bug 8251: introduced "id" field for public IP address. In the DB id is a primary key in user_ip_address table; ip_address and source_network_id is a composite key

status 8251: resolved fixed

api/src/com/cloud/agent/api/routing/LoadBalancerConfigCommand.java

@@ -21,7 +21,7 @@ import com.cloud.agent.api.to.LoadBalancerTO;
 
 /**
  * LoadBalancerConfigCommand sends the load balancer configuration
- * to the load balancer.  Isn't that kinda obvious?
+ * to the load balancer.
  */
 public class LoadBalancerConfigCommand extends NetworkElementCommand {
     LoadBalancerTO[] loadBalancers;
@@ -30,7 +30,7 @@ public class LoadBalancerConfigCommand extends NetworkElementCommand {
         
     }
     
-    public LoadBalancerConfigCommand( LoadBalancerTO[] loadBalancers) {
+    public LoadBalancerConfigCommand(LoadBalancerTO[] loadBalancers) {
     	this.loadBalancers = loadBalancers;
     }
     

api/src/com/cloud/agent/api/routing/SetPortForwardingRulesCommand.java

@@ -20,7 +20,6 @@ package com.cloud.agent.api.routing;
 import java.util.List;
 
 import com.cloud.agent.api.to.PortForwardingRuleTO;
-import com.cloud.network.rules.PortForwardingRule;
 
 public class SetPortForwardingRulesCommand extends NetworkElementCommand {
     PortForwardingRuleTO[] rules;
@@ -28,11 +27,11 @@ public class SetPortForwardingRulesCommand extends NetworkElementCommand {
     protected SetPortForwardingRulesCommand() {
     }
     
-    public SetPortForwardingRulesCommand(List<? extends PortForwardingRule> pfRules) {
+    public SetPortForwardingRulesCommand(List<? extends PortForwardingRuleTO> pfRules) {
         rules = new PortForwardingRuleTO[pfRules.size()];
         int i = 0;
-        for (PortForwardingRule rule : pfRules) {
+        for (PortForwardingRuleTO rule : pfRules) {
-            rules[i++] = new PortForwardingRuleTO(rule);
+            rules[i++] = rule;
         }
     }
     

api/src/com/cloud/agent/api/to/FirewallRuleTO.java

@@ -17,6 +17,7 @@
  */
 package com.cloud.agent.api.to;
 
+import com.cloud.network.IpAddress;
 import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.rules.FirewallRule.State;
 
@@ -28,7 +29,7 @@ import com.cloud.network.rules.FirewallRule.State;
  *      sent multiple times to the destination.  If the rule is not on 
  *      the destination, the answer to a revoke rule should be successful.
  *   2. alreadyAdded - the rule has been successfully added before.  Rules
- *      in this state are sent for completeness and optomization.
+ *      in this state are sent for completeness and optimization.
  *   3. neither - the rule is to be added but it might have been added before.
  *      If the rule already exists on the destination, the destination should
  *      reply the rule is successfully applied.
@@ -62,8 +63,8 @@ public class FirewallRuleTO {
         this.isOneToOneNat = isOneToOneNat;
     }
     
-    public FirewallRuleTO(FirewallRule rule) {
+    public FirewallRuleTO(FirewallRule rule, String srcIp) {
-        this(rule.getId(), rule.getSourceIpAddress().addr(), rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState()==State.Revoke, rule.getState()==State.Active, rule.isOneToOneNat());
+        this(rule.getId(), srcIp, rule.getProtocol(), rule.getSourcePortStart(), rule.getSourcePortEnd(), rule.getState()==State.Revoke, rule.getState()==State.Active, rule.isOneToOneNat());
     }
     
     public long getId() {

api/src/com/cloud/agent/api/to/PortForwardingRuleTO.java

@@ -33,8 +33,8 @@ public class PortForwardingRuleTO extends FirewallRuleTO {
         super();
     }
     
-    public PortForwardingRuleTO(PortForwardingRule rule) {
+    public PortForwardingRuleTO(PortForwardingRule rule, String srcIp) {
-        super(rule);
+        super(rule, srcIp);
         this.dstIp = rule.getDestinationIpAddress().addr();
         this.dstPortRange = new int[] { rule.getDestinationPortStart(), rule.getDestinationPortEnd() };
     }

api/src/com/cloud/api/ApiConstants.java

@@ -79,6 +79,7 @@ public class ApiConstants {
     public static final String INTERNAL_DNS2 = "internaldns2";
     public static final String INTERVAL_TYPE = "intervaltype";
     public static final String IP_ADDRESS = "ipaddress";
+    public static final String IP_ADDRESS_ID = "ipaddressid";
     public static final String IP_AVAILABLE = "ipavailable";
     public static final String IP_LIMIT = "iplimit";
     public static final String IP_TOTAL = "iptotal";
@@ -123,6 +124,7 @@ public class ApiConstants {
     public static final String PRIVATE_ZONE = "privatezone";
     public static final String PROTOCOL = "protocol";
     public static final String PUBLIC_INTERFACE = "publicinterface";
+    public static final String PUBLIC_IP_ID = "publicipid";
     public static final String PUBLIC_IP = "publicip";
     public static final String PUBLIC_PORT = "publicport";
     public static final String PUBLIC_ZONE = "publiczone";

api/src/com/cloud/api/commands/AssociateIPAddrCmd.java

@@ -22,11 +22,13 @@ import java.util.List;
 import org.apache.log4j.Logger;
 
 import com.cloud.api.ApiConstants;
+import com.cloud.api.BaseAsyncCreateCmd;
 import com.cloud.api.BaseCmd;
 import com.cloud.api.Implementation;
 import com.cloud.api.Parameter;
 import com.cloud.api.ServerApiException;
 import com.cloud.api.response.IPAddressResponse;
+import com.cloud.event.EventTypes;
 import com.cloud.exception.ConcurrentOperationException;
 import com.cloud.exception.InsufficientAddressCapacityException;
 import com.cloud.exception.InsufficientCapacityException;
@@ -35,10 +37,11 @@ import com.cloud.exception.ResourceAllocationException;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.IpAddress;
 import com.cloud.network.Network;
+import com.cloud.user.Account;
 import com.cloud.user.UserContext;
 
 @Implementation(description="Acquires and associates a public IP to an account.", responseObject=IPAddressResponse.class)
-public class AssociateIPAddrCmd extends BaseCmd {
+public class AssociateIPAddrCmd extends BaseAsyncCreateCmd {
     public static final Logger s_logger = Logger.getLogger(AssociateIPAddrCmd.class.getName());
     private static final String s_name = "associateipaddressresponse";
 
@@ -94,6 +97,21 @@ public class AssociateIPAddrCmd extends BaseCmd {
         return networks.get(0).getId();
     }
     
+    @Override
+    public long getEntityOwnerId() {
+        Account caller = UserContext.current().getCaller();
+        return _accountService.finalizeOwner(caller, accountName, domainId).getAccountId();
+    }
+
+    @Override
+    public String getEventType() {
+        return EventTypes.EVENT_NET_IP_ASSIGN;
+    }
+    
+    @Override
+    public String getEventDescription() {
+        return  "associating ip to network id: " + getNetworkId() + " in zone " + getZoneId();
+    }
 
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
@@ -109,6 +127,28 @@ public class AssociateIPAddrCmd extends BaseCmd {
     	return "addressinfo";
     }
     
+    @Override
+    public void create(){
+        try {
+            IpAddress ip = _networkService.allocateIP(this);
+            if (ip != null) {
+                this.setEntityId(ip.getId());
+            } else {
+                throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to allocate ip address");
+            }
+        } catch (ResourceAllocationException ex) {
+            s_logger.warn("Exception: ", ex);
+            throw new ServerApiException(BaseCmd.RESOURCE_ALLOCATION_ERROR, ex.getMessage());
+        } catch (ConcurrentOperationException ex) {
+            s_logger.warn("Exception: ", ex);
+            throw new ServerApiException(BaseCmd.INTERNAL_ERROR, ex.getMessage());
+        } catch (InsufficientAddressCapacityException ex) {
+            s_logger.info(ex);
+            s_logger.trace(ex);
+            throw new ServerApiException(BaseCmd.INSUFFICIENT_CAPACITY_ERROR, ex.getMessage());
+        }
+    }
+    
     @Override
     public void execute() throws ResourceUnavailableException, ResourceAllocationException, ConcurrentOperationException, InsufficientCapacityException {
         try {

api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java

@@ -47,8 +47,8 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Por
     //////////////// API parameters /////////////////////
     /////////////////////////////////////////////////////
 
-    @Parameter(name=ApiConstants.IP_ADDRESS, type=CommandType.STRING, required=true, description="the public IP address of the forwarding rule, already associated via associateIp")
+    @Parameter(name=ApiConstants.IP_ADDRESS_ID, type=CommandType.LONG, required=true, description="the public IP address id of the forwarding rule, already associated via associateIp")
-    private String ipAddress;
+    private Long ipAddressId;
     
     @Parameter(name=ApiConstants.START_PORT, type=CommandType.INTEGER, required=true, description="the start port for the rule")
     private Integer startPort;
@@ -64,8 +64,8 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Por
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
 
-    public String getIpAddress() {
+    public Long getIpAddressId() {
-        return ipAddress;
+        return ipAddressId;
     }
     
     public int getStartPort() {
@@ -89,7 +89,7 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Por
     public void execute(){ 
         boolean result;
         try {
-            result = _rulesService.applyPortForwardingRules(new Ip(ipAddress), UserContext.current().getCaller());
+            result = _rulesService.applyPortForwardingRules(ipAddressId, UserContext.current().getCaller());
         } catch (Exception e) {
             s_logger.error("Unable to apply port forwarding rules", e);
             _rulesService.revokePortForwardingRule(getEntityId(), true);
@@ -137,7 +137,7 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Por
 
     @Override
     public String getEventDescription() {
-        return  ("Creating an ipforwarding 1:1 NAT rule for "+ipAddress+" with virtual machine:"+ getVirtualMachineId());
+        return  ("Creating an ipforwarding 1:1 NAT rule for "+ipAddressId+" with virtual machine:"+ getVirtualMachineId());
     }
 
     @Override
@@ -151,8 +151,8 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Por
     }
 
     @Override
-    public Ip getSourceIpAddress() {
+    public long getSourceIpAddressId() {
-        return new Ip(ipAddress);
+        return ipAddressId;
     }
 
     @Override
@@ -225,13 +225,14 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Por
     
     @Override
     public long getVirtualMachineId() {
-        IpAddress ip = _networkService.getIp(new Ip(ipAddress));
+        IpAddress ip = _networkService.getIp(ipAddressId);
         if (ip == null) {
-            throw new InvalidParameterValueException("Ip address " + ipAddress + " doesn't exist in the system");
+            throw new InvalidParameterValueException("Ip address id=" + ipAddressId + " doesn't exist in the system");
+        } else if (ip.isOneToOneNat() && ip.getAssociatedWithVmId() != null){
+            return _networkService.getIp(ipAddressId).getAssociatedWithVmId();
         } else {
-            return _networkService.getIp(new Ip(ipAddress)).getAssociatedWithVmId();
+            throw new InvalidParameterValueException("Ip address id=" + ipAddressId + " doesn't have 1-1 Nat feature enabled");
         }  
-        
     }
 
 }

api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java

@@ -29,7 +29,6 @@ import com.cloud.api.response.LoadBalancerResponse;
 import com.cloud.exception.NetworkRuleConflictException;
 import com.cloud.network.rules.LoadBalancer;
 import com.cloud.user.UserContext;
-import com.cloud.utils.net.Ip;
 import com.cloud.utils.net.NetUtils;
 
 @Implementation(description="Creates a load balancer rule", responseObject=LoadBalancerResponse.class)
@@ -54,8 +53,8 @@ public class CreateLoadBalancerRuleCmd extends BaseCmd  implements LoadBalancer
     @Parameter(name=ApiConstants.PRIVATE_PORT, type=CommandType.INTEGER, required=true, description="the private port of the private ip address/virtual machine where the network traffic will be load balanced to")
     private Integer privatePort;
 
-    @Parameter(name=ApiConstants.PUBLIC_IP, type=CommandType.STRING, required=true, description="public ip address from where the network traffic will be load balanced from")
+    @Parameter(name=ApiConstants.PUBLIC_IP_ID, type=CommandType.LONG, required=true, description="public ip address id from where the network traffic will be load balanced from")
-    private String publicIp;
+    private Long publicIpId;
 
     @Parameter(name=ApiConstants.PUBLIC_PORT, type=CommandType.INTEGER, required=true, description="the public port from where the network traffic will be load balanced from")
     private Integer publicPort;
@@ -83,8 +82,8 @@ public class CreateLoadBalancerRuleCmd extends BaseCmd  implements LoadBalancer
         return privatePort;
     }
 
-    public String getPublicIp() {
+    public Long getPublicIpId() {
-        return publicIp;
+        return publicIpId;
     }
 
     public Integer getPublicPort() {
@@ -130,8 +129,8 @@ public class CreateLoadBalancerRuleCmd extends BaseCmd  implements LoadBalancer
     }
 
     @Override
-    public Ip getSourceIpAddress() {
+    public long getSourceIpAddressId() {
-        return new Ip(publicIp);
+        return publicIpId;
     }
 
     @Override

api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java

@@ -45,8 +45,8 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd  implements
     //////////////// API parameters /////////////////////
     /////////////////////////////////////////////////////
 
-    @Parameter(name=ApiConstants.IP_ADDRESS, type=CommandType.STRING, required=true, description="the IP address of the port forwarding rule")
+    @Parameter(name=ApiConstants.IP_ADDRESS_ID, type=CommandType.LONG, required=true, description="the IP address id of the port forwarding rule")
-    private String ipAddress;
+    private Long ipAddressId;
 
     @Parameter(name=ApiConstants.PRIVATE_PORT, type=CommandType.INTEGER, required=true, description="the private port of the port forwarding rule")
     private Integer privatePort;
@@ -65,8 +65,8 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd  implements
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
 
-    public String getIpAddress() {
+    public Long getIpAddressId() {
-        return ipAddress;
+        return ipAddressId;
     }
 
     public Integer getPrivatePort() {
@@ -103,7 +103,7 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd  implements
         boolean success = false;
         PortForwardingRule rule = _entityMgr.findById(PortForwardingRule.class, getEntityId());
         try {
-            success = _rulesService.applyPortForwardingRules(rule.getSourceIpAddress(), callerContext.getCaller());
+            success = _rulesService.applyPortForwardingRules(rule.getSourceIpAddressId(), callerContext.getCaller());
             
             //State is different after the rule is applied, so get new object here
             rule = _entityMgr.findById(PortForwardingRule.class, getEntityId());
@@ -133,8 +133,8 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd  implements
     }
 
     @Override
-    public Ip getSourceIpAddress() {
+    public long getSourceIpAddressId() {
-        return new Ip(ipAddress.trim());
+        return ipAddressId;
     }
 
     @Override
@@ -212,7 +212,7 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd  implements
 
     @Override
     public String getEventDescription() {
-        return  ("Creating an port forwarding  rule for "+ipAddress+" with virtual machine:"+virtualMachineId);
+        return  ("Creating an port forwarding  rule for "+ipAddressId+" with virtual machine:"+virtualMachineId);
     }
 
     @Override

api/src/com/cloud/api/commands/CreateRemoteAccessVpnCmd.java

@@ -20,20 +20,19 @@ package com.cloud.api.commands;
 
 import org.apache.log4j.Logger;
 
+import com.cloud.api.ApiConstants;
 import com.cloud.api.BaseAsyncCreateCmd;
 import com.cloud.api.BaseCmd;
 import com.cloud.api.Implementation;
 import com.cloud.api.Parameter;
 import com.cloud.api.ServerApiException;
 import com.cloud.api.response.RemoteAccessVpnResponse;
-import com.cloud.domain.Domain;
 import com.cloud.event.EventTypes;
 import com.cloud.exception.NetworkRuleConflictException;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.RemoteAccessVpn;
 import com.cloud.user.Account;
 import com.cloud.user.UserContext;
-import com.cloud.utils.net.Ip;
 
 @Implementation(description="Creates a l2tp/ipsec remote access vpn", responseObject=RemoteAccessVpnResponse.class)
 public class CreateRemoteAccessVpnCmd extends BaseAsyncCreateCmd {
@@ -44,8 +43,8 @@ public class CreateRemoteAccessVpnCmd extends BaseAsyncCreateCmd {
     /////////////////////////////////////////////////////
     //////////////// API parameters /////////////////////
     /////////////////////////////////////////////////////
-    @Parameter(name="publicip", type=CommandType.STRING, required=true, description="public ip address of the vpn server")
+    @Parameter(name=ApiConstants.PUBLIC_IP_ID, type=CommandType.LONG, required=true, description="public ip address id of the vpn server")
-    private String publicIp;
+    private Long publicIpId;
 
     @Parameter(name="iprange", type=CommandType.STRING, required=false, description="the range of ip addresses to allocate to vpn clients. The first ip in the range will be taken by the vpn server")
     private String ipRange;
@@ -60,8 +59,8 @@ public class CreateRemoteAccessVpnCmd extends BaseAsyncCreateCmd {
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
     
-    public String getPublicIp() {
+    public Long getPublicIpId() {
-		return publicIp;
+		return publicIpId;
 	}
 
 	public String getAccountName() {
@@ -72,10 +71,6 @@ public class CreateRemoteAccessVpnCmd extends BaseAsyncCreateCmd {
 		return domainId;
 	}
 
-	public void setPublicIp(String publicIp) {
-		this.publicIp = publicIp;
-	}
-
 	public String getIpRange() {
 		return ipRange;
 	}
@@ -116,7 +111,7 @@ public class CreateRemoteAccessVpnCmd extends BaseAsyncCreateCmd {
 
 	@Override
 	public String getEventDescription() {
-		return "Create Remote Access VPN for account " + getEntityOwnerId() + " using public " + publicIp;
+		return "Create Remote Access VPN for account " + getEntityOwnerId() + " using public ip id=" + publicIpId;
 	}
 
 	@Override
@@ -127,9 +122,9 @@ public class CreateRemoteAccessVpnCmd extends BaseAsyncCreateCmd {
     @Override
     public void create() {
         try {
-            RemoteAccessVpn vpn = _ravService.createRemoteAccessVpn(new Ip(publicIp), ipRange);
+            RemoteAccessVpn vpn = _ravService.createRemoteAccessVpn(publicIpId, ipRange);
             if (vpn != null) {
-                this.setEntityId(vpn.getServerAddress().longValue());
+                this.setEntityId(vpn.getServerAddressId());
             } else {
                 throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to create remote access vpn");
             }
@@ -143,17 +138,10 @@ public class CreateRemoteAccessVpnCmd extends BaseAsyncCreateCmd {
     @Override
     public void execute(){
         try {
-            RemoteAccessVpn result = _ravService.startRemoteAccessVpn(new Ip(getEntityId()));
+            RemoteAccessVpn result = _ravService.startRemoteAccessVpn(publicIpId);
             if (result != null) {
-                RemoteAccessVpnResponse response = new RemoteAccessVpnResponse();
+                RemoteAccessVpnResponse response = _responseGenerator.createRemoteAccessVpnResponse(result);
-                response.setPublicIp(result.getServerAddress().toString());
-                response.setIpRange(result.getIpRange());
-                response.setAccountName(_entityMgr.findById(Account.class, result.getAccountId()).getAccountName());
-                response.setDomainId(result.getDomainId());
-                response.setDomainName(_entityMgr.findById(Domain.class, result.getDomainId()).getName());
-                response.setObjectName("remoteaccessvpn");
                 response.setResponseName(getCommandName());
-                response.setPresharedKey(result.getIpsecPresharedKey());
                 this.setResponseObject(response);
             } else {
                 throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to create remote access vpn");

api/src/com/cloud/api/commands/DeleteRemoteAccessVpnCmd.java

@@ -28,7 +28,6 @@ import com.cloud.api.response.SuccessResponse;
 import com.cloud.event.EventTypes;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.RemoteAccessVpn;
-import com.cloud.utils.net.Ip;
 
 @Implementation(description="Destroys a l2tp/ipsec remote access vpn", responseObject=SuccessResponse.class)
 public class DeleteRemoteAccessVpnCmd extends BaseAsyncCmd {
@@ -39,8 +38,8 @@ public class DeleteRemoteAccessVpnCmd extends BaseAsyncCmd {
     /////////////////////////////////////////////////////
     //////////////// API parameters /////////////////////
     /////////////////////////////////////////////////////
-    @Parameter(name="publicip", type=CommandType.STRING, required=true, description="public ip address of the vpn server")
+    @Parameter(name=ApiConstants.PUBLIC_IP_ID, type=CommandType.LONG, required=true, description="public ip address id of the vpn server")
-    private String publicIp;
+    private Long publicIpId;
     
     // unexposed parameter needed for events logging
     @Parameter(name=ApiConstants.ACCOUNT_ID, type=CommandType.LONG, expose=false)
@@ -61,14 +60,14 @@ public class DeleteRemoteAccessVpnCmd extends BaseAsyncCmd {
 	@Override
 	public long getEntityOwnerId() {
 	    if (ownerId == null) {
-	        ownerId = _entityMgr.findById(RemoteAccessVpn.class, new Ip(publicIp)).getAccountId();
+	        ownerId = _entityMgr.findById(RemoteAccessVpn.class, publicIpId).getAccountId();
 	    }
 	    return ownerId;
     }
 
 	@Override
 	public String getEventDescription() {
-		return "Delete Remote Access VPN for account " + getEntityOwnerId() + " for  " + publicIp;
+		return "Delete Remote Access VPN for account " + getEntityOwnerId() + " for  ip id=" + publicIpId;
 	}
 
 	@Override
@@ -78,7 +77,7 @@ public class DeleteRemoteAccessVpnCmd extends BaseAsyncCmd {
 
     @Override
     public void execute() throws ResourceUnavailableException {
-        _ravService.destroyRemoteAccessVpn(new Ip(publicIp), getStartEventId());
+        _ravService.destroyRemoteAccessVpn(publicIpId, getStartEventId());
     }
 	
 }

api/src/com/cloud/api/commands/DisableStaticNat.java

@@ -29,7 +29,6 @@ import com.cloud.api.response.SuccessResponse;
 import com.cloud.event.EventTypes;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.IpAddress;
-import com.cloud.utils.net.Ip;
 
 @Implementation(description="Disables static rule for given ip address", responseObject=SuccessResponse.class)
 public class DisableStaticNat extends BaseAsyncCmd {
@@ -40,15 +39,15 @@ public class DisableStaticNat extends BaseAsyncCmd {
     //////////////// API parameters /////////////////////
     /////////////////////////////////////////////////////
 
-    @Parameter(name=ApiConstants.IP_ADDRESS, type=CommandType.STRING, required=true, description="the public IP address for which static nat feature is being disableed")
+    @Parameter(name=ApiConstants.IP_ADDRESS_ID, type=CommandType.LONG, required=true, description="the public IP address id for which static nat feature is being disableed")
-    private String ipAddress;
+    private Long ipAddressId;
     
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
 
-    public String getIpAddress() {
+    public Long getIpAddress() {
-        return ipAddress;
+        return ipAddressId;
     }
     
     /////////////////////////////////////////////////////
@@ -66,17 +65,17 @@ public class DisableStaticNat extends BaseAsyncCmd {
 
     @Override
     public String getEventDescription() {
-        return  ("Disabling static nat for ip=" + ipAddress);
+        return  ("Disabling static nat for ip id=" + ipAddressId);
     }
     
     @Override
     public long getEntityOwnerId() {
-        return _entityMgr.findById(IpAddress.class, ipAddress).getAccountId();
+        return _entityMgr.findById(IpAddress.class, ipAddressId).getAccountId();
     }
     
     @Override
     public void execute() throws ResourceUnavailableException {
-        boolean result = _rulesService.disableOneToOneNat(new Ip(ipAddress));
+        boolean result = _rulesService.disableOneToOneNat(ipAddressId);
         
         if (result) {
             SuccessResponse response = new SuccessResponse(getCommandName());

api/src/com/cloud/api/commands/DisassociateIPAddrCmd.java

@@ -25,7 +25,6 @@ import com.cloud.api.Implementation;
 import com.cloud.api.Parameter;
 import com.cloud.api.ServerApiException;
 import com.cloud.api.response.SuccessResponse;
-import com.cloud.utils.net.Ip;
 
 @Implementation(description="Disassociates an ip address from the account.", responseObject=SuccessResponse.class)
 public class DisassociateIPAddrCmd extends BaseCmd {
@@ -37,15 +36,15 @@ public class DisassociateIPAddrCmd extends BaseCmd {
     //////////////// API parameters /////////////////////
     /////////////////////////////////////////////////////
 
-    @Parameter(name=ApiConstants.IP_ADDRESS, type=CommandType.STRING, required=true, description="the public ip address to disassociate")
+    @Parameter(name=ApiConstants.IP_ADDRESS_ID, type=CommandType.LONG, required=true, description="the id of the public ip address to disassociate")
-    private String ipAddress;
+    private Long ipAddressId;
 
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
 
-    public Ip getIpAddress() {
+    public Long getIpAddressId() {
-        return new Ip(ipAddress);
+        return ipAddressId;
     }
 
     /////////////////////////////////////////////////////

api/src/com/cloud/api/commands/EnableStaticNat.java

@@ -27,7 +27,6 @@ import com.cloud.api.Parameter;
 import com.cloud.api.ServerApiException;
 import com.cloud.api.response.SuccessResponse;
 import com.cloud.exception.NetworkRuleConflictException;
-import com.cloud.utils.net.Ip;
 
 @Implementation(description="Enables static nat for given ip address", responseObject=SuccessResponse.class)
 public class EnableStaticNat extends BaseCmd{
@@ -39,8 +38,8 @@ public class EnableStaticNat extends BaseCmd{
     //////////////// API parameters /////////////////////
     /////////////////////////////////////////////////////
 
-    @Parameter(name=ApiConstants.IP_ADDRESS, type=CommandType.STRING, required=true, description="the public IP address for which static nat feature is being enabled")
+    @Parameter(name=ApiConstants.IP_ADDRESS_ID, type=CommandType.LONG, required=true, description="the public IP address id for which static nat feature is being enabled")
-    private String ipAddress;
+    private Long ipAddressId;
 
     @Parameter(name=ApiConstants.VIRTUAL_MACHINE_ID, type=CommandType.LONG, required=true, description="the ID of the virtual machine for enabling static nat feature")
     private Long virtualMachineId;
@@ -49,8 +48,8 @@ public class EnableStaticNat extends BaseCmd{
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
 
-    public String getIpAddress() {
+    public Long getIpAddressId() {
-        return ipAddress;
+        return ipAddressId;
     }
 
     public Long getVirtualMachineId() {
@@ -69,7 +68,7 @@ public class EnableStaticNat extends BaseCmd{
     @Override
     public void execute(){ 
         try {
-            boolean result = _rulesService.enableOneToOneNat(new Ip(ipAddress), virtualMachineId);
+            boolean result = _rulesService.enableOneToOneNat(ipAddressId, virtualMachineId);
             if (result) {
                 SuccessResponse response = new SuccessResponse(getCommandName());
                 this.setResponseObject(response);

api/src/com/cloud/api/commands/ListIpForwardingRulesCmd.java

@@ -30,7 +30,6 @@ import com.cloud.api.response.FirewallRuleResponse;
 import com.cloud.api.response.IpForwardingRuleResponse;
 import com.cloud.api.response.ListResponse;
 import com.cloud.network.rules.PortForwardingRule;
-import com.cloud.utils.net.Ip;
 
 @Implementation(description="List the ip forwarding rules", responseObject=FirewallRuleResponse.class)
 public class ListIpForwardingRulesCmd extends BaseListCmd {
@@ -42,8 +41,8 @@ public class ListIpForwardingRulesCmd extends BaseListCmd {
     //////////////// API parameters /////////////////////
     /////////////////////////////////////////////////////
     
-    @Parameter(name=ApiConstants.IP_ADDRESS, type=CommandType.STRING, description="list the rule belonging to this public ip address")
+    @Parameter(name=ApiConstants.IP_ADDRESS_ID, type=CommandType.LONG, description="list the rule belonging to this public ip address")
-    private String publicIpAddress;
+    private Long publicIpAddressId;
 
     @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the ip forwarding rule. Must be used with the domainId parameter.")
     private String accountName;
@@ -70,12 +69,8 @@ public class ListIpForwardingRulesCmd extends BaseListCmd {
         return s_name;
     }
     
-    public String getPublicIpAddress() {
+    public Long getPublicIpAddressId() {
-		return publicIpAddress;
+		return publicIpAddressId;
-	}
-
-	public void setPublicIpAddress(String publicIpAddress) {
-		this.publicIpAddress = publicIpAddress;
 	}
 
 	public String getAccountName() {
@@ -96,11 +91,7 @@ public class ListIpForwardingRulesCmd extends BaseListCmd {
 
     @Override
     public void execute(){
-        Ip ip = null;
+        List<? extends PortForwardingRule> result = _rulesService.searchForIpForwardingRules(publicIpAddressId, id, vmId, this.getStartIndex(), this.getPageSizeVal());
-        if(publicIpAddress != null){
-            ip = new Ip(publicIpAddress);
-        }
-        List<? extends PortForwardingRule> result = _rulesService.searchForIpForwardingRules(ip, id, vmId, this.getStartIndex(), this.getPageSizeVal());
         ListResponse<IpForwardingRuleResponse> response = new ListResponse<IpForwardingRuleResponse>();
         List<IpForwardingRuleResponse> ipForwardingResponses = new ArrayList<IpForwardingRuleResponse>();
         for (PortForwardingRule rule : result) {

api/src/com/cloud/api/commands/ListLoadBalancerRulesCmd.java

@@ -53,8 +53,8 @@ public class ListLoadBalancerRulesCmd extends BaseListCmd {
     @Parameter(name=ApiConstants.NAME, type=CommandType.STRING, description="the name of the load balancer rule")
     private String loadBalancerRuleName;
 
-    @Parameter(name=ApiConstants.PUBLIC_IP, type=CommandType.STRING, description="the public IP address of the load balancer rule	")
+    @Parameter(name=ApiConstants.PUBLIC_IP_ID, type=CommandType.LONG, description="the public IP address id of the load balancer rule	")
-    private String publicIp;
+    private Long publicIpId;
 
     @Parameter(name=ApiConstants.VIRTUAL_MACHINE_ID, type=CommandType.LONG, description="the ID of the virtual machine of the load balancer rule")
     private Long virtualMachineId;
@@ -79,8 +79,8 @@ public class ListLoadBalancerRulesCmd extends BaseListCmd {
         return loadBalancerRuleName;
     }
 
-    public String getPublicIp() {
+    public Long getPublicIpId() {
-        return publicIp;
+        return publicIpId;
     }
 
     public Long getVirtualMachineId() {

api/src/com/cloud/api/commands/ListPortForwardingRulesCmd.java

@@ -40,8 +40,8 @@ public class ListPortForwardingRulesCmd extends BaseListCmd {
     //////////////// API parameters /////////////////////
     /////////////////////////////////////////////////////
     
-    @Parameter(name=ApiConstants.IP_ADDRESS, type=CommandType.STRING, description="the IP address of the port forwarding services")
+    @Parameter(name=ApiConstants.IP_ADDRESS_ID, type=CommandType.LONG, description="the id of IP address of the port forwarding services")
-    private String ipAddress;
+    private Long ipAddressId;
     
     @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="account. Must be used with the domainId parameter.")
     private String accountName;
@@ -53,10 +53,6 @@ public class ListPortForwardingRulesCmd extends BaseListCmd {
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
 
-    public String getIpAddress() {
-        return ipAddress;
-    }
-    
     public String getAccountName() {
         return accountName;
     }
@@ -65,6 +61,10 @@ public class ListPortForwardingRulesCmd extends BaseListCmd {
         return domainId;
     }
     
+    public Long getIpAddressId() {
+        return ipAddressId;
+    }
+
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////

api/src/com/cloud/api/commands/ListPublicIpAddressesCmd.java

@@ -53,6 +53,9 @@ public class ListPublicIpAddressesCmd extends BaseListCmd {
     @Parameter(name=ApiConstants.FOR_VIRTUAL_NETWORK, type=CommandType.BOOLEAN, description="the virtual network for the IP address")
     private Boolean forVirtualNetwork;
     
+    @Parameter(name=ApiConstants.ID, type=CommandType.LONG, description="lists ip address by id")
+    private Long id;
+
     @Parameter(name=ApiConstants.IP_ADDRESS, type=CommandType.STRING, description="lists the specified IP address")
     private String ipAddress;
 
@@ -65,6 +68,9 @@ public class ListPublicIpAddressesCmd extends BaseListCmd {
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
+    public Long getId() {
+        return id;
+    }
 
     public String getAccountName() {
         return accountName;

api/src/com/cloud/api/commands/ListRemoteAccessVpnsCmd.java

@@ -23,13 +23,13 @@ import java.util.List;
 
 import org.apache.log4j.Logger;
 
+import com.cloud.api.ApiConstants;
 import com.cloud.api.BaseListCmd;
 import com.cloud.api.Implementation;
 import com.cloud.api.Parameter;
 import com.cloud.api.response.ListResponse;
 import com.cloud.api.response.RemoteAccessVpnResponse;
 import com.cloud.network.RemoteAccessVpn;
-import com.cloud.utils.net.Ip;
 
 @Implementation(description="Lists remote access vpns", responseObject=RemoteAccessVpnResponse.class)
 public class ListRemoteAccessVpnsCmd extends BaseListCmd {
@@ -47,8 +47,8 @@ public class ListRemoteAccessVpnsCmd extends BaseListCmd {
     @Parameter(name="domainid", type=CommandType.LONG, description="the domain ID of the remote access vpn rule. If used with the account parameter, lists remote access vpns for the account in the specified domain.")
     private Long domainId;
 
-    @Parameter(name="publicip", type=CommandType.STRING, required=true, description="public ip address of the vpn server")
+    @Parameter(name=ApiConstants.PUBLIC_IP_ID, type=CommandType.LONG, required=true, description="public ip address id of the vpn server")
-    private String publicIp;
+    private Long publicIpId;
 
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
@@ -62,8 +62,8 @@ public class ListRemoteAccessVpnsCmd extends BaseListCmd {
         return domainId;
     }
     
-    public Ip getPublicIp() {
+    public Long getPublicIpId() {
-        return new Ip(publicIp);
+        return publicIpId;
     }
 
     /////////////////////////////////////////////////////

api/src/com/cloud/api/commands/UpdatePortForwardingRuleCmd.java

@@ -29,8 +29,8 @@ public class UpdatePortForwardingRuleCmd extends BaseAsyncCmd {
     @Parameter(name=ApiConstants.PROTOCOL, type=CommandType.STRING, required=true, description="the protocol for the port fowarding rule. Valid values are TCP or UDP.")
     private String protocol;
 
-    @Parameter(name=ApiConstants.IP_ADDRESS, type=CommandType.STRING, required=true, description="the IP address of the port forwarding rule")
+    @Parameter(name=ApiConstants.IP_ADDRESS_ID, type=CommandType.LONG, required=true, description="the IP address id of the port forwarding rule")
-    private String publicIp;
+    private Long publicIpId;
 
     @Parameter(name=ApiConstants.PUBLIC_PORT, type=CommandType.STRING, required=true, description="the public port of the port forwarding rule")
     private String publicPort;
@@ -54,8 +54,8 @@ public class UpdatePortForwardingRuleCmd extends BaseAsyncCmd {
         return protocol;
     }
 
-    public String getPublicIp() {
+    public Long getPublicIpId() {
-        return publicIp;
+        return publicIpId;
     }
 
     public String getPublicPort() {
@@ -77,7 +77,7 @@ public class UpdatePortForwardingRuleCmd extends BaseAsyncCmd {
 
     @Override
     public long getEntityOwnerId() {
-        IpAddress addr = _entityMgr.findById(IpAddress.class, getPublicIp());
+        IpAddress addr = _entityMgr.findById(IpAddress.class, getPublicIpId());
         if (addr != null) {
             return addr.getAllocatedToAccountId();
         }

api/src/com/cloud/api/response/FirewallRuleResponse.java

@@ -43,7 +43,10 @@ public class FirewallRuleResponse extends BaseResponse {
     @SerializedName("virtualmachinedisplayname") @Param(description="the VM display name for the port forwarding rule")
     private String virtualMachineDisplayName;
     
-    @SerializedName("ipaddress") @Param(description="the public ip address for the port forwarding rule")
+    @SerializedName(ApiConstants.IP_ADDRESS_ID) @Param(description="the public ip address id for the port forwarding rule")
+    private Long publicIpAddressId;
+
+    @SerializedName(ApiConstants.IP_ADDRESS) @Param(description="the public ip address for the port forwarding rule")
     private String publicIpAddress;
     
     @SerializedName("state") @Param(description="the state of the rule")
@@ -120,4 +123,12 @@ public class FirewallRuleResponse extends BaseResponse {
     public void setState(String state) {
         this.state = state;
     }
+
+    public Long getPublicIpAddressId() {
+        return publicIpAddressId;
+    }
+
+    public void setPublicIpAddressId(Long publicIpAddressId) {
+        this.publicIpAddressId = publicIpAddressId;
+    }
 }

api/src/com/cloud/api/response/IPAddressResponse.java

@@ -23,6 +23,9 @@ import com.cloud.serializer.Param;
 import com.google.gson.annotations.SerializedName;
 
 public class IPAddressResponse extends BaseResponse {
+    @SerializedName("id") @Param(description="public IP address id")
+    private Long id;
+    
     @SerializedName("ipaddress") @Param(description="public IP address")
     private String ipAddress;
 
@@ -209,4 +212,12 @@ public class IPAddressResponse extends BaseResponse {
     public void setVirtualMachineDisplayName(String virtualMachineDisplayName) {
         this.virtualMachineDisplayName = virtualMachineDisplayName;
     }
+
+    public Long getId() {
+        return id;
+    }
+
+    public void setId(Long id) {
+        this.id = id;
+    }
 }

api/src/com/cloud/api/response/IpForwardingRuleResponse.java

@@ -37,7 +37,10 @@ public class IpForwardingRuleResponse extends BaseResponse {
     @SerializedName("virtualmachinedisplayname") @Param(description="the VM display name for the port forwarding rule")
     private String virtualMachineDisplayName;
     
-    @SerializedName("ipaddress") @Param(description="the public ip address for the port forwarding rule")
+    @SerializedName(ApiConstants.IP_ADDRESS_ID) @Param(description="the public ip address id for the port forwarding rule")
+    private Long publicIpAddressId;
+
+    @SerializedName(ApiConstants.IP_ADDRESS) @Param(description="the public ip address for the port forwarding rule")
     private String publicIpAddress;
     
     @SerializedName(ApiConstants.START_PORT) @Param(description="the start port of the rule")
@@ -120,4 +123,12 @@ public class IpForwardingRuleResponse extends BaseResponse {
     public void setEndPort(Integer endPort) {
         this.endPort = endPort;
     }
+
+    public Long getPublicIpAddressId() {
+        return publicIpAddressId;
+    }
+
+    public void setPublicIpAddressId(Long publicIpAddressId) {
+        this.publicIpAddressId = publicIpAddressId;
+    }
 }

api/src/com/cloud/api/response/LoadBalancerResponse.java

@@ -17,6 +17,7 @@
  */
 package com.cloud.api.response;
 
+import com.cloud.api.ApiConstants;
 import com.cloud.serializer.Param;
 import com.google.gson.annotations.SerializedName;
 
@@ -30,7 +31,10 @@ public class LoadBalancerResponse extends BaseResponse {
     @SerializedName("description") @Param(description="the description of the load balancer")
     private String description;
     
-    @SerializedName("publicip") @Param(description="the public ip address")
+    @SerializedName(ApiConstants.PUBLIC_IP_ID) @Param(description="the public ip address id")
+    private Long publicIpId;
+
+    @SerializedName(ApiConstants.PUBLIC_IP) @Param(description="the public ip address")
     private String publicIp;
 
     @SerializedName("publicport") @Param(description="the public port")
@@ -141,4 +145,13 @@ public class LoadBalancerResponse extends BaseResponse {
     public void setState(String state) {
         this.state = state;
     }
+
+    public Long getPublicIpId() {
+        return publicIpId;
+    }
+
+    public void setPublicIpId(Long publicIpId) {
+        this.publicIpId = publicIpId;
+    }
+    
 }

api/src/com/cloud/api/response/RemoteAccessVpnResponse.java

@@ -17,11 +17,16 @@
  */
 package com.cloud.api.response;
 
+import com.cloud.api.ApiConstants;
 import com.cloud.serializer.Param;
 import com.google.gson.annotations.SerializedName;
 
 public class RemoteAccessVpnResponse extends BaseResponse {
-    @SerializedName("publicip") @Param(description="the public ip address of the vpn server")
+    
+    @SerializedName(ApiConstants.PUBLIC_IP_ID) @Param(description="the public ip address of the vpn server")
+    private Long publicIpId;
+    
+    @SerializedName(ApiConstants.PUBLIC_IP) @Param(description="the public ip address of the vpn server")
     private String publicIp;
     
     @SerializedName("iprange") @Param(description="the range of ips to allocate to the clients")
@@ -99,4 +104,13 @@ public class RemoteAccessVpnResponse extends BaseResponse {
     public void setState(String state) {
         this.state = state;
     }
+
+    public Long getPublicIpId() {
+        return publicIpId;
+    }
+
+    public void setPublicIpId(Long publicIpId) {
+        this.publicIpId = publicIpId;
+    }
+    
 }

api/src/com/cloud/network/IpAddress.java

@@ -68,4 +68,9 @@ public interface IpAddress extends ControlledEntity {
     Long getAssociatedWithNetworkId();
     
     Long getAssociatedWithVmId();
+    
+    /**
+     * @return database id.
+     */
+    long getId();
 }

api/src/com/cloud/network/NetworkService.java

@@ -32,7 +32,6 @@ import com.cloud.exception.PermissionDeniedException;
 import com.cloud.exception.ResourceAllocationException;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.offering.NetworkOffering;
-import com.cloud.utils.net.Ip;
 
 
 public interface NetworkService {
@@ -40,6 +39,8 @@ public interface NetworkService {
     List<? extends Network> getVirtualNetworksOwnedByAccountInZone(String accountName, long domainId, long zoneId);
     
     List<? extends NetworkOffering> listNetworkOfferings();
+    
+    IpAddress allocateIP(AssociateIPAddrCmd cmd) throws ResourceAllocationException, InsufficientAddressCapacityException, ConcurrentOperationException;
     /**
      * Associates a public IP address for a router.
      * @param cmd - the command specifying ipAddress
@@ -59,7 +60,7 @@ public interface NetworkService {
     
     Network getNetwork(long networkId);
     
-    IpAddress getIp(Ip ip);
+    IpAddress getIp(long id);
     
     NetworkProfile getNetworkProfile(long networkId);
     

api/src/com/cloud/network/RemoteAccessVpn.java

@@ -18,7 +18,6 @@
 package com.cloud.network;
 
 import com.cloud.acl.ControlledEntity;
-import com.cloud.utils.net.Ip;
 
 public interface RemoteAccessVpn extends ControlledEntity {
     enum State {
@@ -27,7 +26,7 @@ public interface RemoteAccessVpn extends ControlledEntity {
         Removed
     }
     
-    Ip getServerAddress();
+    long getServerAddressId();
     String getIpRange();
     String getIpsecPresharedKey();
     String getLocalIp();

api/src/com/cloud/network/lb/LoadBalancingRule.java

@@ -4,7 +4,6 @@ import java.util.List;
 
 import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.rules.LoadBalancer;
-import com.cloud.utils.net.Ip;
 
 public class LoadBalancingRule implements FirewallRule, LoadBalancer{
     private LoadBalancer lb;
@@ -60,8 +59,8 @@ public class LoadBalancingRule implements FirewallRule, LoadBalancer{
     }
     
     @Override
-    public Ip getSourceIpAddress() {
+    public long getSourceIpAddressId() {
-        return lb.getSourceIpAddress();
+        return lb.getSourceIpAddressId();
     }
     
     @Override

api/src/com/cloud/network/rules/FirewallRule.java

@@ -18,7 +18,6 @@
 package com.cloud.network.rules;
 
 import com.cloud.acl.ControlledEntity;
-import com.cloud.utils.net.Ip;
 
 public interface FirewallRule extends ControlledEntity {
     enum Purpose {
@@ -45,11 +44,6 @@ public interface FirewallRule extends ControlledEntity {
      */
     String getXid();
     
-    /**
-     * @return public ip address.
-     */
-    Ip getSourceIpAddress();
-    
     /**
      * @return first port of the source port range.
      */
@@ -72,4 +66,6 @@ public interface FirewallRule extends ControlledEntity {
     long getNetworkId();
     
     boolean isOneToOneNat();
+    
+    long getSourceIpAddressId();
 }

api/src/com/cloud/network/rules/LoadBalancer.java

@@ -23,7 +23,6 @@ package com.cloud.network.rules;
  */
 public interface LoadBalancer extends FirewallRule {
 
-
     String getName();
 
     String getDescription();

api/src/com/cloud/network/rules/RulesService.java

@@ -19,14 +19,14 @@ package com.cloud.network.rules;
 
 import java.util.List;
 
+import com.cloud.agent.api.to.PortForwardingRuleTO;
 import com.cloud.api.commands.ListPortForwardingRulesCmd;
 import com.cloud.exception.NetworkRuleConflictException;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.user.Account;
-import com.cloud.utils.net.Ip;
 
 public interface RulesService {
-    List<? extends PortForwardingRule> searchForIpForwardingRules(Ip ip,  Long id, Long vmId, Long start, Long size);
+    List<? extends PortForwardingRule> searchForIpForwardingRules(Long ipId,  Long id, Long vmId, Long start, Long size);
 
     /**
      * Creates a port forwarding rule between two ip addresses or between
@@ -53,10 +53,12 @@ public interface RulesService {
      */
     public List<? extends PortForwardingRule> listPortForwardingRules(ListPortForwardingRulesCmd cmd);
 
-    boolean applyPortForwardingRules(Ip ip, Account caller) throws ResourceUnavailableException;
+    boolean applyPortForwardingRules(long ipAdddressId, Account caller) throws ResourceUnavailableException;
     
-    boolean enableOneToOneNat(Ip ipAddress, long vmId) throws NetworkRuleConflictException;
+    boolean enableOneToOneNat(long ipAddressId, long vmId) throws NetworkRuleConflictException;
     
-    boolean disableOneToOneNat(Ip ipAddress);
+    boolean disableOneToOneNat(long ipAddressId);
+    
+    List<PortForwardingRuleTO> buildPortForwardingTOrules(List<? extends PortForwardingRule> pfRules);
     
 }

api/src/com/cloud/network/vpn/RemoteAccessVpnService.java

@@ -26,13 +26,12 @@ import com.cloud.exception.NetworkRuleConflictException;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.RemoteAccessVpn;
 import com.cloud.network.VpnUser;
-import com.cloud.utils.net.Ip;
 
 public interface RemoteAccessVpnService {
 
-    RemoteAccessVpn createRemoteAccessVpn(Ip vpnServerAddress, String ipRange) throws NetworkRuleConflictException;
+    RemoteAccessVpn createRemoteAccessVpn(long vpnServerAddressId, String ipRange) throws NetworkRuleConflictException;
-    void destroyRemoteAccessVpn(Ip vpnServerAddress, long startEventId) throws ResourceUnavailableException;
+    void destroyRemoteAccessVpn(long vpnServerAddressId, long startEventId) throws ResourceUnavailableException;
-    RemoteAccessVpn startRemoteAccessVpn(Ip vpnServerAddress) throws ResourceUnavailableException;
+    RemoteAccessVpn startRemoteAccessVpn(long vpnServerAddressId) throws ResourceUnavailableException;
 
     VpnUser addVpnUser(long vpnOwnerId, String userName, String password);
     boolean removeVpnUser(long vpnOwnerId, String userName);

server/src/com/cloud/api/ApiDBUtils.java

@@ -348,8 +348,8 @@ public class ApiDBUtils {
         return _hostDao.findById(hostId);
     }
 
-    public static IPAddressVO findIpAddressById(String address) {
+    public static IPAddressVO findIpAddressById(long addressId) {
-        return _ipAddressDao.findById(new Ip(address));
+        return _ipAddressDao.findById(addressId);
     }
 
     public static GuestOSCategoryVO getHostGuestOSCategory(long hostId) {

server/src/com/cloud/api/ApiResponseHelper.java

@@ -612,6 +612,7 @@ public class ApiResponseHelper implements ResponseGenerator {
         long zoneId = ipAddress.getDataCenterId();
 
         IPAddressResponse ipResponse = new IPAddressResponse();
+        ipResponse.setId(ipAddress.getId());
         ipResponse.setIpAddress(ipAddress.getAddress().toString());
         if (ipAddress.getAllocatedTime() != null) {
             ipResponse.setAllocated(ipAddress.getAllocatedTime());
@@ -675,7 +676,8 @@ public class ApiResponseHelper implements ResponseGenerator {
         lbResponse.setId(loadBalancer.getId());
         lbResponse.setName(loadBalancer.getName());
         lbResponse.setDescription(loadBalancer.getDescription());
-        lbResponse.setPublicIp(loadBalancer.getSourceIpAddress().toString());
+        lbResponse.setPublicIpId(loadBalancer.getSourceIpAddressId());
+        lbResponse.setPublicIp(ApiDBUtils.findIpAddressById(loadBalancer.getSourceIpAddressId()).getAddress().addr());
         lbResponse.setPublicPort(Integer.toString(loadBalancer.getSourcePortStart()));
         lbResponse.setPrivatePort(Integer.toString(loadBalancer.getDefaultPortStart()));
         lbResponse.setAlgorithm(loadBalancer.getAlgorithm());
@@ -924,8 +926,12 @@ public class ApiResponseHelper implements ResponseGenerator {
         response.setPrivatePort(Integer.toString(fwRule.getDestinationPortStart()));
         response.setProtocol(fwRule.getProtocol());
         response.setPublicPort(Integer.toString(fwRule.getSourcePortStart()));
-        response.setPublicIpAddress(fwRule.getSourceIpAddress().toString());
+        
-        if (fwRule.getSourceIpAddress() != null && fwRule.getDestinationIpAddress() != null) {
+        IpAddress ip = ApiDBUtils.findIpAddressById(fwRule.getSourceIpAddressId());
+        response.setPublicIpAddressId(ip.getId());
+        response.setPublicIpAddress(ip.getAddress().addr());
+        
+        if (ip != null && fwRule.getDestinationIpAddress() != null) {
             UserVm vm = ApiDBUtils.findUserVmById(fwRule.getVirtualMachineId());
             if(vm != null){
             	response.setVirtualMachineId(vm.getId());
@@ -948,8 +954,12 @@ public class ApiResponseHelper implements ResponseGenerator {
         IpForwardingRuleResponse response = new IpForwardingRuleResponse();
         response.setId(fwRule.getId());
         response.setProtocol(fwRule.getProtocol());
-        response.setPublicIpAddress(fwRule.getSourceIpAddress().addr());
+        
-        if (fwRule.getSourceIpAddress() != null && fwRule.getDestinationIpAddress() != null) {
+        IpAddress ip = ApiDBUtils.findIpAddressById(fwRule.getSourceIpAddressId());
+        response.setPublicIpAddressId(ip.getId());
+        response.setPublicIpAddress(ip.getAddress().addr());
+        
+        if (ip != null && fwRule.getDestinationIpAddress() != null) {
             UserVm vm = ApiDBUtils.findUserVmById(fwRule.getVirtualMachineId());
             if(vm != null){//vm might be destroyed
             	response.setVirtualMachineId(vm.getId());
@@ -1299,7 +1309,8 @@ public class ApiResponseHelper implements ResponseGenerator {
     @Override
     public RemoteAccessVpnResponse createRemoteAccessVpnResponse(RemoteAccessVpn vpn) {
         RemoteAccessVpnResponse vpnResponse = new RemoteAccessVpnResponse();
-        vpnResponse.setPublicIp(vpn.getServerAddress().toString());
+        vpnResponse.setPublicIpId(vpn.getServerAddressId());
+        vpnResponse.setPublicIp(ApiDBUtils.findIpAddressById(vpn.getServerAddressId()).getAddress().addr());
         vpnResponse.setIpRange(vpn.getIpRange());
         vpnResponse.setPresharedKey(vpn.getIpsecPresharedKey());
         vpnResponse.setDomainId(vpn.getDomainId());
@@ -1310,10 +1321,8 @@ public class ApiResponseHelper implements ResponseGenerator {
             vpnResponse.setDomainName(ApiDBUtils.findDomainById(accountTemp.getDomainId()).getName());
         }      
         vpnResponse.setState(vpn.getState().toString());
-
         vpnResponse.setObjectName("remoteaccessvpn");
       
-
         return vpnResponse;
     }
 

server/src/com/cloud/configuration/ConfigurationManagerImpl.java

@@ -1777,7 +1777,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
 		checkPublicIpRangeErrors(zoneId, vlanId, vlanGateway, vlanNetmask, startIP, endIP);
 
 		// Throw an exception if any of the following is true:
-		// 1. Another VLAN in the same zone has a different tag but the same subnet as the new VLAN
+		// 1. Another VLAN in the same zone has a different tag but the same subnet as the new VLAN. Make an exception for the case when both vlans are Direct.
 		// 2. Another VLAN in the same zone that has the same tag and subnet as the new VLAN has IPs that overlap with the IPs being added
 		// 3. Another VLAN in the same zone that has the same tag and subnet as the new VLAN has a different gateway than the new VLAN
 		List<VlanVO> vlans = _vlanDao.listByZone(zone.getId());
@@ -1791,7 +1791,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
 				otherVlanEndIP = otherVlanIpRange[1];
 			}
 			
-			if (!vlanId.equals(vlan.getVlanTag()) && newVlanSubnet.equals(otherVlanSubnet)) {
+			if (!vlanId.equals(vlan.getVlanTag()) && newVlanSubnet.equals(otherVlanSubnet) && !allowIpRangeOverlap(vlan, forVirtualNetwork, networkId)) {
 				throw new InvalidParameterValueException("The IP range with tag: " + vlan.getVlanTag() + " in zone " + zone.getName() + " has the same subnet. Please specify a different gateway/netmask.");
 			}
 			
@@ -1832,7 +1832,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
 		VlanVO vlan = new VlanVO(vlanType, vlanId, vlanGateway, vlanNetmask, zone.getId(), ipRange, networkId);
 		vlan = _vlanDao.persist(vlan);
 		
-		if (!savePublicIPRange(startIP, endIP, zoneId, vlan.getId())) {
+		if (!savePublicIPRange(startIP, endIP, zoneId, vlan.getId(), networkId)) {
 			deletePublicIPRange(vlan.getId());
 			_vlanDao.expunge(vlan.getId());
 			throw new CloudRuntimeException("Failed to save IP range. Please contact Cloud Support."); //It can be Direct IP or Public IP.
@@ -2004,13 +2004,13 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
 	}
     
 	@DB
-    protected boolean savePublicIPRange(String startIP, String endIP, long zoneId, long vlanDbId) {
+    protected boolean savePublicIPRange(String startIP, String endIP, long zoneId, long vlanDbId, long sourceNetworkid) {
         long startIPLong = NetUtils.ip2Long(startIP);
         long endIPLong = NetUtils.ip2Long(endIP);
 	    Transaction txn = Transaction.currentTxn();
 	    txn.start();
 	    IPRangeConfig config = new IPRangeConfig();
-	    config.savePublicIPRange(txn, startIPLong, endIPLong, zoneId, vlanDbId);
+	    config.savePublicIPRange(txn, startIPLong, endIPLong, zoneId, vlanDbId, sourceNetworkid);
 	    txn.commit();
 	    return true;
 	}
@@ -2675,4 +2675,14 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
     public ClusterVO getCluster(long id) {
         return _clusterDao.findById(id);
     }
+    
+    private boolean allowIpRangeOverlap(VlanVO vlan, boolean forVirtualNetwork, long networkId) {
+        Network vlanNetwork = _networkMgr.getNetwork(vlan.getNetworkId());
+        Network network = _networkMgr.getNetwork(networkId);
+        if (vlan.getVlanType() == VlanType.DirectAttached && !forVirtualNetwork && network.getAccountId() != vlanNetwork.getAccountId()) {
+            return true;
+        } else {
+            return false;
+        }
+    }
 }

server/src/com/cloud/network/IPAddressVO.java

@@ -24,6 +24,8 @@ import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.EnumType;
 import javax.persistence.Enumerated;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.Table;
 import javax.persistence.Temporal;
@@ -38,6 +40,11 @@ import com.cloud.utils.net.Ip;
 @Entity
 @Table(name=("user_ip_address"))
 public class IPAddressVO implements IpAddress {
+    @Id
+    @GeneratedValue(strategy=GenerationType.IDENTITY)
+    @Column(name="id")
+    long id;
+    
 	@Column(name="account_id")
 	private Long allocatedToAccountId = null;
 
@@ -74,6 +81,9 @@ public class IPAddressVO implements IpAddress {
 	@Column(name="mac_address")
 	private long macAddress;
 	
+	@Column(name="source_network_id")
+    private Long sourceNetworkId;
+	
 	@Column(name="network_id")
 	private Long associatedWithNetworkId;
 
@@ -207,4 +217,17 @@ public class IPAddressVO implements IpAddress {
 	    return new StringBuilder("Ip[").append(address).append("-").append(dataCenterId).append("]").toString();
 	}
 	
+	@Override
+    public long getId() {
+        return id;
+    }
+
+    public Long getSourceNetworkId() {
+        return sourceNetworkId;
+    }
+
+    public void setSourceNetworkId(Long sourceNetworkId) {
+        this.sourceNetworkId = sourceNetworkId;
+    }
+
 }

server/src/com/cloud/network/LoadBalancerVO.java

@@ -26,7 +26,6 @@ import javax.persistence.Table;
 
 import com.cloud.network.rules.FirewallRuleVO;
 import com.cloud.network.rules.LoadBalancer;
-import com.cloud.utils.net.Ip;
 import com.cloud.utils.net.NetUtils;
 
 @Entity
@@ -53,8 +52,8 @@ public class LoadBalancerVO extends FirewallRuleVO implements LoadBalancer {
     public LoadBalancerVO() { 
     }
 
-    public LoadBalancerVO(String xId, String name, String description, Ip srcIp, int srcPort, int dstPort, String algorithm, long networkId, long accountId, long domainId) {
+    public LoadBalancerVO(String xId, String name, String description, long srcIpId, int srcPort, int dstPort, String algorithm, long networkId, long accountId, long domainId) {
-        super(xId, srcIp, srcPort, NetUtils.TCP_PROTO, networkId, accountId, domainId, Purpose.LoadBalancing, false);
+        super(xId, srcIpId, srcPort, NetUtils.TCP_PROTO, networkId, accountId, domainId, Purpose.LoadBalancing, false);
         this.name = name;
         this.description = description;
         this.algorithm = algorithm;

server/src/com/cloud/network/NetworkManager.java

@@ -42,7 +42,6 @@ import com.cloud.offerings.NetworkOfferingVO;
 import com.cloud.user.Account;
 import com.cloud.user.AccountVO;
 import com.cloud.utils.Pair;
-import com.cloud.utils.net.Ip;
 import com.cloud.vm.Nic;
 import com.cloud.vm.NicProfile;
 import com.cloud.vm.ReservationContext;
@@ -87,7 +86,7 @@ public interface NetworkManager extends NetworkService {
      * @param ipAddress
      * @return true if it did; false if it didn't
      */
-    public boolean releasePublicIpAddress(Ip ipAddress, long ownerId, long userId);
+    public boolean releasePublicIpAddress(long id, long ownerId, long userId);
     
     /**
      * Lists IP addresses that belong to VirtualNetwork VLANs
@@ -131,7 +130,7 @@ public interface NetworkManager extends NetworkService {
 	
 	List<? extends RemoteAccessVpnElement> getRemoteAccessVpnElements();
 	
-	PublicIpAddress getPublicIpAddress(Ip ipAddress);
+	PublicIpAddress getPublicIpAddress(long ipAddressId);
 	
 	List<? extends Vlan> listPodVlans(long podId);
 

server/src/com/cloud/network/NetworkManagerImpl.java

@@ -262,7 +262,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
             addr.setAssociatedWithNetworkId(networkId);
         }
 
-        if (!_ipAddressDao.update(addr.getAddress(), addr)) {
+        if (!_ipAddressDao.update(addr.getId(), addr)) {
             throw new CloudRuntimeException("Found address to allocate but unable to update: " + addr);
         }
         if(owner.getAccountId() != Account.ACCOUNT_ID_SYSTEM){
@@ -321,7 +321,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
                 ip = fetchNewPublicIp(dcId, null, vlanId, owner, VlanType.VirtualNetwork, network.getId(), true, false);
                 sourceNat = ip.ip();
                 sourceNat.setState(IpAddress.State.Allocated);
-                _ipAddressDao.update(sourceNat.getAddress(), sourceNat);
+                _ipAddressDao.update(sourceNat.getId(), sourceNat);
 
                 // Increment the number of public IPs for this accountId in the database
                 _accountMgr.incrementResourceCount(ownerId, ResourceType.public_ip);
@@ -426,9 +426,9 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
                 if (addr.getState() == IpAddress.State.Allocating) {
                     addr.setState(IpAddress.State.Allocated);
                     addr.setAssociatedWithNetworkId(network.getId());
-                    _ipAddressDao.update(addr.getAddress(), addr);
+                    _ipAddressDao.update(addr.getId(), addr);
                 } else if (addr.getState() == IpAddress.State.Releasing) {
-                    _ipAddressDao.unassignIpAddress(addr.getAddress());
+                    _ipAddressDao.unassignIpAddress(addr.getId());
                 }
             }
         }
@@ -446,9 +446,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         return _networksDao.listBy(owner.getId(), zoneId, GuestIpType.Virtual);
     }
     
-    @Override
+    @Override @DB
-    @DB
+    public IpAddress allocateIP(AssociateIPAddrCmd cmd) throws ResourceAllocationException, InsufficientAddressCapacityException, ConcurrentOperationException{
-    public IpAddress associateIP(AssociateIPAddrCmd cmd) throws ResourceAllocationException, ResourceUnavailableException, InsufficientAddressCapacityException, ConcurrentOperationException {
         String accountName = cmd.getAccountName();
         long domainId = cmd.getDomainId();
         Long zoneId = cmd.getZoneId();
@@ -473,7 +472,6 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         }
 
         PublicIp ip = null;
-        boolean success = false;
         
         Transaction txn = Transaction.currentTxn();
         Account accountToLock = null;
@@ -513,36 +511,59 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
             s_logger.debug("Got " + ipAddress + " to assign for account " + owner.getId() + " in zone " + network.getDataCenterId());
 
             txn.commit();
-
-            success = applyIpAssociations(network, false);
-            if (success) {
-                s_logger.debug("Successfully associated ip address " + ip + " for account " + owner.getId() + " in zone " + network.getDataCenterId());
-            } else {
-                s_logger.warn("Failed to associate ip address " + ip + " for account " + owner.getId() + " in zone " + network.getDataCenterId());
-            }
-
-            return ip;
-        } catch (ResourceUnavailableException e) {
-            s_logger.error("Unable to associate ip address due to resource unavailable exception", e);
-            return null;
         } finally {
             if (accountToLock != null) {
                 _accountDao.releaseFromLockTable(ownerId);
                 s_logger.debug("Associate IP address lock released");
             }
+        }
         
+        return ip;
+    }
+
+    @Override @DB
+    public IpAddress associateIP(AssociateIPAddrCmd cmd) throws ResourceAllocationException, ResourceUnavailableException, InsufficientAddressCapacityException, ConcurrentOperationException {
+        Account caller = UserContext.current().getCaller();
+        Account owner = null;
+        
+        IpAddress ipToAssoc = getIp(cmd.getEntityId());
+        if (ipToAssoc != null) {
+            _accountMgr.checkAccess(caller, ipToAssoc);
+            owner = _accountMgr.getAccount(ipToAssoc.getAccountId());
+        } else {
+            s_logger.debug("Unable to find ip address by id: " + cmd.getEntityId());
+            return null;
+        }
+        
+        Network network = _networksDao.findById(ipToAssoc.getAssociatedWithNetworkId());
+
+        IpAddress ip = _ipAddressDao.findById(cmd.getEntityId());
+        boolean success = false;
+        try {
+            success = applyIpAssociations(network, false);
+            if (success) {
+                s_logger.debug("Successfully associated ip address " + ip.getAddress().addr() + " for account " + owner.getId() + " in zone " + network.getDataCenterId());
+            } else {
+                s_logger.warn("Failed to associate ip address " + ip.getAddress().addr() + " for account " + owner.getId() + " in zone " + network.getDataCenterId());
+            }
+            return ip;
+        } catch (ResourceUnavailableException e) {
+            s_logger.error("Unable to associate ip address due to resource unavailable exception", e);
+            return null;
+        } finally {
+            Transaction txn = Transaction.currentTxn();
             if (!success) {
                 if (ip != null) {
                     try {
                         s_logger.warn("Failed to associate ip address " + ip);
-                        _ipAddressDao.markAsUnavailable(ip.getAddress(), ip.getAccountId());
+                        _ipAddressDao.markAsUnavailable(ip.getId());
                         applyIpAssociations(network, true);
                     } catch (Exception e) {
                         s_logger.warn("Unable to disassociate ip address for recovery", e);
                     }
                     txn.start();
-                    _ipAddressDao.unassignIpAddress(ip.getAddress());
+                    _ipAddressDao.unassignIpAddress(ip.getId());
-                    _accountMgr.decrementResourceCount(ownerId, ResourceType.public_ip);
+                    _accountMgr.decrementResourceCount(owner.getId(), ResourceType.public_ip);
 
                     txn.commit();
                 }
@@ -551,20 +572,20 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
     }
 
     @Override
-    public boolean releasePublicIpAddress(Ip addr, long ownerId, long userId) {
+    public boolean releasePublicIpAddress(long addrId, long ownerId, long userId) {
-        IPAddressVO ip = _ipAddressDao.markAsUnavailable(addr, ownerId);
+        IPAddressVO ip = _ipAddressDao.markAsUnavailable(addrId);
-        assert (ip != null) : "Unable to mark the ip address " + addr + " owned by " + ownerId + " as unavailable.";
+        assert (ip != null) : "Unable to mark the ip address id=" + addrId + " owned by " + ownerId + " as unavailable.";
         if (ip == null) {
             return true;
         }
 
         if (s_logger.isDebugEnabled()) {
-            s_logger.debug("Releasing ip " + addr + "; sourceNat = " + ip.isSourceNat());
+            s_logger.debug("Releasing ip id=" + addrId + "; sourceNat = " + ip.isSourceNat());
         }
 
         boolean success = true;
         try {
-            if (!_rulesMgr.revokeAllRules(addr, userId)) {
+            if (!_rulesMgr.revokeAllRules(addrId, userId)) {
                 s_logger.warn("Unable to revoke all the port forwarding rules for ip " + ip);
                 success = false;
             }
@@ -573,7 +594,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
             success = false;
         }
 
-        if (!_lbMgr.removeAllLoadBalanacers(addr)) {
+        if (!_lbMgr.removeAllLoadBalanacers(addrId)) {
             s_logger.warn("Unable to revoke all the load balancer rules for ip " + ip);
             success = false;
         }
@@ -591,10 +612,10 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         }
 
         if (success) {
-            _ipAddressDao.unassignIpAddress(addr);
+            _ipAddressDao.unassignIpAddress(addrId);
-            s_logger.debug("released a public ip: " + addr);    
+            s_logger.debug("released a public ip id=" + addrId);    
             if(ownerId != Account.ACCOUNT_ID_SYSTEM){       
-                UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_NET_IP_RELEASE, ownerId, ip.getDataCenterId(), 0, addr.toString());
+                UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_NET_IP_RELEASE, ownerId, ip.getDataCenterId(), addrId, null);
                 _usageEventDao.persist(usageEvent);
             }
 
@@ -1099,8 +1120,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         return _nicDao.listBy(vm.getId());
     }
 
-    private Account findAccountByIpAddress(Ip ipAddress) {
+    private Account findAccountByIpAddress(Long ipAddressId) {
-        IPAddressVO address = _ipAddressDao.findById(ipAddress);
+        IPAddressVO address = _ipAddressDao.findById(ipAddressId);
         if ((address != null) && (address.getAllocatedToAccountId() != null)) {
             return _accountMgr.getActiveAccount(address.getAllocatedToAccountId());
         }
@@ -1134,18 +1155,18 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
 
         Long userId = UserContext.current().getCallerUserId();
         Account caller = UserContext.current().getCaller();
-        Ip ipAddress = cmd.getIpAddress();
+        Long ipAddressId = cmd.getIpAddressId();
 
         // Verify input parameters
-        Account accountByIp = findAccountByIpAddress(ipAddress);
+        Account accountByIp = findAccountByIpAddress(ipAddressId);
         if (accountByIp == null) {
-            throw new InvalidParameterValueException("Unable to find account owner for ip " + ipAddress);
+            throw new InvalidParameterValueException("Unable to find account owner for ip " + ipAddressId);
         }
 
         Long accountId = accountByIp.getId();
         if (!_accountMgr.isAdmin(caller.getType())) {
             if (caller.getId() != accountId.longValue()) {
-                throw new PermissionDeniedException("account " + caller.getAccountName() + " doesn't own ip address " + ipAddress);
+                throw new PermissionDeniedException("account " + caller.getAccountName() + " doesn't own ip address id=" + ipAddressId);
             }
         } else {
             Domain domain = _domainDao.findById(accountByIp.getDomainId());
@@ -1153,7 +1174,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         }
 
         try {
-            IPAddressVO ipVO = _ipAddressDao.findById(ipAddress);
+            IPAddressVO ipVO = _ipAddressDao.findById(ipAddressId);
             if (ipVO == null) {
                 return false;
             }
@@ -1171,7 +1192,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
                 // FIXME: is the user visible in the admin account's domain????
                 if (!BaseCmd.isAdmin(account.getType())) {
                     if (s_logger.isDebugEnabled()) {
-                        s_logger.debug("permission denied disassociating IP address " + ipAddress + "; acct: " + accountId + "; ip (acct / dc / dom / alloc): " + ipVO.getAllocatedToAccountId() + " / " + ipVO.getDataCenterId() + " / "
+                        s_logger.debug("permission denied disassociating IP address id=" + ipAddressId + "; acct: " + accountId + "; ip (acct / dc / dom / alloc): " + ipVO.getAllocatedToAccountId() + " / " + ipVO.getDataCenterId() + " / "
                                 + ipVO.getAllocatedInDomainId() + " / " + ipVO.getAllocatedTime());
                     }
                     throw new PermissionDeniedException("User/account does not own supplied address");
@@ -1193,10 +1214,10 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
 
             // Check for account wide pool. It will have an entry for account_vlan_map.
             if (_accountVlanMapDao.findAccountVlanMap(accountId, ipVO.getVlanId()) != null) {
-                throw new PermissionDeniedException(ipAddress + " belongs to Account wide IP pool and cannot be disassociated");
+                throw new PermissionDeniedException("Ip address id=" + ipAddressId + " belongs to Account wide IP pool and cannot be disassociated");
             }
 
-            return releasePublicIpAddress(ipAddress, accountId, userId);
+            return releasePublicIpAddress(ipAddressId, accountId, userId);
 
         } catch (PermissionDeniedException pde) {
             throw pde;
@@ -1656,7 +1677,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         List<IPAddressVO> ipsToRelease = _ipAddressDao.listByAssociatedNetwork(networkId);
         if (ipsToRelease != null && !ipsToRelease.isEmpty()) {
             for (IPAddressVO ip : ipsToRelease) {
-                _ipAddressDao.unassignIpAddress(ip.getAddress());
+                _ipAddressDao.unassignIpAddress(ip.getId());
                 if(ip.getAccountId() != Account.ACCOUNT_ID_SYSTEM){       
                     UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_NET_IP_RELEASE, ip.getAccountId(), ip.getDataCenterId(), 0, ip.getAddress().toString());
                     _usageEventDao.persist(usageEvent);
@@ -1896,8 +1917,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
     }
 
     @Override
-    public PublicIpAddress getPublicIpAddress(Ip ip) {
+    public PublicIpAddress getPublicIpAddress(long ipAddressId) {
-        IPAddressVO addr = _ipAddressDao.findById(ip);
+        IPAddressVO addr = _ipAddressDao.findById(ipAddressId);
         if (addr == null) {
             return null;
         }
@@ -1997,8 +2018,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
     }
     
     @Override
-    public IpAddress getIp(Ip ip) {
+    public IpAddress getIp(long ipAddressId) {
-        return _ipAddressDao.findById(ip);
+        return _ipAddressDao.findById(ipAddressId);
     }
     
     @Override

server/src/com/cloud/network/RemoteAccessVpnVO.java

@@ -20,13 +20,9 @@ package com.cloud.network;
 
 import javax.persistence.Column;
 import javax.persistence.Entity;
-import javax.persistence.EnumType;
-import javax.persistence.Enumerated;
 import javax.persistence.Id;
 import javax.persistence.Table;
 
-import com.cloud.utils.net.Ip;
-
 @Entity
 @Table(name=("remote_access_vpn"))
 public class RemoteAccessVpnVO implements RemoteAccessVpn {
@@ -40,9 +36,8 @@ public class RemoteAccessVpnVO implements RemoteAccessVpn {
     private long domainId;
 
     @Id
-    @Column(name="vpn_server_addr")
+    @Column(name="vpn_server_addr_id")
-    @Enumerated(value=EnumType.ORDINAL)
+    private long serverAddressId;
-    private Ip serverAddress;
     
     @Column(name="local_ip")
     private String localIp;
@@ -58,9 +53,9 @@ public class RemoteAccessVpnVO implements RemoteAccessVpn {
 
     public RemoteAccessVpnVO() { }
 
-    public RemoteAccessVpnVO(long accountId, long domainId, long networkId, Ip publicIp, String localIp, String ipRange,  String presharedKey) {
+    public RemoteAccessVpnVO(long accountId, long domainId, long networkId, long publicIpId, String localIp, String ipRange,  String presharedKey) {
         this.accountId = accountId;
-        this.serverAddress = publicIp;
+        this.serverAddressId = publicIpId;
         this.ipRange = ipRange;
         this.ipsecPresharedKey = presharedKey;
         this.localIp = localIp;
@@ -83,12 +78,12 @@ public class RemoteAccessVpnVO implements RemoteAccessVpn {
         return accountId;
     }
     
-	@Override
+    @Override
-    public Ip getServerAddress() {
+	public long getServerAddressId() {
-		return serverAddress;
+        return serverAddressId;
-	}
+    }
 
-	@Override
+    @Override
     public String getIpRange() {
 		return ipRange;
 	}

server/src/com/cloud/network/addr/PublicIp.java

@@ -164,7 +164,7 @@ public class PublicIp implements PublicIpAddress {
     
     @Override
     public long getId() {
-        return _vlan.getId();
+        return _addr.getId();
     }
     
     @Override

server/src/com/cloud/network/dao/FirewallRulesDao.java

@@ -23,21 +23,20 @@ import java.util.List;
 import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.rules.FirewallRuleVO;
 import com.cloud.utils.db.GenericDao;
-import com.cloud.utils.net.Ip;
 
 /*
  * Data Access Object for user_ip_address and ip_forwarding tables
  */
 public interface FirewallRulesDao extends GenericDao<FirewallRuleVO, Long> {
-    List<FirewallRuleVO> listByIpAndNotRevoked(Ip ip, Boolean isOneToOneNat);
+    List<FirewallRuleVO> listByIpAndNotRevoked(long ipAddressId, Boolean isOneToOneNat);
     
     boolean setStateToAdd(FirewallRuleVO rule);
     
     boolean revoke(FirewallRuleVO rule);
     
-    boolean releasePorts(Ip ip, String protocol, FirewallRule.Purpose purpose, int[] ports);
+    boolean releasePorts(long ipAddressId, String protocol, FirewallRule.Purpose purpose, int[] ports);
     
-    List<FirewallRuleVO> listByIpAndPurpose(Ip ip, FirewallRule.Purpose purpose);
+    List<FirewallRuleVO> listByIpAndPurpose(long ipAddressId, FirewallRule.Purpose purpose);
     
 //	public List<PortForwardingRuleVO> listIPForwarding(String publicIPAddress, boolean forwarding);
 //	public List<PortForwardingRuleVO> listIPForwarding(String publicIPAddress, String port, boolean forwarding);

server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java

@@ -46,7 +46,7 @@ public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> i
         super();
         
         AllFieldsSearch = createSearchBuilder();
-        AllFieldsSearch.and("ip", AllFieldsSearch.entity().getSourceIpAddress(), Op.EQ);
+        AllFieldsSearch.and("ipId", AllFieldsSearch.entity().getSourceIpAddressId(), Op.EQ);
         AllFieldsSearch.and("protocol", AllFieldsSearch.entity().getProtocol(), Op.EQ);
         AllFieldsSearch.and("state", AllFieldsSearch.entity().getState(), Op.EQ);
         AllFieldsSearch.and("purpose", AllFieldsSearch.entity().getPurpose(), Op.EQ);
@@ -57,24 +57,24 @@ public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> i
         AllFieldsSearch.done();
         
         IpNotRevokedSearch = createSearchBuilder();
-        IpNotRevokedSearch.and("ip", IpNotRevokedSearch.entity().getSourceIpAddress(), Op.EQ);
+        IpNotRevokedSearch.and("ipId", IpNotRevokedSearch.entity().getSourceIpAddressId(), Op.EQ);
         IpNotRevokedSearch.and("state", IpNotRevokedSearch.entity().getState(), Op.NEQ);
         IpNotRevokedSearch.and("oneToOneNat", IpNotRevokedSearch.entity().isOneToOneNat(), Op.EQ);
         IpNotRevokedSearch.done();
         
         ReleaseSearch = createSearchBuilder();
         ReleaseSearch.and("protocol", ReleaseSearch.entity().getProtocol(), Op.EQ);
-        ReleaseSearch.and("ip", ReleaseSearch.entity().getSourceIpAddress(), Op.EQ);
+        ReleaseSearch.and("ipId", ReleaseSearch.entity().getSourceIpAddressId(), Op.EQ);
         ReleaseSearch.and("purpose", ReleaseSearch.entity().getPurpose(), Op.EQ);
         ReleaseSearch.and("ports", ReleaseSearch.entity().getSourcePortStart(), Op.IN);
         ReleaseSearch.done();
         
     }
     @Override
-    public boolean releasePorts(Ip ip, String protocol, FirewallRule.Purpose purpose, int[] ports) {
+    public boolean releasePorts(long ipId, String protocol, FirewallRule.Purpose purpose, int[] ports) {
         SearchCriteria<FirewallRuleVO> sc = ReleaseSearch.create();
         sc.setParameters("protocol", protocol);
-        sc.setParameters("ip", ip);
+        sc.setParameters("ipId", ipId);
         sc.setParameters("purpose", purpose);
         sc.setParameters("ports", ports);
         
@@ -83,18 +83,18 @@ public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> i
     }
     
     @Override
-    public List<FirewallRuleVO> listByIpAndPurpose(Ip ip, FirewallRule.Purpose purpose) {
+    public List<FirewallRuleVO> listByIpAndPurpose(long ipId, FirewallRule.Purpose purpose) {
         SearchCriteria<FirewallRuleVO> sc = ReleaseSearch.create();
-        sc.setParameters("ip", ip);
+        sc.setParameters("ipId", ipId);
         sc.setParameters("purpose", purpose);
         
         return listBy(sc);
     }
 
     @Override
-    public List<FirewallRuleVO> listByIpAndNotRevoked(Ip ip, Boolean isOneToOneNat) {
+    public List<FirewallRuleVO> listByIpAndNotRevoked(long ipId, Boolean isOneToOneNat) {
         SearchCriteria<FirewallRuleVO> sc = IpNotRevokedSearch.create();
-        sc.setParameters("ip", ip);
+        sc.setParameters("ipId", ipId);
         sc.setParameters("state", State.Revoke);
         if (isOneToOneNat != null) {
             sc.setParameters("oneToOneNat", isOneToOneNat);

server/src/com/cloud/network/dao/IPAddressDao.java

@@ -24,11 +24,11 @@ import com.cloud.network.IPAddressVO;
 import com.cloud.utils.db.GenericDao;
 import com.cloud.utils.net.Ip;
 
-public interface IPAddressDao extends GenericDao<IPAddressVO, Ip> {
+public interface IPAddressDao extends GenericDao<IPAddressVO, Long> {
 	
-    IPAddressVO markAsUnavailable(Ip ipAddress, long ownerId);
+    IPAddressVO markAsUnavailable(long ipAddressId);
     
-	void unassignIpAddress(Ip ipAddress);	
+	void unassignIpAddress(long ipAddressId);	
 
 	List<IPAddressVO> listByAccount(long accountId);
 	
@@ -45,4 +45,6 @@ public interface IPAddressDao extends GenericDao<IPAddressVO, Ip> {
 	int countIPsForDashboard(long dcId, boolean onlyCountAllocated);
 	
 	List<IPAddressVO> listByAssociatedVmId(long vmId);
+	
+	IPAddressVO findByAccountAndIp(long accountId, String ipAddress);
 }

server/src/com/cloud/network/dao/IPAddressDaoImpl.java

@@ -43,7 +43,7 @@ import com.cloud.utils.net.Ip;
 
 @Local(value = { IPAddressDao.class })
 @DB
-public class IPAddressDaoImpl extends GenericDaoBase<IPAddressVO, Ip> implements IPAddressDao {
+public class IPAddressDaoImpl extends GenericDaoBase<IPAddressVO, Long> implements IPAddressDao {
     private static final Logger s_logger = Logger.getLogger(IPAddressDaoImpl.class);
 
     protected final SearchBuilder<IPAddressVO> AllFieldsSearch;
@@ -57,6 +57,7 @@ public class IPAddressDaoImpl extends GenericDaoBase<IPAddressVO, Ip> implements
     // make it public for JUnit test
     public IPAddressDaoImpl() {
         AllFieldsSearch = createSearchBuilder();
+        AllFieldsSearch.and("id", AllFieldsSearch.entity().getId(), Op.EQ);
         AllFieldsSearch.and("dataCenterId", AllFieldsSearch.entity().getDataCenterId(), Op.EQ);
         AllFieldsSearch.and("ipAddress", AllFieldsSearch.entity().getAddress(), Op.EQ);
         AllFieldsSearch.and("vlan", AllFieldsSearch.entity().getVlanId(), Op.EQ);
@@ -138,7 +139,7 @@ public class IPAddressDaoImpl extends GenericDaoBase<IPAddressVO, Ip> implements
         ip.setSourceNat(sourceNat);
         ip.setState(State.Allocated);
 
-        if (!update(ip.getAddress(), ip)) {
+        if (!update(ip.getId(), ip)) {
             throw new CloudRuntimeException("How can I lock the row but can't update it: " + ip.getAddress());
         }
 
@@ -147,7 +148,7 @@ public class IPAddressDaoImpl extends GenericDaoBase<IPAddressVO, Ip> implements
     }
 
     @Override
-    public void unassignIpAddress(Ip ipAddress) {
+    public void unassignIpAddress(long ipAddressId) {
         IPAddressVO address = createForUpdate();
         address.setAllocatedToAccountId(null);
         address.setAllocatedInDomainId(null);
@@ -157,7 +158,7 @@ public class IPAddressDaoImpl extends GenericDaoBase<IPAddressVO, Ip> implements
         address.setAssociatedWithVmId(null);
         address.setState(State.Free);
         address.setAssociatedWithNetworkId(null);
-        update(ipAddress, address);
+        update(ipAddressId, address);
     }
 
     @Override
@@ -167,6 +168,14 @@ public class IPAddressDaoImpl extends GenericDaoBase<IPAddressVO, Ip> implements
         return listBy(sc);
     }
     
+    @Override
+    public IPAddressVO findByAccountAndIp(long accountId, String ipAddress) {
+        SearchCriteria<IPAddressVO> sc = AllFieldsSearch.create();
+        sc.setParameters("accountId", accountId);
+        sc.setParameters("ipAddress", ipAddress);
+        return findOneBy(sc);
+    }
+
     @Override
     public List<IPAddressVO> listByDcIdIpAddress(long dcId, String ipAddress) {
         SearchCriteria<IPAddressVO> sc = AllFieldsSearch.create();
@@ -235,10 +244,9 @@ public class IPAddressDaoImpl extends GenericDaoBase<IPAddressVO, Ip> implements
     }
 
     @Override @DB
-    public IPAddressVO markAsUnavailable(Ip ipAddress, long ownerId) {
+    public IPAddressVO markAsUnavailable(long ipAddressId) {
         SearchCriteria<IPAddressVO> sc = AllFieldsSearch.create();
-        sc.setParameters("accountId", ownerId);
+        sc.setParameters("id", ipAddressId);
-        sc.setParameters("ipAddress", ipAddress);
         
         IPAddressVO ip = createForUpdate();
         ip.setState(State.Releasing);

server/src/com/cloud/network/dao/LoadBalancerDao.java

@@ -25,8 +25,8 @@ import com.cloud.utils.db.GenericDao;
 
 public interface LoadBalancerDao extends GenericDao<LoadBalancerVO, Long> {
     List<Long> listInstancesByLoadBalancer(long loadBalancerId);
-    List<LoadBalancerVO> listByIpAddress(String ipAddress);
+    List<LoadBalancerVO> listByIpAddress(long ipAddressId);
-    LoadBalancerVO findByIpAddressAndPublicPort(String ipAddress, String publicPort);
+    LoadBalancerVO findByIpAddressAndPublicPort(long ipAddressId, String publicPort);
     LoadBalancerVO findByAccountAndName(Long accountId, String name);
     List<LoadBalancerVO> listByNetworkId(long networkId);
 }

server/src/com/cloud/network/dao/LoadBalancerDaoImpl.java

@@ -50,12 +50,12 @@ public class LoadBalancerDaoImpl extends GenericDaoBase<LoadBalancerVO, Long> im
 
     protected LoadBalancerDaoImpl() {
         ListByIp  = createSearchBuilder();
-        ListByIp.and("ipAddress", ListByIp.entity().getSourceIpAddress(), SearchCriteria.Op.EQ);
+        ListByIp.and("ipAddressId", ListByIp.entity().getSourceIpAddressId(), SearchCriteria.Op.EQ);
         ListByIp.and("networkId", ListByIp.entity().getNetworkId(), SearchCriteria.Op.EQ);
         ListByIp.done();
 
         IpAndPublicPortSearch = createSearchBuilder();
-        IpAndPublicPortSearch.and("ipAddress", IpAndPublicPortSearch.entity().getSourceIpAddress(), SearchCriteria.Op.EQ);
+        IpAndPublicPortSearch.and("ipAddressId", IpAndPublicPortSearch.entity().getSourceIpAddressId(), SearchCriteria.Op.EQ);
         IpAndPublicPortSearch.and("publicPort", IpAndPublicPortSearch.entity().getSourcePortStart(), SearchCriteria.Op.EQ);
         IpAndPublicPortSearch.done();
 
@@ -87,9 +87,9 @@ public class LoadBalancerDaoImpl extends GenericDaoBase<LoadBalancerVO, Long> im
     }
 
     @Override
-    public List<LoadBalancerVO> listByIpAddress(String ipAddress) {
+    public List<LoadBalancerVO> listByIpAddress(long ipAddressId) {
         SearchCriteria<LoadBalancerVO> sc = ListByIp.create();
-        sc.setParameters("ipAddress", ipAddress);
+        sc.setParameters("ipAddressId", ipAddressId);
         return listBy(sc);
     }
     
@@ -101,9 +101,9 @@ public class LoadBalancerDaoImpl extends GenericDaoBase<LoadBalancerVO, Long> im
     }
 
     @Override
-    public LoadBalancerVO findByIpAddressAndPublicPort(String ipAddress, String publicPort) {
+    public LoadBalancerVO findByIpAddressAndPublicPort(long ipAddressId, String publicPort) {
         SearchCriteria<LoadBalancerVO> sc = IpAndPublicPortSearch.create();
-        sc.setParameters("ipAddress", ipAddress);
+        sc.setParameters("ipAddressId", ipAddressId);
         sc.setParameters("publicPort", publicPort);
         return findOneBy(sc);
     }

server/src/com/cloud/network/dao/RemoteAccessVpnDao.java

@@ -23,11 +23,10 @@ import java.util.List;
 import com.cloud.network.RemoteAccessVpn;
 import com.cloud.network.RemoteAccessVpnVO;
 import com.cloud.utils.db.GenericDao;
-import com.cloud.utils.net.Ip;
 
-public interface RemoteAccessVpnDao extends GenericDao<RemoteAccessVpnVO, Ip> {
+public interface RemoteAccessVpnDao extends GenericDao<RemoteAccessVpnVO, Long> {
-    RemoteAccessVpnVO findByPublicIpAddress(String ipAddress);
+    RemoteAccessVpnVO findByPublicIpAddress(long ipAddressId);
-    RemoteAccessVpnVO findByPublicIpAddressAndState(String ipAddress, RemoteAccessVpn.State state);
+    RemoteAccessVpnVO findByPublicIpAddressAndState(long ipAddressId, RemoteAccessVpn.State state);
     RemoteAccessVpnVO findByAccountAndNetwork(Long accountId, Long zoneId);
     List<RemoteAccessVpnVO> findByAccount(Long accountId);
 }

server/src/com/cloud/network/dao/RemoteAccessVpnDaoImpl.java

@@ -29,10 +29,9 @@ import com.cloud.network.RemoteAccessVpnVO;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
-import com.cloud.utils.net.Ip;
 
 @Local(value={RemoteAccessVpnDao.class})
-public class RemoteAccessVpnDaoImpl extends GenericDaoBase<RemoteAccessVpnVO, Ip> implements RemoteAccessVpnDao {
+public class RemoteAccessVpnDaoImpl extends GenericDaoBase<RemoteAccessVpnVO, Long> implements RemoteAccessVpnDao {
     private static final Logger s_logger = Logger.getLogger(RemoteAccessVpnDaoImpl.class);
     
     private final SearchBuilder<RemoteAccessVpnVO> AllFieldsSearch;
@@ -42,15 +41,15 @@ public class RemoteAccessVpnDaoImpl extends GenericDaoBase<RemoteAccessVpnVO, Ip
         AllFieldsSearch = createSearchBuilder();
         AllFieldsSearch.and("accountId", AllFieldsSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
         AllFieldsSearch.and("networkId", AllFieldsSearch.entity().getNetworkId(), SearchCriteria.Op.EQ);
-        AllFieldsSearch.and("ipAddress", AllFieldsSearch.entity().getServerAddress(), SearchCriteria.Op.EQ);
+        AllFieldsSearch.and("ipAddress", AllFieldsSearch.entity().getServerAddressId(), SearchCriteria.Op.EQ);
         AllFieldsSearch.and("state", AllFieldsSearch.entity().getState(), SearchCriteria.Op.EQ);
         AllFieldsSearch.done();
     }
 
     @Override
-    public RemoteAccessVpnVO findByPublicIpAddress(String ipAddress) {
+    public RemoteAccessVpnVO findByPublicIpAddress(long ipAddressId) {
         SearchCriteria<RemoteAccessVpnVO> sc = AllFieldsSearch.create();
-        sc.setParameters("ipAddress", ipAddress);
+        sc.setParameters("ipAddress", ipAddressId);
         return findOneBy(sc);
     }
 
@@ -70,9 +69,9 @@ public class RemoteAccessVpnDaoImpl extends GenericDaoBase<RemoteAccessVpnVO, Ip
 	}
 	
 	@Override
-	public RemoteAccessVpnVO findByPublicIpAddressAndState(String ipAddress, RemoteAccessVpn.State state) {
+	public RemoteAccessVpnVO findByPublicIpAddressAndState(long ipAddressId, RemoteAccessVpn.State state) {
 	    SearchCriteria<RemoteAccessVpnVO> sc = AllFieldsSearch.create();
-        sc.setParameters("ipAddress", ipAddress);
+        sc.setParameters("ipAddress", ipAddressId);
         sc.setParameters("state", state);
         return findOneBy(sc);
 	}

server/src/com/cloud/network/element/VirtualRouterElement.java

@@ -49,6 +49,7 @@ import com.cloud.network.lb.LoadBalancingRule.LbDestination;
 import com.cloud.network.lb.LoadBalancingRulesManager;
 import com.cloud.network.router.VirtualNetworkApplianceManager;
 import com.cloud.network.rules.FirewallRule;
+import com.cloud.network.rules.RulesManager;
 import com.cloud.network.rules.FirewallRule.Purpose;
 import com.cloud.network.rules.PortForwardingRule;
 import com.cloud.network.vpn.RemoteAccessVpnElement;
@@ -81,6 +82,7 @@ public class VirtualRouterElement extends DhcpElement implements NetworkElement,
     @Inject NetworkOfferingDao _networkOfferingDao;
     @Inject VirtualNetworkApplianceManager _routerMgr;
     @Inject ConfigurationManager _configMgr;
+    @Inject RulesManager _rulesMgr;
     @Inject UserVmManager _userVmMgr;
     @Inject UserVmDao _userVmDao;
     @Inject DomainRouterDao _routerDao;
@@ -137,7 +139,7 @@ public class VirtualRouterElement extends DhcpElement implements NetworkElement,
                 throw new CloudRuntimeException("Unable to apply firewall rules");
             }
             
-            if (router.getState() == State.Running || router.getState() == State.Starting) {
+            if (router.getState() == State.Running) {
                 if (rules != null && !rules.isEmpty()) {
                     if (rules.get(0).getPurpose() == Purpose.LoadBalancing) {
                         //for load balancer we have to resend all lb rules for the network
@@ -151,7 +153,7 @@ public class VirtualRouterElement extends DhcpElement implements NetworkElement,
                         
                         return _routerMgr.applyLBRules(config, lbRules);
                     } else if (rules.get(0).getPurpose() == Purpose.PortForwarding) { 
-                        return _routerMgr.applyPortForwardingRules(config, (List<PortForwardingRule>)rules);
+                        return _routerMgr.applyPortForwardingRules(config, _rulesMgr.buildPortForwardingTOrules((List<PortForwardingRule>)rules));
                     }
                 } else {
                     return true;

server/src/com/cloud/network/guru/PublicNetworkGuru.java

@@ -17,6 +17,7 @@ import com.cloud.deploy.DeploymentPlan;
 import com.cloud.exception.ConcurrentOperationException;
 import com.cloud.exception.InsufficientAddressCapacityException;
 import com.cloud.exception.InsufficientVirtualNetworkCapcityException;
+import com.cloud.network.IPAddressVO;
 import com.cloud.network.Network;
 import com.cloud.network.Network.State;
 import com.cloud.network.NetworkManager;
@@ -34,7 +35,6 @@ import com.cloud.offerings.dao.NetworkOfferingDao;
 import com.cloud.user.Account;
 import com.cloud.utils.component.AdapterBase;
 import com.cloud.utils.component.Inject;
-import com.cloud.utils.net.Ip;
 import com.cloud.vm.Nic.ReservationStrategy;
 import com.cloud.vm.NicProfile;
 import com.cloud.vm.ReservationContext;
@@ -153,7 +153,8 @@ public class PublicNetworkGuru extends AdapterBase implements NetworkGuru {
     
     @Override
     public void deallocate(Network network, NicProfile nic, VirtualMachineProfile<? extends VirtualMachine> vm) {
-        _ipAddressDao.unassignIpAddress(new Ip(nic.getIp4Address()));
+        IPAddressVO ip = _ipAddressDao.findByAccountAndIp(vm.getVirtualMachine().getAccountId(), nic.getIp4Address());
+        _ipAddressDao.unassignIpAddress(ip.getId());
         nic.deallocate();
     }
     

server/src/com/cloud/network/lb/LoadBalancingRulesManager.java

@@ -20,10 +20,9 @@ package com.cloud.network.lb;
 import java.util.List;
 
 import com.cloud.network.lb.LoadBalancingRule.LbDestination;
-import com.cloud.utils.net.Ip;
 
 public interface LoadBalancingRulesManager extends LoadBalancingRulesService {
-    boolean removeAllLoadBalanacers(Ip ip);
+    boolean removeAllLoadBalanacers(long ipId);
     List<LbDestination> getExistingDestinations(long lbId);
     
     /**

server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java

@@ -71,7 +71,6 @@ import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
 import com.cloud.utils.db.Transaction;
 import com.cloud.utils.exception.CloudRuntimeException;
-import com.cloud.utils.net.Ip;
 import com.cloud.utils.net.NetUtils;
 import com.cloud.vm.Nic;
 import com.cloud.vm.UserVmVO;
@@ -111,15 +110,14 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
 
     @Override @DB
     public boolean assignToLoadBalancer(long loadBalancerId, List<Long> instanceIds) {
-        UserContext caller = UserContext.current();
+        UserContext ctx = UserContext.current();
+        Account caller = ctx.getCaller();
 
         LoadBalancerVO loadBalancer = _lbDao.findById(loadBalancerId);
         if (loadBalancer == null) {
             throw new InvalidParameterValueException("Failed to assign to load balancer " + loadBalancerId + ", the load balancer was not found.");
         }
 
-        _accountMgr.checkAccess(caller.getCaller(), loadBalancer);
-
         List<LoadBalancerVMMapVO> mappedInstances = _lb2VmMapDao.listByLoadBalancerId(loadBalancerId, false);
         Set<Long> mappedInstanceIds = new HashSet<Long>();
         for (LoadBalancerVMMapVO mappedInstance : mappedInstances) {
@@ -138,7 +136,7 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
                 throw new InvalidParameterValueException("Invalid instance id: " + instanceId);
             }
             
-            _accountMgr.checkAccess(caller.getCaller(), vm);
+            _rulesMgr.checkRuleAndUserVm(loadBalancer, vm, caller);
             
             if (vm.getAccountId() != loadBalancer.getAccountId()) {
                 throw new PermissionDeniedException("Cannot add virtual machines that do not belong to the same owner.");
@@ -305,12 +303,12 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
     public LoadBalancer createLoadBalancerRule(LoadBalancer lb) throws NetworkRuleConflictException {
         UserContext caller = UserContext.current();
 
-        Ip srcIp = lb.getSourceIpAddress();
+        long ipId = lb.getSourceIpAddressId();
 
         // make sure ip address exists
-        IPAddressVO ipAddr = _ipAddressDao.findById(srcIp);
+        IPAddressVO ipAddr = _ipAddressDao.findById(ipId);
         if (ipAddr == null || !ipAddr.readyToUse()) {
-            throw new InvalidParameterValueException("Unable to create load balancer rule, invalid IP address " + srcIp);
+            throw new InvalidParameterValueException("Unable to create load balancer rule, invalid IP address id" + ipId);
         }
 
         int srcPortStart = lb.getSourcePortStart();
@@ -345,7 +343,7 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
             networkId = ipAddr.getAssociatedWithNetworkId();
         }
         _accountMgr.checkAccess(caller.getCaller(), ipAddr);
-        LoadBalancerVO newRule = new LoadBalancerVO(lb.getXid(), lb.getName(), lb.getDescription(), lb.getSourceIpAddress(), lb.getSourcePortEnd(),
+        LoadBalancerVO newRule = new LoadBalancerVO(lb.getXid(), lb.getName(), lb.getDescription(), lb.getSourceIpAddressId(), lb.getSourcePortEnd(),
                 lb.getDefaultPortStart(), lb.getAlgorithm(), networkId, ipAddr.getAccountId(), ipAddr.getDomainId());
 
         newRule = _lbDao.persist(newRule);
@@ -355,7 +353,7 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
             if (!_rulesDao.setStateToAdd(newRule)) {
                 throw new CloudRuntimeException("Unable to update the state to add for " + newRule);
             }
-            s_logger.debug("Load balancer " + newRule.getId() + " for Ip address " +  srcIp + ", public port " + srcPortStart + ", private port " + defPortStart+ " is added successfully.");
+            s_logger.debug("Load balancer " + newRule.getId() + " for Ip address id=" +  ipId + ", public port " + srcPortStart + ", private port " + defPortStart+ " is added successfully.");
             UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_LOAD_BALANCER_CREATE, ipAddr.getAllocatedToAccountId(), ipAddr.getDataCenterId(), newRule.getId(), null);
             _usageEventDao.persist(usageEvent);
             return newRule;
@@ -364,7 +362,7 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
             if (e instanceof NetworkRuleConflictException) {
                 throw (NetworkRuleConflictException) e;
             }
-            throw new CloudRuntimeException("Unable to add rule for " + newRule.getSourceIpAddress(), e);
+            throw new CloudRuntimeException("Unable to add rule for ip address id=" + newRule.getSourceIpAddressId(), e);
         }
     }
 
@@ -397,8 +395,8 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
     }
 
     @Override
-    public boolean removeAllLoadBalanacers(Ip ip) {   
+    public boolean removeAllLoadBalanacers(long ipId) {   
-        List<FirewallRuleVO> rules = _rulesDao.listByIpAndNotRevoked(ip, null);
+        List<FirewallRuleVO> rules = _rulesDao.listByIpAndNotRevoked(ipId, null);
         if (rules != null)
         s_logger.debug("Found " + rules.size() + " lb rules to cleanup");
         for (FirewallRule rule : rules) {
@@ -1209,7 +1207,7 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
             }
         }
 
-        IPAddressVO addr = _ipAddressDao.findById(loadBalancer.getSourceIpAddress());
+        IPAddressVO addr = _ipAddressDao.findById(loadBalancer.getSourceIpAddressId());
         List<UserVmVO> userVms = _vmDao.listVirtualNetworkInstancesByAcctAndZone(loadBalancer.getAccountId(), addr.getDataCenterId(), loadBalancer.getNetworkId());
 
         for (UserVmVO userVm : userVms) {
@@ -1240,11 +1238,7 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
         Long domainId = cmd.getDomainId();
         String accountName = cmd.getAccountName();
         Long accountId = null;
-        String ipString = cmd.getPublicIp();
+        Long ipId = cmd.getPublicIpId();
-        Ip ipAddress = null;
-        if (ipString != null) {
-            ipAddress = new Ip(cmd.getPublicIp());
-        }
         
         if (accountName != null && domainId != null) {
             owner = _accountDao.findActiveAccount(accountName, domainId);
@@ -1271,7 +1265,7 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
         SearchBuilder<LoadBalancerVO> sb = _lbDao.createSearchBuilder();
         sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
         sb.and("name", sb.entity().getName(), SearchCriteria.Op.LIKE);
-        sb.and("sourceIpAddress", sb.entity().getSourceIpAddress(), SearchCriteria.Op.EQ);
+        sb.and("sourceIpAddress", sb.entity().getSourceIpAddressId(), SearchCriteria.Op.EQ);
         sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ);
         sb.and("domainId", sb.entity().getDomainId(), SearchCriteria.Op.EQ);
 
@@ -1298,8 +1292,8 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
             sc.setParameters("id", id);
         }
 
-        if (ipAddress != null) {
+        if (ipId != null) {
-            sc.setParameters("sourceIpAddress", ipAddress);
+            sc.setParameters("sourceIpAddress", ipId);
         }
 
         if (instanceId != null) {

server/src/com/cloud/network/router/VirtualNetworkApplianceManager.java

@@ -20,6 +20,7 @@ package com.cloud.network.router;
 import java.util.List;
 import java.util.Map;
 
+import com.cloud.agent.api.to.PortForwardingRuleTO;
 import com.cloud.api.commands.UpgradeRouterCmd;
 import com.cloud.deploy.DeployDestination;
 import com.cloud.exception.AgentUnavailableException;
@@ -88,7 +89,7 @@ public interface VirtualNetworkApplianceManager extends Manager, VirtualNetworkA
     boolean associateIP (Network network, List<? extends PublicIpAddress> ipAddress) throws ResourceUnavailableException;
     
     boolean applyLBRules(Network network, List<LoadBalancingRule> rules) throws ResourceUnavailableException;
-    boolean applyPortForwardingRules(Network network, List<PortForwardingRule> rules) throws AgentUnavailableException;
+    boolean applyPortForwardingRules(Network network, List<PortForwardingRuleTO> rules) throws AgentUnavailableException;
     
     String[] applyVpnUsers(Network network, List<? extends VpnUser> users) throws ResourceUnavailableException;
     

server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java

@@ -55,6 +55,7 @@ import com.cloud.agent.api.routing.VmDataCommand;
 import com.cloud.agent.api.routing.VpnUsersCfgCommand;
 import com.cloud.agent.api.to.IpAddressTO;
 import com.cloud.agent.api.to.LoadBalancerTO;
+import com.cloud.agent.api.to.PortForwardingRuleTO;
 import com.cloud.agent.manager.Commands;
 import com.cloud.alert.AlertManager;
 import com.cloud.api.commands.UpgradeRouterCmd;
@@ -1145,13 +1146,15 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
                 createAssociateIPCommands(router, publicIps, cmds, 0);   
                 
                 //Re-apply port forwarding rules for all public ips
-                List<PortForwardingRuleVO> rulesToReapply = new ArrayList<PortForwardingRuleVO>();
+                List<PortForwardingRuleTO> rulesToReapply = new ArrayList<PortForwardingRuleTO>();
                 List<RemoteAccessVpn> vpns = new ArrayList<RemoteAccessVpn>();
                 
                 for (PublicIpAddress ip : publicIps) {
-                    List<PortForwardingRuleVO> rules = _pfRulesDao.listForApplication(ip.getAddress());
+                    List<? extends PortForwardingRule> rules = _pfRulesDao.listForApplication(ip.getId());
-                    rulesToReapply.addAll(rules);
+                    if (rules != null){     
-                    RemoteAccessVpn vpn = _vpnDao.findById(ip.getAddress());
+                        rulesToReapply.addAll(_rulesMgr.buildPortForwardingTOrules(rules));
+                    }
+                    RemoteAccessVpn vpn = _vpnDao.findById(ip.getId());
                     if (vpn != null) {
                         vpns.add(vpn);
                     }
@@ -1277,7 +1280,9 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
             throw new ResourceUnavailableException("Failed to delete remote access VPN: domR is not in right state " + router.getState(), DataCenter.class, network.getDataCenterId());
         }
             Commands cmds = new Commands(OnError.Continue);
-            RemoteAccessVpnCfgCommand removeVpnCmd = new RemoteAccessVpnCfgCommand(false, vpn.getServerAddress().addr(), vpn.getLocalIp(), vpn.getIpRange(), vpn.getIpsecPresharedKey());
+            IpAddress ip = _networkMgr.getIp(vpn.getServerAddressId());
+            
+            RemoteAccessVpnCfgCommand removeVpnCmd = new RemoteAccessVpnCfgCommand(false, ip.getAddress().addr(), vpn.getLocalIp(), vpn.getIpRange(), vpn.getIpsecPresharedKey());
             removeVpnCmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, router.getPrivateIpAddress());
             removeVpnCmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
             cmds.addCommand(removeVpnCmd);
@@ -1508,8 +1513,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
         }
     }
     
-    private void createApplyPortForwardingRulesCommands(List<? extends PortForwardingRule> rules, DomainRouterVO router, Commands cmds) {
+    private void createApplyPortForwardingRulesCommands(List<PortForwardingRuleTO> rules, DomainRouterVO router, Commands cmds) {
-        
         SetPortForwardingRulesCommand cmd = new SetPortForwardingRulesCommand(rules);
         cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, router.getPrivateIpAddress());
         cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
@@ -1524,7 +1528,8 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
             boolean revoked = (rule.getState().equals(FirewallRule.State.Revoke));
             String protocol = rule.getProtocol();
             String algorithm = rule.getAlgorithm();
-            String srcIp = rule.getSourceIpAddress().addr();
+            
+            String srcIp =  _networkMgr.getIp(rule.getSourceIpAddressId()).getAddress().addr();
             int srcPort = rule.getSourcePortStart();
             List<LbDestination> destinations = rule.getDestinations();
             LoadBalancerTO lb = new LoadBalancerTO(srcIp, srcPort, protocol, algorithm, revoked, false, destinations);
@@ -1554,7 +1559,9 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
         addUsersCmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, router.getPrivateIpAddress());
         addUsersCmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
         
-        RemoteAccessVpnCfgCommand startVpnCmd = new RemoteAccessVpnCfgCommand(true, vpn.getServerAddress().addr(),
+        IpAddress ip = _networkMgr.getIp(vpn.getServerAddressId());
+        
+        RemoteAccessVpnCfgCommand startVpnCmd = new RemoteAccessVpnCfgCommand(true, ip.getAddress().addr(),
                 vpn.getLocalIp(), vpn.getIpRange(), vpn.getIpsecPresharedKey());
         startVpnCmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, router.getPrivateIpAddress());
         startVpnCmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
@@ -1673,7 +1680,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
     }
 
     @Override
-    public boolean applyPortForwardingRules(Network network, List<PortForwardingRule> rules) throws AgentUnavailableException {
+    public boolean applyPortForwardingRules(Network network, List<PortForwardingRuleTO> rules) throws AgentUnavailableException {
         DomainRouterVO router = _routerDao.findByNetworkConfiguration(network.getId());
         
         Commands cmds = new Commands(OnError.Continue);

server/src/com/cloud/network/rules/FirewallRuleVO.java

@@ -34,7 +34,6 @@ import javax.persistence.InheritanceType;
 import javax.persistence.Table;
 
 import com.cloud.utils.db.GenericDao;
-import com.cloud.utils.net.Ip;
 
 @Entity
 @Table(name="firewall_rules")
@@ -56,9 +55,8 @@ public class FirewallRuleVO implements FirewallRule {
     @Column(name="account_id", updatable=false)
     long accountId;
     
-    @Column(name="ip_address", updatable=false)
+    @Column(name="ip_address_id", updatable=false)
-    @Enumerated(value=EnumType.ORDINAL)
+    long sourceIpAddressId;
-    Ip sourceIpAddress;
     
     @Column(name="start_port", updatable=false)
     int sourcePortStart;
@@ -107,8 +105,8 @@ public class FirewallRuleVO implements FirewallRule {
     }
 
     @Override
-    public Ip getSourceIpAddress() {
+    public long getSourceIpAddressId() {
-        return sourceIpAddress;
+        return sourceIpAddressId;
     }
 
     @Override
@@ -152,14 +150,14 @@ public class FirewallRuleVO implements FirewallRule {
     protected FirewallRuleVO() {
     }
     
-    public FirewallRuleVO(String xId, Ip srcIp, int portStart, int portEnd, String protocol, long networkId, long accountId, long domainId, Purpose purpose, boolean isOneToOneNat) {
+    public FirewallRuleVO(String xId, long ipAddressId, int portStart, int portEnd, String protocol, long networkId, long accountId, long domainId, Purpose purpose, boolean isOneToOneNat) {
         this.xId = xId;
         if (xId == null) {
             this.xId = UUID.randomUUID().toString();
         }
         this.accountId = accountId;
         this.domainId = domainId;
-        this.sourceIpAddress = srcIp;
+        this.sourceIpAddressId = ipAddressId;
         this.sourcePortStart = portStart;
         this.sourcePortEnd = portEnd;
         this.protocol = protocol;
@@ -169,8 +167,8 @@ public class FirewallRuleVO implements FirewallRule {
         this.oneToOneNat = isOneToOneNat;
     }
     
-    public FirewallRuleVO(String xId, Ip srcIp, int port, String protocol, long networkId, long accountId, long domainId, Purpose purpose, boolean isOneToOneNat) {
+    public FirewallRuleVO(String xId, long ipAddressId, int port, String protocol, long networkId, long accountId, long domainId, Purpose purpose, boolean isOneToOneNat) {
-        this(xId, srcIp, port, port, protocol, networkId, accountId, domainId, purpose, isOneToOneNat);
+        this(xId, ipAddressId, port, port, protocol, networkId, accountId, domainId, purpose, isOneToOneNat);
     }
     
     @Override

server/src/com/cloud/network/rules/PortForwardingRuleVO.java

@@ -52,16 +52,16 @@ public class PortForwardingRuleVO extends FirewallRuleVO implements PortForwardi
     public PortForwardingRuleVO() {
     }
 
-    public PortForwardingRuleVO(String xId, Ip srcIp, int srcPortStart, int srcPortEnd, Ip dstIp, int dstPortStart, int dstPortEnd, String protocol, long networkId, long accountId, long domainId, long instanceId, boolean isOneToOneNat) {
+    public PortForwardingRuleVO(String xId, long srcIpId, int srcPortStart, int srcPortEnd, Ip dstIp, int dstPortStart, int dstPortEnd, String protocol, long networkId, long accountId, long domainId, long instanceId, boolean isOneToOneNat) {
-        super(xId, srcIp, srcPortStart, srcPortEnd, protocol, networkId, accountId, domainId, Purpose.PortForwarding, isOneToOneNat);
+        super(xId, srcIpId, srcPortStart, srcPortEnd, protocol, networkId, accountId, domainId, Purpose.PortForwarding, isOneToOneNat);
         this.destinationIpAddress = dstIp;
         this.virtualMachineId = instanceId;
         this.destinationPortStart = dstPortStart;
         this.destinationPortEnd = dstPortEnd;
     }
     
-    public PortForwardingRuleVO(String xId, Ip srcIp, int srcPort, Ip dstIp, int dstPort, String protocol, long networkId, long accountId, long domainId, long instanceId, boolean isOneToOneNat) {
+    public PortForwardingRuleVO(String xId, long srcIpId, int srcPort, Ip dstIp, int dstPort, String protocol, long networkId, long accountId, long domainId, long instanceId, boolean isOneToOneNat) {
-        this(xId, srcIp, srcPort, srcPort, dstIp, dstPort, dstPort, protocol, networkId, accountId, domainId, instanceId, isOneToOneNat);
+        this(xId, srcIpId, srcPort, srcPort, dstIp, dstPort, dstPort, protocol, networkId, accountId, domainId, instanceId, isOneToOneNat);
     }
 
     @Override

server/src/com/cloud/network/rules/RulesManager.java

@@ -26,7 +26,6 @@ import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.IpAddress;
 import com.cloud.user.Account;
 import com.cloud.uservm.UserVm;
-import com.cloud.utils.net.Ip;
 
 
 /**
@@ -34,7 +33,7 @@ import com.cloud.utils.net.Ip;
  */
 public interface RulesManager extends RulesService {
     
-    boolean applyPortForwardingRules(Ip ip, boolean continueOnError);
+    boolean applyPortForwardingRules(long ipAddressId, boolean continueOnError);
     
     /**
      * detectRulesConflict finds conflicts in networking rules.  It checks for
@@ -56,10 +55,11 @@ public interface RulesManager extends RulesService {
     void detectRulesConflict(FirewallRule newRule, IpAddress ipAddress) throws NetworkRuleConflictException;
     
     void checkIpAndUserVm(IpAddress ipAddress, UserVm userVm, Account caller) throws InvalidParameterValueException, PermissionDeniedException;
+    void checkRuleAndUserVm(FirewallRule rule, UserVm userVm, Account caller) throws InvalidParameterValueException, PermissionDeniedException;
     
-    boolean revokeAllRules(Ip ip, long userId) throws ResourceUnavailableException;
+    boolean revokeAllRules(long ipId, long userId) throws ResourceUnavailableException;
     
-    List<? extends FirewallRule> listFirewallRulesByIp(Ip ip);
+    List<? extends FirewallRule> listFirewallRulesByIp(long ipAddressId);
     
     /**
      * Returns a list of port forwarding rules that are ready for application
@@ -67,14 +67,14 @@ public interface RulesManager extends RulesService {
      * @param ip
      * @return List of PortForwardingRule
      */
-    List<? extends PortForwardingRule> listPortForwardingRulesForApplication(Ip ip);
+    List<? extends PortForwardingRule> listPortForwardingRulesForApplication(long ipId);
     
     List<? extends PortForwardingRule> gatherPortForwardingRulesForApplication(List<? extends IpAddress> addrs);
 
 	boolean revokePortForwardingRule(long vmId);
 	
 	FirewallRule[] reservePorts(IpAddress ip, String protocol, FirewallRule.Purpose purpose, int... ports) throws NetworkRuleConflictException;
-	boolean releasePorts(Ip ip, String protocol, FirewallRule.Purpose purpose, int... ports);
+	boolean releasePorts(long ipId, String protocol, FirewallRule.Purpose purpose, int... ports);
 	
 	List<? extends PortForwardingRule> listByNetworkId(long networkId);
 }

server/src/com/cloud/network/rules/RulesManagerImpl.java

@@ -26,6 +26,7 @@ import javax.naming.ConfigurationException;
 
 import org.apache.log4j.Logger;
 
+import com.cloud.agent.api.to.PortForwardingRuleTO;
 import com.cloud.api.commands.ListPortForwardingRulesCmd;
 import com.cloud.event.EventTypes;
 import com.cloud.event.UsageEventVO;
@@ -81,9 +82,9 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
 
     @Override
     public void detectRulesConflict(FirewallRule newRule, IpAddress ipAddress) throws NetworkRuleConflictException {
-        assert newRule.getSourceIpAddress().equals(ipAddress.getAddress()) : "You passed in an ip address that doesn't match the address in the new rule";
+        assert newRule.getSourceIpAddressId() == ipAddress.getId() : "You passed in an ip address that doesn't match the address in the new rule";
         
-        List<FirewallRuleVO> rules = _firewallDao.listByIpAndNotRevoked(newRule.getSourceIpAddress(), null);
+        List<FirewallRuleVO> rules = _firewallDao.listByIpAndNotRevoked(newRule.getSourceIpAddressId(), null);
         assert (rules.size() >= 1) : "For network rules, we now always first persist the rule and then check for network conflicts so we should at least have one rule at this point.";
         
         for (FirewallRuleVO rule : rules) {
@@ -92,9 +93,9 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
             }
             
             if (rule.isOneToOneNat() && !newRule.isOneToOneNat()) {
-                throw new NetworkRuleConflictException("There is 1 to 1 Nat rule specified for the " + newRule.getSourceIpAddress());
+                throw new NetworkRuleConflictException("There is 1 to 1 Nat rule specified for the ip address id=" + newRule.getSourceIpAddressId());
             } else if (!rule.isOneToOneNat() && newRule.isOneToOneNat()) {
-                throw new NetworkRuleConflictException("There is already firewall rule specified for the " + newRule.getSourceIpAddress());
+                throw new NetworkRuleConflictException("There is already firewall rule specified for the ip address id=" + newRule.getSourceIpAddressId());
             }
             
             if (rule.getNetworkId() != newRule.getNetworkId() && rule.getState() != State.Revoke) {
@@ -148,14 +149,40 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
         
     }
     
+    @Override
+    public void checkRuleAndUserVm(FirewallRule rule, UserVm userVm, Account caller) throws InvalidParameterValueException, PermissionDeniedException {
+        if (userVm == null || rule == null) {
+            return;
+        }
+        
+        _accountMgr.checkAccess(caller, rule);
+        _accountMgr.checkAccess(caller, userVm);
+       
+        if (userVm.getState() == VirtualMachine.State.Destroyed || userVm.getState() == VirtualMachine.State.Expunging) {
+            throw new InvalidParameterValueException("Invalid user vm: " + userVm.getId());
+        }
+        
+        if (rule.getAccountId() != userVm.getAccountId()) {
+            throw new InvalidParameterValueException("Rule id=" + rule.getId() + " and vm id=" + userVm.getId() + " belong to different accounts");
+        }
+    }
+
+
     @Override @DB
     public PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId, boolean isNat) throws NetworkRuleConflictException {
         UserContext ctx = UserContext.current();
         Account caller = ctx.getCaller();
         
-        Ip ipAddr = rule.getSourceIpAddress();
+        Long ipAddrId = rule.getSourceIpAddressId();
         
-        IPAddressVO ipAddress = _ipAddressDao.findById(ipAddr);
+        IPAddressVO ipAddress = _ipAddressDao.findById(ipAddrId);
+        
+        //Verify ip address existst and if 1-1 nat is enabled for it
+        if (ipAddress == null) {
+            throw new InvalidParameterValueException("Unable to create ip forwarding rule; ip id=" + ipAddrId + " doesn't exist in the system");
+        } else {
+            _accountMgr.checkAccess(caller, ipAddress);
+        }
         
         Ip dstIp = rule.getDestinationIpAddress();
         long networkId;
@@ -166,6 +193,8 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
             vm = _vmDao.findById(vmId);
             if (vm == null) {
                 throw new InvalidParameterValueException("Unable to create ip forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" + vmId + ").");
+            } else {
+                checkRuleAndUserVm(rule, vm, caller);
             }
             dstIp = null;
             List<? extends Nic> nics = _networkMgr.getNics(vm);
@@ -200,7 +229,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
         
         PortForwardingRuleVO newRule = 
             new PortForwardingRuleVO(rule.getXid(), 
-                    rule.getSourceIpAddress(), 
+                    rule.getSourceIpAddressId(), 
                     rule.getSourcePortStart(), 
                     rule.getSourcePortEnd(),
                     dstIp,
@@ -226,13 +255,13 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
             if (e instanceof NetworkRuleConflictException) {
                 throw (NetworkRuleConflictException)e;
             }
-            throw new CloudRuntimeException("Unable to add rule for " + newRule.getSourceIpAddress(), e);
+            throw new CloudRuntimeException("Unable to add rule for the ip id=" + newRule.getSourceIpAddressId(), e);
         }
     }
     
     @Override
-    public boolean enableOneToOneNat(Ip ip, long vmId) throws NetworkRuleConflictException{
+    public boolean enableOneToOneNat(long ipId, long vmId) throws NetworkRuleConflictException{
-        IPAddressVO ipAddress = _ipAddressDao.findById(ip);
+        IPAddressVO ipAddress = _ipAddressDao.findById(ipId);
         Account caller = UserContext.current().getCaller();
         
         UserVmVO vm = null;
@@ -244,23 +273,23 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
         checkIpAndUserVm(ipAddress, vm, caller);
         
         if (ipAddress.isSourceNat()) {
-            throw new InvalidParameterValueException("Can't enable one to one nat, ip address: " + ip.addr() + " is a sourceNat ip address");
+            throw new InvalidParameterValueException("Can't enable one to one nat, ip address id=" + ipId + " is a sourceNat ip address");
         }
        
         if (!ipAddress.isOneToOneNat()) {
-            List<FirewallRuleVO> rules = _firewallDao.listByIpAndNotRevoked(ip, false);
+            List<FirewallRuleVO> rules = _firewallDao.listByIpAndNotRevoked(ipId, false);
             if (rules != null && !rules.isEmpty()) {
-                throw new NetworkRuleConflictException("Failed to enable one to one nat for the ip address " + ipAddress.getAddress() + " as it already has firewall rules assigned");
+                throw new NetworkRuleConflictException("Failed to enable one to one nat for the ip address id=" + ipAddress.getId() + " as it already has firewall rules assigned");
             }
         } else {
             if (ipAddress.getAssociatedWithVmId() != null && ipAddress.getAssociatedWithVmId().longValue() != vmId) {
-                throw new NetworkRuleConflictException("Failed to enable one to one nat for the ip address " + ipAddress.getAddress() + " and vm id=" + vmId + " as it's already assigned to antoher vm");
+                throw new NetworkRuleConflictException("Failed to enable one to one nat for the ip address id=" + ipAddress.getId() + " and vm id=" + vmId + " as it's already assigned to antoher vm");
             }
         } 
         
         ipAddress.setOneToOneNat(true);
         ipAddress.setAssociatedWithVmId(vmId);
-        return _ipAddressDao.update(ipAddress.getAddress(), ipAddress);
+        return _ipAddressDao.update(ipAddress.getId(), ipAddress);
        
     }
     
@@ -298,7 +327,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
         
         // Save and create the event
         String ruleName = rule.getPurpose() == Purpose.Firewall ? "Firewall" : (rule.isOneToOneNat() ? "ip forwarding" : "port forwarding");
-        StringBuilder description = new StringBuilder("deleted ").append(ruleName).append(" rule [").append(rule.getSourceIpAddress()).append(":").append(rule.getSourcePortStart()).append("-").append(rule.getSourcePortEnd()).append("]");
+        StringBuilder description = new StringBuilder("deleted ").append(ruleName).append(" rule [ipAddressId=").append(rule.getSourceIpAddressId()).append(":").append(rule.getSourcePortStart()).append("-").append(rule.getSourcePortEnd()).append("]");
         if (rule.getPurpose() == Purpose.PortForwarding) {
             PortForwardingRuleVO pfRule = (PortForwardingRuleVO)rule;
             description.append("->[").append(pfRule.getDestinationIpAddress()).append(":").append(pfRule.getDestinationPortStart()).append("-").append(pfRule.getDestinationPortEnd()).append("]");
@@ -324,7 +353,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
         boolean success = false;
         
         if (apply) {
-            success = applyPortForwardingRules(rule.getSourceIpAddress(), true);
+            success = applyPortForwardingRules(rule.getSourceIpAddressId(), true);
         } else {
             success = true;
         }
@@ -349,44 +378,43 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
         return true;
     }
     
-    public List<? extends FirewallRule> listFirewallRules(Ip ip) {
+    public List<? extends FirewallRule> listFirewallRules(long ipId) {
-        return _firewallDao.listByIpAndNotRevoked(ip, null);
+        return _firewallDao.listByIpAndNotRevoked(ipId, null);
     }
 
     @Override
-    public List<? extends PortForwardingRule> listPortForwardingRulesForApplication(Ip ip) {
+    public List<? extends PortForwardingRule> listPortForwardingRulesForApplication(long ipId) {
-        return _forwardingDao.listForApplication(ip);
+        return _forwardingDao.listForApplication(ipId);
     }
     
     @Override
     public List<? extends PortForwardingRule> listPortForwardingRules(ListPortForwardingRulesCmd cmd) {
        Account caller = UserContext.current().getCaller();
-       String ip = cmd.getIpAddress();
+       Long ipId = cmd.getIpAddressId();
         
        Pair<String, Long> accountDomainPair = _accountMgr.finalizeAccountDomainForList(caller, cmd.getAccountName(), cmd.getDomainId());
        String accountName = accountDomainPair.first();
        Long domainId = accountDomainPair.second();
         
-        if(cmd.getIpAddress() != null){
+        if(ipId != null){
-            Ip ipAddress = new Ip(cmd.getIpAddress());
+            IPAddressVO ipAddressVO = _ipAddressDao.findById(ipId);
-            IPAddressVO ipAddressVO = _ipAddressDao.findById(ipAddress);
             if (ipAddressVO == null || !ipAddressVO.readyToUse()) {
-                throw new InvalidParameterValueException("Ip address not ready for port forwarding rules yet: " + ipAddress);
+                throw new InvalidParameterValueException("Ip address id=" + ipId + " not ready for port forwarding rules yet");
             }
             _accountMgr.checkAccess(caller, ipAddressVO);
         }
         
         Filter filter = new Filter(PortForwardingRuleVO.class, "id", false, cmd.getStartIndex(), cmd.getPageSizeVal()); 
         SearchBuilder<PortForwardingRuleVO> sb = _forwardingDao.createSearchBuilder();
-        sb.and("ip", sb.entity().getSourceIpAddress(), Op.EQ);
+        sb.and("ip", sb.entity().getSourceIpAddressId(), Op.EQ);
         sb.and("accountId", sb.entity().getAccountId(), Op.EQ);
         sb.and("domainId", sb.entity().getDomainId(), Op.EQ);
         sb.and("oneToOneNat", sb.entity().isOneToOneNat(), Op.EQ);
         
         SearchCriteria<PortForwardingRuleVO> sc = sb.create();
         
-        if (ip != null) {
+        if (ipId != null) {
-            sc.setParameters("ip", ip);
+            sc.setParameters("ip", ipId);
         }
         
         if (domainId != null) {
@@ -403,19 +431,19 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
     }
 
     @Override 
-    public boolean applyPortForwardingRules(Ip ip, boolean continueOnError) {
+    public boolean applyPortForwardingRules(long ipId, boolean continueOnError) {
         try {
-            return applyPortForwardingRules(ip, continueOnError, null);
+            return applyPortForwardingRules(ipId, continueOnError, null);
         } catch (ResourceUnavailableException e) {
-            s_logger.warn("Unable to reapply port forwarding rules for " + ip);
+            s_logger.warn("Unable to reapply port forwarding rules for Ip id=" + ipId);
             return false;
         }
     }
     
-    protected boolean applyPortForwardingRules(Ip ip, boolean continueOnError, Account caller) throws ResourceUnavailableException {
+    protected boolean applyPortForwardingRules(long ipId, boolean continueOnError, Account caller) throws ResourceUnavailableException {
-        List<PortForwardingRuleVO> rules = _forwardingDao.listForApplication(ip);
+        List<PortForwardingRuleVO> rules = _forwardingDao.listForApplication(ipId);
         if (rules.size() == 0) {
-            s_logger.debug("There are no rules to apply for " + ip);
+            s_logger.debug("There are no rules to apply for ip id=" + ipId);
             return true;
         }
 
@@ -441,33 +469,33 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
     }
     
     @Override
-    public List<PortForwardingRuleVO> searchForIpForwardingRules(Ip ip, Long id, Long vmId, Long start, Long size) {
+    public List<PortForwardingRuleVO> searchForIpForwardingRules(Long ipId, Long id, Long vmId, Long start, Long size) {
-        return _forwardingDao.searchNatRules(ip, id, vmId, start, size);
+        return _forwardingDao.searchNatRules(ipId, id, vmId, start, size);
     }
     
     @Override
-    public boolean applyPortForwardingRules(Ip ip, Account caller) throws ResourceUnavailableException {
+    public boolean applyPortForwardingRules(long ipId, Account caller) throws ResourceUnavailableException {
-        return applyPortForwardingRules(ip, false, caller);
+        return applyPortForwardingRules(ipId, false, caller);
     }
     
     @Override
-    public boolean revokeAllRules(Ip ip, long userId) throws ResourceUnavailableException {
+    public boolean revokeAllRules(long ipId, long userId) throws ResourceUnavailableException {
-        List<PortForwardingRuleVO> rules = _forwardingDao.listByIpAndNotRevoked(ip);
+        List<PortForwardingRuleVO> rules = _forwardingDao.listByIpAndNotRevoked(ipId);
         if (s_logger.isDebugEnabled()) {
-            s_logger.debug("Releasing " + rules.size() + " rules for " + ip);
+            s_logger.debug("Releasing " + rules.size() + " rules for ip id=" + ipId);
         }
 
         for (PortForwardingRuleVO rule : rules) {
             revokeRule(rule, null, userId);
         }
       
-        applyPortForwardingRules(ip, true, null);
+        applyPortForwardingRules(ipId, true, null);
         
         // Now we check again in case more rules have been inserted.
-        rules = _forwardingDao.listByIpAndNotRevoked(ip);
+        rules = _forwardingDao.listByIpAndNotRevoked(ipId);
         
         if (s_logger.isDebugEnabled()) {
-            s_logger.debug("Successfully released rules for " + ip + " and # of rules now = " + rules.size());
+            s_logger.debug("Successfully released rules for ip id=" + ipId + " and # of rules now = " + rules.size());
         }
         
         return rules.size() == 0;
@@ -495,13 +523,13 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
     }
 
     @Override
-    public List<? extends FirewallRule> listFirewallRulesByIp(Ip ip) {
+    public List<? extends FirewallRule> listFirewallRulesByIp(long ipId) {
         return null;
     }
     
     @Override
-    public boolean releasePorts(Ip ip, String protocol, FirewallRule.Purpose purpose, int... ports) {
+    public boolean releasePorts(long ipId, String protocol, FirewallRule.Purpose purpose, int... ports) {
-        return _firewallDao.releasePorts(ip, protocol, purpose, ports); 
+        return _firewallDao.releasePorts(ipId, protocol, purpose, ports); 
     }
     
     @Override @DB
@@ -513,7 +541,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
         for (int i = 0; i < ports.length; i++) {
             rules[i] = 
                 new FirewallRuleVO(null,
-                        ip.getAddress(),
+                        ip.getId(),
                         ports[i],
                         protocol,
                         ip.getAssociatedWithNetworkId(),
@@ -554,7 +582,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
                 }
                 continue;
             }
-            allRules.addAll(_forwardingDao.listForApplication(addr.getAddress()));
+            allRules.addAll(_forwardingDao.listForApplication(addr.getId()));
         }
         
         if (s_logger.isDebugEnabled()) {
@@ -570,7 +598,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
     }
     
     public boolean isLastOneToOneNatRule(FirewallRule ruleToCheck) {
-        List<FirewallRuleVO> rules = _firewallDao.listByIpAndNotRevoked(ruleToCheck.getSourceIpAddress(), false);
+        List<FirewallRuleVO> rules = _firewallDao.listByIpAndNotRevoked(ruleToCheck.getSourceIpAddressId(), false);
         if (rules != null && !rules.isEmpty()) {
             for (FirewallRuleVO rule : rules) {
                 if (ruleToCheck.getId() == rule.getId()) {
@@ -588,17 +616,17 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
     }
     
     @Override
-    public boolean disableOneToOneNat(Ip ip){
+    public boolean disableOneToOneNat(long ipId){
         Account caller = UserContext.current().getCaller();
         
-        IPAddressVO ipAddress = _ipAddressDao.findById(ip);
+        IPAddressVO ipAddress = _ipAddressDao.findById(ipId);
         checkIpAndUserVm(ipAddress, null, caller);
         
         if (!ipAddress.isOneToOneNat()) {
-            throw new InvalidParameterValueException("One to one nat is not enabled for the ip: " + ip.addr());
+            throw new InvalidParameterValueException("One to one nat is not enabled for the ip id=" + ipId);
         }
        
-        List<FirewallRuleVO> rules = _firewallDao.listByIpAndNotRevoked(ip, true);
+        List<FirewallRuleVO> rules = _firewallDao.listByIpAndNotRevoked(ipId, true);
         if (rules != null) {
             for (FirewallRuleVO rule : rules) {
                 rule.setState(State.Revoke);
@@ -608,15 +636,30 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
             }
         }
         
-        if (applyPortForwardingRules(ip, true)) {
+        if (applyPortForwardingRules(ipId, true)) {
             ipAddress.setOneToOneNat(false);
             ipAddress.setAssociatedWithVmId(null);
-            _ipAddressDao.update(ipAddress.getAddress(), ipAddress);
+            _ipAddressDao.update(ipAddress.getId(), ipAddress);
             return true;
         } else {
-            s_logger.warn("Failed to disable one to one nat for the ip address " + ip.addr());
+            s_logger.warn("Failed to disable one to one nat for the ip address id" + ipId);
             return false;
         }
     }
     
+    @Override
+    public List<PortForwardingRuleTO> buildPortForwardingTOrules(List<? extends PortForwardingRule> pfRules) {
+        if (pfRules != null) {
+            List<PortForwardingRuleTO> rulesTO = new ArrayList<PortForwardingRuleTO>();
+            for (PortForwardingRule rule : pfRules) {
+                IpAddress sourceIp = _networkMgr.getIp(rule.getSourceIpAddressId());
+                PortForwardingRuleTO ruleTO = new PortForwardingRuleTO(rule, sourceIp.getAddress().addr());
+                rulesTO.add(ruleTO);
+            }
+            return rulesTO;
+        } else {
+            return null;
+        }
+    }
+
 }

server/src/com/cloud/network/rules/dao/PortForwardingRulesDao.java

@@ -21,10 +21,9 @@ import java.util.List;
 
 import com.cloud.network.rules.PortForwardingRuleVO;
 import com.cloud.utils.db.GenericDao;
-import com.cloud.utils.net.Ip;
 
 public interface PortForwardingRulesDao extends GenericDao<PortForwardingRuleVO, Long> {
-    List<PortForwardingRuleVO> listForApplication(Ip ip);
+    List<PortForwardingRuleVO> listForApplication(long ipId);
     
     /**
      * Find all port forwarding rules that have not been revoked.
@@ -32,11 +31,11 @@ public interface PortForwardingRulesDao extends GenericDao<PortForwardingRuleVO,
      * @param ip ip address 
      * @return List of PortForwardingRuleVO
      */
-    List<PortForwardingRuleVO> listByIpAndNotRevoked(Ip ip);
+    List<PortForwardingRuleVO> listByIpAndNotRevoked(long ipId);
     
-    List<PortForwardingRuleVO> listByIp(Ip ip);
+    List<PortForwardingRuleVO> listByIp(long ipId);
     
-    List<PortForwardingRuleVO> searchNatRules(Ip ip, Long id, Long vmId, Long startIndex, Long pageSize);
+    List<PortForwardingRuleVO> searchNatRules(Long ipId, Long id, Long vmId, Long startIndex, Long pageSize);
 
 	List<PortForwardingRuleVO> listByVm(Long vmId);
 	

server/src/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java

@@ -28,7 +28,6 @@ import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
 import com.cloud.utils.db.SearchCriteria.Op;
-import com.cloud.utils.net.Ip;
 
 @Local(value=PortForwardingRulesDao.class)
 public class PortForwardingRulesDaoImpl extends GenericDaoBase<PortForwardingRuleVO, Long> implements PortForwardingRulesDao {
@@ -44,7 +43,7 @@ public class PortForwardingRulesDaoImpl extends GenericDaoBase<PortForwardingRul
         AllFieldsSearch = createSearchBuilder();
         AllFieldsSearch.and("id", AllFieldsSearch.entity().getId(), Op.EQ);
         AllFieldsSearch.and("state", AllFieldsSearch.entity().getState(), Op.EQ);
-        AllFieldsSearch.and("ip", AllFieldsSearch.entity().getSourceIpAddress(), Op.EQ);
+        AllFieldsSearch.and("ipId", AllFieldsSearch.entity().getSourceIpAddressId(), Op.EQ);
         AllFieldsSearch.and("protocol", AllFieldsSearch.entity().getProtocol(), Op.EQ);
         AllFieldsSearch.and("networkId", AllFieldsSearch.entity().getNetworkId(), Op.EQ);
         AllFieldsSearch.and("vmId", AllFieldsSearch.entity().getVirtualMachineId(), Op.EQ);
@@ -52,11 +51,11 @@ public class PortForwardingRulesDaoImpl extends GenericDaoBase<PortForwardingRul
         AllFieldsSearch.done();
         
         ApplicationSearch = createSearchBuilder();
-        ApplicationSearch.and("ip", ApplicationSearch.entity().getSourceIpAddress(), Op.EQ);
+        ApplicationSearch.and("ipId", ApplicationSearch.entity().getSourceIpAddressId(), Op.EQ);
         ApplicationSearch.and("state", ApplicationSearch.entity().getState(), Op.NEQ);
         
         ActiveRulesSearch = createSearchBuilder();
-        ActiveRulesSearch.and("ip", ActiveRulesSearch.entity().getSourceIpAddress(), Op.EQ);
+        ActiveRulesSearch.and("ipId", ActiveRulesSearch.entity().getSourceIpAddressId(), Op.EQ);
         ActiveRulesSearch.and("state", ActiveRulesSearch.entity().getState(), Op.NEQ);
         ActiveRulesSearch.done();
         
@@ -71,9 +70,9 @@ public class PortForwardingRulesDaoImpl extends GenericDaoBase<PortForwardingRul
     }
 
     @Override
-    public List<PortForwardingRuleVO> listForApplication(Ip ip) {
+    public List<PortForwardingRuleVO> listForApplication(long ipId) {
         SearchCriteria<PortForwardingRuleVO> sc = ApplicationSearch.create();
-        sc.setParameters("ip", ip);
+        sc.setParameters("ipId", ipId);
         sc.setParameters("state", State.Staged);
         
         return listBy(sc, null);
@@ -87,29 +86,29 @@ public class PortForwardingRulesDaoImpl extends GenericDaoBase<PortForwardingRul
     }
 
     @Override
-    public List<PortForwardingRuleVO> listByIpAndNotRevoked(Ip ip) {
+    public List<PortForwardingRuleVO> listByIpAndNotRevoked(long ipId) {
         SearchCriteria<PortForwardingRuleVO> sc = ActiveRulesSearch.create();
-        sc.setParameters("ip", ip);
+        sc.setParameters("ipId", ipId);
         sc.setParameters("state", State.Revoke);
         
         return listBy(sc, null);
     }
     
     @Override
-    public List<PortForwardingRuleVO> listByIp(Ip ip) {
+    public List<PortForwardingRuleVO> listByIp(long ipId) {
         SearchCriteria<PortForwardingRuleVO> sc = ActiveRulesSearch.create();
-        sc.setParameters("ip", ip);
+        sc.setParameters("ipId", ipId);
         
         return listBy(sc, null);
     }
     
     @Override
-    public List<PortForwardingRuleVO> searchNatRules(Ip ip, Long id, Long vmId, Long startIndex, Long pageSize) {
+    public List<PortForwardingRuleVO> searchNatRules(Long ipId, Long id, Long vmId, Long startIndex, Long pageSize) {
         Filter searchFilter = new Filter(PortForwardingRuleVO.class, "id", true, startIndex, pageSize);
         SearchCriteria<PortForwardingRuleVO> sc = AllFieldsSearch.create();
 
-        if (ip != null) {
+        if (ipId != null) {
-            sc.setParameters("ip", ip);
+            sc.setParameters("ipId", ipId);
         }
         
         if (id != null) {

server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java

@@ -32,8 +32,6 @@ import com.cloud.configuration.Config;
 import com.cloud.configuration.dao.ConfigurationDao;
 import com.cloud.domain.DomainVO;
 import com.cloud.domain.dao.DomainDao;
-import com.cloud.event.EventTypes;
-import com.cloud.event.EventUtils;
 import com.cloud.exception.AccountLimitException;
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.NetworkRuleConflictException;
@@ -52,8 +50,8 @@ import com.cloud.network.dao.IPAddressDao;
 import com.cloud.network.dao.RemoteAccessVpnDao;
 import com.cloud.network.dao.VpnUserDao;
 import com.cloud.network.router.VirtualNetworkApplianceManager;
+import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.rules.FirewallRule.Purpose;
-import com.cloud.network.rules.FirewallRuleVO;
 import com.cloud.network.rules.RulesManager;
 import com.cloud.user.Account;
 import com.cloud.user.AccountManager;
@@ -71,7 +69,6 @@ import com.cloud.utils.db.JoinBuilder;
 import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
 import com.cloud.utils.db.Transaction;
-import com.cloud.utils.net.Ip;
 import com.cloud.utils.net.NetUtils;
 
 @Local(value = RemoteAccessVpnService.class)
@@ -96,14 +93,14 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag
     SearchBuilder<RemoteAccessVpnVO> VpnSearch;
 
     @Override
-    public RemoteAccessVpn createRemoteAccessVpn(Ip publicIp, String ipRange) throws NetworkRuleConflictException {
+    public RemoteAccessVpn createRemoteAccessVpn(long publicIpId, String ipRange) throws NetworkRuleConflictException {
         UserContext ctx = UserContext.current();
         Account caller = ctx.getCaller();
 
         // make sure ip address exists
-        PublicIpAddress ipAddr = _networkMgr.getPublicIpAddress(publicIp);
+        PublicIpAddress ipAddr = _networkMgr.getPublicIpAddress(publicIpId);
         if (ipAddr == null) {
-            throw new InvalidParameterValueException("Unable to create remote access vpn, invalid public IP address " + publicIp);
+            throw new InvalidParameterValueException("Unable to create remote access vpn, invalid public IP address id" + publicIpId);
         }
 
         _accountMgr.checkAccess(caller, ipAddr);
@@ -112,7 +109,7 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag
             throw new InvalidParameterValueException("The Ip address is not ready to be used yet: " + ipAddr.getAddress());
         }
 
-        RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByPublicIpAddress(publicIp.toString());
+        RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByPublicIpAddress(publicIpId);
        
         if (vpnVO != null) {
             //if vpn is in Added state, return it to the api
@@ -164,7 +161,7 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag
         String sharedSecret = PasswordGenerator.generatePresharedKey(_pskLength);
         _rulesMgr.reservePorts(ipAddr, NetUtils.UDP_PROTO, Purpose.Vpn, NetUtils.VPN_PORT, NetUtils.VPN_L2TP_PORT, NetUtils.VPN_NATT_PORT);
         vpnVO = new RemoteAccessVpnVO(ipAddr.getAllocatedToAccountId(), ipAddr.getAllocatedInDomainId(), ipAddr.getAssociatedWithNetworkId(),
-                publicIp, range[0], newIpRange, sharedSecret);
+                publicIpId, range[0], newIpRange, sharedSecret);
         return _remoteAccessVpnDao.persist(vpnVO);
     }
 
@@ -195,12 +192,12 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag
     }
 
     @Override @DB
-    public void destroyRemoteAccessVpn(Ip ip, long startEventId) throws ResourceUnavailableException {
+    public void destroyRemoteAccessVpn(long ipId, long startEventId) throws ResourceUnavailableException {
         Account caller = UserContext.current().getCaller();
         
-        RemoteAccessVpnVO vpn = _remoteAccessVpnDao.findById(ip);
+        RemoteAccessVpnVO vpn = _remoteAccessVpnDao.findById(ipId);
         if (vpn == null) {
-            s_logger.debug("vpn does not exists " + ip);
+            s_logger.debug("vpn id=" + ipId + " does not exists ");
             return;
         }
         
@@ -209,7 +206,7 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag
         Network network = _networkMgr.getNetwork(vpn.getNetworkId());
         
         vpn.setState(RemoteAccessVpn.State.Removed);
-        _remoteAccessVpnDao.update(vpn.getServerAddress(), vpn);
+        _remoteAccessVpnDao.update(vpn.getServerAddressId(), vpn);
         
         
         List<? extends RemoteAccessVpnElement> elements = _networkMgr.getRemoteAccessVpnElements();
@@ -226,14 +223,14 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag
                 Transaction txn = Transaction.currentTxn();
                 try {
                     txn.start();
-                    _remoteAccessVpnDao.remove(ip);
+                    _remoteAccessVpnDao.remove(ipId);
                     
                     //Cleanup corresponding ports
-                    List<FirewallRuleVO> ports = _rulesDao.listByIpAndPurpose(ip, Purpose.Vpn);
+                    List<? extends FirewallRule> ports = _rulesDao.listByIpAndPurpose(ipId, Purpose.Vpn);
                     if (ports != null) {
-                        for (FirewallRuleVO port : ports) {
+                        for (FirewallRule port : ports) {
                             _rulesDao.remove(port.getId());
-                            s_logger.debug("Successfully removed firewall rule with ip " + port.getSourceIpAddress() + " and port " + port.getSourcePortStart() + " as a part of vpn cleanup");
+                            s_logger.debug("Successfully removed firewall rule with ip id=" + port.getSourceIpAddressId() + " and port " + port.getSourcePortStart() + " as a part of vpn cleanup");
                         }
                     }
                     txn.commit();   
@@ -299,7 +296,7 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag
     }
 
     @Override
-    public RemoteAccessVpnVO startRemoteAccessVpn(Ip vpnId) throws ResourceUnavailableException {
+    public RemoteAccessVpnVO startRemoteAccessVpn(long vpnId) throws ResourceUnavailableException {
         Account caller = UserContext.current().getCaller();
 
         RemoteAccessVpnVO vpn = _remoteAccessVpnDao.findById(vpnId);
@@ -324,7 +321,7 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag
         } finally {
             if (started) {
                 vpn.setState(RemoteAccessVpn.State.Running);
-                _remoteAccessVpnDao.update(vpn.getServerAddress(), vpn);
+                _remoteAccessVpnDao.update(vpn.getServerAddressId(), vpn);
             } 
         }
     }
@@ -482,22 +479,22 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag
         String accountName = cmd.getAccountName();
         Long domainId = cmd.getDomainId();
 
-        Ip ipAddress = cmd.getPublicIp();
+        Long ipAddressId = cmd.getPublicIpId();
-        if (ipAddress != null) {
+        if (ipAddressId != null) {
-            PublicIpAddress publicIp = _networkMgr.getPublicIpAddress(ipAddress);
+            PublicIpAddress publicIp = _networkMgr.getPublicIpAddress(ipAddressId);
             if (publicIp == null) {
-                throw new InvalidParameterValueException("Unable to list remote access vpns, IP address " + ipAddress + " not found.");
+                throw new InvalidParameterValueException("Unable to list remote access vpns, IP address " + ipAddressId + " not found.");
             } else {
                 Long ipAddrAcctId = publicIp.getAllocatedToAccountId();
                 if (ipAddrAcctId == null) {
-                    throw new InvalidParameterValueException("Unable to list remote access vpns, IP address " + ipAddress
+                    throw new InvalidParameterValueException("Unable to list remote access vpns, IP address " + ipAddressId
                             + " is not associated with an account.");
                 }
             }
             _accountMgr.checkAccess(caller, publicIp);
 
             List<RemoteAccessVpnVO> vpns = new ArrayList<RemoteAccessVpnVO>(1);
-            RemoteAccessVpnVO remoteVpn = _remoteAccessVpnDao.findById(ipAddress);
+            RemoteAccessVpnVO remoteVpn = _remoteAccessVpnDao.findById(ipAddressId);
             if (remoteVpn != null) {
             	vpns.add(remoteVpn);
             }

server/src/com/cloud/server/ConfigurationServerImpl.java

@@ -161,11 +161,7 @@ public class ConfigurationServerImpl implements ConfigurationServer {
 				}
 			}
 			
-			// If this is a premium environment, set the network type to be "vlan"
 			if (_configDao.isPremium()) {		
-//				_configDao.update("network.type", "vlan");
-//				s_logger.debug("ConfigurationServer changed the network type to \"vlan\".");
-				
 				// Default value is set as KVM because of FOSS build, when we are
 				// running under premium, autoset to XenServer if we know it is from FOSS settings
 				

server/src/com/cloud/test/DatabaseConfig.java

@@ -670,7 +670,7 @@ public class DatabaseConfig {
     	pzc.modifyVlan(zoneName, true, vlanId, gateway, netmask, vlanPodName, vlanType, publicIpRange, 0);
     	
     	long vlanDbId = pzc.getVlanDbId(zoneName, vlanId);
-    	iprc.saveIPRange("public", -1, zoneDbId, vlanDbId, startIP, endIP);
+    	iprc.saveIPRange("public", -1, zoneDbId, vlanDbId, startIP, endIP, 1L);
         
     }
 
@@ -732,7 +732,7 @@ public class DatabaseConfig {
     	
 		if (privateIpRange != null) {
 			// Save the IP address range
-			iprc.saveIPRange("private", id, dataCenterId, -1, startIP, endIP);
+			iprc.saveIPRange("private", id, dataCenterId, -1, startIP, endIP, null);
 		}
 
     }

server/src/com/cloud/test/IPRangeConfig.java

@@ -41,10 +41,12 @@ public class IPRangeConfig {
 		System.exit(0);
     }
 	
+	//This class is not applicable in 2.2 with the new networking model
 	private String usage() {
 		return "Usage: ./change_ip_range.sh [add|delete] [public zone | private pod zone] startIP endIP";
 	}
 	
+	
 	public void run(String[] args) {
 		if (args.length < 2) {
             printError(usage());
@@ -70,7 +72,7 @@ public class IPRangeConfig {
             }
 			
 			long zoneId = PodZoneConfig.getZoneId(zone);
-			result = changeRange(op, "public", -1, zoneId, startIP, endIP);
+			result = changeRange(op, "public", -1, zoneId, startIP, endIP, null);
 			result.replaceAll("<br>", "/n");
 			System.out.println(result);
 		} else if (type.equals("private")) {
@@ -92,7 +94,7 @@ public class IPRangeConfig {
 			
 			long podId = PodZoneConfig.getPodId(pod, zone);
 			long zoneId = PodZoneConfig.getZoneId(zone);
-			result = changeRange(op, "private", podId, zoneId, startIP, endIP);
+			result = changeRange(op, "private", podId, zoneId, startIP, endIP, null);
 			result.replaceAll("<br>", "/n");
 			System.out.println(result);
 		} else {
@@ -107,7 +109,7 @@ public class IPRangeConfig {
         }
 		
 		long zoneId = PodZoneConfig.getZoneId(zone);
-		result = changeRange(op, "public", -1, zoneId, startIP, endIP);
+		result = changeRange(op, "public", -1, zoneId, startIP, endIP, null);
 		
 		return DatabaseConfig.genReturnList("true", result);
 	}
@@ -120,7 +122,7 @@ public class IPRangeConfig {
 		
 		long podId = PodZoneConfig.getPodId(pod, zone);
 		long zoneId = PodZoneConfig.getZoneId(zone);
-		result = changeRange(op, "private", podId, zoneId, startIP, endIP);
+		result = changeRange(op, "private", podId, zoneId, startIP, endIP, null);
 		
 		return DatabaseConfig.genReturnList("true", result);
 	}
@@ -224,12 +226,12 @@ public class IPRangeConfig {
 		}
 	}
 	
-	private String changeRange(String op, String type, long podId, long zoneId, String startIP, String endIP) {
+	private String changeRange(String op, String type, long podId, long zoneId, String startIP, String endIP, Long networkId) {
 		
 		// Go through all the IPs and add or delete them
 		List<String> problemIPs = null;
 		if (op.equals("add")) {
-			problemIPs = saveIPRange(type, podId, zoneId, 1, startIP, endIP);
+			problemIPs = saveIPRange(type, podId, zoneId, 1, startIP, endIP, networkId);
 		} else if (op.equals("delete")) {
 			problemIPs = deleteIPRange(type, podId, zoneId, 1, startIP, endIP);
 		}
@@ -422,7 +424,7 @@ public class IPRangeConfig {
 	}
 	
 	@DB
-	public List<String> saveIPRange(String type, long podId, long zoneId, long vlanDbId, String startIP, String endIP) {
+	public List<String> saveIPRange(String type, long podId, long zoneId, long vlanDbId, String startIP, String endIP, Long sourceNetworkId) {
     	long startIPLong = NetUtils.ip2Long(startIP);
     	long endIPLong = startIPLong;
     	if (endIP != null) {
@@ -433,7 +435,7 @@ public class IPRangeConfig {
     	List<String> problemIPs = null;
     	
     	if (type.equals("public")) {
-            problemIPs = savePublicIPRange(txn, startIPLong, endIPLong, zoneId, vlanDbId);
+            problemIPs = savePublicIPRange(txn, startIPLong, endIPLong, zoneId, vlanDbId, sourceNetworkId);
         } else if (type.equals("private")) {
             problemIPs = savePrivateIPRange(txn, startIPLong, endIPLong, podId, zoneId);
         }
@@ -447,8 +449,8 @@ public class IPRangeConfig {
     	return problemIPs;
     }
     
-	public Vector<String> savePublicIPRange(Transaction txn, long startIP, long endIP, long zoneId, long vlanDbId) {
+	public Vector<String> savePublicIPRange(Transaction txn, long startIP, long endIP, long zoneId, long vlanDbId, long sourceNetworkId) {
-		String insertSql = "INSERT INTO `cloud`.`user_ip_address` (public_ip_address, data_center_id, vlan_db_id, mac_address) VALUES (?, ?, ?, (select mac_address from `cloud`.`data_center` where id=?))";
+		String insertSql = "INSERT INTO `cloud`.`user_ip_address` (public_ip_address, data_center_id, vlan_db_id, mac_address, source_network_id) VALUES (?, ?, ?, (select mac_address from `cloud`.`data_center` where id=?), ?)";
 		String updateSql = "UPDATE `cloud`.`data_center` set mac_address = mac_address+1 where id=?";
 		Vector<String> problemIPs = new Vector<String>();
 		PreparedStatement stmt = null;
@@ -467,6 +469,7 @@ public class IPRangeConfig {
     		stmt.setLong(2, zoneId);
     		stmt.setLong(3, vlanDbId);
     		stmt.setLong(4, zoneId);
+    		stmt.setLong(5, sourceNetworkId);
     		stmt.executeUpdate();
     		stmt.close();
     		stmt = conn.prepareStatement(updateSql);

server/src/com/cloud/vm/UserVmManagerImpl.java

@@ -78,9 +78,9 @@ import com.cloud.configuration.ConfigurationManager;
 import com.cloud.configuration.ResourceCount.ResourceType;
 import com.cloud.configuration.dao.ConfigurationDao;
 import com.cloud.configuration.dao.ResourceLimitDao;
+import com.cloud.dc.DataCenter.NetworkType;
 import com.cloud.dc.DataCenterVO;
 import com.cloud.dc.HostPodVO;
-import com.cloud.dc.DataCenter.NetworkType;
 import com.cloud.dc.dao.AccountVlanMapDao;
 import com.cloud.dc.dao.ClusterDao;
 import com.cloud.dc.dao.DataCenterDao;
@@ -134,24 +134,20 @@ import com.cloud.storage.DiskOfferingVO;
 import com.cloud.storage.GuestOSVO;
 import com.cloud.storage.SnapshotVO;
 import com.cloud.storage.Storage;
-import com.cloud.storage.StoragePoolStatus;
 import com.cloud.storage.Storage.ImageFormat;
 import com.cloud.storage.Storage.StoragePoolType;
 import com.cloud.storage.Storage.StorageResourceType;
 import com.cloud.storage.Storage.TemplateType;
 import com.cloud.storage.StorageManager;
 import com.cloud.storage.StoragePool;
+import com.cloud.storage.StoragePoolStatus;
 import com.cloud.storage.StoragePoolVO;
 import com.cloud.storage.VMTemplateHostVO;
+import com.cloud.storage.VMTemplateStorageResourceAssoc.Status;
 import com.cloud.storage.VMTemplateVO;
 import com.cloud.storage.Volume;
-import com.cloud.storage.VolumeVO;
-import com.cloud.storage.Storage.ImageFormat;
-import com.cloud.storage.Storage.StoragePoolType;
-import com.cloud.storage.Storage.StorageResourceType;
-import com.cloud.storage.Storage.TemplateType;
-import com.cloud.storage.VMTemplateStorageResourceAssoc.Status;
 import com.cloud.storage.Volume.VolumeType;
+import com.cloud.storage.VolumeVO;
 import com.cloud.storage.dao.DiskOfferingDao;
 import com.cloud.storage.dao.GuestOSCategoryDao;
 import com.cloud.storage.dao.GuestOSDao;
@@ -1188,7 +1184,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
                 for (IPAddressVO ip : ips) {
                     ip.setOneToOneNat(false);
                     ip.setAssociatedWithVmId(null);
-                    _ipAddressDao.update(ip.getAddress(), ip);
+                    _ipAddressDao.update(ip.getId(), ip);
                     s_logger.debug("Disabled 1-1 nat for ip address " + ip + " as a part of vm " + vm + " expunge");
                 }
             }

setup/db/create-schema.sql

@@ -475,7 +475,7 @@ CREATE TABLE `cloud`.`op_dc_vnet_alloc` (
 
 CREATE TABLE `cloud`.`firewall_rules` (
   `id` bigint unsigned NOT NULL auto_increment COMMENT 'id',
-  `ip_address` bigint unsigned NOT NULL COMMENT 'ip address',
+  `ip_address_id` bigint unsigned NOT NULL COMMENT 'id of the corresponding ip address',
   `start_port` int(10) NOT NULL COMMENT 'starting port of a port range',
   `end_port` int(10) NOT NULL COMMENT 'end port of a port range',
   `state` char(32) NOT NULL COMMENT 'current state of this rule',
@@ -488,7 +488,7 @@ CREATE TABLE `cloud`.`firewall_rules` (
   `xid` char(40) NOT NULL COMMENT 'external id',
   `created` datetime COMMENT 'Date created',
   PRIMARY KEY  (`id`),
-  CONSTRAINT `fk_firewall_rules__ip_address` FOREIGN KEY(`ip_address`) REFERENCES `user_ip_address`(`public_ip_address`),
+  CONSTRAINT `fk_firewall_rules__ip_address_id` FOREIGN KEY(`ip_address_id`) REFERENCES `user_ip_address`(`id`),
   CONSTRAINT `fk_firewall_rules__network_id` FOREIGN KEY(`network_id`) REFERENCES `networks`(`id`) ON DELETE CASCADE,
   CONSTRAINT `fk_firewall_rules__account_id` FOREIGN KEY(`account_id`) REFERENCES `account`(`id`) ON DELETE CASCADE,
   CONSTRAINT `fk_firewall_rules__domain_id` FOREIGN KEY(`domain_id`) REFERENCES `domain`(`id`) ON DELETE CASCADE
@@ -526,7 +526,7 @@ CREATE TABLE `cloud`.`port_forwarding_rules` (
   CONSTRAINT `fk_port_forwarding_rules__id` FOREIGN KEY(`id`) REFERENCES `firewall_rules`(`id`) ON DELETE CASCADE
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
-CREATE VIEW `cloud`.`port_forwarding_rules_view` AS SELECT fw.id, INET_NTOA(fw.ip_address) as src_ip_address, INET_NTOA(pf.dest_ip_address), fw.start_port as src_port_start, pf.dest_port_start, fw.end_port as src_end_port, pf.dest_port_end as dest_end_port, fw.state, fw.protocol, fw.purpose, fw.account_id from cloud.firewall_rules as fw inner join cloud.port_forwarding_rules as pf on fw.id=pf.id; 
+CREATE VIEW `cloud`.`port_forwarding_rules_view` AS SELECT fw.id, INET_NTOA(fw.ip_address_id) as src_ip_address_id, INET_NTOA(pf.dest_ip_address), fw.start_port as src_port_start, pf.dest_port_start, fw.end_port as src_end_port, pf.dest_port_end as dest_end_port, fw.state, fw.protocol, fw.purpose, fw.account_id from cloud.firewall_rules as fw inner join cloud.port_forwarding_rules as pf on fw.id=pf.id; 
  
 #CREATE TABLE  `cloud`.`ip_forwarding` (
 #  `id` bigint unsigned NOT NULL auto_increment,
@@ -653,9 +653,10 @@ CREATE TABLE  `cloud`.`event` (
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
 CREATE TABLE  `cloud`.`user_ip_address` (
+  `id` bigint unsigned NOT NULL UNIQUE auto_increment,
   `account_id` bigint unsigned NULL,
   `domain_id` bigint unsigned NULL,
-  `public_ip_address` bigint unsigned unique NOT NULL,
+  `public_ip_address` bigint unsigned NOT NULL,
   `data_center_id` bigint unsigned NOT NULL COMMENT 'zone that it belongs to',
   `source_nat` int(1) unsigned NOT NULL default '0',
   `allocated` datetime NULL COMMENT 'Date this ip was allocated to someone',
@@ -664,8 +665,11 @@ CREATE TABLE  `cloud`.`user_ip_address` (
   `vm_id` bigint unsigned COMMENT 'vm id the one_to_one nat ip is assigned to',
   `state` char(32) NOT NULL default 'Free' COMMENT 'state of the ip address',
   `mac_address` bigint unsigned NOT NULL COMMENT 'mac address of this ip',
+  `source_network_id` bigint unsigned NOT NULL COMMENT 'network id ip belongs to',
   `network_id` bigint unsigned COMMENT 'network this public ip address is associated with',
-  PRIMARY KEY (`public_ip_address`),
+  PRIMARY KEY (`id`),
+  UNIQUE (`public_ip_address`, `source_network_id`),
+  CONSTRAINT `fk_user_ip_address__source_network_id` FOREIGN KEY (`source_network_id`) REFERENCES `networks`(`id`),
   CONSTRAINT `fk_user_ip_address__network_id` FOREIGN KEY (`network_id`) REFERENCES `networks`(`id`),
   CONSTRAINT `fk_user_ip_address__account_id` FOREIGN KEY (`account_id`) REFERENCES `account`(`id`),
   CONSTRAINT `fk_user_ip_address__vlan_db_id` FOREIGN KEY (`vlan_db_id`) REFERENCES `vlan`(`id`) ON DELETE CASCADE,
@@ -674,7 +678,7 @@ CREATE TABLE  `cloud`.`user_ip_address` (
   INDEX `i_user_ip_address__source_nat`(`source_nat`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
-CREATE VIEW `cloud`.`user_ip_address_view` AS SELECT INET_NTOA(user_ip_address.public_ip_address) as ip_address, user_ip_address.data_center_id, user_ip_address.account_id, user_ip_address.domain_id, user_ip_address.source_nat, user_ip_address.allocated, user_ip_address.vlan_db_id, user_ip_address.one_to_one_nat, user_ip_address.state, user_ip_address.mac_address, user_ip_address.network_id as associated_network_id from user_ip_address; 
+CREATE VIEW `cloud`.`user_ip_address_view` AS SELECT user_ip_address.id, INET_NTOA(user_ip_address.public_ip_address) as ip_address, user_ip_address.data_center_id, user_ip_address.account_id, user_ip_address.domain_id, user_ip_address.source_nat, user_ip_address.allocated, user_ip_address.vlan_db_id, user_ip_address.one_to_one_nat, user_ip_address.vm_id, user_ip_address.state, user_ip_address.mac_address, user_ip_address.source_network_id as network_id, user_ip_address.network_id as associated_network_id from user_ip_address; 
 
 CREATE TABLE  `cloud`.`user_statistics` (
   `id` bigint unsigned UNIQUE NOT NULL AUTO_INCREMENT,
@@ -1066,7 +1070,7 @@ CREATE TABLE `cloud`.`load_balancer` (
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
 CREATE TABLE `cloud`.`remote_access_vpn` (
-  `vpn_server_addr` bigint unsigned UNIQUE NOT NULL,
+  `vpn_server_addr_id` bigint unsigned UNIQUE NOT NULL,
   `account_id` bigint unsigned NOT NULL,
   `network_id` bigint unsigned NOT NULL,
   `domain_id` bigint unsigned NOT NULL,
@@ -1074,11 +1078,11 @@ CREATE TABLE `cloud`.`remote_access_vpn` (
   `ip_range` varchar(32) NOT NULL,
   `ipsec_psk` varchar(256) NOT NULL,
   `state` char(32) NOT NULL,
-  PRIMARY KEY  (`vpn_server_addr`),
+  PRIMARY KEY  (`vpn_server_addr_id`),
   CONSTRAINT `fk_remote_access_vpn__account_id` FOREIGN KEY `fk_remote_access_vpn__account_id`(`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE,
   CONSTRAINT `fk_remote_access_vpn__domain_id` FOREIGN KEY `fk_remote_access_vpn__domain_id`(`domain_id`) REFERENCES `domain`(`id`) ON DELETE CASCADE,
   CONSTRAINT `fk_remote_access_vpn__network_id` FOREIGN KEY `fk_remote_access_vpn__network_id` (`network_id`) REFERENCES `networks` (`id`) ON DELETE CASCADE,
-  CONSTRAINT `fk_remote_access_vpn__server_addr` FOREIGN KEY `fk_remote_access_vpn__server_addr` (`vpn_server_addr`) REFERENCES `user_ip_address` (`public_ip_address`)
+  CONSTRAINT `fk_remote_access_vpn__vpn_server_addr_id` FOREIGN KEY `fk_remote_access_vpn__vpn_server_addr_id` (`vpn_server_addr_id`) REFERENCES `user_ip_address` (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
 CREATE TABLE `cloud`.`vpn_users` (