[openstack-dev] [Neutron][LBaaS] Discussion about a bug of health monitor
Hi all: According to the neutron LBaaS api document[1], the attributes of health monitor, delay and timeout are both non-negative, and the timeout value must be less than the delay value. But in currently implementation, I can do these operations: - the timeout value could be negative - the timeout value could be less then delay value I'm not sure if this is a bug, because we have defined the delay value could not be negative already. If it is a bug, I will report the bug in launch and fix it. If not, is there anything specific reason? Thanks, Dong Liu [1]http://docs.openstack.org/api/openstack-network/2.0/content/lbaas_ext_ops_health_monitor.html ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Neutron]Do you think tanent_id should be verified
Salvatore, thank you very much for your reply.
I know that there was a proposal[1] to handle the message security
stuff. For this proposal implementation, there was a blueprint[2] of
keystone will merge in Icehouse.
I'm looking forward to the notification handling could implemente in
Juno. Although I'm a new bee here, if it is possible, I wish I can take
part in this in the days to come.
[1] https://wiki.openstack.org/wiki/MessageSecurity
[2] https://blueprints.launchpad.net/keystone/+spec/key-distribution-server
Regards,
Dong Liu
On 2014-02-25 19:48, Salvatore Orlando Wrote:
I understand the fact that resources with invalid tenant_ids can be
created (only with admin rights at least for Neutron) can be annoying.
However, I support Jay's point on cross-project interactions. If
tenant_id validation (and orphaned resource management) can't be
efficiently handled, then I'd rather let 3rd party scripts dealing with
orphaned and invalid resources.
I reckon that it might be worth experimenting whether the notifications
sent by Keystone (see Dolph's post on this thread) can be used to deal
with orphaned resources.
For tenant_id validation, anything involving an extra round trip to
keystone would not be efficient in my opinion. If there is a way to
perform this validation in the same call which validates the tenant
auth_token then it's a different story.
Notifications from keystone *could* be used to build a local (persistent
perhaps) cache of active tenant identifiers. However, this would require
reliable notifications, as well as appropriate cache management, which
is often less simple than what it looks like.
Salvatore
On 25 February 2014 05:23, Lingxian Kong anlin.k...@gmail.com
mailto:anlin.k...@gmail.com wrote:
2014-02-25 11:25 GMT+08:00 Dong Liu willowd...@gmail.com
mailto:willowd...@gmail.com:
Thanks Jay, now I know maybe neutron will not handle tenant
creating/deleting notifications which from keystone.
There is another question, such as creating subnet request body:
{
subnet: {
name: test_subnet,
enable_dhcp: true,
network_id: 57596b26-080d-4802-8cce-__4318b7e543d5,
ip_version: 4,
cidr: 10.0.0.0/24 http://10.0.0.0/24,
tenant_id: __4209c294d1bb4c36acdfaa885075e0__f1
So, this is exactly what I mean for 'temant_id' here that should be
validated.
I insist this could be done via some middleware or else.
}
}
As we know, the tenant_id can only be specified by admin tenant.
In my test, the tenant_id I filled in the body can be any string
(e.g., a name, an uuid, etc.) But I think this tenant existence
(I mean if the tenant exists in keystone) should be verified, if
not, the subnet I created will be an useless resource.
Regards,
Dong Liu
On 2014-02-25 0:22, Jay Pipes Wrote:
On Mon, 2014-02-24 at 16:23 +0800, Lingxian Kong wrote:
I think 'tenant_id' should always be validated when
creating neutron
resources, whether or not Neutron can handle the
notifications from
Keystone when tenant is deleted.
-1
Personally, I think this cross-service request is likely too
expensive
to do on every single request to Neutron. It's already
expensive enough
to use Keystone when not using PKI tokens, and adding
another round trip
to Keystone for this kind of thing is not appealing to me.
The tenant is
already validated when it is used to get the
authentication token used
in requests to Neutron, so other than the scenarios where a
tenant is
deleted in Keystone (which, with notifications in Keystone,
there is now
a solution for), I don't see much value in the extra expense
this would
cause.
Best,
-jay
_
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.__org
mailto:OpenStack-dev@lists.openstack.org
http://lists.openstack.org/__cgi-bin/mailman/listinfo/__openstack-dev
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.__org
mailto:OpenStack-dev@lists.openstack.org
http://lists.openstack.org/__cgi-bin/mailman/listinfo/__openstack-dev
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
--
*---*
*Lingxian Kong*
Huawei Technologies Co.,LTD.
IT Product Line CloudOS PDU
China, Xi'an
Re: [openstack-dev] [Neutron]Do you think tanent_id should be verified
Thanks Jay, now I know maybe neutron will not handle tenant
creating/deleting notifications which from keystone.
There is another question, such as creating subnet request body:
{
subnet: {
name: test_subnet,
enable_dhcp: true,
network_id: 57596b26-080d-4802-8cce-4318b7e543d5,
ip_version: 4,
cidr: 10.0.0.0/24,
tenant_id: 4209c294d1bb4c36acdfaa885075e0f1
}
}
As we know, the tenant_id can only be specified by admin tenant.
In my test, the tenant_id I filled in the body can be any string (e.g.,
a name, an uuid, etc.) But I think this tenant existence (I mean if the
tenant exists in keystone) should be verified, if not, the subnet I
created will be an useless resource.
Regards,
Dong Liu
On 2014-02-25 0:22, Jay Pipes Wrote:
On Mon, 2014-02-24 at 16:23 +0800, Lingxian Kong wrote:
I think 'tenant_id' should always be validated when creating neutron
resources, whether or not Neutron can handle the notifications from
Keystone when tenant is deleted.
-1
Personally, I think this cross-service request is likely too expensive
to do on every single request to Neutron. It's already expensive enough
to use Keystone when not using PKI tokens, and adding another round trip
to Keystone for this kind of thing is not appealing to me. The tenant is
already validated when it is used to get the authentication token used
in requests to Neutron, so other than the scenarios where a tenant is
deleted in Keystone (which, with notifications in Keystone, there is now
a solution for), I don't see much value in the extra expense this would
cause.
Best,
-jay
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Neutron]Do you think tanent_id should be verified
Dolph, thanks for the information you provided. Now I have two question: 1. Will neutron handle this event notification in the future? 2. I also wish neutron could verify that tenant_id is existent. thanks 于 2014-02-20 4:33, Dolph Mathews 写道: There's an open bug [1] against nova neutron to handle notifications [2] from keystone about such events. I'd love to see that happen during Juno! [1] https://bugs.launchpad.net/nova/+bug/967832 [2] http://docs.openstack.org/developer/keystone/event_notifications.html On Mon, Feb 17, 2014 at 6:35 AM, Yongsheng Gong gong...@unitedstack.com mailto:gong...@unitedstack.com wrote: It is not easy to enhance it. If we check the tenant_id on creation, if should we also to do some job when keystone delete tenant? On Mon, Feb 17, 2014 at 6:41 AM, Dolph Mathews dolph.math...@gmail.com mailto:dolph.math...@gmail.com wrote: keystoneclient.middlware.auth_token passes a project ID (and name, for convenience) to the underlying application through the WSGI environment, and already ensures that this value can not be manipulated by the end user. Project ID's (redundantly) passed through other means, such as URLs, are up to the service to independently verify against keystone (or equivalently, against the WSGI environment), but can be directly manipulated by the end user if no checks are in place. Without auth_token in place to manage multitenant authorization, I'd still expect services to blindly trust the values provided in the environment (useful for both debugging the service and alternative deployment architectures). On Sun, Feb 16, 2014 at 8:52 AM, Dong Liu willowd...@gmail.com mailto:willowd...@gmail.com wrote: Hi stackers: I found that when creating network subnet and other resources, the attribute tenant_id can be set by admin tenant. But we did not verify that if the tanent_id is real in keystone. I know that we could use neutron without keystone, but do you think tenant_id should be verified when we using neutron with keystone. thanks ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org mailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org mailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org mailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Network] Allocate MAC and IP address for a VM instance
Jay, what the mac belong to? Is it a vm mac, or a mac of floatingip. If it is a vm mac, you can associate any floatingip to vm port. If it is a floatingip mac, I have no idea. 2014-02-19 11:44, Jay Lau : Thanks Liu Dong. In case that you may not get my previous question, so here just post it again to see if you can give a help. Is it possible to bind MAC to a FLOATING IP? Thanks, Jay 2014-02-19 10:38 GMT+08:00 Dong Liu willowd...@gmail.com mailto:willowd...@gmail.com: yes, it does not worked via dashboard Dong Liu 于 2014-02-19 8:11, Jay Lau 写道: Thanks Dong for the great help, it does worked with command line! This seems not available via dashboard, right? Thanks, Jay 2014-02-19 1:11 GMT+08:00 Dong Liu willowd...@gmail.com mailto:willowd...@gmail.com mailto:willowd...@gmail.com mailto:willowd...@gmail.com__: Hi Jay, In neutron API, you could create port with specified mac_address and fix_ip, and then create vm with this port. But the mapping of them need to manage by yourself. 在 2014年2月18日,22:41,Jay Lau jay.lau@gmail.com mailto:jay.lau@gmail.com mailto:jay.lau@gmail.com mailto:jay.lau@gmail.com__ 写道: Greetings, Not sure if it is suitable to ask this question in openstack-dev list. Here come a question related to network and want to get some input or comments from you experts. My case is as this: For some security issue, I want to put both MAC and internal IP address to a pool and when create VM, I can get MAC and its mapped IP address and assign the MAC and IP address to the VM. For example, suppose I have following MAC and IP pool: 1) 78:2b:cb:af:78:b0, 192.168.0.10 2) 78:2b:cb:af:78:b1, 192.168.0.11 3) 78:2b:cb:af:78:b2, 192.168.0.12 4) 78:2b:cb:af:78:b3, 192.168.0.13 Then I can create four VMs using above MAC and IP address, each row in above can be mapped to a VM. Does any of you have any idea for the solution of this? -- Thanks, Jay _ OpenStack-dev mailing list OpenStack-dev@lists.openstack.__org mailto:OpenStack-dev@lists.openstack.org mailto:OpenStack-dev@lists.__openstack.org mailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/__cgi-bin/mailman/listinfo/__openstack-dev http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev _ OpenStack-dev mailing list OpenStack-dev@lists.openstack.__org mailto:OpenStack-dev@lists.openstack.org mailto:OpenStack-dev@lists.__openstack.org mailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/__cgi-bin/mailman/listinfo/__openstack-dev http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Thanks, Jay _ OpenStack-dev mailing list OpenStack-dev@lists.openstack.__org mailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/__cgi-bin/mailman/listinfo/__openstack-dev http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev _ OpenStack-dev mailing list OpenStack-dev@lists.openstack.__org mailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/__cgi-bin/mailman/listinfo/__openstack-dev http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Thanks, Jay ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Network] Allocate MAC and IP address for a VM instance
|
| OS-EXT-SRV-ATTR:instance_name| instance-0026
|
| OS-SRV-USG:launched_at | None
|
| flavor | m1.small
|
| id | c0cebd6b-94ae-4305-8619-c013d45f0727
|
| security_groups | [{u'name': u'default'}]
|
| user_id | 345dd87da2364fa78ffe97ed349bb71b
|
| OS-DCF:diskConfig| MANUAL
|
| accessIPv4 |
|
| accessIPv6 |
|
| progress | 0
|
| OS-EXT-STS:power_state | 0
|
| OS-EXT-AZ:availability_zone | nova
|
| config_drive |
|
| status | BUILD
|
| updated | 2014-02-19T10:12:36Z
|
| hostId |
|
| OS-EXT-SRV-ATTR:host | None
|
| OS-SRV-USG:terminated_at | None
|
| key_name | adminkey
|
| OS-EXT-SRV-ATTR:hypervisor_hostname | None
|
| name | vm0001
|
| adminPass| F4cSHu9oC3Wi
|
| tenant_id| f181a9c2b1b4443dbd91b1b7de716185
|
| created | 2014-02-19T10:12:36Z
|
| os-extended-volumes:volumes_attached | []
|
| metadata | {}
|
+--+--+
4) The VM goes to active with floating ip 9.21.52.22
[root@db01b05 ~(keystone_admin)]# nova list
+--++++-+---+
| ID | Name | Status | Task State | Power
State | Networks |
+--++++-+---+
| c0cebd6b-94ae-4305-8619-c013d45f0727 | vm0001 | ACTIVE | None |
Running | IntAdmin=10.0.1.2, 9.21.52.22 |
+--++++-+---+
5) Check the VM MAC address, it is FA:16:3E:9D:E9:11 as expected
[root@db01b05 ~(keystone_admin)]# ssh -i adminkey.priv root@9.21.52.22
ssh: connect to host 9.21.52.22 port 22: Connection refused
[root@db01b05 ~(keystone_admin)]# ssh -i adminkey.priv root@9.21.52.22
Last login: Wed Feb 19 18:14:00 2014
[root@host-10-0-1-2 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr FA:16:3E:9D:E9:11
inet addr:10.0.1.2 Bcast:10.0.1.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fe9d:e911/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:43 errors:0 dropped:0 overruns:0 frame:0
TX packets:52 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6402 (6.2 KiB) TX bytes:6483 (6.3 KiB)
loLink encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:352 (352.0 b) TX bytes:352 (352.0 b)
2014-02-19 17:59 GMT+08:00 Jay Lau jay.lau@gmail.com:
Thanks Liu Dong.
It is a VM mac address, so do you have any idea for how can I make sure the
VM mac address can bind to a floating ip address?
Also what do you mean by floatingip mac?
Really thanks very much for your kind help, it is really helped me a lot!
Thanks,
Jay
2014-02-19 16:21 GMT+08:00 Dong Liu willowd...@gmail.com:
Jay, what the mac belong to? Is it a vm mac, or a mac of floatingip.
If it is a vm mac, you can associate any floatingip to vm port.
If it is a floatingip mac, I have no idea.
2014-02-19 11:44, Jay Lau :
Thanks Liu Dong.
In case that you may not get my previous question, so here just post it
again to see if you can give a help.
Is it possible to bind MAC to a FLOATING IP?
Thanks
[openstack-dev] [swift]stable/havana Jenkins failed
Hi, Anyone aware of the following: 2014-02-18 11:31:13.124 | + swift stat 2014-02-18 11:31:13.186 | Traceback (most recent call last): 2014-02-18 11:31:13.186 | File /usr/local/bin/swift, line 35, in module 2014-02-18 11:31:13.186 | from swiftclient import Connection, HTTPException 2014-02-18 11:31:13.187 | ImportError: cannot import name HTTPException 2014-02-18 11:31:13.195 | + die 48 'Failure geting status' 2014-02-18 11:31:13.195 | + local exitcode=1 2014-02-18 11:31:13.195 | + set +o xtrace 2014-02-18 11:31:13.231 | [ERROR] /opt/stack/old/devstack/exercises/swift.sh:48 Failure geting status I notice that we have changed from swiftclient import Connection, HTTPException to from swiftclient import Connection, RequestException at 2014-02-14, I don't know is it relational. I have reported a bug for this: https://bugs.launchpad.net/swift/+bug/1281886 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Network] Allocate MAC and IP address for a VM instance
Hi Jay, In neutron API, you could create port with specified mac_address and fix_ip, and then create vm with this port. But the mapping of them need to manage by yourself. 在 2014年2月18日,22:41,Jay Lau jay.lau@gmail.com 写道: Greetings, Not sure if it is suitable to ask this question in openstack-dev list. Here come a question related to network and want to get some input or comments from you experts. My case is as this: For some security issue, I want to put both MAC and internal IP address to a pool and when create VM, I can get MAC and its mapped IP address and assign the MAC and IP address to the VM. For example, suppose I have following MAC and IP pool: 1) 78:2b:cb:af:78:b0, 192.168.0.10 2) 78:2b:cb:af:78:b1, 192.168.0.11 3) 78:2b:cb:af:78:b2, 192.168.0.12 4) 78:2b:cb:af:78:b3, 192.168.0.13 Then I can create four VMs using above MAC and IP address, each row in above can be mapped to a VM. Does any of you have any idea for the solution of this? -- Thanks, Jay ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Network] Allocate MAC and IP address for a VM instance
yes, it does not worked via dashboard Dong Liu 于 2014-02-19 8:11, Jay Lau 写道: Thanks Dong for the great help, it does worked with command line! This seems not available via dashboard, right? Thanks, Jay 2014-02-19 1:11 GMT+08:00 Dong Liu willowd...@gmail.com mailto:willowd...@gmail.com: Hi Jay, In neutron API, you could create port with specified mac_address and fix_ip, and then create vm with this port. But the mapping of them need to manage by yourself. 在 2014年2月18日,22:41,Jay Lau jay.lau@gmail.com mailto:jay.lau@gmail.com 写道: Greetings, Not sure if it is suitable to ask this question in openstack-dev list. Here come a question related to network and want to get some input or comments from you experts. My case is as this: For some security issue, I want to put both MAC and internal IP address to a pool and when create VM, I can get MAC and its mapped IP address and assign the MAC and IP address to the VM. For example, suppose I have following MAC and IP pool: 1) 78:2b:cb:af:78:b0, 192.168.0.10 2) 78:2b:cb:af:78:b1, 192.168.0.11 3) 78:2b:cb:af:78:b2, 192.168.0.12 4) 78:2b:cb:af:78:b3, 192.168.0.13 Then I can create four VMs using above MAC and IP address, each row in above can be mapped to a VM. Does any of you have any idea for the solution of this? -- Thanks, Jay ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org mailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org mailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Thanks, Jay ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [Neutron]Do you think tanent_id should be verified
Hi stackers: I found that when creating network subnet and other resources, the attribute tenant_id can be set by admin tenant. But we did not verify that if the tanent_id is real in keystone. I know that we could use neutron without keystone, but do you think tenant_id should be verified when we using neutron with keystone. thanks ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [nova][neutron]About creating vms without ip address
Hi Miguel, Sorry for reply you so late. In current process, vm must be created with a security group(at least is ‘default’). So there is a verify method about this. 在 2014年1月22日,16:19,Miguel Angel Ajo Pelayo mangel...@redhat.com 写道: Hi Dong, Can you elaborate an example of what you get, and what you were expecting exactly?. I have a similar problem within one operator, where they assign you sparse blocks of IP addresses (floating IPs), directly routed to your machine, and they also assign the virtual mac addresses from their API. Direct routing means, that the subnet router will route your IP from outside the subnet directly through your subnet, to your machine..., and the traffic (with external IP) is routed back to this internal router through the subnet to this router. Chears, - Original Message - From: Dong Liu willowd...@gmail.com To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Sent: Tuesday, January 21, 2014 9:52:44 AM Subject: [openstack-dev] [nova][neutron]About creating vms without ip address Hi fellow OpenStackers I found that we could not create vms without ip address. But in the telecom scene, the ip address usually managed by the telecom network element themselves. So they need a vm without ip address and configurate it through some specific method. How can we provide a kind of vms like this. I think provide a bility that allow tenant to create vm without ip address is necessary. What's your opinion? Regards Dong Liu ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [nova][neutron]About creating vms without ip address
I think should we provide a feature about create vm without NIC, I plan to register a blueprint about this. If we could create a vm without NIC, we could attach a new NIC without IP address as eth0. 在 2014年1月26日,0:51,Dong Liu willowd...@gmail.com 写道: Hi Miguel, Sorry for reply you so late. In current process, vm must be created with a security group(at least is ‘default’). So there is a verify method about this. 在 2014年1月22日,16:19,Miguel Angel Ajo Pelayo mangel...@redhat.com 写道: Hi Dong, Can you elaborate an example of what you get, and what you were expecting exactly?. I have a similar problem within one operator, where they assign you sparse blocks of IP addresses (floating IPs), directly routed to your machine, and they also assign the virtual mac addresses from their API. Direct routing means, that the subnet router will route your IP from outside the subnet directly through your subnet, to your machine..., and the traffic (with external IP) is routed back to this internal router through the subnet to this router. Chears, - Original Message - From: Dong Liu willowd...@gmail.com To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Sent: Tuesday, January 21, 2014 9:52:44 AM Subject: [openstack-dev] [nova][neutron]About creating vms without ip address Hi fellow OpenStackers I found that we could not create vms without ip address. But in the telecom scene, the ip address usually managed by the telecom network element themselves. So they need a vm without ip address and configurate it through some specific method. How can we provide a kind of vms like this. I think provide a bility that allow tenant to create vm without ip address is necessary. What's your opinion? Regards Dong Liu ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [nova][neutron]About creating vms without ip address
Hi fellow OpenStackers I found that we could not create vms without ip address. But in the telecom scene, the ip address usually managed by the telecom network element themselves. So they need a vm without ip address and configurate it through some specific method. How can we provide a kind of vms like this. I think provide a bility that allow tenant to create vm without ip address is necessary. What's your opinion? Regards Dong Liu ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Implement NAPT in neutron (https://blueprints.launchpad.net/neutron/+spec/neutron-napt-api)
在 2014年1月8日,20:24,Nir Yechiel nyech...@redhat.com 写道: Hi Dong, Can you please clarify this blueprint? Currently in Neutron, If an instance has a floating IP, then that will be used for both inbound and outbound traffic. If an instance does not have a floating IP, it can make connections out using the gateway IP (SNAT using PAT/NAT Overload). Does the idea in this blueprint is to implement PAT on both directions using only the gateway IP? Also, did you see this one [1]? Thanks, Nir [1] https://blueprints.launchpad.net/neutron/+spec/router-port-forwarding I think my idea is duplicated with this one. https://blueprints.launchpad.net/neutron/+spec/access-vms-via-port-mapping Sorry for missing this.___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
