From 352bfff4738858da0074fe445892b496a2d01596 Mon Sep 17 00:00:00 2001
From: anthony <anthony@cloud.com>
Date: Fri, 20 Jul 2012 12:07:14 -0700
Subject: [PATCH 1/5] CS-14274 : add public ip , remove storage ip which is not
 used

---
 .../xen/resource/CitrixResourceBase.java      | 40 +++++++++----------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
index 1be8e131830..7759169da52 100644
--- a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
+++ b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
@@ -4276,32 +4276,22 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
             _host.publicNetwork = publicNic.getNetworkRecord(conn).uuid;
 
             XsLocalNetwork storageNic1 = null;
-            if (_storageNetworkName1 != null && !_storageNetworkName1.equals(_guestNetworkName)) {
+            if (_storageNetworkName1 != null ) {
                 storageNic1 = getNetworkByName(conn, _storageNetworkName1);
+                _host.storageNetwork1 = storageNic1.getNetworkRecord(conn).uuid;
+                _host.storagePif1 = storageNic1.getPifRecord(conn).uuid;
             }
-            if (storageNic1 == null) {
-                storageNic1 = guestNic;
-                _storageNetworkName1 = _guestNetworkName;
-            }
-            _host.storageNetwork1 = storageNic1.getNetworkRecord(conn).uuid;
-            _host.storagePif1 = storageNic1.getPifRecord(conn).uuid;
 
             XsLocalNetwork storageNic2 = null;
-            if (_storageNetworkName2 != null && !_storageNetworkName2.equals(_guestNetworkName)) {
+            if (_storageNetworkName2 != null) {
                 storageNic2 = getNetworkByName(conn, _storageNetworkName2);
+                _host.storageNetwork2 = storageNic2.getNetworkRecord(conn).uuid;
+                _host.storagePif2 = storageNic2.getPifRecord(conn).uuid;
             }
-            if (storageNic2 == null) {
-                storageNic2 = guestNic;
-                _storageNetworkName2 = _guestNetworkName;
-            }
-            _host.storageNetwork2 = storageNic2.getNetworkRecord(conn).uuid;
-            _host.storagePif2 = storageNic2.getPifRecord(conn).uuid;
 
             s_logger.info("Private Network is " + _privateNetworkName + " for host " + _host.ip);
             s_logger.info("Guest Network is " + _guestNetworkName + " for host " + _host.ip);
             s_logger.info("Public Network is " + _publicNetworkName + " for host " + _host.ip);
-            s_logger.info("Storage Network 1 is " + _storageNetworkName1 + " for host " + _host.ip);
-            s_logger.info("Storage Network 2 is " + _storageNetworkName2 + " for host " + _host.ip);
 
             return true;
         } catch (XenAPIException e) {
@@ -5377,12 +5367,22 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
                 throw new CloudRuntimeException(msg);
             }
 
-            pif = PIF.getByUuid(conn, _host.storagePif1);
+            pif = PIF.getByUuid(conn, _host.publicPif);
             pifr = pif.getRecord(conn);
             if (pifr.IP != null && pifr.IP.length() > 0) {
-                cmd.setStorageIpAddress(pifr.IP);
-                cmd.setStorageMacAddress(pifr.MAC);
-                cmd.setStorageNetmask(pifr.netmask);
+                cmd.setPublicIpAddress(pifr.IP);
+                cmd.setPublicMacAddress(pifr.MAC);
+                cmd.setPublicNetmask(pifr.netmask);
+            }
+
+            if (_host.storagePif1 != null) {
+                pif = PIF.getByUuid(conn, _host.storagePif1);
+                pifr = pif.getRecord(conn);
+                if (pifr.IP != null && pifr.IP.length() > 0) {
+                    cmd.setStorageIpAddress(pifr.IP);
+                    cmd.setStorageMacAddress(pifr.MAC);
+                    cmd.setStorageNetmask(pifr.netmask);
+                }
             }
 
             if (_host.storagePif2 != null) {

From 3133f8bf9bfc64daeb913dab8ac86efb5ad12640 Mon Sep 17 00:00:00 2001
From: Jessica Wang <jessica.wang@citrix.com>
Date: Fri, 20 Jul 2012 12:59:26 -0700
Subject: [PATCH 2/5] cloudstack 3.0 UI - VPN Customer Gateway - Create VPN
 Connection action - if selected VPC does not have a VPN gateway, action won't
 proceed.

---
 ui/scripts/network.js | 44 ++++++++++++++++++++++---------------------
 1 file changed, 23 insertions(+), 21 deletions(-)

diff --git a/ui/scripts/network.js b/ui/scripts/network.js
index 98ac793ddf6..ed122194b36 100644
--- a/ui/scripts/network.js
+++ b/ui/scripts/network.js
@@ -3962,7 +3962,7 @@
                   }
                 },
                 action: function(args) {								 
-									var vpngatewayid;
+									var vpngatewayid = null;
 									$.ajax({
 										url: createURL('listVpnGateways'),
 										data: {
@@ -3973,30 +3973,32 @@
 											var items = json.listvpngatewaysresponse.vpngateway;
 											if(items != null && items.length > 0) {
 												vpngatewayid = items[0].id;
-											}
-											else {
-											  cloudStack.dialog.notice({ message: 'The selected VPC does not have a VPN gateway. Please create a VPN gateway for the VPC first.' });
-												return;
-											}
+											}											
 										}
-									});																		
-                  $.ajax({
-                    url: createURL('createVpnConnection'),
-                    data: {
+									});		
+
+                  if(vpngatewayid == null) {									  
+										args.response.error('The selected VPC does not have a VPN gateway. Please create a VPN gateway for the VPC first.');
+										return;
+									}
+																	
+									$.ajax({
+										url: createURL('createVpnConnection'),
+										data: {
 											s2svpngatewayid: vpngatewayid,
 											s2scustomergatewayid: args.context.vpnCustomerGateway[0].id
 										},                    
-                    success: function(json) {
-                      var jid = json.createvpnconnectionresponse.jobid; 
-                      args.response.success(
-                        {_custom:
-                          {
-													  jobId: jid
-                          }
-                        }
-                      );
-                    }
-                  });
+										success: function(json) {
+											var jid = json.createvpnconnectionresponse.jobid; 
+											args.response.success(
+												{_custom:
+													{
+														jobId: jid
+													}
+												}
+											);
+										}
+									});									
                 },
                 notification: {
                   poll: pollAsyncJobResult

From c0fb2fece9a93e40654d0de76603d8a535b20dde Mon Sep 17 00:00:00 2001
From: Alena Prokharchyk <alena.prokharchyk@citrix.com>
Date: Fri, 20 Jul 2012 13:24:25 -0700
Subject: [PATCH 3/5] VPC: CS-15638: Plug nic for the public ip address if the
 ip address from the diff vlan range than sourceNat ip

---
 .../src/com/cloud/network/NetworkManager.java |  10 +-
 .../com/cloud/network/NetworkManagerImpl.java |  64 +++--
 .../network/element/VirtualRouterElement.java |   2 +-
 .../element/VpcVirtualRouterElement.java      |   2 +-
 .../network/firewall/FirewallManagerImpl.java |  11 +-
 .../lb/LoadBalancingRulesManagerImpl.java     |  20 +-
 .../VirtualNetworkApplianceManager.java       |   2 +-
 .../VirtualNetworkApplianceManagerImpl.java   |   2 +-
 ...VpcVirtualNetworkApplianceManagerImpl.java | 246 ++++++++----------
 .../cloud/network/rules/RulesManagerImpl.java |  39 +--
 .../src/com/cloud/network/vpc/VpcManager.java |   1 +
 .../com/cloud/network/vpc/VpcManagerImpl.java |   9 +-
 .../cloud/vm/VirtualMachineManagerImpl.java   |   2 +-
 server/src/com/cloud/vm/dao/NicDao.java       |   2 +
 server/src/com/cloud/vm/dao/NicDaoImpl.java   |  10 +-
 .../cloud/network/MockNetworkManagerImpl.java |   2 +-
 16 files changed, 200 insertions(+), 224 deletions(-)

diff --git a/server/src/com/cloud/network/NetworkManager.java b/server/src/com/cloud/network/NetworkManager.java
index d15bdd4fc5d..1c666b0aa7b 100755
--- a/server/src/com/cloud/network/NetworkManager.java
+++ b/server/src/com/cloud/network/NetworkManager.java
@@ -404,8 +404,9 @@ public interface NetworkManager extends NetworkService {
 
     /**
      * @param ipId
+     * @param networkId TODO
      */
-    void unassignIPFromVpcNetwork(long ipId);
+    void unassignIPFromVpcNetwork(long ipId, long networkId);
 
 
     /**
@@ -468,4 +469,11 @@ public interface NetworkManager extends NetworkService {
 
     PublicIp assignVpnGatewayIpAddress(long dcId, Account owner, long vpcId) throws InsufficientAddressCapacityException, ConcurrentOperationException;
 
+
+    /**
+     * @param ip
+     * @return
+     */
+    boolean ipUsedInVpc(IpAddress ip);
+
 }
diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java
index 3a05f215360..7f2303dec19 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -2415,20 +2415,21 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
 
         boolean success = disassociatePublicIpAddress(ipAddressId, userId, caller);
 
-        Long networkId = ipVO.getAssociatedWithNetworkId();
-        if (success && networkId != null) {
-            Network guestNetwork = getNetwork(networkId);
-            NetworkOffering offering = _configMgr.getNetworkOffering(guestNetwork.getNetworkOfferingId());
-            Long vmId = ipVO.getAssociatedWithVmId();
-            if (offering.getElasticIp() && vmId != null) {
-                _rulesMgr.getSystemIpAndEnableStaticNatForVm(_userVmDao.findById(vmId), true);
-                return true;
+        if (success) {
+            Long networkId = ipVO.getAssociatedWithNetworkId();
+            if (networkId != null) {
+                Network guestNetwork = getNetwork(networkId);
+                NetworkOffering offering = _configMgr.getNetworkOffering(guestNetwork.getNetworkOfferingId());
+                Long vmId = ipVO.getAssociatedWithVmId();
+                if (offering.getElasticIp() && vmId != null) {
+                    _rulesMgr.getSystemIpAndEnableStaticNatForVm(_userVmDao.findById(vmId), true);
+                    return true;
+                }
             }
-            return true;
         } else {
             s_logger.warn("Failed to release public ip address id=" + ipAddressId);
-            return false;
         }
+        return success;
     }
 
     @Deprecated
@@ -6046,7 +6047,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
                 IPAddressVO ip = markIpAsUnavailable(ipToRelease.getId());
                 assert (ip != null) : "Unable to mark the ip address id=" + ipToRelease.getId() + " as unavailable.";
             } else {
-                unassignIPFromVpcNetwork(ipToRelease.getId());
+                unassignIPFromVpcNetwork(ipToRelease.getId(), network.getId());
             }
         }
 
@@ -7246,17 +7247,43 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
     }
 
     @Override
-    public void unassignIPFromVpcNetwork(long ipId) {
+    public void unassignIPFromVpcNetwork(long ipId, long networkId) {
         IPAddressVO ip = _ipAddressDao.findById(ipId);
-        Long vpcId = ip.getVpcId();
-
-        if (vpcId == null) {
+        if (ipUsedInVpc(ip)) {
             return;
         }
+        
+        if (ip == null || ip.getVpcId() == null) {
+            return;
+        }
+        
+        s_logger.debug("Releasing VPC ip address " + ip + " from vpc network id=" + networkId);
 
-        ip.setAssociatedWithNetworkId(null);
-        _ipAddressDao.update(ipId, ip);
-        s_logger.debug("IP address " + ip + " is no longer associated with the network inside vpc id=" + vpcId);
+        long  vpcId = ip.getVpcId();
+        boolean success = false;
+        try {
+            //unassign ip from the VPC router
+            success = applyIpAssociations(getNetwork(networkId), true);
+        } catch (ResourceUnavailableException ex) {
+            throw new CloudRuntimeException("Failed to apply ip associations for network id=" + networkId + 
+                    " as a part of unassigning ip " + ipId + " from vpc", ex);
+        }
+
+        if (success) {
+            ip.setAssociatedWithNetworkId(null);
+            _ipAddressDao.update(ipId, ip);
+            s_logger.debug("IP address " + ip + " is no longer associated with the network inside vpc id=" + vpcId);
+        } else {
+            throw new CloudRuntimeException("Failed to apply ip associations for network id=" + networkId + 
+                    " as a part of unassigning ip " + ipId + " from vpc");
+        }
+        s_logger.debug("Successfully released VPC ip address " + ip + " back to VPC pool ");
+    }
+
+    @Override
+    public boolean ipUsedInVpc(IpAddress ip) {
+        return (ip != null && ip.getVpcId() != null && 
+                (ip.isOneToOneNat() || !_firewallDao.listByIp(ip.getId()).isEmpty()));
     }
 
     @Override @DB
@@ -7425,4 +7452,5 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         }
         return nic;
     }
+    
 }
diff --git a/server/src/com/cloud/network/element/VirtualRouterElement.java b/server/src/com/cloud/network/element/VirtualRouterElement.java
index db83767a2af..c7ccc4b343f 100755
--- a/server/src/com/cloud/network/element/VirtualRouterElement.java
+++ b/server/src/com/cloud/network/element/VirtualRouterElement.java
@@ -437,7 +437,7 @@ LoadBalancingServiceProvider, PortForwardingServiceProvider, RemoteAccessVPNServ
                 return true;
             }
 
-            return _routerMgr.associateIP(network, ipAddress, routers);
+            return _routerMgr.associatePublicIP(network, ipAddress, routers);
         } else {
             return false;
         }
diff --git a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
index ec97961f9eb..7e96658cbd1 100644
--- a/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
+++ b/server/src/com/cloud/network/element/VpcVirtualRouterElement.java
@@ -388,7 +388,7 @@ public class VpcVirtualRouterElement extends VirtualRouterElement implements Vpc
                 return true;
             }
 
-            return _vpcRouterMgr.associateIP(network, ipAddress, routers);
+            return _vpcRouterMgr.associatePublicIP(network, ipAddress, routers);
         } else {
             return false;
         }
diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
index ac15d60f0e9..f80cc578913 100644
--- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
+++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
@@ -456,22 +456,15 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma
         return success;
     }
 
-    @DB
     @Override
     public void removeRule(FirewallRule rule) {
 
-        Transaction txn = Transaction.currentTxn();
-        txn.start();
         //remove the rule
         _firewallDao.remove(rule.getId());
-
+        
         //if the rule is the last one for the ip address assigned to VPC, unassign it from the network
         IpAddress ip = _ipAddressDao.findById(rule.getSourceIpAddressId());
-        if (ip != null && ip.getVpcId() != null && _firewallDao.listByIp(ip.getId()).isEmpty()) {
-            _networkMgr.unassignIPFromVpcNetwork(ip.getId());
-        }
-
-        txn.commit();
+        _networkMgr.unassignIPFromVpcNetwork(ip.getId(), rule.getNetworkId());
     }
 
     @Override
diff --git a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
index e75cd0c01be..19ef4dd2ec1 100755
--- a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
+++ b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
@@ -787,12 +787,9 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
                 }
                 // release ip address if ipassoc was perfored
                 if (performedIpAssoc) {
-                    //if the rule is the last one for the ip address assigned to VPC, unassign it from the network
                     ipVO = _ipAddressDao.findById(ipVO.getId());
-                    if (ipVO != null && ipVO.getVpcId() != null && _firewallDao.listByIp(ipVO.getId()).isEmpty()) {
-                        s_logger.debug("Releasing VPC ip address " + ipVO + " as LB rule failed to create");
-                        _networkMgr.unassignIPFromVpcNetwork(ipVO.getId());
-                    }
+                    _networkMgr.unassignIPFromVpcNetwork(ipVO.getId(), lb.getNetworkId());
+                    
                 }
             }
         }
@@ -1356,17 +1353,14 @@ public class LoadBalancingRulesManagerImpl<Type> implements LoadBalancingRulesMa
         return _lbDao.findById(lbId);
     }
 
-    @DB
     protected void removeLBRule(LoadBalancerVO rule) {
-        Transaction txn = Transaction.currentTxn();
-        txn.start();
+        
+        //remove the rule
         _lbDao.remove(rule.getId());
+        
         //if the rule is the last one for the ip address assigned to VPC, unassign it from the network
         IpAddress ip = _ipAddressDao.findById(rule.getSourceIpAddressId());
-        if (ip != null && ip.getVpcId() != null && _firewallDao.listByIp(ip.getId()).isEmpty()) {
-            _networkMgr.unassignIPFromVpcNetwork(ip.getId());
-        }
-
-        txn.commit();
+        _networkMgr.unassignIPFromVpcNetwork(ip.getId(), rule.getNetworkId());
+        
     }
 }
diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManager.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManager.java
index f6d83c3f865..a8c9b3ffeae 100644
--- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManager.java
+++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManager.java
@@ -69,7 +69,7 @@ public interface VirtualNetworkApplianceManager extends Manager, VirtualNetworkA
 	boolean deleteRemoteAccessVpn(Network network, RemoteAccessVpn vpn, List<? extends VirtualRouter> routers) 
 	        throws ResourceUnavailableException;
     
-    boolean associateIP (Network network, final List<? extends PublicIpAddress> ipAddress, 
+    boolean associatePublicIP (Network network, final List<? extends PublicIpAddress> ipAddress, 
             List<? extends VirtualRouter> routers) throws ResourceUnavailableException;
     
     boolean applyFirewallRules(Network network, final List<? extends FirewallRule> rules, 
diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index 07d3395d0d2..43ca02663e7 100755
--- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -2844,7 +2844,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
     }
 
     @Override
-    public boolean associateIP(Network network, final List<? extends PublicIpAddress> ipAddress, List<? extends VirtualRouter> routers)
+    public boolean associatePublicIP(Network network, final List<? extends PublicIpAddress> ipAddress, List<? extends VirtualRouter> routers)
             throws ResourceUnavailableException {
         if (ipAddress == null || ipAddress.isEmpty()) {
             s_logger.debug("No ip association rules to be applied for network " + network.getId());
diff --git a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
index 95911b12d90..65f138edafe 100644
--- a/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
+++ b/server/src/com/cloud/network/router/VpcVirtualNetworkApplianceManagerImpl.java
@@ -77,6 +77,7 @@ import com.cloud.network.VirtualRouterProvider;
 import com.cloud.network.VirtualRouterProvider.VirtualRouterProviderType;
 import com.cloud.network.VpcVirtualNetworkApplianceService;
 import com.cloud.network.addr.PublicIp;
+import com.cloud.network.dao.FirewallRulesDao;
 import com.cloud.network.dao.IPAddressDao;
 import com.cloud.network.dao.PhysicalNetworkDao;
 import com.cloud.network.dao.Site2SiteVpnGatewayDao;
@@ -140,6 +141,8 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian
     IPAddressDao _ipAddrDao;
     @Inject
     Site2SiteVpnGatewayDao _vpnGatewayDao;
+    @Inject
+    FirewallRulesDao _firewallDao;
     
     @Override
     public List<DomainRouterVO> deployVirtualRouterInVpc(Vpc vpc, DeployDestination dest, Account owner, 
@@ -290,108 +293,6 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian
         return result;
     }
     
-    protected boolean addPublicIpToVpc(VirtualRouter router, Network publicNetwork, PublicIp ipAddress) 
-            throws ConcurrentOperationException,ResourceUnavailableException, InsufficientCapacityException {
-        
-        if (publicNetwork.getTrafficType() != TrafficType.Public) {
-            s_logger.warn("Network " + publicNetwork + " is not of type " + TrafficType.Public);
-            return false;
-        }
-        
-        //Add router to the Public network
-        boolean result = true;
-        try {
-            NicProfile defaultNic = new NicProfile();
-            if (ipAddress.isSourceNat()) {
-                defaultNic.setDefaultNic(true);
-            }
-            defaultNic.setIp4Address(ipAddress.getAddress().addr());
-            defaultNic.setGateway(ipAddress.getGateway());
-            defaultNic.setNetmask(ipAddress.getNetmask());
-            defaultNic.setMacAddress(ipAddress.getMacAddress());
-            defaultNic.setBroadcastType(BroadcastDomainType.Vlan);
-            defaultNic.setBroadcastUri(BroadcastDomainType.Vlan.toUri(ipAddress.getVlanTag()));
-            defaultNic.setIsolationUri(IsolationType.Vlan.toUri(ipAddress.getVlanTag()));
-            
-            NicProfile publicNic = _itMgr.addVmToNetwork(router, publicNetwork, defaultNic);
-            //setup public network
-            if (publicNic != null) {
-                if (ipAddress.isSourceNat()) {
-                    if (router.getPublicIpAddress() == null) {
-                        DomainRouterVO routerVO = _routerDao.findById(router.getId());
-                        routerVO.setPublicIpAddress(ipAddress.getAddress().toString());
-                        routerVO.setPublicNetmask(ipAddress.getNetmask());
-                        routerVO.setPublicMacAddress(ipAddress.getMacAddress());
-                        _routerDao.update(routerVO.getId(), routerVO);
-                    }
-                }
-                publicNic.setDefaultNic(true);
-                if (ipAddress != null) {
-                    IPAddressVO ipVO = _ipAddressDao.findById(ipAddress.getId());
-                    PublicIp publicIp = new PublicIp(ipVO, _vlanDao.findById(ipVO.getVlanId()), 
-                            NetUtils.createSequenceBasedMacAddress(ipVO.getMacAddress()));
-                    result = associtePublicIpInVpc(publicNetwork, router, false, publicIp);
-                }
-            } else {
-                result = false;
-                s_logger.warn("Failed to add public ip " + ipAddress + " to VPC router " + router);
-            }
-        } catch (Exception ex) {
-            s_logger.warn("Failed to add ip address " + ipAddress + " from the public network " + publicNetwork + 
-                    " to VPC router " + router + " due to ", ex);
-            result = false;
-        }
-        
-        return result;
-    }
-    
-    
-    protected boolean removePublicIpFromVpcRouter(VirtualRouter router, Network publicNetwork, PublicIp ipAddress) 
-            throws ConcurrentOperationException, ResourceUnavailableException {
-        
-        if (publicNetwork.getTrafficType() != TrafficType.Public) {
-            s_logger.warn("Network " + publicNetwork + " is not of type " + TrafficType.Public);
-            return false;
-        }
-                        
-        boolean result = true;
-        IPAddressVO ipVO = _ipAddressDao.findById(ipAddress.getId());
-        _networkMgr.markIpAsUnavailable(ipVO.getId());
-        PublicIp publicIp = new PublicIp(ipVO, _vlanDao.findById(ipVO.getVlanId()), 
-                NetUtils.createSequenceBasedMacAddress(ipVO.getMacAddress()));
-        result = associtePublicIpInVpc(publicNetwork, router, false, publicIp);
-        
-        if (!result) {
-            s_logger.warn("Failed to disassociate public ip " + ipAddress  + " from router " + router);
-            return false;
-        }
-        
-        URI broadcastUri = BroadcastDomainType.Vlan.toUri(ipAddress.getVlanTag());
-        if (_itMgr.removeVmFromNetwork(router, publicNetwork, broadcastUri)) {
-            s_logger.debug("Successfully removed router " + router + " from vlan " + ipAddress.getVlanTag() +" of public network " + publicNetwork);
-            return true;
-        } else {
-            s_logger.warn("Failed to remove router " + router + " from vlan " + ipAddress.getVlanTag() +" of public network " + publicNetwork);
-            return false;
-        }
-    }
-    
-    protected boolean associtePublicIpInVpc(Network network, VirtualRouter router, boolean add, PublicIp ipAddress) 
-            throws ConcurrentOperationException, ResourceUnavailableException{
-        
-        List<PublicIp> publicIps = new ArrayList<PublicIp>(1);
-        publicIps.add(ipAddress);
-        Commands cmds = new Commands(OnError.Stop);
-        createVpcAssociatePublicIPCommands(router, publicIps, cmds);
-        
-        if (sendCommandsToRouter(router, cmds)) {
-            s_logger.debug("Successfully applied ip association for ip " + ipAddress + " in vpc network " + network);
-            return true;
-        } else {
-            s_logger.warn("Failed to associate ip address " + ipAddress + " in vpc network " + network);
-            return false;
-        }
-    }
     
     protected DomainRouterVO deployVpcRouter(Account owner, DeployDestination dest, DeploymentPlan plan, Map<Param, Object> params,
             boolean isRedundant, VirtualRouterProvider vrProvider, long svcOffId,
@@ -614,64 +515,107 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian
     }
 
     protected NicTO getNicTO(final VirtualRouter router, Long guestNetworkId) {
-        VirtualMachine vm = _vmDao.findById(router.getId());
         NicProfile nicProfile = _networkMgr.getNicProfile(router, guestNetworkId);
         
         return _itMgr.toNicTO(nicProfile, router.getHypervisorType());
     }
     
     @Override
-    public boolean associateIP(Network network, final List<? extends PublicIpAddress> ipAddress, List<? extends VirtualRouter> routers)
+    public boolean associatePublicIP(Network network, final List<? extends PublicIpAddress> ipAddress,
+            List<? extends VirtualRouter> routers)
             throws ResourceUnavailableException {
         if (ipAddress == null || ipAddress.isEmpty()) {
             s_logger.debug("No ip association rules to be applied for network " + network.getId());
             return true;
         }
         
-        //1) check which nics need to be plugged and plug them
+        //only one router is supported in VPC now
+        VirtualRouter router = routers.get(0);
+        
+        //1) check which nics need to be plugged/unplugged and plug/unplug them
+        Map<String, PublicIpAddress> nicsToPlug = new HashMap<String, PublicIpAddress>();
+        Map<String, PublicIpAddress> nicsToUnPlug = new HashMap<String, PublicIpAddress>();
+        
+        //find out nics to unplug
         for (PublicIpAddress ip : ipAddress) {
-            for (VirtualRouter router : routers) {
-                URI broadcastUri = BroadcastDomainType.Vlan.toUri(ip.getVlanTag());
-                Nic nic = _nicDao.findByInstanceIdNetworkIdAndBroadcastUri(network.getId(), router.getId(), 
-                        broadcastUri.toString());
+            long publicNtwkId = ip.getNetworkId();
+            
+            //if ip is not associated to any network, and there are no firewall rules, release it on the backend
+            if (!_networkMgr.ipUsedInVpc(ip)) {
+                ip.setState(IpAddress.State.Releasing);
+            }
+                         
+            if (ip.getState() == IpAddress.State.Releasing) {
+                Nic nic = _nicDao.findByIp4AddressAndNetworkIdAndInstanceId(publicNtwkId, router.getId(), ip.getAddress().addr());
                 if (nic != null) {
-                    //have to plug the nic(s)
-                    NicProfile defaultNic = new NicProfile();
-                    if (ip.isSourceNat()) {
-                        defaultNic.setDefaultNic(true);
-                    }
-                    defaultNic.setIp4Address(ip.getAddress().addr());
-                    defaultNic.setGateway(ip.getGateway());
-                    defaultNic.setNetmask(ip.getNetmask());
-                    defaultNic.setMacAddress(ip.getMacAddress());
-                    defaultNic.setBroadcastType(BroadcastDomainType.Vlan);
-                    defaultNic.setBroadcastUri(BroadcastDomainType.Vlan.toUri(ip.getVlanTag()));
-                    defaultNic.setIsolationUri(IsolationType.Vlan.toUri(ip.getVlanTag()));
-                    
-                    NicProfile publicNic = null;
-                    Network publicNtwk = null;
-                    try {
-                        publicNtwk = _networkMgr.getNetwork(ip.getNetworkId());
-                        publicNic = _itMgr.addVmToNetwork(router, publicNtwk, defaultNic);
-                    } catch (ConcurrentOperationException e) {
-                        s_logger.warn("Failed to add router " + router + " to vlan " + ip.getVlanTag() + 
-                                " in public network " + publicNtwk + " due to ", e);
-                    } catch (InsufficientCapacityException e) {
-                        s_logger.warn("Failed to add router " + router + " to vlan " + ip.getVlanTag() + 
-                                " in public network " + publicNtwk + " due to ", e);
-                    } finally {
-                        if (publicNic == null) {
-                            s_logger.warn("Failed to add router " + router + " to vlan " + ip.getVlanTag() + 
-                                    " in public network " + publicNtwk);
-                            return false;
-                        }
-                    }
+                    nicsToUnPlug.put(ip.getVlanTag(), ip);
+                    s_logger.debug("Need to unplug the nic for ip=" + ip + "; vlan=" + ip.getVlanTag() + 
+                            " in public network id =" + publicNtwkId);
                 }
             }
         }
         
-        //2) apply the ips
-        return applyRules(network, routers, "vpc ip association", false, null, false, new RuleApplier() {
+        //find out nics to plug
+        for (PublicIpAddress ip : ipAddress) {
+            URI broadcastUri = BroadcastDomainType.Vlan.toUri(ip.getVlanTag());
+            long publicNtwkId = ip.getNetworkId();
+            
+            //if ip is not associated to any network, and there are no firewall rules, release it on the backend
+            if (!_networkMgr.ipUsedInVpc(ip)) {
+                ip.setState(IpAddress.State.Releasing);
+            }
+                         
+            if (ip.getState() == IpAddress.State.Allocated || ip.getState() == IpAddress.State.Allocating) {
+                //nic has to be plugged only when there are no nics for this vlan tag exist on VR
+                Nic nic = _nicDao.findByInstanceIdNetworkIdAndBroadcastUri(publicNtwkId, router.getId(), 
+                        broadcastUri.toString());
+                
+                if ((nic == null && nicsToPlug.get(ip.getVlanTag()) == null) || nicsToUnPlug.get(ip.getVlanTag()) != null) {
+                    nicsToPlug.put(ip.getVlanTag(), ip);
+                    s_logger.debug("Need to plug the nic for ip=" + ip + "; vlan=" + ip.getVlanTag() + 
+                            " in public network id =" + publicNtwkId);
+                }
+            }
+        }
+        
+        //2) Plug the nics
+        for (String vlanTag : nicsToPlug.keySet()) {
+            PublicIpAddress ip = nicsToPlug.get(vlanTag);
+            //have to plug the nic(s)
+            NicProfile defaultNic = new NicProfile();
+            if (ip.isSourceNat()) {
+                defaultNic.setDefaultNic(true);
+            }
+            defaultNic.setIp4Address(ip.getAddress().addr());
+            defaultNic.setGateway(ip.getGateway());
+            defaultNic.setNetmask(ip.getNetmask());
+            defaultNic.setMacAddress(ip.getMacAddress());
+            defaultNic.setBroadcastType(BroadcastDomainType.Vlan);
+            defaultNic.setBroadcastUri(BroadcastDomainType.Vlan.toUri(ip.getVlanTag()));
+            defaultNic.setIsolationUri(IsolationType.Vlan.toUri(ip.getVlanTag()));
+            
+            NicProfile publicNic = null;
+            Network publicNtwk = null;
+            try {
+                publicNtwk = _networkMgr.getNetwork(ip.getNetworkId());
+                publicNic = _itMgr.addVmToNetwork(router, publicNtwk, defaultNic);
+            } catch (ConcurrentOperationException e) {
+                s_logger.warn("Failed to add router " + router + " to vlan " + vlanTag + 
+                        " in public network " + publicNtwk + " due to ", e);
+            } catch (InsufficientCapacityException e) {
+                s_logger.warn("Failed to add router " + router + " to vlan " + vlanTag + 
+                        " in public network " + publicNtwk + " due to ", e);
+            } finally {
+                if (publicNic == null) {
+                    s_logger.warn("Failed to add router " + router + " to vlan " + vlanTag + 
+                            " in public network " + publicNtwk);
+                    return false;
+                }
+            }
+        }
+        
+        //3) apply the ips
+        boolean result = applyRules(network, routers, "vpc ip association", false, null, false, new RuleApplier() {
             @Override
             public boolean execute(Network network, VirtualRouter router) throws ResourceUnavailableException {
                 Commands cmds = new Commands(OnError.Continue);
@@ -679,6 +623,22 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian
                 return sendCommandsToRouter(router, cmds);
             }
         });
+        
+        //4) Unplug the nics
+        for (String vlanTag : nicsToUnPlug.keySet()) {
+            Network publicNtwk = null;
+            try {
+                publicNtwk = _networkMgr.getNetwork(nicsToUnPlug.get(vlanTag).getNetworkId());
+                URI broadcastUri = BroadcastDomainType.Vlan.toUri(vlanTag);
+                _itMgr.removeVmFromNetwork(router, publicNtwk, broadcastUri);
+            } catch (ConcurrentOperationException e) {
+                s_logger.warn("Failed to remove router " + router + " from vlan " + vlanTag + 
+                        " in public network " + publicNtwk + " due to ", e);
+                return false;
+            }
+        }
+        
+        return result;
     }
     
     
@@ -980,7 +940,7 @@ public class VpcVirtualNetworkApplianceManagerImpl extends VirtualNetworkApplian
      * @param add
      * @param privateNic
      * @return
-     * @throws ResourceUnavailableException TODO
+     * @throws ResourceUnavailableException
      */
     protected boolean setupVpcPrivateNetwork(VirtualRouter router, boolean add, NicProfile privateNic) 
             throws ResourceUnavailableException {
diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java
index 47308ec0e33..3ba4cabc7ea 100755
--- a/server/src/com/cloud/network/rules/RulesManagerImpl.java
+++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java
@@ -292,14 +292,9 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
             if (performedIpAssoc) {
                 //if the rule is the last one for the ip address assigned to VPC, unassign it from the network
                 IpAddress ip = _ipAddressDao.findById(ipAddress.getId());
-                if (ip != null && ip.getVpcId() != null && _firewallDao.listByIp(ip.getId()).isEmpty()) {
-                    s_logger.debug("Releasing VPC ip address " + ip + " as PF rule failed to create");
-                    _networkMgr.unassignIPFromVpcNetwork(ip.getId());
-                }
+                _networkMgr.unassignIPFromVpcNetwork(ip.getId(), networkId);  
             }
         }
-
-
     }
 
     @Override
@@ -381,7 +376,6 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
     }
 
     @Override
-    @DB
     public boolean enableStaticNat(long ipId, long vmId, long networkId, boolean isSystemVm) 
             throws NetworkRuleConflictException, ResourceUnavailableException {
         UserContext ctx = UserContext.current();
@@ -476,20 +470,15 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
             }
         } finally {
             if (!result) {
-                Transaction txn = Transaction.currentTxn();
-                txn.start();
                 ipAddress.setOneToOneNat(false);
                 ipAddress.setAssociatedWithVmId(null);
-                _ipAddressDao.update(ipAddress.getId(), ipAddress);
+                _ipAddressDao.update(ipAddress.getId(), ipAddress);  
+                
                 if (performedIpAssoc) {
                     //if the rule is the last one for the ip address assigned to VPC, unassign it from the network
                     IpAddress ip = _ipAddressDao.findById(ipAddress.getId());
-                    if (ip != null && ip.getVpcId() != null && _firewallDao.listByIp(ip.getId()).isEmpty()) {
-                        s_logger.debug("Releasing VPC ip address " + ip + " as PF rule failed to create");
-                        _networkMgr.unassignIPFromVpcNetwork(ip.getId());
-                    }
-                } 
-                txn.commit();
+                    _networkMgr.unassignIPFromVpcNetwork(ip.getId(), networkId);
+                }
             }
         }
         return result;
@@ -1202,12 +1191,12 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
     }
 
     @Override
-    @DB
     public boolean disableStaticNat(long ipId, Account caller, long callerUserId, boolean releaseIpIfElastic) throws ResourceUnavailableException {
         boolean success = true;
 
         IPAddressVO ipAddress = _ipAddressDao.findById(ipId);
         checkIpAndUserVm(ipAddress, null, caller);
+        long networkId = ipAddress.getAssociatedWithNetworkId();
 
         if (!ipAddress.isOneToOneNat()) {
             List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
@@ -1233,8 +1222,6 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
         }
 
         if (success) {
-            Transaction txn = Transaction.currentTxn();
-            txn.start();
             boolean isIpSystem = ipAddress.getSystem();
             ipAddress.setOneToOneNat(false);
             ipAddress.setAssociatedWithVmId(null);
@@ -1242,8 +1229,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
                 ipAddress.setSystem(false);
             }
             _ipAddressDao.update(ipAddress.getId(), ipAddress);
-            _networkMgr.unassignIPFromVpcNetwork(ipAddress.getId());
-            txn.commit();
+            _networkMgr.unassignIPFromVpcNetwork(ipAddress.getId(), networkId);
 
             if (isIpSystem && releaseIpIfElastic && !_networkMgr.handleSystemIpRelease(ipAddress)) {
                 s_logger.warn("Failed to release system ip address " + ipAddress);
@@ -1394,17 +1380,12 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
         }
     }
 
-    @DB
     protected void removePFRule(PortForwardingRuleVO rule) {
-        Transaction txn = Transaction.currentTxn();
-        txn.start();
+        
         _portForwardingDao.remove(rule.getId());
+        
         //if the rule is the last one for the ip address assigned to VPC, unassign it from the network
         IpAddress ip = _ipAddressDao.findById(rule.getSourceIpAddressId());
-        if (ip != null && ip.getVpcId() != null && _firewallDao.listByIp(ip.getId()).isEmpty()) {
-            _networkMgr.unassignIPFromVpcNetwork(ip.getId());
-        }
-
-        txn.commit();
+        _networkMgr.unassignIPFromVpcNetwork(ip.getId(), rule.getNetworkId());   
     }
 }
diff --git a/server/src/com/cloud/network/vpc/VpcManager.java b/server/src/com/cloud/network/vpc/VpcManager.java
index 2c1fcb51022..f6aa6ee7773 100644
--- a/server/src/com/cloud/network/vpc/VpcManager.java
+++ b/server/src/com/cloud/network/vpc/VpcManager.java
@@ -18,6 +18,7 @@ import java.util.Set;
 
 import com.cloud.exception.ConcurrentOperationException;
 import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.IpAddress;
 import com.cloud.network.Network.Provider;
 import com.cloud.network.Network.Service;
 import com.cloud.network.element.VpcProvider;
diff --git a/server/src/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/com/cloud/network/vpc/VpcManagerImpl.java
index d1557a158ff..201f24328d8 100644
--- a/server/src/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/com/cloud/network/vpc/VpcManagerImpl.java
@@ -45,6 +45,7 @@ import com.cloud.exception.ResourceAllocationException;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.exception.UnsupportedServiceException;
 import com.cloud.network.IPAddressVO;
+import com.cloud.network.IpAddress;
 import com.cloud.network.Network;
 import com.cloud.network.Network.GuestType;
 import com.cloud.network.Network.Provider;
@@ -54,13 +55,10 @@ import com.cloud.network.NetworkVO;
 import com.cloud.network.Networks.BroadcastDomainType;
 import com.cloud.network.Networks.TrafficType;
 import com.cloud.network.PhysicalNetwork;
-import com.cloud.network.Site2SiteVpnGateway;
-import com.cloud.network.addr.PublicIp;
+import com.cloud.network.dao.FirewallRulesDao;
 import com.cloud.network.dao.IPAddressDao;
 import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.dao.PhysicalNetworkDao;
-import com.cloud.network.dao.Site2SiteVpnConnectionDao;
-import com.cloud.network.dao.Site2SiteVpnGatewayDao;
 import com.cloud.network.element.VpcProvider;
 import com.cloud.network.vpc.VpcOffering.State;
 import com.cloud.network.vpc.Dao.PrivateIpDao;
@@ -148,6 +146,8 @@ public class VpcManagerImpl implements VpcManager, Manager{
     ResourceTagDao _resourceTagDao;
     @Inject
     Site2SiteVpnManager _s2sVpnMgr;
+    @Inject
+    FirewallRulesDao _firewallDao;
 
     private final ScheduledExecutorService _executor = Executors.newScheduledThreadPool(1, new NamedThreadFactory("VpcChecker"));
 
@@ -1672,4 +1672,5 @@ public class VpcManagerImpl implements VpcManager, Manager{
     public VpcGateway getPrivateGatewayForVpc(long vpcId) {
         return _vpcGatewayDao.getPrivateGatewayForVpc(vpcId);
     }
+    
 }
diff --git a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java
index 4ea9f4e8672..dc6f00b0973 100755
--- a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java
+++ b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java
@@ -2527,7 +2527,7 @@ public class VirtualMachineManagerImpl implements VirtualMachineManager, Listene
         Nic nic = null;
         
         if (broadcastUri != null) {
-            nic = _nicsDao.findByInstanceIdNetworkIdAndBroadcastUri(network.getId(), vm.getId(), broadcastUri.getHost());
+            nic = _nicsDao.findByInstanceIdNetworkIdAndBroadcastUri(network.getId(), vm.getId(), broadcastUri.toString());
         } else {
             nic = _networkMgr.getNicInNetwork(vm.getId(), network.getId());
         }
diff --git a/server/src/com/cloud/vm/dao/NicDao.java b/server/src/com/cloud/vm/dao/NicDao.java
index 3dca809e3e9..367ad9153f8 100644
--- a/server/src/com/cloud/vm/dao/NicDao.java
+++ b/server/src/com/cloud/vm/dao/NicDao.java
@@ -50,4 +50,6 @@ public interface NicDao extends GenericDao<NicVO, Long> {
     int countNics(long instanceId);
     
     NicVO findByInstanceIdNetworkIdAndBroadcastUri(long networkId, long instanceId, String broadcastUri);
+    
+    NicVO findByIp4AddressAndNetworkIdAndInstanceId(long networkId, long instanceId, String ip4Address);
 }
diff --git a/server/src/com/cloud/vm/dao/NicDaoImpl.java b/server/src/com/cloud/vm/dao/NicDaoImpl.java
index 77f54ce81cd..0adab2c3e56 100644
--- a/server/src/com/cloud/vm/dao/NicDaoImpl.java
+++ b/server/src/com/cloud/vm/dao/NicDaoImpl.java
@@ -176,5 +176,13 @@ public class NicDaoImpl extends GenericDaoBase<NicVO, Long> implements NicDao {
         sc.setParameters("broadcastUri", broadcastUri);
         return findOneBy(sc);
     }
-
+    
+    @Override
+    public NicVO findByIp4AddressAndNetworkIdAndInstanceId(long networkId, long instanceId, String ip4Address) {
+        SearchCriteria<NicVO> sc = AllFieldsSearch.create();
+        sc.setParameters("network", networkId);
+        sc.setParameters("instance", instanceId);
+        sc.setParameters("address", ip4Address);
+        return findOneBy(sc);
+    }
 }
diff --git a/server/test/com/cloud/network/MockNetworkManagerImpl.java b/server/test/com/cloud/network/MockNetworkManagerImpl.java
index 98f0333ac09..9a8bf895638 100755
--- a/server/test/com/cloud/network/MockNetworkManagerImpl.java
+++ b/server/test/com/cloud/network/MockNetworkManagerImpl.java
@@ -956,7 +956,7 @@ public class MockNetworkManagerImpl implements NetworkManager, Manager, NetworkS
      * @see com.cloud.network.NetworkManager#unassignIPFromVpcNetwork(long)
      */
     @Override
-    public void unassignIPFromVpcNetwork(long ipId) {
+    public void unassignIPFromVpcNetwork(long ipId, long networkId) {
         // TODO Auto-generated method stub
         
     }

From aa6ee7c506f18690afc71a4af4b49a9329f81f54 Mon Sep 17 00:00:00 2001
From: Alena Prokharchyk <alena.prokharchyk@citrix.com>
Date: Fri, 20 Jul 2012 14:08:00 -0700
Subject: [PATCH 4/5] VPC: one more fix for multiple public nic case for the
 VPC VR

---
 server/src/com/cloud/network/NetworkManager.java          | 4 ++--
 server/src/com/cloud/network/NetworkManagerImpl.java      | 5 ++---
 server/src/com/cloud/vm/VirtualMachineManagerImpl.java    | 2 +-
 server/test/com/cloud/network/MockNetworkManagerImpl.java | 2 +-
 4 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/server/src/com/cloud/network/NetworkManager.java b/server/src/com/cloud/network/NetworkManager.java
index 1c666b0aa7b..5fd931a44e1 100755
--- a/server/src/com/cloud/network/NetworkManager.java
+++ b/server/src/com/cloud/network/NetworkManager.java
@@ -380,9 +380,9 @@ public interface NetworkManager extends NetworkService {
 
     /**
      * @param vm
-     * @param network
+     * @param nic TODO
      */
-    void removeNic(VirtualMachineProfile<? extends VMInstanceVO> vm, Network network);
+    void removeNic(VirtualMachineProfile<? extends VMInstanceVO> vm, Nic nic);
 
 
     /**
diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java
index 7f2303dec19..bfaa9c4a0a9 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -2502,9 +2502,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
     }
 
     @Override
-    public void removeNic(VirtualMachineProfile<? extends VMInstanceVO> vm, Network network) {
-        NicVO nic = _nicDao.findByInstanceIdAndNetworkId(network.getId(), vm.getVirtualMachine().getId());
-        removeNic(vm, nic);
+    public void removeNic(VirtualMachineProfile<? extends VMInstanceVO> vm, Nic nic) {
+        removeNic(vm, _nicDao.findById(nic.getId()));
     }
 
     protected void removeNic(VirtualMachineProfile<? extends VMInstanceVO> vm, NicVO nic) {
diff --git a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java
index dc6f00b0973..317cb10a23f 100755
--- a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java
+++ b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java
@@ -2553,7 +2553,7 @@ public class VirtualMachineManagerImpl implements VirtualMachineManager, Listene
         s_logger.debug("Successfully released nic " + nic +  "for vm " + vm);
         
         //3) Remove the nic
-        _networkMgr.removeNic(vmProfile, network);
+        _networkMgr.removeNic(vmProfile, nic);
         return result;
     }
    
diff --git a/server/test/com/cloud/network/MockNetworkManagerImpl.java b/server/test/com/cloud/network/MockNetworkManagerImpl.java
index 9a8bf895638..b500e0ccbb5 100755
--- a/server/test/com/cloud/network/MockNetworkManagerImpl.java
+++ b/server/test/com/cloud/network/MockNetworkManagerImpl.java
@@ -938,7 +938,7 @@ public class MockNetworkManagerImpl implements NetworkManager, Manager, NetworkS
      * @see com.cloud.network.NetworkManager#removeNic(com.cloud.vm.VirtualMachineProfile, com.cloud.network.Network)
      */
     @Override
-    public void removeNic(VirtualMachineProfile<? extends VMInstanceVO> vm, Network network) {
+    public void removeNic(VirtualMachineProfile<? extends VMInstanceVO> vm, Nic nic) {
         // TODO Auto-generated method stub
         
     }

From 04ed3884d008870abb92972752c2826d8d35ac1c Mon Sep 17 00:00:00 2001
From: Alena Prokharchyk <alena.prokharchyk@citrix.com>
Date: Fri, 20 Jul 2012 14:35:39 -0700
Subject: [PATCH 5/5] CS-15622: always get router info from the DB

---
 .../router/VirtualNetworkApplianceManagerImpl.java        | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index 43ca02663e7..1d82ba4913a 100755
--- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -2610,11 +2610,11 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
             LoadBalancerTO lb = new LoadBalancerTO(srcIp, srcPort, protocol, algorithm, revoked, false, destinations, stickinessPolicies);
             lbs[i++] = lb;
         }
-        String RouterPublicIp = null;
+        String routerPublicIp = null;
 
         if (router instanceof DomainRouterVO) {
-            DomainRouterVO domr = (DomainRouterVO)router;
-            RouterPublicIp = domr.getPublicIpAddress();
+            DomainRouterVO domr = _routerDao.findById(router.getId());
+            routerPublicIp = domr.getPublicIpAddress();
         }
         
         Network guestNetwork = _networkMgr.getNetwork(guestNetworkId);
@@ -2624,7 +2624,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
                 _networkMgr.isSecurityGroupSupportedInNetwork(guestNetwork), 
                 _networkMgr.getNetworkTag(router.getHypervisorType(), guestNetwork));
 
-        LoadBalancerConfigCommand cmd = new LoadBalancerConfigCommand(lbs,RouterPublicIp, 
+        LoadBalancerConfigCommand cmd = new LoadBalancerConfigCommand(lbs,routerPublicIp, 
                 getRouterIpInNetwork(guestNetworkId, router.getId()),router.getPrivateIpAddress(), 
                 _itMgr.toNicTO(nicProfile, router.getHypervisorType()), router.getVpcId());