From 327b4833cef42fa876c556d754466ecdc39fb39e Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Fri, 10 Aug 2012 16:11:58 -0700 Subject: [PATCH] S2S VPN: CS-15947: Add global config for S2S VPN VPN connection counts limitation And subnets limitation for each customer gateway Conflicts: server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java --- .../src/com/cloud/configuration/Config.java | 3 +++ .../network/vpn/Site2SiteVpnManagerImpl.java | 21 ++++++++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java index 116af37e789..5ee66ffc7b2 100755 --- a/server/src/com/cloud/configuration/Config.java +++ b/server/src/com/cloud/configuration/Config.java @@ -26,6 +26,7 @@ import com.cloud.ha.HighAvailabilityManager; import com.cloud.hypervisor.Hypervisor.HypervisorType; import com.cloud.network.NetworkManager; import com.cloud.network.router.VpcVirtualNetworkApplianceManager; +import com.cloud.network.vpn.Site2SiteVpnManager; import com.cloud.server.ManagementServer; import com.cloud.storage.StorageManager; import com.cloud.storage.allocator.StoragePoolAllocator; @@ -109,6 +110,8 @@ public enum Config { RemoteAccessVpnPskLength("Network", AgentManager.class, Integer.class, "remote.access.vpn.psk.length", "24", "The length of the ipsec preshared key (minimum 8, maximum 256)", null), RemoteAccessVpnClientIpRange("Network", AgentManager.class, String.class, "remote.access.vpn.client.iprange", "10.1.2.1-10.1.2.8", "The range of ips to be allocated to remote access vpn clients. The first ip in the range is used by the VPN server", null), RemoteAccessVpnUserLimit("Network", AgentManager.class, String.class, "remote.access.vpn.user.limit", "8", "The maximum number of VPN users that can be created per account", null), + Site2SiteVpnConnectionPerVpnGatewayLimit("Network", ManagementServer.class, Integer.class, "site2site.vpn.vpngateway.connection.limit", "4", "The maximum number of VPN connection per VPN gateway", null), + Site2SiteVpnSubnetsPerCustomerGatewayLimit("Network", ManagementServer.class, Integer.class, "site2site.vpn.customergateway.subnets.limit", "10", "The maximum number of subnets per customer gateway", null), // Console Proxy ConsoleProxyCapacityStandby("Console Proxy", AgentManager.class, String.class, "consoleproxy.capacity.standby", "10", "The minimal number of console proxy viewer sessions that system is able to serve immediately(standby capacity)", null), diff --git a/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java b/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java index a48d5d46beb..b8b3fefd39f 100644 --- a/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java +++ b/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java @@ -20,6 +20,8 @@ import com.cloud.api.commands.ListVpnCustomerGatewaysCmd; import com.cloud.api.commands.ListVpnGatewaysCmd; import com.cloud.api.commands.ResetVpnConnectionCmd; import com.cloud.api.commands.UpdateVpnCustomerGatewayCmd; +import com.cloud.configuration.Config; +import com.cloud.configuration.dao.ConfigurationDao; import com.cloud.event.ActionEvent; import com.cloud.event.EventTypes; import com.cloud.exception.InvalidParameterValueException; @@ -47,7 +49,10 @@ import com.cloud.user.Account; import com.cloud.user.AccountManager; import com.cloud.user.UserContext; import com.cloud.user.dao.AccountDao; +import com.cloud.user.dao.UserStatisticsDao; +import com.cloud.utils.NumbersUtil; import com.cloud.utils.Ternary; +import com.cloud.utils.component.ComponentLocator; import com.cloud.utils.component.Inject; import com.cloud.utils.component.Manager; import com.cloud.utils.db.DB; @@ -74,10 +79,18 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager { @Inject AccountManager _accountMgr; String _name; + int _connLimit; + int _subnetsLimit; @Override public boolean configure(String name, Map params) throws ConfigurationException { _name = name; + + ComponentLocator locator = ComponentLocator.getCurrentLocator(); + ConfigurationDao configDao = locator.getDao(ConfigurationDao.class); + Map configs = configDao.getConfiguration(params); + _connLimit = NumbersUtil.parseInt(configs.get(Config.Site2SiteVpnConnectionPerVpnGatewayLimit.key()), 4); + _subnetsLimit = NumbersUtil.parseInt(configs.get(Config.Site2SiteVpnSubnetsPerCustomerGatewayLimit.key()), 10); return true; } @@ -126,8 +139,11 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager { } protected void checkCustomerGatewayCidrList(String guestCidrList) { - // Remote sub nets cannot overlap themselves String[] cidrList = guestCidrList.split(","); + if (cidrList.length > _subnetsLimit) { + throw new InvalidParameterValueException("Too many subnets of customer gateway! The limit is " + _subnetsLimit); + } + // Remote sub nets cannot overlap themselves for (int i = 0; i < cidrList.length - 1; i ++) { for (int j = i + 1; j < cidrList.length; j ++) { if (NetUtils.isNetworksOverlap(cidrList[i], cidrList[j])) { @@ -254,6 +270,9 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnManager, Manager { // We also need to check if the new connection's remote CIDR is overlapped with existed connections List conns = _vpnConnectionDao.listByVpnGatewayId(vpnGatewayId); + if (conns.size() >= _connLimit) { + throw new InvalidParameterValueException("There are too many VPN connections with current VPN gateway! The limit is " + _connLimit); + } for (Site2SiteVpnConnectionVO vc : conns) { if (vc == null) { continue;