _nicDao.findById(nic.getId());
                    createDhcpEntryCommand(router, vm, nicVo, cmds);
                    return sendCommandsToRouter(router, cmds);
                }
                return true;
            }
        });
    }
    private void createDeleteIpAliasCommand(final DomainRouterVO router, final List<IpAliasTO> deleteIpAliasTOs, final List<IpAliasTO> createIpAliasTos, final long networkId,
            final Commands cmds) {
        final String routerip = getRouterIpInNetwork(networkId, router.getId());
@ -2561,42 +2457,6 @@ Configurable, StateListener<State, VirtualMachine.Event, VirtualMachine> {
        return defaultNic;
    }
    @Override
    public boolean applyUserData(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest, final List<DomainRouterVO> routers)
            throws ResourceUnavailableException {
        final UserVmVO vm = _userVmDao.findById(profile.getId());
        _userVmDao.loadDetails(vm);
        final VirtualMachineProfile updatedProfile = profile;
        final boolean isZoneBasic = dest.getDataCenter().getNetworkType() == NetworkType.Basic;
        final Long podId = isZoneBasic ? dest.getPod().getId() : null;
        boolean podLevelException = false;
        // for user vm in Basic zone we should try to re-deploy vm in a diff pod
        // if it fails to deploy in original pod; so throwing exception with Pod
        // scope
        if (isZoneBasic && podId != null && updatedProfile.getVirtualMachine().getType() == VirtualMachine.Type.User && network.getTrafficType() == TrafficType.Guest
                && network.getGuestType() == Network.GuestType.Shared) {
            podLevelException = true;
        }
        return applyRules(network, routers, "userdata and password entry", podLevelException, podId, false, new RuleApplier() {
            @Override
            public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
                // for basic zone, send vm data/password information only to the
                // router in the same pod
                final Commands cmds = new Commands(Command.OnError.Stop);
                if (!(isZoneBasic && router.getPodIdToDeployIn().longValue() != podId.longValue())) {
                    final NicVO nicVo = _nicDao.findById(nic.getId());
                    createPasswordCommand(router, updatedProfile, nicVo, cmds);
                    createVmDataCommand(router, vm, nicVo, vm.getDetail("SSH.PublicKey"), cmds);
                    return sendCommandsToRouter(router, cmds);
                }
                return true;
            }
        });
    }
    protected void createApplyVpnUsersCommand(final List<? extends VpnUser> users, final VirtualRouter router, final Commands cmds) {
        final List<VpnUser> addUsers = new ArrayList<VpnUser>();
        final List<VpnUser> removeUsers = new ArrayList<VpnUser>();
@ -3179,91 +3039,6 @@ Configurable, StateListener<State, VirtualMachine.Event, VirtualMachine> {
        }
    }
    @Override
    public boolean associatePublicIP(final Network network, final List<? extends PublicIpAddress> ipAddress, final List<? extends VirtualRouter> routers)
            throws ResourceUnavailableException {
        if (ipAddress == null || ipAddress.isEmpty()) {
            s_logger.debug("No ip association rules to be applied for network " + network.getId());
            return true;
        }
        return applyRules(network, routers, "ip association", false, null, false, new RuleApplier() {
            @Override
            public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
                final Commands cmds = new Commands(Command.OnError.Continue);
                createAssociateIPCommands(router, ipAddress, cmds, 0);
                return sendCommandsToRouter(router, cmds);
            }
        });
    }
    @Override
    public boolean applyFirewallRules(final Network network, final List<? extends FirewallRule> rules, final List<? extends VirtualRouter> routers)
            throws ResourceUnavailableException {
        if (rules == null || rules.isEmpty()) {
            s_logger.debug("No firewall rules to be applied for network " + network.getId());
            return true;
        }
        return applyRules(network, routers, "firewall rules", false, null, false, new RuleApplier() {
            @Override
            public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
                if (rules.get(0).getPurpose() == Purpose.LoadBalancing) {
                    // for load balancer we have to resend all lb rules for the
                    // network
                    final List<LoadBalancerVO> lbs = _loadBalancerDao.listByNetworkIdAndScheme(network.getId(), Scheme.Public);
                    final List<LoadBalancingRule> lbRules = new ArrayList<LoadBalancingRule>();
                    for (final LoadBalancerVO lb : lbs) {
                        final List<LbDestination> dstList = _lbMgr.getExistingDestinations(lb.getId());
                        final List<LbStickinessPolicy> policyList = _lbMgr.getStickinessPolicies(lb.getId());
                        final List<LbHealthCheckPolicy> hcPolicyList = _lbMgr.getHealthCheckPolicies(lb.getId());
                        final LbSslCert sslCert = _lbMgr.getLbSslCert(lb.getId());
                        final Ip sourceIp = _networkModel.getPublicIpAddress(lb.getSourceIpAddressId()).getAddress();
                        final LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList, policyList, hcPolicyList, sourceIp, sslCert, lb.getLbProtocol());
                        lbRules.add(loadBalancing);
                    }
                    return sendLBRules(router, lbRules, network.getId());
                } else if (rules.get(0).getPurpose() == Purpose.PortForwarding) {
                    return sendPortForwardingRules(router, (List<PortForwardingRule>) rules, network.getId());
                } else if (rules.get(0).getPurpose() == Purpose.StaticNat) {
                    return sendStaticNatRules(router, (List<StaticNatRule>) rules, network.getId());
                } else if (rules.get(0).getPurpose() == Purpose.Firewall) {
                    return sendFirewallRules(router, (List<FirewallRule>) rules, network.getId());
                } else {
                    s_logger.warn("Unable to apply rules of purpose: " + rules.get(0).getPurpose());
                    return false;
                }
            }
        });
    }
    @Override
    public boolean applyLoadBalancingRules(final Network network, final List<? extends LoadBalancingRule> rules, final List<? extends VirtualRouter> routers)
            throws ResourceUnavailableException {
        if (rules == null || rules.isEmpty()) {
            s_logger.debug("No lb rules to be applied for network " + network.getId());
            return true;
        }
        return applyRules(network, routers, "loadbalancing rules", false, null, false, new RuleApplier() {
            @Override
            public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
                // for load balancer we have to resend all lb rules for the
                // network
                final List<LoadBalancerVO> lbs = _loadBalancerDao.listByNetworkIdAndScheme(network.getId(), Scheme.Public);
                final List<LoadBalancingRule> lbRules = new ArrayList<LoadBalancingRule>();
                for (final LoadBalancerVO lb : lbs) {
                    final List<LbDestination> dstList = _lbMgr.getExistingDestinations(lb.getId());
                    final List<LbStickinessPolicy> policyList = _lbMgr.getStickinessPolicies(lb.getId());
                    final List<LbHealthCheckPolicy> hcPolicyList = _lbMgr.getHealthCheckPolicies(lb.getId());
                    final LbSslCert sslCert = _lbMgr.getLbSslCert(lb.getId());
                    final Ip sourceIp = _networkModel.getPublicIpAddress(lb.getSourceIpAddressId()).getAddress();
                    final LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList, policyList, hcPolicyList, sourceIp, sslCert, lb.getLbProtocol());
                    lbRules.add(loadBalancing);
                }
                return sendLBRules(router, lbRules, network.getId());
            }
        });
    }
    protected boolean sendLBRules(final VirtualRouter router, final List<LoadBalancingRule> rules, final long guestNetworkId) throws ResourceUnavailableException {
        final Commands cmds = new Commands(Command.OnError.Continue);
        createApplyLoadBalancingRulesCommands(rules, router, cmds, guestNetworkId);
@ -3433,20 +3208,6 @@ Configurable, StateListener<State, VirtualMachine.Event, VirtualMachine> {
        return result;
    }
    @Override
    public boolean applyStaticNats(final Network network, final List<? extends StaticNat> rules, final List<? extends VirtualRouter> routers) throws ResourceUnavailableException {
        if (rules == null || rules.isEmpty()) {
            s_logger.debug("No static nat rules to be applied for network " + network.getId());
            return true;
        }
        return applyRules(network, routers, "static nat rules", false, null, false, new RuleApplier() {
            @Override
            public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
                return applyStaticNat(router, rules, network.getId());
            }
        });
    }
    protected boolean applyStaticNat(final VirtualRouter router, final List<? extends StaticNat> rules, final long guestNetworkId) throws ResourceUnavailableException {
        final Commands cmds = new Commands(Command.OnError.Continue);
        createApplyStaticNatCommands(rules, router, cmds, guestNetworkId);
@ -3817,5 +3578,4 @@ Configurable, StateListener<State, VirtualMachine.Event, VirtualMachine> {
    public boolean completeAggregatedExecution(final Network network, final List<DomainRouterVO> routers) throws AgentUnavailableException {
        return aggregationExecution(Action.Finish, network, routers);
    }
 }
--- a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManager.java
+++ b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManager.java
@ -20,30 +20,16 @@ import java.util.List;
 import com.cloud.exception.ConcurrentOperationException;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.Network;
 import com.cloud.network.RemoteAccessVpn;
 import com.cloud.network.Site2SiteVpnConnection;
 import com.cloud.network.VpcVirtualNetworkApplianceService;
 import com.cloud.network.VpnUser;
 import com.cloud.network.vpc.NetworkACLItem;
 import com.cloud.network.vpc.PrivateGateway;
 import com.cloud.network.vpc.StaticRouteProfile;
 import com.cloud.vm.DomainRouterVO;
 public interface VpcVirtualNetworkApplianceManager extends VirtualNetworkApplianceManager, VpcVirtualNetworkApplianceService {
    /**
     *
     * @param network
     * @param rules
     * @param routers
     * @param privateGateway
     * @return
     * @throws ResourceUnavailableException
     */
    boolean applyNetworkACLs(Network network, List<? extends NetworkACLItem> rules, List<? extends VirtualRouter> routers, boolean privateGateway)
        throws ResourceUnavailableException;
    /**
     * @param gateway
     * @param router TODO
--- a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
+++ b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
@ -23,7 +23,6 @@ import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
 import javax.ejb.Local;
 import javax.inject.Inject;
@ -62,7 +61,6 @@ import com.cloud.network.Network;
 import com.cloud.network.Network.Provider;
 import com.cloud.network.Network.Service;
 import com.cloud.network.Networks.BroadcastDomainType;
 import com.cloud.network.Networks.IsolationType;
 import com.cloud.network.Networks.TrafficType;
 import com.cloud.network.PublicIpAddress;
 import com.cloud.network.RemoteAccessVpn;
@ -363,125 +361,6 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian
        }
    }
    @Override
    public boolean associatePublicIP(final Network network, final List<? extends PublicIpAddress> ipAddress, final List<? extends VirtualRouter> routers)
            throws ResourceUnavailableException {
        if (ipAddress == null || ipAddress.isEmpty()) {
            s_logger.debug("No ip association rules to be applied for network " + network.getId());
            return true;
        }
        //only one router is supported in VPC now
        VirtualRouter router = routers.get(0);
        if (router.getVpcId() == null) {
            return super.associatePublicIP(network, ipAddress, routers);
        }
        Pair<Map<String, PublicIpAddress>, Map<String, PublicIpAddress>> nicsToChange = getNicsToChangeOnRouter(ipAddress, router);
        Map<String, PublicIpAddress> nicsToPlug = nicsToChange.first();
        Map<String, PublicIpAddress> nicsToUnplug = nicsToChange.second();
        //1) Unplug the nics
        for (Entry<String, PublicIpAddress> entry : nicsToUnplug.entrySet()) {
            Network publicNtwk = null;
            try {
                publicNtwk = _networkModel.getNetwork(entry.getValue().getNetworkId());
                URI broadcastUri = BroadcastDomainType.Vlan.toUri(entry.getKey());
                _itMgr.removeVmFromNetwork(router, publicNtwk, broadcastUri);
            } catch (ConcurrentOperationException e) {
                s_logger.warn("Failed to remove router " + router + " from vlan " + entry.getKey() + " in public network " + publicNtwk + " due to ", e);
                return false;
            }
        }
        Commands netUsagecmds = new Commands(Command.OnError.Continue);
        VpcVO vpc = _vpcDao.findById(router.getVpcId());
        //2) Plug the nics
        for (String vlanTag : nicsToPlug.keySet()) {
            PublicIpAddress ip = nicsToPlug.get(vlanTag);
            //have to plug the nic(s)
            NicProfile defaultNic = new NicProfile();
            if (ip.isSourceNat()) {
                defaultNic.setDefaultNic(true);
            }
            defaultNic.setIp4Address(ip.getAddress().addr());
            defaultNic.setGateway(ip.getGateway());
            defaultNic.setNetmask(ip.getNetmask());
            defaultNic.setMacAddress(ip.getMacAddress());
            defaultNic.setBroadcastType(BroadcastDomainType.Vlan);
            defaultNic.setBroadcastUri(BroadcastDomainType.Vlan.toUri(ip.getVlanTag()));
            defaultNic.setIsolationUri(IsolationType.Vlan.toUri(ip.getVlanTag()));
            NicProfile publicNic = null;
            Network publicNtwk = null;
            try {
                publicNtwk = _networkModel.getNetwork(ip.getNetworkId());
                publicNic = _itMgr.addVmToNetwork(router, publicNtwk, defaultNic);
            } catch (ConcurrentOperationException e) {
                s_logger.warn("Failed to add router " + router + " to vlan " + vlanTag + " in public network " + publicNtwk + " due to ", e);
            } catch (InsufficientCapacityException e) {
                s_logger.warn("Failed to add router " + router + " to vlan " + vlanTag + " in public network " + publicNtwk + " due to ", e);
            } finally {
                if (publicNic == null) {
                    s_logger.warn("Failed to add router " + router + " to vlan " + vlanTag + " in public network " + publicNtwk);
                    return false;
                }
            }
            //Create network usage commands. Send commands to router after IPAssoc
            NetworkUsageCommand netUsageCmd =
                    new NetworkUsageCommand(router.getPrivateIpAddress(), router.getInstanceName(), true, defaultNic.getIp4Address(), vpc.getCidr());
            netUsagecmds.addCommand(netUsageCmd);
            UserStatisticsVO stats =
                    _userStatsDao.findBy(router.getAccountId(), router.getDataCenterId(), publicNtwk.getId(), publicNic.getIp4Address(), router.getId(), router.getType()
                            .toString());
            if (stats == null) {
                stats =
                        new UserStatisticsVO(router.getAccountId(), router.getDataCenterId(), publicNic.getIp4Address(), router.getId(), router.getType().toString(),
                                publicNtwk.getId());
                _userStatsDao.persist(stats);
            }
        }
        //3) apply the ips
        boolean result = applyRules(network, routers, "vpc ip association", false, null, false, new RuleApplier() {
            @Override
            public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
                Commands cmds = new Commands(Command.OnError.Continue);
                Map<String, String> vlanMacAddress = new HashMap<String, String>();
                List<PublicIpAddress> ipsToSend = new ArrayList<PublicIpAddress>();
                for (PublicIpAddress ipAddr : ipAddress) {
                    String broadcastURI = BroadcastDomainType.Vlan.toUri(ipAddr.getVlanTag()).toString();
                    Nic nic = _nicDao.findByNetworkIdInstanceIdAndBroadcastUri(ipAddr.getNetworkId(), router.getId(), broadcastURI);
                    String macAddress = null;
                    if (nic == null) {
                        if (ipAddr.getState() != IpAddress.State.Releasing) {
                            throw new CloudRuntimeException("Unable to find the nic in network " + ipAddr.getNetworkId() + "  to apply the ip address " + ipAddr + " for");
                        }
                        s_logger.debug("Not sending release for ip address " + ipAddr + " as its nic is already gone from VPC router " + router);
                    } else {
                        macAddress = nic.getMacAddress();
                        vlanMacAddress.put(BroadcastDomainType.getValue(BroadcastDomainType.fromString(ipAddr.getVlanTag())), macAddress);
                        ipsToSend.add(ipAddr);
                    }
                }
                if (!ipsToSend.isEmpty()) {
                    createVpcAssociatePublicIPCommands(router, ipsToSend, cmds, vlanMacAddress);
                    return sendCommandsToRouter(router, cmds);
                } else {
                    return true;
                }
            }
        });
        if (result && netUsagecmds.size() > 0) {
            //After successful ipassoc, send commands to router
            sendCommandsToRouter(router, netUsagecmds);
        }
        return result;
    }
    @Override
    public boolean finalizeVirtualMachineProfile(final VirtualMachineProfile profile, final DeployDestination dest, final ReservationContext context) {
        DomainRouterVO vr = _routerDao.findById(profile.getId());
@ -518,21 +397,6 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian
        return super.finalizeVirtualMachineProfile(profile, dest, context);
    }
    @Override
    public boolean applyNetworkACLs(final Network network, final List<? extends NetworkACLItem> rules, final List<? extends VirtualRouter> routers, final boolean isPrivateGateway)
            throws ResourceUnavailableException {
        if (rules == null || rules.isEmpty()) {
            s_logger.debug("No network ACLs to be applied for network " + network.getId());
            return true;
        }
        return applyRules(network, routers, "network acls", false, null, false, new RuleApplier() {
            @Override
            public boolean execute(final Network network, final VirtualRouter router) throws ResourceUnavailableException {
                return sendNetworkACLs(router, rules, network.getId(), isPrivateGateway);
            }
        });
    }
    protected boolean sendNetworkACLs(final VirtualRouter router, final List<? extends NetworkACLItem> rules, final long guestNetworkId, final boolean isPrivateGateway)
            throws ResourceUnavailableException {
        Commands cmds = new Commands(Command.OnError.Continue);
--- a/server/src/com/cloud/network/rules/NetworkAclsRules.java
+++ b/server/src/com/cloud/network/rules/NetworkAclsRules.java
@ -17,32 +17,77 @@
 package com.cloud.network.rules;
 import java.net.URI;
 import java.util.ArrayList;
 import java.util.List;
 import org.apache.cloudstack.network.topology.NetworkTopologyVisitor;
 import com.cloud.agent.api.routing.NetworkElementCommand;
 import com.cloud.agent.api.routing.SetNetworkACLCommand;
 import com.cloud.agent.api.to.NetworkACLTO;
 import com.cloud.agent.manager.Commands;
 import com.cloud.dc.DataCenterVO;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.Network;
 import com.cloud.network.Networks.BroadcastDomainType;
 import com.cloud.network.router.VirtualRouter;
 import com.cloud.network.vpc.NetworkACLItem;
 import com.cloud.network.vpc.VpcGateway;
 public class NetworkAclsRules extends RuleApplier {
-    private final List<? extends NetworkACLItem> rules;
+    private final List<? extends NetworkACLItem> _rules;
    private final boolean _isPrivateGateway;
-    public NetworkAclsRules(final Network network, final List<? extends NetworkACLItem> rules) {
+    public NetworkAclsRules(final Network network, final List<? extends NetworkACLItem> rules, final boolean isPrivateGateway) {
        super(network);
-        this.rules = rules;
+        _rules = rules;
        _isPrivateGateway = isPrivateGateway;
    }
    @Override
    public boolean accept(final NetworkTopologyVisitor visitor, final VirtualRouter router) throws ResourceUnavailableException {
-        this._router = router;
+        _router = router;
        return visitor.visit(this);
    }
    public List<? extends NetworkACLItem> getRules() {
-        return rules;
+        return _rules;
    }
    public boolean isPrivateGateway() {
        return _isPrivateGateway;
    }
    public void createNetworkACLsCommands(final List<? extends NetworkACLItem> rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId, final boolean privateGateway) {
        List<NetworkACLTO> rulesTO = new ArrayList<NetworkACLTO>();
        String guestVlan = null;
        Network guestNtwk = _networkDao.findById(guestNetworkId);
        URI uri = guestNtwk.getBroadcastUri();
        if (uri != null) {
            guestVlan = BroadcastDomainType.getValue(uri);
        }
        if (rules != null) {
            for (NetworkACLItem rule : rules) {
                NetworkACLTO ruleTO = new NetworkACLTO(rule, guestVlan, rule.getTrafficType());
                rulesTO.add(ruleTO);
            }
        }
        SetNetworkACLCommand cmd = new SetNetworkACLCommand(rulesTO, _networkHelper.getNicTO(router, guestNetworkId, null));
        cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
        cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, _routerControlHelper.getRouterIpInNetwork(guestNetworkId, router.getId()));
        cmd.setAccessDetail(NetworkElementCommand.GUEST_VLAN_TAG, guestVlan);
        cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
        DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId());
        cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString());
        if (privateGateway) {
            cmd.setAccessDetail(NetworkElementCommand.VPC_PRIVATE_GATEWAY, String.valueOf(VpcGateway.Type.Private));
        }
        cmds.addCommand(cmd);
    }
 }
--- a/server/src/com/cloud/network/rules/NicPlugInOutRules.java
+++ b/server/src/com/cloud/network/rules/NicPlugInOutRules.java
@ -0,0 +1,202 @@
 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
 package com.cloud.network.rules;
 import java.net.URI;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
 import org.apache.cloudstack.network.topology.NetworkTopologyVisitor;
 import org.apache.log4j.Logger;
 import com.cloud.agent.api.Command;
 import com.cloud.agent.api.NetworkUsageCommand;
 import com.cloud.agent.manager.Commands;
 import com.cloud.exception.ConcurrentOperationException;
 import com.cloud.exception.InsufficientCapacityException;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.IpAddress;
 import com.cloud.network.Network;
 import com.cloud.network.Networks.BroadcastDomainType;
 import com.cloud.network.Networks.IsolationType;
 import com.cloud.network.PublicIpAddress;
 import com.cloud.network.router.VirtualRouter;
 import com.cloud.network.vpc.VpcVO;
 import com.cloud.user.UserStatisticsVO;
 import com.cloud.utils.Pair;
 import com.cloud.vm.Nic;
 import com.cloud.vm.NicProfile;
 import com.cloud.vm.NicVO;
 public class NicPlugInOutRules extends RuleApplier {
    private static final Logger s_logger = Logger.getLogger(NicPlugInOutRules.class);
    private final List<? extends PublicIpAddress> _ipAddresses;
    private Commands _netUsageCommands;
    public NicPlugInOutRules(final Network network, final List<? extends PublicIpAddress> ipAddresses) {
        super(network);
        _ipAddresses = ipAddresses;
    }
    @Override
    public boolean accept(final NetworkTopologyVisitor visitor, final VirtualRouter router) throws ResourceUnavailableException {
        Pair<Map<String, PublicIpAddress>, Map<String, PublicIpAddress>> nicsToChange = getNicsToChangeOnRouter(_ipAddresses, router);
        Map<String, PublicIpAddress> nicsToPlug = nicsToChange.first();
        Map<String, PublicIpAddress> nicsToUnplug = nicsToChange.second();
        //1) Unplug the nics
        for (Entry<String, PublicIpAddress> entry : nicsToUnplug.entrySet()) {
            Network publicNtwk = null;
            try {
                publicNtwk = _networkModel.getNetwork(entry.getValue().getNetworkId());
                URI broadcastUri = BroadcastDomainType.Vlan.toUri(entry.getKey());
                _itMgr.removeVmFromNetwork(router, publicNtwk, broadcastUri);
            } catch (ConcurrentOperationException e) {
                s_logger.warn("Failed to remove router " + router + " from vlan " + entry.getKey() + " in public network " + publicNtwk + " due to ", e);
                return false;
            }
        }
        _netUsageCommands = new Commands(Command.OnError.Continue);
        VpcVO vpc = _vpcDao.findById(router.getVpcId());
        //2) Plug the nics
        for (String vlanTag : nicsToPlug.keySet()) {
            PublicIpAddress ip = nicsToPlug.get(vlanTag);
            //have to plug the nic(s)
            NicProfile defaultNic = new NicProfile();
            if (ip.isSourceNat()) {
                defaultNic.setDefaultNic(true);
            }
            defaultNic.setIp4Address(ip.getAddress().addr());
            defaultNic.setGateway(ip.getGateway());
            defaultNic.setNetmask(ip.getNetmask());
            defaultNic.setMacAddress(ip.getMacAddress());
            defaultNic.setBroadcastType(BroadcastDomainType.Vlan);
            defaultNic.setBroadcastUri(BroadcastDomainType.Vlan.toUri(ip.getVlanTag()));
            defaultNic.setIsolationUri(IsolationType.Vlan.toUri(ip.getVlanTag()));
            NicProfile publicNic = null;
            Network publicNtwk = null;
            try {
                publicNtwk = _networkModel.getNetwork(ip.getNetworkId());
                publicNic = _itMgr.addVmToNetwork(router, publicNtwk, defaultNic);
            } catch (ConcurrentOperationException e) {
                s_logger.warn("Failed to add router " + router + " to vlan " + vlanTag + " in public network " + publicNtwk + " due to ", e);
            } catch (InsufficientCapacityException e) {
                s_logger.warn("Failed to add router " + router + " to vlan " + vlanTag + " in public network " + publicNtwk + " due to ", e);
            } finally {
                if (publicNic == null) {
                    s_logger.warn("Failed to add router " + router + " to vlan " + vlanTag + " in public network " + publicNtwk);
                    return false;
                }
            }
            //Create network usage commands. Send commands to router after IPAssoc
            NetworkUsageCommand netUsageCmd =
                    new NetworkUsageCommand(router.getPrivateIpAddress(), router.getInstanceName(), true, defaultNic.getIp4Address(), vpc.getCidr());
            _netUsageCommands.addCommand(netUsageCmd);
            UserStatisticsVO stats =
                    _userStatsDao.findBy(router.getAccountId(), router.getDataCenterId(), publicNtwk.getId(), publicNic.getIp4Address(), router.getId(), router.getType()
                            .toString());
            if (stats == null) {
                stats =
                        new UserStatisticsVO(router.getAccountId(), router.getDataCenterId(), publicNic.getIp4Address(), router.getId(), router.getType().toString(),
                                publicNtwk.getId());
                _userStatsDao.persist(stats);
            }
        }
        // Let the IpAssociationRule call the visitor fot the NicPlugInOutRule
        return true;
    }
    public List<? extends PublicIpAddress> getIpAddresses() {
        return _ipAddresses;
    }
    public Commands getNetUsageCommands() {
        return _netUsageCommands;
    }
    private Pair<Map<String, PublicIpAddress>, Map<String, PublicIpAddress>> getNicsToChangeOnRouter(final List<? extends PublicIpAddress> publicIps,
            final VirtualRouter router) {
        //1) check which nics need to be plugged/unplugged and plug/unplug them
        Map<String, PublicIpAddress> nicsToPlug = new HashMap<String, PublicIpAddress>();
        Map<String, PublicIpAddress> nicsToUnplug = new HashMap<String, PublicIpAddress>();
        //find out nics to unplug
        for (PublicIpAddress ip : publicIps) {
            long publicNtwkId = ip.getNetworkId();
            //if ip is not associated to any network, and there are no firewall rules, release it on the backend
            if (!_vpcMgr.isIpAllocatedToVpc(ip)) {
                ip.setState(IpAddress.State.Releasing);
            }
            if (ip.getState() == IpAddress.State.Releasing) {
                Nic nic = _nicDao.findByIp4AddressAndNetworkIdAndInstanceId(publicNtwkId, router.getId(), ip.getAddress().addr());
                if (nic != null) {
                    nicsToUnplug.put(ip.getVlanTag(), ip);
                    s_logger.debug("Need to unplug the nic for ip=" + ip + "; vlan=" + ip.getVlanTag() + " in public network id =" + publicNtwkId);
                }
            }
        }
        //find out nics to plug
        for (PublicIpAddress ip : publicIps) {
            URI broadcastUri = BroadcastDomainType.Vlan.toUri(ip.getVlanTag());
            long publicNtwkId = ip.getNetworkId();
            //if ip is not associated to any network, and there are no firewall rules, release it on the backend
            if (!_vpcMgr.isIpAllocatedToVpc(ip)) {
                ip.setState(IpAddress.State.Releasing);
            }
            if (ip.getState() == IpAddress.State.Allocated || ip.getState() == IpAddress.State.Allocating) {
                //nic has to be plugged only when there are no nics for this vlan tag exist on VR
                Nic nic = _nicDao.findByNetworkIdInstanceIdAndBroadcastUri(publicNtwkId, router.getId(), broadcastUri.toString());
                if (nic == null && nicsToPlug.get(ip.getVlanTag()) == null) {
                    nicsToPlug.put(ip.getVlanTag(), ip);
                    s_logger.debug("Need to plug the nic for ip=" + ip + "; vlan=" + ip.getVlanTag() + " in public network id =" + publicNtwkId);
                } else {
                    PublicIpAddress nicToUnplug = nicsToUnplug.get(ip.getVlanTag());
                    if (nicToUnplug != null) {
                        NicVO nicVO = _nicDao.findByIp4AddressAndNetworkIdAndInstanceId(publicNtwkId, router.getId(), nicToUnplug.getAddress().addr());
                        nicVO.setIp4Address(ip.getAddress().addr());
                        _nicDao.update(nicVO.getId(), nicVO);
                        s_logger.debug("Updated the nic " + nicVO + " with the new ip address " + ip.getAddress().addr());
                        nicsToUnplug.remove(ip.getVlanTag());
                    }
                }
            }
        }
        Pair<Map<String, PublicIpAddress>, Map<String, PublicIpAddress>> nicsToChange =
                new Pair<Map<String, PublicIpAddress>, Map<String, PublicIpAddress>>(nicsToPlug, nicsToUnplug);
        return nicsToChange;
    }
 }
--- a/server/src/com/cloud/network/rules/RuleApplier.java
+++ b/server/src/com/cloud/network/rules/RuleApplier.java
@ -34,11 +34,15 @@ import com.cloud.network.dao.LoadBalancerDao;
 import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.lb.LoadBalancingRulesManager;
 import com.cloud.network.router.NEWVirtualNetworkApplianceManager;
 import com.cloud.network.router.NetworkGeneralHelper;
 import com.cloud.network.router.RouterControlHelper;
 import com.cloud.network.router.VirtualRouter;
 import com.cloud.network.vpc.VpcManager;
 import com.cloud.network.vpc.dao.VpcDao;
 import com.cloud.offerings.dao.NetworkOfferingDao;
 import com.cloud.service.dao.ServiceOfferingDao;
 import com.cloud.storage.dao.VMTemplateDao;
 import com.cloud.user.dao.UserStatisticsDao;
 import com.cloud.uservm.UserVm;
 import com.cloud.utils.StringUtils;
 import com.cloud.vm.NicVO;
@ -77,6 +81,12 @@ public abstract class RuleApplier {
    protected FirewallRulesDao _rulesDao;
    protected UserStatisticsDao _userStatsDao;
    protected VpcDao _vpcDao;
    protected VpcManager _vpcMgr;
    protected VirtualMachineManager _itMgr;
    protected Network _network;
@ -85,8 +95,10 @@ public abstract class RuleApplier {
    protected RouterControlHelper _routerControlHelper;
    protected NetworkGeneralHelper _networkHelper;
    public RuleApplier(final Network network) {
-        this._network = network;
+        _network = network;
    }
    public abstract boolean accept(NetworkTopologyVisitor visitor, VirtualRouter router) throws ResourceUnavailableException;
--- a/server/src/com/cloud/network/rules/SshKeyToRouterRules.java
+++ b/server/src/com/cloud/network/rules/SshKeyToRouterRules.java
@ -80,7 +80,6 @@ public class SshKeyToRouterRules extends RuleApplier {
            cmds.addCommand("password", cmd);
        }
    }
    public VirtualMachineProfile getProfile() {
--- a/server/src/com/cloud/network/rules/VirtualNetworkApplianceFactory.java
+++ b/server/src/com/cloud/network/rules/VirtualNetworkApplianceFactory.java
@ -33,10 +33,15 @@ import com.cloud.network.dao.LoadBalancerDao;
 import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.lb.LoadBalancingRule;
 import com.cloud.network.lb.LoadBalancingRulesManager;
 import com.cloud.network.router.NetworkGeneralHelper;
 import com.cloud.network.router.RouterControlHelper;
 import com.cloud.network.vpc.NetworkACLItem;
 import com.cloud.network.vpc.VpcManager;
 import com.cloud.network.vpc.dao.VpcDao;
 import com.cloud.offerings.dao.NetworkOfferingDao;
 import com.cloud.service.dao.ServiceOfferingDao;
 import com.cloud.storage.dao.VMTemplateDao;
 import com.cloud.user.dao.UserStatisticsDao;
 import com.cloud.vm.NicProfile;
 import com.cloud.vm.VirtualMachineManager;
 import com.cloud.vm.VirtualMachineProfile;
@ -73,6 +78,15 @@ public class VirtualNetworkApplianceFactory {
    @Inject
    protected UserVmDao _userVmDao;
    @Inject
    protected UserStatisticsDao _userStatsDao;
    @Inject
    protected VpcDao _vpcDao;
    @Inject
    protected VpcManager _vpcMgr;
    @Inject
    protected ServiceOfferingDao _serviceOfferingDao;
@ -91,6 +105,9 @@ public class VirtualNetworkApplianceFactory {
    @Inject
    protected RouterControlHelper _routerControlHelper;
    @Inject
    protected NetworkGeneralHelper _networkHelper;
    public LoadBalancingRules createLoadBalancingRules(final Network network, final List<LoadBalancingRule> rules) {
        LoadBalancingRules lbRules = new LoadBalancingRules(network, rules);
@ -141,6 +158,16 @@ public class VirtualNetworkApplianceFactory {
        return ipAssociationRules;
    }
    public VpcIpAssociationRules createVpcIpAssociationRules(final Network network, final List<? extends PublicIpAddress> ipAddresses, final NicPlugInOutRules nicPlugInOutRules) {
        VpcIpAssociationRules ipAssociationRules = new VpcIpAssociationRules(network, ipAddresses, nicPlugInOutRules);
        initBeans(ipAssociationRules);
        ipAssociationRules._networkDao = _networkDao;
        return ipAssociationRules;
    }
    public VpnRules createVpnRules(final Network network, final List<? extends VpnUser> users) {
        VpnRules vpnRules = new VpnRules(network, users);
@ -205,4 +232,26 @@ public class VirtualNetworkApplianceFactory {
        return dhcpRules;
    }
    public NicPlugInOutRules createNicPluInOutRules(final Network network, final List<? extends PublicIpAddress> ipAddresses) {
        NicPlugInOutRules nicPlug = new NicPlugInOutRules(network, ipAddresses);
        initBeans(nicPlug);
        nicPlug._vpcDao = _vpcDao;
        nicPlug._userStatsDao = _userStatsDao;
        nicPlug._vpcMgr = _vpcMgr;
        return nicPlug;
    }
    public NetworkAclsRules createNetworkAclRules(final Network network, final List<? extends NetworkACLItem> rules, final boolean isPrivateGateway) {
        NetworkAclsRules networkAclsRules = new NetworkAclsRules(network, rules, isPrivateGateway);
        initBeans(networkAclsRules);
        networkAclsRules._networkHelper = _networkHelper;
        return networkAclsRules;
    }
 }
--- a/server/src/com/cloud/network/rules/VpcIpAssociationRules.java
+++ b/server/src/com/cloud/network/rules/VpcIpAssociationRules.java
@ -17,32 +17,158 @@
 package com.cloud.network.rules;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import org.apache.cloudstack.network.topology.NetworkTopologyVisitor;
 import org.apache.log4j.Logger;
 import com.cloud.agent.api.routing.IpAssocVpcCommand;
 import com.cloud.agent.api.routing.NetworkElementCommand;
 import com.cloud.agent.api.routing.SetSourceNatCommand;
 import com.cloud.agent.api.to.IpAddressTO;
 import com.cloud.agent.manager.Commands;
 import com.cloud.dc.DataCenterVO;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.IpAddress;
 import com.cloud.network.Network;
 import com.cloud.network.Networks.BroadcastDomainType;
 import com.cloud.network.PublicIpAddress;
 import com.cloud.network.router.VirtualRouter;
 import com.cloud.utils.Pair;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.vm.Nic;
 public class VpcIpAssociationRules extends RuleApplier {
    private static final Logger s_logger = Logger.getLogger(VpcIpAssociationRules.class);
    private final List<? extends PublicIpAddress> _ipAddresses;
-    public VpcIpAssociationRules(final Network network, final List<? extends PublicIpAddress> ipAddresses) {
+    private final NicPlugInOutRules _nicPlugInOutRules;
    private Map<String, String> _vlanMacAddress;
    private List<PublicIpAddress> _ipsToSend;
    public VpcIpAssociationRules(final Network network, final List<? extends PublicIpAddress> ipAddresses, final NicPlugInOutRules nicPlugInOutRules) {
        super(network);
        _ipAddresses = ipAddresses;
        _nicPlugInOutRules = nicPlugInOutRules;
    }
    @Override
    public boolean accept(final NetworkTopologyVisitor visitor, final VirtualRouter router) throws ResourceUnavailableException {
        _router = router;
        _vlanMacAddress = new HashMap<String, String>();
        _ipsToSend = new ArrayList<PublicIpAddress>();
        for (PublicIpAddress ipAddr : _ipAddresses) {
            String broadcastURI = BroadcastDomainType.Vlan.toUri(ipAddr.getVlanTag()).toString();
            Nic nic = _nicDao.findByNetworkIdInstanceIdAndBroadcastUri(ipAddr.getNetworkId(), router.getId(), broadcastURI);
            String macAddress = null;
            if (nic == null) {
                if (ipAddr.getState() != IpAddress.State.Releasing) {
                    throw new CloudRuntimeException("Unable to find the nic in network " + ipAddr.getNetworkId() + "  to apply the ip address " + ipAddr + " for");
                }
                s_logger.debug("Not sending release for ip address " + ipAddr + " as its nic is already gone from VPC router " + router);
            } else {
                macAddress = nic.getMacAddress();
                _vlanMacAddress.put(BroadcastDomainType.getValue(BroadcastDomainType.fromString(ipAddr.getVlanTag())), macAddress);
                _ipsToSend.add(ipAddr);
            }
        }
        return visitor.visit(this);
    }
    public List<? extends PublicIpAddress> getIpAddresses() {
        return _ipAddresses;
    }
    public NicPlugInOutRules getNicPlugInOutRules() {
        return _nicPlugInOutRules;
    }
    public Map<String, String> getVlanMacAddress() {
        return _vlanMacAddress;
    }
    public List<PublicIpAddress> getIpsToSend() {
        return _ipsToSend;
    }
    public void createVpcAssociatePublicIPCommands(final VirtualRouter router, final List<? extends PublicIpAddress> ips, final Commands cmds,
            final Map<String, String> vlanMacAddress) {
        Pair<IpAddressTO, Long> sourceNatIpAdd = null;
        Boolean addSourceNat = null;
        // Ensure that in multiple vlans case we first send all ip addresses of vlan1, then all ip addresses of vlan2, etc..
        Map<String, ArrayList<PublicIpAddress>> vlanIpMap = new HashMap<String, ArrayList<PublicIpAddress>>();
        for (final PublicIpAddress ipAddress : ips) {
            String vlanTag = ipAddress.getVlanTag();
            ArrayList<PublicIpAddress> ipList = vlanIpMap.get(vlanTag);
            if (ipList == null) {
                ipList = new ArrayList<PublicIpAddress>();
            }
            //VR doesn't support release for sourceNat IP address; so reset the state
            if (ipAddress.isSourceNat() && ipAddress.getState() == IpAddress.State.Releasing) {
                ipAddress.setState(IpAddress.State.Allocated);
            }
            ipList.add(ipAddress);
            vlanIpMap.put(vlanTag, ipList);
        }
        for (Map.Entry<String, ArrayList<PublicIpAddress>> vlanAndIp : vlanIpMap.entrySet()) {
            List<PublicIpAddress> ipAddrList = vlanAndIp.getValue();
            // Get network rate - required for IpAssoc
            Integer networkRate = _networkModel.getNetworkRate(ipAddrList.get(0).getNetworkId(), router.getId());
            Network network = _networkModel.getNetwork(ipAddrList.get(0).getNetworkId());
            IpAddressTO[] ipsToSend = new IpAddressTO[ipAddrList.size()];
            int i = 0;
            for (final PublicIpAddress ipAddr : ipAddrList) {
                boolean add = (ipAddr.getState() == IpAddress.State.Releasing ? false : true);
                String macAddress = vlanMacAddress.get(BroadcastDomainType.getValue(BroadcastDomainType.fromString(ipAddr.getVlanTag())));
                IpAddressTO ip =
                        new IpAddressTO(ipAddr.getAccountId(), ipAddr.getAddress().addr(), add, false, ipAddr.isSourceNat(), ipAddr.getVlanTag(), ipAddr.getGateway(),
                                ipAddr.getNetmask(), macAddress, networkRate, ipAddr.isOneToOneNat());
                ip.setTrafficType(network.getTrafficType());
                ip.setNetworkName(_networkModel.getNetworkTag(router.getHypervisorType(), network));
                ipsToSend[i++] = ip;
                if (ipAddr.isSourceNat()) {
                    sourceNatIpAdd = new Pair<IpAddressTO, Long>(ip, ipAddr.getNetworkId());
                    addSourceNat = add;
                }
            }
            IpAssocVpcCommand cmd = new IpAssocVpcCommand(ipsToSend);
            cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
            cmd.setAccessDetail(NetworkElementCommand.ROUTER_GUEST_IP, _routerControlHelper.getRouterIpInNetwork(ipAddrList.get(0).getNetworkId(), router.getId()));
            cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
            DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId());
            cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString());
            cmds.addCommand("IPAssocVpcCommand", cmd);
        }
        //set source nat ip
        if (sourceNatIpAdd != null) {
            IpAddressTO sourceNatIp = sourceNatIpAdd.first();
            SetSourceNatCommand cmd = new SetSourceNatCommand(sourceNatIp, addSourceNat);
            cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, _routerControlHelper.getRouterControlIp(router.getId()));
            cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
            DataCenterVO dcVo = _dcDao.findById(router.getDataCenterId());
            cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString());
            cmds.addCommand("SetSourceNatCommand", cmd);
        }
    }
 }
--- a/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkTopology.java
+++ b/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkTopology.java
@ -27,10 +27,16 @@ import org.springframework.stereotype.Component;
 import com.cloud.deploy.DeployDestination;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.Network;
 import com.cloud.network.PublicIpAddress;
 import com.cloud.network.router.VirtualRouter;
 import com.cloud.network.rules.DhcpEntryRules;
 import com.cloud.network.rules.NetworkAclsRules;
 import com.cloud.network.rules.NicPlugInOutRules;
 import com.cloud.network.rules.RuleApplier;
 import com.cloud.network.rules.RuleApplierWrapper;
 import com.cloud.network.rules.UserdataPwdRules;
 import com.cloud.network.rules.VpcIpAssociationRules;
 import com.cloud.network.vpc.NetworkACLItem;
 import com.cloud.vm.DomainRouterVO;
 import com.cloud.vm.NicProfile;
 import com.cloud.vm.VirtualMachineProfile;
@ -48,7 +54,7 @@ public class AdvancedNetworkTopology extends BasicNetworkTopology {
    public boolean applyUserData(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest, final List<DomainRouterVO> routers)
            throws ResourceUnavailableException {
-        s_logger.debug("APPLYING USERDATA RULES");
+        s_logger.debug("APPLYING VPC USERDATA RULES");
        final String typeString = "userdata and password entry";
        final boolean isPodLevelException = false;
@ -64,7 +70,7 @@ public class AdvancedNetworkTopology extends BasicNetworkTopology {
    public boolean applyDhcpEntry(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest,
            final List<DomainRouterVO> routers) throws ResourceUnavailableException {
-        s_logger.debug("APPLYING DHCP ENTRY RULES");
+        s_logger.debug("APPLYING VPC DHCP ENTRY RULES");
        final String typeString = "dhcp entry";
        final Long podId = null;
@ -75,4 +81,48 @@ public class AdvancedNetworkTopology extends BasicNetworkTopology {
        return applyRules(network, routers, typeString, isPodLevelException, podId, failWhenDisconnect, new RuleApplierWrapper<RuleApplier>(dhcpRules));
    }
    @Override
    public boolean associatePublicIP(final Network network, final List<? extends PublicIpAddress> ipAddresses, final List<? extends VirtualRouter> routers)
            throws ResourceUnavailableException {
        if (ipAddresses == null || ipAddresses.isEmpty()) {
            s_logger.debug("No ip association rules to be applied for network " + network.getId());
            return true;
        }
        //only one router is supported in VPC now
        VirtualRouter router = routers.get(0);
        if (router.getVpcId() == null) {
            return super.associatePublicIP(network, ipAddresses, routers);
        }
        s_logger.debug("APPLYING VPC IP RULES");
        final String typeString = "vpc ip association";
        final boolean isPodLevelException = false;
        final boolean failWhenDisconnect = false;
        final Long podId = null;
        NicPlugInOutRules nicPlugInOutRules = _virtualNetworkApplianceFactory.createNicPluInOutRules(network, ipAddresses);
        VpcIpAssociationRules ipAssociationRules = _virtualNetworkApplianceFactory.createVpcIpAssociationRules(network, ipAddresses, nicPlugInOutRules);
        return applyRules(network, routers, typeString, isPodLevelException, podId, failWhenDisconnect, new RuleApplierWrapper<RuleApplier>(ipAssociationRules));
    }
    @Override
    public boolean applyNetworkACLs(final Network network, final List<? extends NetworkACLItem> rules, final List<? extends VirtualRouter> routers, final boolean isPrivateGateway)
            throws ResourceUnavailableException {
        s_logger.debug("APPLYING NETWORK ACLs RULES");
        final String typeString = "network acls";
        final boolean isPodLevelException = false;
        final boolean failWhenDisconnect = false;
        final Long podId = null;
        NetworkAclsRules aclsRules = _virtualNetworkApplianceFactory.createNetworkAclRules(network, rules, isPrivateGateway);
        return applyRules(network, routers, typeString, isPodLevelException, podId, failWhenDisconnect, new RuleApplierWrapper<RuleApplier>(aclsRules));
    }
 }
--- a/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkVisitor.java
+++ b/server/src/org/apache/cloudstack/network/topology/AdvancedNetworkVisitor.java
@ -17,21 +17,25 @@
 package org.apache.cloudstack.network.topology;
 import java.util.List;
 import java.util.Map;
 import org.springframework.stereotype.Component;
 import com.cloud.agent.api.Command;
 import com.cloud.agent.manager.Commands;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.Network;
 import com.cloud.network.PublicIpAddress;
 import com.cloud.network.router.VirtualRouter;
 import com.cloud.network.rules.DhcpEntryRules;
 import com.cloud.network.rules.DhcpSubNetRules;
 import com.cloud.network.rules.NetworkAclsRules;
-import com.cloud.network.rules.PasswordToRouterRules;
+import com.cloud.network.rules.NicPlugInOutRules;
 import com.cloud.network.rules.PrivateGatewayRules;
 import com.cloud.network.rules.SshKeyToRouterRules;
 import com.cloud.network.rules.UserdataPwdRules;
 import com.cloud.network.rules.UserdataToRouterRules;
 import com.cloud.network.rules.VpcIpAssociationRules;
 import com.cloud.network.vpc.NetworkACLItem;
 import com.cloud.vm.NicVO;
 import com.cloud.vm.UserVmVO;
 import com.cloud.vm.VirtualMachineProfile;
@ -68,28 +72,41 @@ public class AdvancedNetworkVisitor extends BasicNetworkVisitor {
    }
    @Override
-    public boolean visit(final SshKeyToRouterRules sshkey) throws ResourceUnavailableException {
+    public boolean visit(final NicPlugInOutRules nicPlugInOutRules) throws ResourceUnavailableException {
-        return false;
+        final VirtualRouter router = nicPlugInOutRules.getRouter();
    }
-    @Override
+        final Commands commands = nicPlugInOutRules.getNetUsageCommands();
-    public boolean visit(final PasswordToRouterRules pwd) throws ResourceUnavailableException {
+
-        return false;
+        return _applianceManager.sendCommandsToRouter(router, commands);
    }
    @Override
    public boolean visit(final NetworkAclsRules acls) throws ResourceUnavailableException {
-        return false;
+        final VirtualRouter router = acls.getRouter();
        final Network network = acls.getNetwork();
        Commands commands = new Commands(Command.OnError.Continue);
        List<? extends NetworkACLItem> rules = acls.getRules();
        acls.createNetworkACLsCommands(rules, router, commands, network.getId(), acls.isPrivateGateway());
        return _applianceManager.sendCommandsToRouter(router, commands);
    }
    @Override
    public boolean visit(final VpcIpAssociationRules vpcip) throws ResourceUnavailableException {
-        return false;
+        final VirtualRouter router = vpcip.getRouter();
    }
-    @Override
+        Commands cmds = new Commands(Command.OnError.Continue);
-    public boolean visit(final UserdataToRouterRules userdata) throws ResourceUnavailableException {
+        Map<String, String> vlanMacAddress = vpcip.getVlanMacAddress();
-        return false;
+        List<PublicIpAddress> ipsToSend = vpcip.getIpsToSend();
        if (!ipsToSend.isEmpty()) {
            vpcip.createVpcAssociatePublicIPCommands(router, ipsToSend, cmds, vlanMacAddress);
            return _applianceManager.sendCommandsToRouter(router, cmds);
        } else {
            return true;
        }
    }
    @Override
--- a/server/src/org/apache/cloudstack/network/topology/BasicNetworkTopology.java
+++ b/server/src/org/apache/cloudstack/network/topology/BasicNetworkTopology.java
@ -42,6 +42,7 @@ import com.cloud.network.PublicIpAddress;
 import com.cloud.network.VpnUser;
 import com.cloud.network.lb.LoadBalancingRule;
 import com.cloud.network.router.VirtualRouter;
 import com.cloud.network.rules.DhcpEntryRules;
 import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.rules.FirewallRules;
 import com.cloud.network.rules.IpAssociationRules;
@ -56,6 +57,8 @@ import com.cloud.network.rules.UserdataPwdRules;
 import com.cloud.network.rules.UserdataToRouterRules;
 import com.cloud.network.rules.VirtualNetworkApplianceFactory;
 import com.cloud.network.rules.VpnRules;
 import com.cloud.network.vpc.NetworkACLItem;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.vm.DomainRouterVO;
 import com.cloud.vm.NicProfile;
 import com.cloud.vm.UserVmVO;
@ -100,6 +103,12 @@ public class BasicNetworkTopology implements NetworkTopology {
        return null;
    }
    @Override
    public boolean applyNetworkACLs(final Network network, final List<? extends NetworkACLItem> rules, final List<? extends VirtualRouter> routers, final boolean isPrivateGateway)
            throws ResourceUnavailableException {
        throw new CloudRuntimeException("applyNetworkACLs not implemented in Basic Network Topology.");
    }
    @Override
    public boolean configDhcpForSubnet(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest,
            final List<DomainRouterVO> routers) throws ResourceUnavailableException {
@ -109,9 +118,6 @@ public class BasicNetworkTopology implements NetworkTopology {
    @Override
    public boolean applyDhcpEntry(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest,
            final List<DomainRouterVO> routers) throws ResourceUnavailableException {
 <<<<<<< HEAD
        return false;
 =======
        s_logger.debug("APPLYING DHCP ENTRY RULES");
@ -119,9 +125,11 @@ public class BasicNetworkTopology implements NetworkTopology {
        final Long podId = dest.getPod().getId();
        boolean isPodLevelException = false;
-        //for user vm in Basic zone we should try to re-deploy vm in a diff pod if it fails to deploy in original pod; so throwing exception with Pod scope
+        // for user vm in Basic zone we should try to re-deploy vm in a diff pod
-        if (podId != null && profile.getVirtualMachine().getType() == VirtualMachine.Type.User && network.getTrafficType() == TrafficType.Guest &&
+        // if it fails to deploy in original pod; so throwing exception with Pod
-                network.getGuestType() == Network.GuestType.Shared) {
+        // scope
        if (podId != null && profile.getVirtualMachine().getType() == VirtualMachine.Type.User && network.getTrafficType() == TrafficType.Guest
                && network.getGuestType() == Network.GuestType.Shared) {
            isPodLevelException = true;
        }
@ -130,7 +138,6 @@ public class BasicNetworkTopology implements NetworkTopology {
        DhcpEntryRules dhcpRules = _virtualNetworkApplianceFactory.createDhcpEntryRules(network, nic, profile, dest);
        return applyRules(network, routers, typeString, isPodLevelException, podId, failWhenDisconnect, new RuleApplierWrapper<RuleApplier>(dhcpRules));
 >>>>>>> ee0389b... fixing import in virtual router element and checkstyle in dhcp entry related changes
    }
    @Override
--- a/server/src/org/apache/cloudstack/network/topology/BasicNetworkVisitor.java
+++ b/server/src/org/apache/cloudstack/network/topology/BasicNetworkVisitor.java
@ -40,6 +40,7 @@ import com.cloud.network.rules.FirewallRules;
 import com.cloud.network.rules.IpAssociationRules;
 import com.cloud.network.rules.LoadBalancingRules;
 import com.cloud.network.rules.NetworkAclsRules;
 import com.cloud.network.rules.NicPlugInOutRules;
 import com.cloud.network.rules.PasswordToRouterRules;
 import com.cloud.network.rules.PortForwardingRule;
 import com.cloud.network.rules.PrivateGatewayRules;
@ -215,16 +216,6 @@ public class BasicNetworkVisitor extends NetworkTopologyVisitor {
        return _applianceManager.sendCommandsToRouter(router, cmds);
    }
    @Override
    public boolean visit(final NetworkAclsRules nat) throws ResourceUnavailableException {
        throw new CloudRuntimeException("NetworkAclsRules not implemented in Basic Network Topology.");
    }
    @Override
    public boolean visit(final VpcIpAssociationRules nat) throws ResourceUnavailableException {
        throw new CloudRuntimeException("VpcIpAssociationRules not implemented in Basic Network Topology.");
    }
    @Override
    public boolean visit(final UserdataToRouterRules userdata) throws ResourceUnavailableException {
        final VirtualRouter router = userdata.getRouter();
@ -238,11 +229,6 @@ public class BasicNetworkVisitor extends NetworkTopologyVisitor {
        return _applianceManager.sendCommandsToRouter(router, commands);
    }
    @Override
    public boolean visit(final PrivateGatewayRules userdata) throws ResourceUnavailableException {
        throw new CloudRuntimeException("PrivateGatewayRules not implemented in Basic Network Topology.");
    }
    @Override
    public boolean visit(final VpnRules vpn) throws ResourceUnavailableException {
        VirtualRouter router = vpn.getRouter();
@ -263,4 +249,24 @@ public class BasicNetworkVisitor extends NetworkTopologyVisitor {
    public boolean visit(final VpnRules userdata) throws ResourceUnavailableException {
        return false;
    }
    @Override
    public boolean visit(final NicPlugInOutRules nicPlugInOutRules) throws ResourceUnavailableException {
        throw new CloudRuntimeException("NicPlugInOutRules not implemented in Basic Network Topology.");
    }
    @Override
    public boolean visit(final NetworkAclsRules nat) throws ResourceUnavailableException {
        throw new CloudRuntimeException("NetworkAclsRules not implemented in Basic Network Topology.");
    }
    @Override
    public boolean visit(final VpcIpAssociationRules nat) throws ResourceUnavailableException {
        throw new CloudRuntimeException("VpcIpAssociationRules not implemented in Basic Network Topology.");
    }
    @Override
    public boolean visit(final PrivateGatewayRules userdata) throws ResourceUnavailableException {
        throw new CloudRuntimeException("PrivateGatewayRules not implemented in Basic Network Topology.");
    }
 }
--- a/server/src/org/apache/cloudstack/network/topology/NetworkTopology.java
+++ b/server/src/org/apache/cloudstack/network/topology/NetworkTopology.java
@ -31,6 +31,7 @@ import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.rules.RuleApplier;
 import com.cloud.network.rules.RuleApplierWrapper;
 import com.cloud.network.rules.StaticNat;
 import com.cloud.network.vpc.NetworkACLItem;
 import com.cloud.vm.DomainRouterVO;
 import com.cloud.vm.NicProfile;
 import com.cloud.vm.VirtualMachineProfile;
@ -49,10 +50,12 @@ public interface NetworkTopology {
    boolean applyDhcpEntry(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest, final List<DomainRouterVO> routers)
            throws ResourceUnavailableException;
-    boolean applyRules(final Network network, final List<? extends VirtualRouter> routers, final String typeString, final boolean isPodLevelException, final Long podId,
+    // ====== USER FOR VPC ONLY ====== //
            final boolean failWhenDisconnect, RuleApplierWrapper<RuleApplier> ruleApplier) throws ResourceUnavailableException;
-    // ====== USER FOR GUEST NETWORK ====== //
+    boolean applyNetworkACLs(final Network network, final List<? extends NetworkACLItem> rules, final List<? extends VirtualRouter> routers, final boolean isPrivateGateway)
            throws ResourceUnavailableException;
    // ====== USER FOR GUEST NETWORK AND VCP ====== //
    boolean applyUserData(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final DeployDestination dest, final List<DomainRouterVO> routers)
            throws ResourceUnavailableException;
@ -74,4 +77,7 @@ public interface NetworkTopology {
    boolean saveUserDataToRouter(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final List<? extends VirtualRouter> routers)
            throws ResourceUnavailableException;
    boolean applyRules(final Network network, final List<? extends VirtualRouter> routers, final String typeString, final boolean isPodLevelException, final Long podId,
            final boolean failWhenDisconnect, RuleApplierWrapper<RuleApplier> ruleApplier) throws ResourceUnavailableException;
 }
--- a/server/src/org/apache/cloudstack/network/topology/NetworkTopologyVisitor.java
+++ b/server/src/org/apache/cloudstack/network/topology/NetworkTopologyVisitor.java
@ -23,6 +23,7 @@ import com.cloud.network.rules.FirewallRules;
 import com.cloud.network.rules.IpAssociationRules;
 import com.cloud.network.rules.LoadBalancingRules;
 import com.cloud.network.rules.NetworkAclsRules;
 import com.cloud.network.rules.NicPlugInOutRules;
 import com.cloud.network.rules.PasswordToRouterRules;
 import com.cloud.network.rules.PrivateGatewayRules;
 import com.cloud.network.rules.SshKeyToRouterRules;
@ -69,4 +70,5 @@ public abstract class NetworkTopologyVisitor {
    public abstract boolean visit(DhcpPvlanRules vpn) throws ResourceUnavailableException;
    public abstract boolean visit(DhcpSubNetRules vpn) throws ResourceUnavailableException;
    public abstract boolean visit(NicPlugInOutRules nicPlugInOutRules) throws ResourceUnavailableException;
 }
--- a/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java
+++ b/server/test/com/cloud/vpc/MockVpcVirtualNetworkApplianceManager.java
@ -33,17 +33,12 @@ import com.cloud.exception.ConcurrentOperationException;
 import com.cloud.exception.InsufficientCapacityException;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.Network;
 import com.cloud.network.PublicIpAddress;
 import com.cloud.network.RemoteAccessVpn;
 import com.cloud.network.Site2SiteVpnConnection;
 import com.cloud.network.VpcVirtualNetworkApplianceService;
 import com.cloud.network.VpnUser;
 import com.cloud.network.lb.LoadBalancingRule;
 import com.cloud.network.router.VirtualRouter;
 import com.cloud.network.router.VpcVirtualNetworkApplianceManager;
 import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.rules.StaticNat;
 import com.cloud.network.vpc.NetworkACLItem;
 import com.cloud.network.vpc.PrivateGateway;
 import com.cloud.network.vpc.StaticRouteProfile;
 import com.cloud.user.Account;
@ -66,32 +61,6 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement
        return false;
    }
    /* (non-Javadoc)
     * @see com.cloud.network.router.VirtualNetworkApplianceManager#savePasswordToRouter(com.cloud.network.Network, com.cloud.vm.NicProfile, com.cloud.vm.VirtualMachineProfile, java.util.List)
     */
    @Override
    public boolean savePasswordToRouter(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final List<? extends VirtualRouter> routers)
        throws ResourceUnavailableException {
        // TODO Auto-generated method stub
        return false;
    }
    @Override
    public boolean saveSSHPublicKeyToRouter(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final List<? extends VirtualRouter> routers, final String sshPublicKey)
        throws ResourceUnavailableException {
        return false;  //To change body of implemented methods use File | Settings | File Templates.
    }
    /* (non-Javadoc)
     * @see com.cloud.network.router.VirtualNetworkApplianceManager#saveUserDataToRouter(com.cloud.network.Network, com.cloud.vm.NicProfile, com.cloud.vm.VirtualMachineProfile, java.util.List)
     */
    @Override
    public boolean saveUserDataToRouter(final Network network, final NicProfile nic, final VirtualMachineProfile profile, final List<? extends VirtualRouter> routers)
        throws ResourceUnavailableException {
        // TODO Auto-generated method stub
        return false;
    }
    /* (non-Javadoc)
     * @see com.cloud.network.router.VirtualNetworkApplianceManager#startRemoteAccessVpn(com.cloud.network.Network, com.cloud.network.RemoteAccessVpn, java.util.List)
     */
@ -110,25 +79,6 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement
        return false;
    }
    /* (non-Javadoc)
     * @see com.cloud.network.router.VirtualNetworkApplianceManager#associatePublicIP(com.cloud.network.Network, java.util.List, java.util.List)
     */
    @Override
    public boolean associatePublicIP(final Network network, final List<? extends PublicIpAddress> ipAddress, final List<? extends VirtualRouter> routers)
        throws ResourceUnavailableException {
        // TODO Auto-generated method stub
        return false;
    }
    /* (non-Javadoc)
     * @see com.cloud.network.router.VirtualNetworkApplianceManager#applyFirewallRules(com.cloud.network.Network, java.util.List, java.util.List)
     */
    @Override
    public boolean applyFirewallRules(final Network network, final List<? extends FirewallRule> rules, final List<? extends VirtualRouter> routers) throws ResourceUnavailableException {
        // TODO Auto-generated method stub
        return false;
    }
    /* (non-Javadoc)
     * @see com.cloud.network.router.VirtualNetworkApplianceManager#getRoutersForNetwork(long)
     */
@ -152,7 +102,6 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement
     */
    @Override
    public VirtualRouter stop(final VirtualRouter router, final boolean forced, final User callingUser, final Account callingAccount) throws ConcurrentOperationException,
        ResourceUnavailableException {
        // TODO Auto-generated method stub
        return null;
    }
@ -166,38 +115,9 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement
        return null;
    }
    /* (non-Javadoc)
     * @see com.cloud.network.router.VirtualNetworkApplianceManager#applyStaticNats(com.cloud.network.Network, java.util.List, java.util.List)
     */
    @Override
    public boolean applyStaticNats(final Network network, final List<? extends StaticNat> rules, final List<? extends VirtualRouter> routers) throws ResourceUnavailableException {
        // TODO Auto-generated method stub
        return false;
    }
    /* (non-Javadoc)
     * @see com.cloud.network.router.VirtualNetworkApplianceManager#applyDhcpEntry(com.cloud.network.Network, com.cloud.vm.NicProfile, com.cloud.vm.VirtualMachineProfile, com.cloud.deploy.DeployDestination, java.util.List)
     */
    @Override
    public boolean applyDhcpEntry(final Network config, final NicProfile nic, final VirtualMachineProfile vm, final DeployDestination dest, final List<DomainRouterVO> routers)
        throws ResourceUnavailableException {
        // TODO Auto-generated method stub
        return false;
    }
    /* (non-Javadoc)
     * @see com.cloud.network.router.VirtualNetworkApplianceManager#applyUserData(com.cloud.network.Network, com.cloud.vm.NicProfile, com.cloud.vm.VirtualMachineProfile, com.cloud.deploy.DeployDestination, java.util.List)
     */
    @Override
    public boolean applyUserData(final Network config, final NicProfile nic, final VirtualMachineProfile vm, final DeployDestination dest, final List<DomainRouterVO> routers)
        throws ResourceUnavailableException {
        // TODO Auto-generated method stub
        return false;
    }
    @Override
    public boolean configDhcpForSubnet(final Network network, final NicProfile nic, final VirtualMachineProfile uservm, final DeployDestination dest, final List<DomainRouterVO> routers)
-        throws ResourceUnavailableException {
+            throws ResourceUnavailableException {
        return false;  //To change body of implemented methods use File | Settings | File Templates.
    }
@ -211,7 +131,6 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement
     */
    @Override
    public VirtualRouter startRouter(final long routerId, final boolean reprogramNetwork) throws ConcurrentOperationException, ResourceUnavailableException,
        InsufficientCapacityException {
        // TODO Auto-generated method stub
        return null;
    }
@ -221,7 +140,6 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement
     */
    @Override
    public VirtualRouter rebootRouter(final long routerId, final boolean reprogramNetwork) throws ConcurrentOperationException, ResourceUnavailableException,
        InsufficientCapacityException {
        // TODO Auto-generated method stub
        return null;
    }
@ -312,17 +230,10 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement
     */
    @Override
    public boolean removeVpcRouterFromGuestNetwork(final VirtualRouter router, final Network network, final boolean isRedundant) throws ConcurrentOperationException,
        ResourceUnavailableException {
        // TODO Auto-generated method stub
        return false;
    }
    @Override
    public boolean applyNetworkACLs(final Network network, final List<? extends NetworkACLItem> rules, final List<? extends VirtualRouter> routers, final boolean privateGateway)
        throws ResourceUnavailableException {
        return false;  //To change body of implemented methods use File | Settings | File Templates.
    }
    /* (non-Javadoc)
     * @see com.cloud.network.router.VpcVirtualNetworkApplianceManager#setupPrivateGateway(com.cloud.network.vpc.PrivateGateway, com.cloud.network.router.VirtualRouter)
     */
@ -374,13 +285,6 @@ public class MockVpcVirtualNetworkApplianceManager extends ManagerBase implement
        return null;
    }
    @Override
    public boolean applyLoadBalancingRules(final Network network, final List<? extends LoadBalancingRule> rules, final List<? extends VirtualRouter> routers)
        throws ResourceUnavailableException {
        // TODO Auto-generated method stub
        return false;
    }
    @Override
    public VirtualRouter findRouter(final long routerId) {
        // TODO Auto-generated method stub