Re: [openstack-dev] [Neutron] FWaaS IceHouse summit prep and IRC meeting

2013-10-28 Thread fank 


My mainly concern is using neutron port for zones may cause confusion/misconfig 
while you can have two ports connected to same network/subnet in different 
zone. Using network, or subnet (in the form of network/subnet uuid), on the 
other hand, is more general and can still be mapped to any interface that has 
port in those network/subnet. 

Also, which ports we're talking about here? Router's port (but a Firewall 
doesn't necessary associate with a router in current model)? Firewall's ports 
(does Firewall even have ports now? In addition, this means we're not able to 
create a rule with zones before a Firewall is created)? Definitely not VM's 
port 

Thanks, 

-Kaiwei 


- Original Message -

From: Rajesh Mohan rajesh.mli...@gmail.com 
To: OpenStack Development Mailing List openstack-dev@lists.openstack.org 
Sent: Thursday, October 24, 2013 2:48:39 PM 
Subject: Re: [openstack-dev] [Neutron] FWaaS IceHouse summit prep and IRC 
meeting 

This is good discussion. 

+1 for using Neutron ports for defining zones. I see Kaiwei's point but for 
DELL, neutron ports makes more sense. 

I am not sure if I completely understood the bump-in-the-wire/zone discussion. 
DELL security appliance allows using different zones with bump-in-the-wire. If 
the firewall is inserted in bump-in-the-wire mode between router and LAN hosts, 
then it does makes sense to apply different zones on ports connected to LAN and 
Router. The there are cases where the end-users apply same zones on both sides 
but this is a decision we should leave to end customers. We should allow 
configuring zones in bump-in-the-wire mode as well. 





On Wed, Oct 23, 2013 at 12:08 PM, Sumit Naiksatam  sumitnaiksa...@gmail.com  
wrote: 



Log from today's meeting: 


http://eavesdrop.openstack.org/meetings/networking_fwaas/2013/networking_fwaas.2013-10-23-18.02.log.html
 

Action items for some of the folks included. 

Please join us for the meeting next week. 

Thanks, 
~Sumit. 

On Tue, Oct 22, 2013 at 2:00 PM, Sumit Naiksatam  sumitnaiksa...@gmail.com  
wrote: 

blockquote

Reminder - we will have the Neutron FWaaS IRC meeting tomorrow Wednesday 18:00 
UTC (11 AM PDT). 

Agenda: 
* Tempest tests 
* Definition and use of zones 
* Address Objects 
* Counts API 
* Service Objects 
* Integration with service type framework 
* Open discussion - any other topics you would like to bring up for discussion 
during the summit. 

https://wiki.openstack.org/wiki/Meetings/FWaaS 

Thanks, 
~Sumit. 


On Sun, Oct 13, 2013 at 1:56 PM, Sumit Naiksatam  sumitnaiksa...@gmail.com  
wrote: 

blockquote

Hi All, 

For the next of phase of FWaaS development we will be considering a number of 
features. I am proposing an IRC meeting on Oct 16th Wednesday 18:00 UTC (11 AM 
PDT) to discuss this. 

The etherpad for the summit session proposal is here: 
https://etherpad.openstack.org/p/icehouse-neutron-fwaas 

and has a high level list of features under consideration. 

Thanks, 
~Sumit. 






/blockquote



___ 
OpenStack-dev mailing list 
OpenStack-dev@lists.openstack.org 
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev 


/blockquote



___ 
OpenStack-dev mailing list 
OpenStack-dev@lists.openstack.org 
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev 

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [Horizon] core reviewers needed

2013-10-03 Thread fank 
Dear Horizon core reviewers,

I filed a bug recently (https://bugs.launchpad.net/horizon/+bug/1231248) to add 
Horizon UI support for Neutron NVP advanced service router. The Neutron plugin 
has been merged and we would like to have the Horizon UI support for Havanas 
release if possible.

I have submitted the patch for review (https://review.openstack.org/#/c/48393/) 
as well. If you can spend sometime reviewing the bug/patch I'd really 
appreciate it.

Thanks,
-Kaiwei

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [LBaaS][Horizon] Subnet for VIP?

2013-09-24 Thread fank 
I didn't know current lbaas plugin has such limitation. Although I think the UI 
should not incur such limitation as the lbaas API definition does allow this, 
I'm fine with it. 

Thanks, 
-Kaiwei 

- Original Message -

From: Eugene Nikanorov enikano...@mirantis.com 
To: OpenStack Development Mailing List openstack-dev@lists.openstack.org 
Sent: Tuesday, September 24, 2013 2:00:33 AM 
Subject: Re: [openstack-dev] [LBaaS][Horizon] Subnet for VIP? 

Hi Fank, 

That looks like Horizon limitation that is bound to current reference 
implementation of lbaas service where VIP should be on a subnet where pool's 
memebers are. 
So it's not a bug. Expect this to change in Icehouse. 

Thanks, 
Eugene. 



On Tue, Sep 24, 2013 at 9:19 AM,  f...@vmware.com  wrote: 


Hi, 

When adding a VIP for this pool, we suppose to specify the subnet which the VIP 
will be on. However, the Horizon UI forces us to provide an IP address for the 
VIP from the subnet which we used to create the pool. That subnet for pool is 
supposed to be the subnet for pool's members, not the subnet for the VIP. 

This looks like a UI bug? 

Thanks, 
-Kaiwei 

___ 
OpenStack-dev mailing list 
OpenStack-dev@lists.openstack.org 
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev 





___ 
OpenStack-dev mailing list 
OpenStack-dev@lists.openstack.org 
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev 

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev