From a68680a1cc10301a43e33e9381b4172bbcd81591 Mon Sep 17 00:00:00 2001
From: jean <jean@jeans-MacBook-Pro.local>
Date: Mon, 9 Feb 2026 19:27:07 -0300
Subject: [PATCH 1/6] Fix VPC restart with multi-CIDR networks: handle
 comma-separated CIDR in NetworkVO.equals()

When a network has multiple CIDRs (e.g. '192.168.2.0/24,160.0.0.0/24'),
NetworkVO.equals() passes the raw comma-separated string to
NetUtils.isNetworkAWithinNetworkB() which expects a single CIDR,
causing 'cidr is not formatted correctly' error during VPC restart
with cleanup=true.

Extract only the first CIDR value before passing to NetUtils.
---
 .../schema/src/main/java/com/cloud/network/dao/NetworkVO.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/engine/schema/src/main/java/com/cloud/network/dao/NetworkVO.java b/engine/schema/src/main/java/com/cloud/network/dao/NetworkVO.java
index 02abaacd854e..452ffd43b704 100644
--- a/engine/schema/src/main/java/com/cloud/network/dao/NetworkVO.java
+++ b/engine/schema/src/main/java/com/cloud/network/dao/NetworkVO.java
@@ -600,7 +600,9 @@ public boolean equals(Object obj) {
             return true;
         }
 
-        return NetUtils.isNetworkAWithinNetworkB(cidr, that.cidr);
+        return NetUtils.isNetworkAWithinNetworkB(
+                com.cloud.utils.StringUtils.getFirstValueFromCommaSeparatedString(cidr),
+                com.cloud.utils.StringUtils.getFirstValueFromCommaSeparatedString(that.cidr));
     }
 
     @Override

From af5341f5b544408092936e9061273608e813edfe Mon Sep 17 00:00:00 2001
From: Jtolelo <jeanvetorello@gmail.com>
Date: Tue, 10 Mar 2026 10:27:49 -0300
Subject: [PATCH 2/6] Update
 engine/schema/src/main/java/com/cloud/network/dao/NetworkVO.java

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 .../src/main/java/com/cloud/network/dao/NetworkVO.java     | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/engine/schema/src/main/java/com/cloud/network/dao/NetworkVO.java b/engine/schema/src/main/java/com/cloud/network/dao/NetworkVO.java
index 452ffd43b704..087e0c41a9a0 100644
--- a/engine/schema/src/main/java/com/cloud/network/dao/NetworkVO.java
+++ b/engine/schema/src/main/java/com/cloud/network/dao/NetworkVO.java
@@ -600,9 +600,10 @@ public boolean equals(Object obj) {
             return true;
         }
 
-        return NetUtils.isNetworkAWithinNetworkB(
-                com.cloud.utils.StringUtils.getFirstValueFromCommaSeparatedString(cidr),
-                com.cloud.utils.StringUtils.getFirstValueFromCommaSeparatedString(that.cidr));
+        final String normalizedCidr = com.cloud.utils.StringUtils.getFirstValueFromCommaSeparatedString(cidr);
+        final String normalizedThatCidr = com.cloud.utils.StringUtils.getFirstValueFromCommaSeparatedString(that.cidr);
+
+        return NetUtils.isNetworkAWithinNetworkB(normalizedCidr, normalizedThatCidr);
     }
 
     @Override

From c9e7a8bab6bb014120c9a87d2098a49caefea826 Mon Sep 17 00:00:00 2001
From: jean <jean@jeans-MacBook-Pro.local>
Date: Tue, 10 Mar 2026 10:51:59 -0300
Subject: [PATCH 3/6] Fix root cause: skip CIDR/gateway updates for Public
 traffic type networks

addCidrAndGatewayForIpv4/Ipv6 (introduced by PR #11249) was called for all
network types without checking if the network is Public. This caused
comma-separated CIDRs to be stored on Public networks, which then triggered
'cidr is not formatted correctly' errors during VPC restart.

Add TrafficType.Public guard in both the VLAN creation (addCidr) and
VLAN deletion (removeCidr) paths in ConfigurationManagerImpl.
---
 .../configuration/ConfigurationManagerImpl.java     | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
index 7dbf3e1d2a2a..c6f287ca4410 100644
--- a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -5425,7 +5425,7 @@ public Vlan createVlanAndPublicIpRange(final long zoneId, final long networkId,
         final VlanVO vlan = commitVlanAndIpRange(zoneId, networkId, physicalNetworkId, podId, startIP, endIP, vlanGateway, vlanNetmask, vlanId, domain, vlanOwner, vlanIp6Gateway, vlanIp6Cidr,
                 ipv4, zone, vlanType, ipv6Range, ipRange, forSystemVms, provider);
 
-        if (vlan != null) {
+        if (vlan != null && network.getTrafficType() != TrafficType.Public) {
             if (ipv4) {
                 addCidrAndGatewayForIpv4(networkId, vlanGateway, vlanNetmask);
             } else if (ipv6) {
@@ -6504,11 +6504,14 @@ private boolean deleteAndPublishVlanAndPublicIpRange(final long userId, final lo
             final boolean ipv4 = deletedVlan.getVlanGateway() != null;
             final boolean ipv6 = deletedVlan.getIp6Gateway() != null;
             final long networkId = deletedVlan.getNetworkId();
+            final NetworkVO networkVO = _networkDao.findById(networkId);
 
-            if (ipv4) {
-                removeCidrAndGatewayForIpv4(networkId, deletedVlan);
-            } else if (ipv6) {
-                removeCidrAndGatewayForIpv6(networkId, deletedVlan);
+            if (networkVO != null && networkVO.getTrafficType() != TrafficType.Public) {
+                if (ipv4) {
+                    removeCidrAndGatewayForIpv4(networkId, deletedVlan);
+                } else if (ipv6) {
+                    removeCidrAndGatewayForIpv6(networkId, deletedVlan);
+                }
             }
 
             messageBus.publish(_name, MESSAGE_DELETE_VLAN_IP_RANGE_EVENT, PublishScope.LOCAL, deletedVlan);

From ab3f6628e0d4323f956bde330f2aa7ccac739c8c Mon Sep 17 00:00:00 2001
From: jean <jean@jeans-MacBook-Pro.local>
Date: Thu, 19 Mar 2026 13:04:12 -0300
Subject: [PATCH 4/6] Revert "Update
 engine/schema/src/main/java/com/cloud/network/dao/NetworkVO.java"

This reverts commit af5341f5b544408092936e9061273608e813edfe.
---
 .../src/main/java/com/cloud/network/dao/NetworkVO.java     | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/engine/schema/src/main/java/com/cloud/network/dao/NetworkVO.java b/engine/schema/src/main/java/com/cloud/network/dao/NetworkVO.java
index 087e0c41a9a0..452ffd43b704 100644
--- a/engine/schema/src/main/java/com/cloud/network/dao/NetworkVO.java
+++ b/engine/schema/src/main/java/com/cloud/network/dao/NetworkVO.java
@@ -600,10 +600,9 @@ public boolean equals(Object obj) {
             return true;
         }
 
-        final String normalizedCidr = com.cloud.utils.StringUtils.getFirstValueFromCommaSeparatedString(cidr);
-        final String normalizedThatCidr = com.cloud.utils.StringUtils.getFirstValueFromCommaSeparatedString(that.cidr);
-
-        return NetUtils.isNetworkAWithinNetworkB(normalizedCidr, normalizedThatCidr);
+        return NetUtils.isNetworkAWithinNetworkB(
+                com.cloud.utils.StringUtils.getFirstValueFromCommaSeparatedString(cidr),
+                com.cloud.utils.StringUtils.getFirstValueFromCommaSeparatedString(that.cidr));
     }
 
     @Override

From 1a22d356a7f7948861e3e322a8cbaac361ebbc9c Mon Sep 17 00:00:00 2001
From: jean <jean@jeans-MacBook-Pro.local>
Date: Thu, 19 Mar 2026 13:04:12 -0300
Subject: [PATCH 5/6] Revert "Fix VPC restart with multi-CIDR networks: handle
 comma-separated CIDR in NetworkVO.equals()"

This reverts commit a68680a1cc10301a43e33e9381b4172bbcd81591.
---
 .../schema/src/main/java/com/cloud/network/dao/NetworkVO.java | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/engine/schema/src/main/java/com/cloud/network/dao/NetworkVO.java b/engine/schema/src/main/java/com/cloud/network/dao/NetworkVO.java
index 452ffd43b704..02abaacd854e 100644
--- a/engine/schema/src/main/java/com/cloud/network/dao/NetworkVO.java
+++ b/engine/schema/src/main/java/com/cloud/network/dao/NetworkVO.java
@@ -600,9 +600,7 @@ public boolean equals(Object obj) {
             return true;
         }
 
-        return NetUtils.isNetworkAWithinNetworkB(
-                com.cloud.utils.StringUtils.getFirstValueFromCommaSeparatedString(cidr),
-                com.cloud.utils.StringUtils.getFirstValueFromCommaSeparatedString(that.cidr));
+        return NetUtils.isNetworkAWithinNetworkB(cidr, that.cidr);
     }
 
     @Override

From f6d618b17b819105db6e39b05212a4eac1f193c0 Mon Sep 17 00:00:00 2001
From: jean <jean@jeans-MacBook-Pro.local>
Date: Fri, 20 Mar 2026 11:23:46 -0300
Subject: [PATCH 6/6] Sanitize legacy network-level addressing fields for
 Public networks

---
 .../main/resources/META-INF/db/schema-42200to42210.sql   | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/engine/schema/src/main/resources/META-INF/db/schema-42200to42210.sql b/engine/schema/src/main/resources/META-INF/db/schema-42200to42210.sql
index a8a3d3f7bd4f..11e3981b29ed 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-42200to42210.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-42200to42210.sql
@@ -33,3 +33,12 @@ UPDATE `cloud`.`alert` SET type = 34 WHERE name = 'ALERT.VR.PRIVATE.IFACE.MTU';
 
 -- Update configuration 'kvm.ssh.to.agent' description and is_dynamic fields
 UPDATE `cloud`.`configuration` SET description = 'True if the management server will restart the agent service via SSH into the KVM hosts after or during maintenance operations', is_dynamic = 1 WHERE name = 'kvm.ssh.to.agent';
+
+-- Sanitize legacy network-level addressing fields for Public networks
+UPDATE `cloud`.`networks`
+SET `broadcast_uri` = NULL,
+	`gateway` = NULL,
+	`cidr` = NULL,
+	`ip6_gateway` = NULL,
+	`ip6_cidr` = NULL
+WHERE `traffic_type` = 'Public';