On Wed, Jan 15, 2014 at 01:13:50pm +0100, Jose A. Lopes wrote: > On Wed, Jan 15, 2014 at 01:13:19PM +0200, Vangelis Koukis wrote: > > On Tue, Jan 14, 2014 at 06:01:22pm +0100, Jose A. Lopes wrote: > > > > A simple scenario is: > > > > a) snf-nfdhcpd starts. Upon initialization, it creates an NFQUEUE > > > > (e.g., 42, > > > > configurable), and listens on it for incoming DHCP requests. It also > > > > begins to > > > > watch its state directory, /var/lib/nfdhcpd via inotify(). > > > > b) A new VM gets created, let's assume its NIC has address mac0, lives > > > > on TAP > > > > interface tap0, and is to receive IP address ip0 via DHCP. > > > > c) Someone (e.g., a Ganeti KVM ifup script, or in our case snf-network, > > > > see http://code.grnet.gr/projects/snf-network) creates a new binding > > > > file informing snf-nfdhcpd that it is to reply to DHCP requests from MAC > > > > mac0 on TAP interface tap0, and include IP ip0 in the DHCP reply. > > > > d) The administrator injects snf-nfdhcpd in the processing pipeline for > > > > packets > > > > coming from tap0, using iptables. This can happen for every TAP > > > > interface, e.g.: > > > > # iptables -t mangle -A PREROUTING -i tap+ -m udp -p udp --dport 67 -j > > > > NFQUEUE --queue-num 42 > > > > > > We deciced to use the DHCP server to avoid iptables, given that > > > existing installations probably already have complicated iptables > > > setups. This way, we can avoid adding to the confusion. By the way, > > > avoiding iptables was actually a request from Apollon. > > > > > > > Hello Jose, > > > > When did the discussion on avoiding iptables take place in > > ganeti-devel? > > > > I'm not sure I have all the context, so I can't really comment on this. > > Could you provide me with pointers to the discussion, so I can be in > > sync? > > I believe it was an offline discussion during GanetiCon. >
Hello Jose, OK, noted. I will summarize all concerns in a reply to your message containing the newly updated design doc. Please comment there. Thank you, Vangelis.
signature.asc
Description: Digital signature
